Rampart 1.5 tag
git-svn-id: https://svn.apache.org/repos/asf/webservices/rampart/tags/java@905544 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/1_5/build.xml b/1_5/build.xml
new file mode 100644
index 0000000..84a7528
--- /dev/null
+++ b/1_5/build.xml
@@ -0,0 +1,160 @@
+<project name="Apache Rampart release build" default="dist">
+
+ <property name="rampart.version" value="SNAPSHOT"/>
+ <property name="rampart.bin.dist" value="rampart"/>
+ <property name="rampart.src.dist" value="rampart-src"/>
+ <property name="rampart.docs.dist" value="rampart-docs"/>
+
+ <property name="dir.dist" value="dist"/>
+ <property name="dir.dist.bin" value="${dir.dist}/bin/${rampart.bin.dist}-${rampart.version}"/>
+ <property name="dir.dist.src" value="${dir.dist}/src/${rampart.src.dist}-${rampart.version}"/>
+ <property name="dir.dist.docs" value="${dir.dist}/docs/${rampart.docs.dist}-${rampart.version}"/>
+
+ <property name="dir.mvn2.repo" value="${user.home}/.m2/repository"/>
+
+ <property name="version.bcprov13" value="132"/>
+ <property name="version.bcprov15" value="132"/>
+
+ <property name="version.xmlsec" value="1.4.0"/>
+ <property name="version.opensaml" value="1.1"/>
+ <property name="version.wss4j" value="SNAPSHOT"/>
+
+
+ <condition property="jdk14.present">
+ <equals arg1="${ant.java.version}" arg2="1.4"/>
+ </condition>
+
+ <target name="init">
+ <mkdir dir="${dir.dist}"/>
+ </target>
+
+ <target name="dist" depends="clean, bin-dist, src-dist, docs-dist">
+ <copy todir="${dir.dist}" file="modules/rampart-mar/target/rampart-${rampart.version}.mar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-trust-mar/target/rahas-${rampart.version}.mar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-core/target/rampart-core-${rampart.version}.jar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-policy/target/rampart-policy-${rampart.version}.jar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-trust/target/rampart-trust-${rampart.version}.jar"/>
+ </target>
+
+ <target name="bin-dist" depends="init">
+
+ <mkdir dir="${dir.dist.bin}"/>
+
+ <copy todir="${dir.dist.bin}">
+ <fileset dir="release-docs">
+ </fileset>
+ </copy>
+
+ <!-- Modules -->
+ <echo>Copying mars in to modules</echo>
+ <copy todir="${dir.dist.bin}" file="modules/rampart-mar/target/rampart-${rampart.version}.mar"/>
+ <copy todir="${dir.dist.bin}" file="modules/rampart-trust-mar/target/rahas-${rampart.version}.mar"/>
+
+ <!-- All dep jars -->
+ <echo>Copying dependencies into lib</echo>
+ <mkdir dir="${dir.dist.bin}/lib"/>
+
+ <copy todir="${dir.dist.bin}/lib" file="modules/rampart-core/target/rampart-core-${rampart.version}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="modules/rampart-policy/target/rampart-policy-${rampart.version}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="modules/rampart-trust/target/rampart-trust-${rampart.version}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/org/apache/santuario/xmlsec/${version.xmlsec}/xmlsec-${version.xmlsec}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/opensaml/opensaml/${version.opensaml}/opensaml-${version.opensaml}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/org/apache/ws/security/wss4j/${version.wss4j}/wss4j-${version.wss4j}.jar"/>
+ <antcall target="copy-bc-jar-14" />
+ <antcall target="copy-bc-jar-15" />
+
+ <echo>Copying samples</echo>
+ <!-- copy samples -->
+ <mkdir dir="${dir.dist.bin}/samples"/>
+
+ <copy todir="${dir.dist.bin}/samples">
+ <fileset dir="modules/rampart-samples/">
+ </fileset>
+ </copy>
+
+ <zip destfile="${dir.dist}/${rampart.bin.dist}-${rampart.version}.zip">
+ <zipfileset dir="${dir.dist.bin}/../"/>
+ </zip>
+
+ <delete dir="${dir.dist.bin}/../"/>
+
+ </target>
+
+ <target name="copy-bc-jar-14" if="${jdk14.present}">
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/bouncycastle/bcprov-jdk13/${version.bcprov13}/bcprov-jdk13-${version.bcprov13}.jar"/>
+ </target>
+
+ <target name="copy-bc-jar-15" unless="${jdk14.present}">
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/bouncycastle/bcprov-jdk15/${version.bcprov15}/bcprov-jdk15-${version.bcprov15}.jar"/>
+ </target>
+
+ <target name="src-dist" depends="init">
+
+ <mkdir dir="${dir.dist.src}"/>
+
+ <copy todir="${dir.dist.src}">
+ <fileset dir="release-docs">
+ <exclude name="build.xml"/>
+ <exclude name="README.txt"/>
+ </fileset>
+ </copy>
+
+ <copy todir="${dir.dist.src}">
+ <fileset dir="modules">
+ <include name="rampart-core/**/*"/>
+ <include name="rampart-policy/**/*"/>
+ <include name="rampart-trust/**/*"/>
+ <include name="rampart-samples/**/*"/>
+ <exclude name=".svn"/>
+ </fileset>
+ </copy>
+
+ <zip destfile="${dir.dist}/${rampart.src.dist}-${rampart.version}.zip">
+ <zipfileset dir="${dir.dist.src}/../"/>
+ </zip>
+
+ <delete dir="${dir.dist.src}/../"/>
+ </target>
+
+ <target name="docs-dist">
+
+ <mkdir dir="${dir.dist.docs}"/>
+
+ <copy todir="${dir.dist.docs}">
+ <fileset dir="release-docs">
+ <exclude name="build.xml"/>
+ <exclude name="README.txt"/>
+ </fileset>
+ </copy>
+
+ <mkdir dir="${dir.dist.docs}/core"/>
+ <mkdir dir="${dir.dist.docs}/policy"/>
+ <mkdir dir="${dir.dist.docs}/trust"/>
+
+ <copy todir="${dir.dist.docs}/core">
+ <fileset dir="modules/rampart-core/target/site/apidocs/">
+ </fileset>
+ </copy>
+
+ <copy todir="${dir.dist.docs}/policy">
+ <fileset dir="modules/rampart-policy/target/site/apidocs/">
+ </fileset>
+ </copy>
+
+ <copy todir="${dir.dist.docs}/trust">
+ <fileset dir="modules/rampart-trust/target/site/apidocs/">
+ </fileset>
+ </copy>
+
+ <zip destfile="${dir.dist}/${rampart.docs.dist}-${rampart.version}.zip">
+ <zipfileset dir="${dir.dist.docs}/../"/>
+ </zip>
+
+ <delete dir="${dir.dist.docs}/../"/>
+ </target>
+
+ <target name="clean">
+ <delete dir="${dir.dist}"/>
+ </target>
+
+</project>
diff --git a/1_5/legal/commons-collections-LICENSE.txt b/1_5/legal/commons-collections-LICENSE.txt
new file mode 100644
index 0000000..57bc88a
--- /dev/null
+++ b/1_5/legal/commons-collections-LICENSE.txt
@@ -0,0 +1,202 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/1_5/legal/joda-time-LICENSE.txt b/1_5/legal/joda-time-LICENSE.txt
new file mode 100644
index 0000000..75b5248
--- /dev/null
+++ b/1_5/legal/joda-time-LICENSE.txt
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/1_5/legal/opensaml-LICENSE.txt b/1_5/legal/opensaml-LICENSE.txt
new file mode 100644
index 0000000..57bc88a
--- /dev/null
+++ b/1_5/legal/opensaml-LICENSE.txt
@@ -0,0 +1,202 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/1_5/legal/openws-LICENSE.txt b/1_5/legal/openws-LICENSE.txt
new file mode 100644
index 0000000..57bc88a
--- /dev/null
+++ b/1_5/legal/openws-LICENSE.txt
@@ -0,0 +1,202 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/1_5/legal/slf4j-api-LICENSE.txt b/1_5/legal/slf4j-api-LICENSE.txt
new file mode 100644
index 0000000..479c603
--- /dev/null
+++ b/1_5/legal/slf4j-api-LICENSE.txt
@@ -0,0 +1,12 @@
+Copyright (c) 2004-2008 QOS.ch
+All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software
+without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit
+persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/1_5/legal/slf4j-jdk14-LICENSE.txt b/1_5/legal/slf4j-jdk14-LICENSE.txt
new file mode 100644
index 0000000..5715aa3
--- /dev/null
+++ b/1_5/legal/slf4j-jdk14-LICENSE.txt
@@ -0,0 +1,12 @@
+Copyright (c) 2004-2008 QOS.ch
+All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software
+without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit
+persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
+OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/1_5/legal/velocity-LICENSE.txt b/1_5/legal/velocity-LICENSE.txt
new file mode 100644
index 0000000..57bc88a
--- /dev/null
+++ b/1_5/legal/velocity-LICENSE.txt
@@ -0,0 +1,202 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/1_5/legal/wss4j-LICENSE.txt b/1_5/legal/wss4j-LICENSE.txt
new file mode 100644
index 0000000..57bc88a
--- /dev/null
+++ b/1_5/legal/wss4j-LICENSE.txt
@@ -0,0 +1,202 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/1_5/legal/xmlsec-LICENSE.txt b/1_5/legal/xmlsec-LICENSE.txt
new file mode 100644
index 0000000..57bc88a
--- /dev/null
+++ b/1_5/legal/xmlsec-LICENSE.txt
@@ -0,0 +1,202 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/1_5/legal/xmltooling-LICENSE.txt b/1_5/legal/xmltooling-LICENSE.txt
new file mode 100644
index 0000000..57bc88a
--- /dev/null
+++ b/1_5/legal/xmltooling-LICENSE.txt
@@ -0,0 +1,202 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/1_5/modules/distribution/bin.xml b/1_5/modules/distribution/bin.xml
new file mode 100644
index 0000000..d88e88b
--- /dev/null
+++ b/1_5/modules/distribution/bin.xml
@@ -0,0 +1,86 @@
+<assembly>
+ <id>bin</id>
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <formats>
+ <format>zip</format>
+ </formats>
+ <dependencySets>
+ <dependencySet>
+ <outputDirectory>${dist.dir}/modules</outputDirectory>
+ <includes>
+ <include>org.apache.rampart:rampart:mar</include>
+ <include>org.apache.rampart:rahas:mar</include>
+ </includes>
+ </dependencySet>
+ <dependencySet>
+ <outputDirectory>${dist.dir}/lib</outputDirectory>
+ <includes>
+ <include>org.apache.santuario:xmlsec:jar</include>
+ <include>opensaml:opensaml:jar</include>
+ <include>org.apache.ws.security:wss4j:jar</include>
+ <include>bouncycastle:bcprov-jdk15:jar</include>
+ <include>org.apache.rampart:rampart-core:jar</include>
+ <include>org.apache.rampart:rampart-policy:jar</include>
+ <include>org.apache.rampart:rampart-trust:jar</include>
+ <include>org.opensaml:opensaml:jar</include>
+ <include>org.opensaml:xmltooling:jar</include>
+ <include>joda-time:joda-time:jar</include>
+ <include>org.slf4j:slf4j-api:jar</include>
+ <include>org.slf4j:slf4j-jdk14:jar</include>
+ <include>velocity:velocity:jar</include>
+ <include>commons-collections:commons-collections:jar</include>
+ <include>org.opensaml:openws:jar</include>
+ </includes>
+ </dependencySet>
+ </dependencySets>
+ <fileSets>
+ <fileSet>
+ <directory>target/apidocs</directory>
+ <outputDirectory>${dist.dir}/docs/apidocs</outputDirectory>
+ </fileSet>
+ <fileSet>
+ <directory>../documentation/target/site</directory>
+ <outputDirectory>${dist.dir}/docs</outputDirectory>
+ </fileSet>
+ <fileSet>
+ <directory>../rampart-samples</directory>
+ <outputDirectory>${dist.dir}/samples</outputDirectory>
+ </fileSet>
+ <fileSet>
+ <directory>../../legal</directory>
+ <outputDirectory>${dist.dir}/lib</outputDirectory>
+ </fileSet>
+ </fileSets>
+
+ <files>
+ <file>
+ <source>../../release-docs/README.txt</source>
+ <outputDirectory>${dist.dir}</outputDirectory>
+ <destName>README</destName>
+ </file>
+ <file>
+ <source>../../release-docs/LICENSE.txt</source>
+ <outputDirectory>${dist.dir}</outputDirectory>
+ <destName>LICENSE</destName>
+ </file>
+ <file>
+ <source>../../release-docs/NOTICE.txt</source>
+ <outputDirectory>${dist.dir}</outputDirectory>
+ <destName>NOTICE</destName>
+ </file>
+ <file>
+ <source>../../release-docs/ChangeLog.txt</source>
+ <outputDirectory>${dist.dir}</outputDirectory>
+ <destName>ChangeLog</destName>
+ </file>
+ <file>
+ <source>../../release-docs/release-notes.html</source>
+ <outputDirectory>${dist.dir}</outputDirectory>
+ </file>
+ <file>
+ <source>build.xml</source>
+ <outputDirectory>${dist.dir}</outputDirectory>
+ </file>
+ </files>
+
+</assembly>
diff --git a/1_5/modules/distribution/build.xml b/1_5/modules/distribution/build.xml
new file mode 100644
index 0000000..6441f51
--- /dev/null
+++ b/1_5/modules/distribution/build.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<project basedir="." default="setup">
+
+ <property name="lib.dir" value="lib"/>
+ <property name="modules.dir" value="modules"/>
+
+ <property environment="env"/>
+
+ <target name="check.dependency" unless="env.AXIS2_HOME">
+ <echo message="AXIS2_HOME must be set"/>
+ </target>
+
+ <!-- Copy the required jars and mars appropriately -->
+ <target name="setup" if="env.AXIS2_HOME" depends="check.dependency">
+
+ <property name="axis2.modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="axis2.lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <copy todir="${axis2.lib.dir}">
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </copy>
+
+ <copy todir="${axis2.modules.dir}">
+ <fileset dir="${modules.dir}">
+ <include name="**/*.mar"/>
+ </fileset>
+ </copy>
+
+ </target>
+
+</project>
diff --git a/1_5/modules/distribution/pom.xml b/1_5/modules/distribution/pom.xml
new file mode 100644
index 0000000..e105927
--- /dev/null
+++ b/1_5/modules/distribution/pom.xml
@@ -0,0 +1,120 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.5</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-dist</artifactId>
+ <packaging>pom</packaging>
+ <name>Rampart - Distribution</name>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <version>1.1</version>
+ <executions>
+ <execution>
+ <id>build-javadoc</id>
+ <phase>package</phase>
+ <configuration>
+ <tasks>
+ <javadoc packagenames="org.apache.rampart.*,org.apache.rahas.*"
+ destdir="target/apidocs"
+ author="true"
+ breakiterator="true"
+ version="true"
+ use="true"
+ windowtitle="Apache Rampart API">
+
+ <sourcepath>
+ <dirset dir="../..">
+ <include name="**/rampart-core/src/main/java"/>
+ <include name="**/rampart-policy/src/main/java"/>
+ <include name="**/rampart-trust/src/main/java"/>
+ </dirset>
+ </sourcepath>
+
+ <classpath refid="maven.dependency.classpath"/>
+ <classpath refid="maven.compile.classpath"/>
+ <classpath refid="maven.runtime.classpath"/>
+
+ </javadoc>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>2.2-beta-1</version>
+ <executions>
+ <execution>
+ <id>distribution-package</id>
+ <phase>package</phase>
+ <goals>
+ <goal>attached</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>bin.xml</descriptor>
+ <descriptor>src.xml</descriptor>
+ </descriptors>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart</artifactId>
+ <version>${rampart.mar.version}</version>
+ <type>mar</type>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rahas</artifactId>
+ <version>${rahas.mar.version}</version>
+ <type>mar</type>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-core</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk14</artifactId>
+ <version>${bcprov.jdk14.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ <version>${bcprov.jdk15.version}</version>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/1_5/modules/distribution/src.xml b/1_5/modules/distribution/src.xml
new file mode 100644
index 0000000..91e84e3
--- /dev/null
+++ b/1_5/modules/distribution/src.xml
@@ -0,0 +1,48 @@
+<assembly>
+ <id>src</id>
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <formats>
+ <format>zip</format>
+ </formats>
+
+ <fileSets>
+ <fileSet>
+ <directory>../..</directory>
+ <outputDirectory>rampart-src-${rampart.version}</outputDirectory>
+ <includes>
+ <include>**/modules/**/*</include>
+ <include>**/pom.xml</include>
+ <include>src</include>
+ <include>release-docs/*</include>
+ </includes>
+ <excludes>
+ <exclude>**/target</exclude>
+ <exclude>**/target/**/*</exclude>
+ <exclude>**/build</exclude>
+ <exclude>**/build/**/*</exclude>
+ <exclude>**/.settings</exclude>
+ <exclude>**/.classpath</exclude>
+ <exclude>**/.project</exclude>
+ <exclude>**/.wtpmodules</exclude>
+ <exclude>**/*.iml</exclude>
+ <exclude>**/.settings</exclude>
+ <exclude>**/.settings/**/*</exclude>
+ <exclude>**/.svn/**</exclude>
+ </excludes>
+ </fileSet>
+ </fileSets>
+
+ <files>
+ <file>
+ <source>../../release-docs/LICENSE.txt</source>
+ <outputDirectory>rampart-src-${rampart.version}</outputDirectory>
+ <destName>LICENSE</destName>
+ </file>
+ <file>
+ <source>../../release-docs/NOTICE.txt</source>
+ <outputDirectory>rampart-src-${rampart.version}</outputDirectory>
+ <destName>NOTICE</destName>
+ </file>
+ </files>
+
+</assembly>
diff --git a/1_5/modules/documentation/pom.xml b/1_5/modules/documentation/pom.xml
new file mode 100644
index 0000000..ee652e8
--- /dev/null
+++ b/1_5/modules/documentation/pom.xml
@@ -0,0 +1,33 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.5</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-documentaion</artifactId>
+ <packaging>pom</packaging>
+ <name>Rampart - Documentation</name>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <version>2.0-beta-5</version>
+ <inherited>false</inherited>
+ <executions>
+ <execution>
+ <phase>install</phase>
+ <goals>
+ <goal>site</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/1_5/modules/documentation/src/site/resources/css/maven-base.css b/1_5/modules/documentation/src/site/resources/css/maven-base.css
new file mode 100755
index 0000000..b47862a
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/css/maven-base.css
@@ -0,0 +1,143 @@
+body {
+ margin: 0px;
+ padding: 0px;
+}
+img {
+ border:none;
+}
+table {
+ padding:0px;
+ width: 100%;
+ margin-left: -2px;
+ margin-right: -2px;
+}
+acronym {
+ cursor: help;
+ border-bottom: 1px dotted #feb;
+}
+table.bodyTable th, table.bodyTable td {
+ padding: 2px 4px 2px 4px;
+ vertical-align: top;
+}
+div.clear{
+ clear:both;
+ visibility: hidden;
+}
+div.clear hr{
+ display: none;
+}
+#bannerLeft, #bannerRight {
+ font-size: xx-large;
+ font-weight: bold;
+}
+#bannerLeft img, #bannerRight img {
+ margin: 0px;
+}
+.xleft, #bannerLeft img {
+ float:left;
+}
+.xright, #bannerRight {
+ float:right;
+}
+#banner {
+ padding: 0px;
+}
+#banner img {
+ border: none;
+}
+#breadcrumbs {
+ padding: 3px 10px 3px 10px;
+}
+#leftColumn {
+ width: 170px;
+ float:left;
+ overflow: auto;
+}
+#bodyColumn {
+ margin-right: 1.5em;
+ margin-left: 197px;
+}
+#legend {
+ padding: 8px 0 8px 0;
+}
+#navcolumn {
+ padding: 8px 4px 0 8px;
+}
+#navcolumn h5 {
+ margin: 0;
+ padding: 0;
+ font-size: small;
+}
+#navcolumn ul {
+ margin: 0;
+ padding: 0;
+ font-size: small;
+}
+#navcolumn li {
+ list-style-type: none;
+ background-image: none;
+ background-repeat: no-repeat;
+ background-position: 0 0.4em;
+ padding-left: 16px;
+ list-style-position: outside;
+ line-height: 1.2em;
+ font-size: smaller;
+}
+#navcolumn li.expanded {
+ background-image: url(../images/expanded.gif);
+}
+#navcolumn li.collapsed {
+ background-image: url(../images/collapsed.gif);
+}
+#poweredBy {
+ text-align: center;
+}
+#navcolumn img {
+ margin-top: 10px;
+ margin-bottom: 3px;
+}
+#poweredBy img {
+ display:block;
+ margin: 20px 0 20px 17px;
+}
+#search img {
+ margin: 0px;
+ display: block;
+}
+#search #q, #search #btnG {
+ border: 1px solid #999;
+ margin-bottom:10px;
+}
+#search form {
+ margin: 0px;
+}
+#lastPublished {
+ font-size: x-small;
+}
+.navSection {
+ margin-bottom: 2px;
+ padding: 8px;
+}
+.navSectionHead {
+ font-weight: bold;
+ font-size: x-small;
+}
+.section {
+ padding: 4px;
+}
+#footer {
+ padding: 3px 10px 3px 10px;
+ font-size: x-small;
+}
+#breadcrumbs {
+ font-size: x-small;
+ margin: 0pt;
+}
+.source {
+ padding: 12px;
+ margin: 1em 7px 1em 7px;
+}
+.source pre {
+ margin: 0px;
+ padding: 0px;
+}
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/css/maven-theme.css b/1_5/modules/documentation/src/site/resources/css/maven-theme.css
new file mode 100755
index 0000000..67bb41b
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/css/maven-theme.css
@@ -0,0 +1,129 @@
+body {
+ padding: 0px 0px 10px 0px;
+}
+body, td, select, input, li{
+ font-family: Verdana, Helvetica, Arial, sans-serif;
+ font-size: 13px;
+}
+code{
+ font-family: Courier, monospace;
+ font-size: 13px;
+}
+#legend li.externalLink {
+ background: url(../images/external.png) left top no-repeat;
+ padding-left: 18px;
+}
+a.externalLink, a.externalLink:link, a.externalLink:visited, a.externalLink:active, a.externalLink:hover {
+ background: url(../images/external.png) right center no-repeat;
+ padding-right: 18px;
+}
+#legend li.newWindow {
+ background: url(../images/newwindow.png) left top no-repeat;
+ padding-left: 18px;
+}
+a.newWindow, a.newWindow:link, a.newWindow:visited, a.newWindow:active, a.newWindow:hover {
+ background: url(../images/newwindow.png) right center no-repeat;
+ padding-right: 18px;
+}
+h2 {
+ padding: 4px 4px 4px 6px;
+ border: 1px solid #999;
+ color: #900;
+ background-color: #ddd;
+ font-weight:900;
+ font-size: x-large;
+}
+h3 {
+ padding: 4px 4px 4px 6px;
+ border: 1px solid #aaa;
+ color: #900;
+ background-color: #eee;
+ font-weight: normal;
+ font-size: large;
+}
+h4 {
+ padding: 4px 4px 4px 6px;
+ border: 1px solid #bbb;
+ color: #900;
+ background-color: #fff;
+ font-weight: normal;
+ font-size: large;
+}
+h5 {
+ padding: 4px 4px 4px 6px;
+ color: #900;
+ font-size: normal;
+}
+p {
+ line-height: 1.3em;
+ font-size: small;
+}
+#breadcrumbs {
+ border-top: 1px solid #aaa;
+ border-bottom: 1px solid #aaa;
+ background-color: #ccc;
+}
+#leftColumn {
+ margin: 10px 0 0 5px;
+ border: 1px solid #999;
+ background-color: #eee;
+}
+#navcolumn h5 {
+ font-size: smaller;
+ border-bottom: 1px solid #aaaaaa;
+ padding-top: 2px;
+ color: #000;
+}
+
+table.bodyTable th {
+ color: white;
+ background-color: #bbb;
+ text-align: left;
+ font-weight: bold;
+}
+
+table.bodyTable th, table.bodyTable td {
+ font-size: 1em;
+}
+
+table.bodyTable tr.a {
+ background-color: #ddd;
+}
+
+table.bodyTable tr.b {
+ background-color: #eee;
+}
+
+.source {
+ border: 1px solid #999;
+}
+dl {
+ padding: 4px 4px 4px 6px;
+ border: 1px solid #aaa;
+ background-color: #ffc;
+}
+dt {
+ color: #900;
+}
+#organizationLogo img, #projectLogo img, #projectLogo span{
+ margin: 8px;
+}
+#banner {
+ border-bottom: 1px solid #fff;
+}
+.errormark, .warningmark, .donemark, .infomark {
+ background: url(../images/icon_error_sml.gif) no-repeat;
+}
+
+.warningmark {
+ background-image: url(../images/icon_warning_sml.gif);
+}
+
+.donemark {
+ background-image: url(../images/icon_success_sml.gif);
+}
+
+.infomark {
+ background-image: url(../images/icon_info_sml.gif);
+}
+
diff --git a/1_5/modules/documentation/src/site/resources/css/print.css b/1_5/modules/documentation/src/site/resources/css/print.css
new file mode 100755
index 0000000..49aae7e
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/css/print.css
@@ -0,0 +1,7 @@
+#banner, #footer, #leftcol, #breadcrumbs, .docs #toc, .docs .courtesylinks, #leftColumn, #navColumn {
+ display: none !important;
+}
+#bodyColumn, body.docs div.docs {
+ margin: 0 !important;
+ border: none !important
+}
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/css/site.css b/1_5/modules/documentation/src/site/resources/css/site.css
new file mode 100755
index 0000000..9a3c9f9
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/css/site.css
@@ -0,0 +1,297 @@
+/* page general styles */
+body{
+ padding:0px;
+ margin:0px;
+ width:1000px;
+}
+a{
+ color:#557f95;
+ text-decoration:none;
+}
+a:hover{
+ color:#000000;
+ text-decoration:underline;
+}
+body, td, tr, input,h1,h2,h3,h4,h5,h6,a{
+ font: 12px Verdana, Arial, Helvetica, sans-serif;
+ line-height:18px;
+}
+pre{
+ overflow-x:auto;
+}
+h1 {
+ color:#575757;
+ font-size:24px;
+ font-weight:bold;
+ line-height:normal;
+ margin:5px 0px;
+ padding:2px;
+}
+}
+h2{
+ padding:0px;
+ margin:0px;
+ font-size:14px;
+ font-weight:bold;
+ height:22px;
+ background-color:#bcbcbc;
+ text-indent:10px;
+ color:#000000;
+}
+h3{
+ padding:0px;
+ margin:0px;
+ font-weight:bold;
+}
+h4{
+ font-weight:bold;
+ color:#777777;
+}
+p{
+ padding-top:5px;
+ padding-bottom:5px;
+ line-height:18px;
+}
+/* page styles */
+.page-padding{
+ padding-left:10px;
+ padding-right:10px;
+}
+.composite{
+/* Uncomment these lines to give a fixed width with centered positioning ....*/
+ position:absolute;
+ left:50%;
+ width:980px;
+ margin-left:-490px;
+ border:solid 1px #83b0c0;
+ margin-top:5px;
+}
+
+/* header styles */
+#banner{
+ background-image:url(../images/apache-rampart-banner-background.jpg);
+ background-repeat:repeat-x;
+ background-position:0px 0px;
+ height:98px;
+}
+#bannerLeft{
+ background-image:url(../images/apache-rampart-logo.jpg);
+ background-repeat:no-repeat;
+ background-position:0px 0px;
+ height:103px;
+ text-align:right;
+ padding-right:10px;
+ display:block;
+}
+#breadcrumbs{
+ position:absolute;
+ top:70px;
+ background-color:transparent;
+ border-bottom:none;
+ border-top:none;
+ font-size:auto;
+ margin:0pt;
+ padding:0px;
+}
+#bannerRight{
+ background-image:url(../images/apache-rampart-banner.jpg);
+ background-repeat:no-repeat;
+ background-position:right 0px;
+ display:block;
+ height:65px;
+ position:absolute;
+ right:0px;
+ top:0px;
+}
+.xleft{
+ color:#929292;
+ right:200px;
+ position:absolute;
+}
+.top-menu a{
+ color:#000000;
+ text-decoration:none;
+}
+.top-menu a:hover{
+ text-decoration:underline;
+}
+.top-menu-gap{
+ padding-left:30px;
+}
+
+/* content text */
+.content{
+
+}
+#leftColumn{
+ width:179px;
+ background-color:transparent;
+ border:none;
+ margin:10px 0px 0px 5px;
+}
+#navcolumn h5{
+ text-indent:15px;
+ height:23px;
+ color:#ffffff;
+ background-image:url(../images/apache-rampart-menu-top.jpg);
+ background-repeat:no-repeat;
+ background-position:left 0px;
+}
+#navcolumn{
+ background-image:url(../images/apache-rampart-menu.jpg);
+ background-repeat:no-repeat;
+ background-position:0px 0px;
+ background-color:#e5e5e5;
+ border-bottom:solid 1px #b4b4b4;
+ padding:0px 0px 0pt 0px;
+ font-size:11px;
+}
+#navcolumn ul{
+ padding:0px;
+ margin:0px;
+ list-style:none;
+ padding-left:10px;
+}
+#navcolumn ul ul{
+ margin-left:-10px;
+}
+#navcolumn li{
+ margin-top:3px;
+}
+#navcolumn strong{
+ font-weight:bold;
+}
+#navcolumn ul li a {
+ text-indent:0px;
+ font-size:12px;
+ color:#224351;
+}
+#navcolumn li.expanded {
+ background-image:url(../images/apache-rampart-menu-button.gif);
+ background-repeat:no-repeat;
+ background-position:0px 5px;
+}
+#navcolumn ul li ul li a{
+ background-image:none;
+ text-indent:0px;
+ font-size:11px;
+ color:#557f95;
+ font-size:11px;
+}
+#bodyColumn{
+ background-color:#F3F3F3;
+ border:1px solid #B4B4B4;
+ margin-right:10px;
+ margin-left:194px;
+ margin-top:10px;
+ padding-left:10px;
+}
+.menu-bottom-left{
+ background-image:url(../images/apache-rampart-menu-bottom.jpg);
+ background-repeat:no-repeat;
+ background-position:0px 0px;
+ background-color:#e5e5e5;
+ width:15px;
+ height:13px;
+ float:left;
+}
+.menu-bottom-right{
+ background-color:#e5e5e5;
+ border-bottom:solid 1px #b4b4b4;
+ height:13px;
+ float:right;
+ width:164px;
+}
+.content-back1{
+ background-image:url(../images/apache-rampart-spliter.jpg);
+ background-repeat:no-repeat;
+ background-position:0px 0px;
+}
+.content-back2{
+ background-image:url(../images/apache-rampart-content-back.jpg);
+ background-repeat:repeat-y;
+ background-position:0px 0px;
+ background-color:#f3f3f3;
+ border-bottom:solid 1px #b4b4b4;
+ border-right:solid 1px #b4b4b4;
+ margin-right:10px;
+}
+.content-display{
+ margin-left:32px;
+ padding-bottom:10px;
+}
+.poweredBy{
+ margin-left:30px;
+ margin-top:5px;
+}
+.footer{
+ color:#929292;
+ margin-top:10px;
+ margin-left:10px;
+}
+.command {
+ border: 1px dashed #3c78b5;
+ text-align: left;
+ background-color: #f0f0f0;
+ padding: 3px;
+ font-size: 11px;
+ font-family: Courier;
+ margin: 10px;
+ line-height: 13px;
+}
+.consoleOutput {
+ border: 1px dashed #3c78b5;
+ font-size: 11px;
+ font-family: Courier;
+ margin: 10px;
+ line-height: 13px;
+ background-color: #f0f0f0;
+ border-bottom: 1px dashed #3c78b5;
+ padding: 3px;
+ border-style: solid;
+}
+.info {
+ border-style: solid;
+ border-width: 1px;
+ border-color: #090;
+ background-color: #dfd;
+ text-align:left;
+ margin-top: 5px;
+ margin-bottom: 5px;
+}
+.data-table{
+ font-family:Verdana,Arial,Helvetica,sans-serif;
+ font-size:11px;
+ border:0px;
+ margin:0px;
+ border:solid 1px #cdcdcd;
+}
+.data-table th{
+ background-color:#eeeeee;
+ border-bottom:solid 1px #8d8d8d;
+ padding-top:5px;
+ padding-left:3px;
+ text-align:left;
+}
+.data-table td{
+ padding-top:4px;
+ padding-left:3px;
+ border-bottom:solid 1px #e1e1e1;
+}
+.download-pre {
+ font-family:Verdana,Arial,Helvetica,sans-serif;
+ font-size:11px;
+ font-style:normal;
+ margin:0;
+ padding-bottom:3px;
+ padding-top:3px;
+}
+
+.download-header-pre {
+ font-family:Verdana,Arial,Helvetica,sans-serif;
+ font-size:12px;
+ font-weight:bold;
+ margin:0;
+ padding-top:3px;
+ padding-bottom:3px;
+}
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/css/style.css b/1_5/modules/documentation/src/site/resources/css/style.css
new file mode 100755
index 0000000..7893e2f
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/css/style.css
@@ -0,0 +1,184 @@
+/* page general styles */
+body{
+padding:0px;
+margin:0px;
+}
+a{
+color:#557f95;
+text-decoration:none;
+}
+a:hover{
+color:#000000;
+text-decoration:underline;
+}
+body, td, tr, input,h1,h2{
+font: 12px Verdana, Arial, Helvetica, sans-serif;
+line-height:18px;
+}
+h1{
+padding:0px;
+margin:0px;
+font-size:14px;
+font-weight:bold;
+height:22px;
+background-color:#bcbcbc;
+text-indent:10px;
+}
+h2{
+padding:0px;
+margin:0px;
+font-weight:bold;
+}
+h3{
+font-weight:bold;
+color:#777777;
+}
+p{
+padding-top:5px;
+padding-bottom:5px;
+line-height:18px;
+}
+/* page styles */
+.page-padding{
+padding-left:10px;
+padding-right:10px;
+}
+.page-external{
+/* Uncomment these lines to give a fixed width with centered positioning ....
+position:absolute;
+left:50%;
+width:980px;
+margin-left:-490px;
+border:solid 1px #83b0c0;
+*/
+}
+
+/* header styles */
+.header{
+background-image:url(../images/apache-rampart-banner-background.jpg);
+background-repeat:repeat-x;
+background-position:0px 0px;
+height:98px;
+}
+.header-logo{
+background-image:url(../images/apache-rampart-logo.jpg);
+background-repeat:no-repeat;
+background-position:0px 0px;
+height:103px;
+text-align:right;
+padding-right:10px;
+}
+.top-menu{
+background-image:url(../images/apache-rampart-banner.jpg);
+background-repeat:no-repeat;
+background-position:right 0px;
+padding-top:65px;
+}
+.top-menu a{
+color:#000000;
+text-decoration:none;
+}
+.top-menu a:hover{
+text-decoration:underline;
+}
+.top-menu-gap{
+padding-left:30px;
+}
+.last-update-text{
+color:#929292;
+}
+
+/* content text */
+.content{
+
+}
+.menu{
+width:179px;
+padding-left:10px;
+}
+.menu-top{
+text-indent:15px;
+height:23px;
+color:#ffffff;
+background-image:url(../images/apache-rampart-menu-top.jpg);
+background-repeat:no-repeat;
+background-position:left 0px;
+}
+.menu-middle{
+background-image:url(../images/apache-rampart-menu.jpg);
+background-repeat:no-repeat;
+background-position:0px 0px;
+background-color:#e5e5e5;
+border-left:solid 1px #b4b4b4;
+padding-top:5px;
+font-size:11px;
+}
+.menu-middle ul{
+padding:0px;
+margin:0px;
+list-style:none;
+padding-left:10px;
+}
+.menu-middle ul ul{
+padding-left:15px;
+}
+.menu-middle li{
+margin-top:3px;
+}
+.menu-selected{
+font-weight:bold;
+}
+.navHeadings{
+background-image:url(../images/apache-rampart-menu-button.gif);
+background-repeat:no-repeat;
+background-position:0px 5px;
+text-indent:15px;
+font-size:12px;
+color:#224351;
+}
+.navHeadings-link{
+display:block;
+}
+.menu-bottom-left{
+background-image:url(../images/apache-rampart-menu-bottom.jpg);
+background-repeat:no-repeat;
+background-position:0px 0px;
+background-color:#e5e5e5;
+width:15px;
+height:13px;
+float:left;
+}
+.menu-bottom-right{
+background-color:#e5e5e5;
+border-bottom:solid 1px #b4b4b4;
+height:13px;
+float:right;
+width:164px;
+}
+.content-back1{
+background-image:url(../images/apache-rampart-spliter.jpg);
+background-repeat:no-repeat;
+background-position:0px 0px;
+}
+.content-back2{
+background-image:url(../images/apache-rampart-content-back.jpg);
+background-repeat:repeat-y;
+background-position:0px 0px;
+background-color:#f3f3f3;
+border-bottom:solid 1px #b4b4b4;
+border-right:solid 1px #b4b4b4;
+margin-right:10px;
+}
+.content-display{
+margin-left:32px;
+padding-bottom:10px;
+}
+.poweredBy{
+margin-left:30px;
+margin-top:5px;
+}
+.footer{
+color:#929292;
+margin-top:10px;
+margin-left:10px;
+}
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/images/apache-rampart-banner-background.jpg b/1_5/modules/documentation/src/site/resources/images/apache-rampart-banner-background.jpg
new file mode 100755
index 0000000..29b5350
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/apache-rampart-banner-background.jpg
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/apache-rampart-banner.jpg b/1_5/modules/documentation/src/site/resources/images/apache-rampart-banner.jpg
new file mode 100644
index 0000000..e3b3738
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/apache-rampart-banner.jpg
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/apache-rampart-content-back.jpg b/1_5/modules/documentation/src/site/resources/images/apache-rampart-content-back.jpg
new file mode 100755
index 0000000..58f9b88
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/apache-rampart-content-back.jpg
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/apache-rampart-logo.jpg b/1_5/modules/documentation/src/site/resources/images/apache-rampart-logo.jpg
new file mode 100644
index 0000000..7ebc608
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/apache-rampart-logo.jpg
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/apache-rampart-menu-bottom.jpg b/1_5/modules/documentation/src/site/resources/images/apache-rampart-menu-bottom.jpg
new file mode 100755
index 0000000..96c85e5
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/apache-rampart-menu-bottom.jpg
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/apache-rampart-menu-button.gif b/1_5/modules/documentation/src/site/resources/images/apache-rampart-menu-button.gif
new file mode 100755
index 0000000..319460c
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/apache-rampart-menu-button.gif
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/apache-rampart-menu-top.jpg b/1_5/modules/documentation/src/site/resources/images/apache-rampart-menu-top.jpg
new file mode 100755
index 0000000..12c593e
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/apache-rampart-menu-top.jpg
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/apache-rampart-menu.jpg b/1_5/modules/documentation/src/site/resources/images/apache-rampart-menu.jpg
new file mode 100755
index 0000000..fad5611
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/apache-rampart-menu.jpg
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/apache-rampart-spliter.jpg b/1_5/modules/documentation/src/site/resources/images/apache-rampart-spliter.jpg
new file mode 100755
index 0000000..926622d
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/apache-rampart-spliter.jpg
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/external.png b/1_5/modules/documentation/src/site/resources/images/external.png
new file mode 100755
index 0000000..3f999fc
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/external.png
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/logos/asf_logo_wide.png b/1_5/modules/documentation/src/site/resources/images/logos/asf_logo_wide.png
new file mode 100755
index 0000000..c584eba
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/logos/asf_logo_wide.png
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/logos/build-by-maven-black.png b/1_5/modules/documentation/src/site/resources/images/logos/build-by-maven-black.png
new file mode 100755
index 0000000..919fd0f
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/logos/build-by-maven-black.png
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/logos/build-by-maven-white.png b/1_5/modules/documentation/src/site/resources/images/logos/build-by-maven-white.png
new file mode 100755
index 0000000..7d44c9c
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/logos/build-by-maven-white.png
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/logos/maven-feather.png b/1_5/modules/documentation/src/site/resources/images/logos/maven-feather.png
new file mode 100755
index 0000000..b5ada83
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/logos/maven-feather.png
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/message-builder.jpg b/1_5/modules/documentation/src/site/resources/images/message-builder.jpg
new file mode 100644
index 0000000..922fcce
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/message-builder.jpg
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/rampart-engine.jpg b/1_5/modules/documentation/src/site/resources/images/rampart-engine.jpg
new file mode 100644
index 0000000..9c10718
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/rampart-engine.jpg
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/rampart-handlers.jpg b/1_5/modules/documentation/src/site/resources/images/rampart-handlers.jpg
new file mode 100644
index 0000000..5a84e2b
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/rampart-handlers.jpg
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/rampart-trust.jpg b/1_5/modules/documentation/src/site/resources/images/rampart-trust.jpg
new file mode 100644
index 0000000..8c32f0a
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/rampart-trust.jpg
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/images/security-stack.jpg b/1_5/modules/documentation/src/site/resources/images/security-stack.jpg
new file mode 100644
index 0000000..502f31e
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/images/security-stack.jpg
Binary files differ
diff --git a/1_5/modules/documentation/src/site/resources/rampart-config.xsd b/1_5/modules/documentation/src/site/resources/rampart-config.xsd
new file mode 100644
index 0000000..ed8dd06
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/rampart-config.xsd
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ramp="http://ws.apache.org/rampart/policy" targetNamespace="http://ws.apache.org/rampart/policy" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:element name="RampartConfig">
+ <xs:annotation>
+ <xs:documentation>http://ws.apache.org/rampart/rampartconfig-guide.html</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="userCertAlias" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionUser" type="xs:string" minOccurs="0"/>
+ <xs:element name="passwordCallbackClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="policyValidatorCbClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="rampartConfigCallbackClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="signatureCrypto" type="ramp:crypto" minOccurs="0"/>
+ <xs:element name="encryptionCypto" type="ramp:crypto" minOccurs="0"/>
+ <xs:element name="decryptionCrypto" type="ramp:crypto" minOccurs="0"/>
+ <xs:element name="timestampPrecisionInMilliseconds" type="xs:boolean" minOccurs="0"/>
+ <xs:element name="timestampTTL" type="xs:integer" minOccurs="0"/>
+ <xs:element name="timestampMaxSkew" type="xs:integer" minOccurs="0"/>
+ <xs:element name="tokenStoreClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="optimizeParts" type="xs:string" minOccurs="0"/>
+ <xs:element name="sslConfig" type="ssl" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="crypto">
+ <xs:annotation>
+ <xs:documentation>http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/components/crypto/Crypto.html</xs:documentation>
+ </xs:annotation>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="property" type="xs:string"/>
+ </xs:sequence>
+ <xs:attribute name="provider"/>
+ </xs:complexType>
+ <xs:complexType name="ssl">
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="property" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+</xs:schema>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/msgs/creq04.xml b/1_5/modules/documentation/src/site/resources/samples/msgs/creq04.xml
new file mode 100644
index 0000000..737eee0
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/msgs/creq04.xml
@@ -0,0 +1,60 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+ <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
+ <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-32330841">
+ <wsu:Created>2008-06-23T13:25:35.928Z</wsu:Created>
+ <wsu:Expires>2008-06-23T13:30:35.928Z</wsu:Expires>
+ </wsu:Timestamp>
+ <wsc:SecurityContextToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="sctId-5683514">
+ <wsc:Identifier>urn:uuid:20189D76AA5794EBCA12142275347662</wsc:Identifier>
+ </wsc:SecurityContextToken>
+ <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-6169134">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="#sctId-5683514" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </wsse:SecurityTokenReference>
+ <wsc:Offset>0</wsc:Offset>
+ <wsc:Length>16</wsc:Length>
+ <wsc:Nonce>RIyJ8H6YBzSPvPAEYwpIhA==</wsc:Nonce>
+ </wsc:DerivedKeyToken>
+ <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <xenc:DataReference URI="#EncDataId-12675864" />
+ <xenc:DataReference URI="#EncDataId-1440568" />
+ </xenc:ReferenceList>
+ <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-3977333">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="#sctId-5683514" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </wsse:SecurityTokenReference>
+ <wsc:Offset>0</wsc:Offset>
+ <wsc:Length>16</wsc:Length>
+ <wsc:Nonce>RPK+fuKlKgvF2V6LOoyePQ==</wsc:Nonce>
+ </wsc:DerivedKeyToken>
+ <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-1440568" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="#derivedKeyId-6169134" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>4izBgpNhZl1HsP29cXfi0WhPqzh02PCUyKxEQt/MSw+6qliho7IFlpFQ/ksjGIUt/QyUsQArlOHlRrY+AORyToiqcTjMOZXZB4LqClFNhApsdfEfvKtREsrXrzp5v2K6B+ymqiFysbiMO5Y9KnbTFJAL6cCrJCVlO89DCzwskoyPcDVCqeRB9T47cYArFCWmeeXw6UgDiEEGVVx0zL5NYNoCyLlveYrluuGpQFVJOHhaqms3ptWmQspAoWfa94wb1OJnK4iBLtf/zlmpB/5Syl79J6ZA0GeqECVFZXKVMoWSD2qXFefV/ZmqEETXDdFI6qOhfYM8GMnIcNu3v3cvlRv/DKoGhHDggN0rYAl/w0KVRAEVTvbyMI9zj9IPsoG/BjMapKobBKTRjOS/C7I7dq6XYGAZLgxM9o+xs7vqshtejVYiQ7rZ3HtDw6NeTzZ1jVKpPGY5zXqvnytVCZ1KEK/lCTupjXB8h+WpwpEXUHsrJ/xSCYlT39IHF/VbeVSuQXFrU0726BZGAn9YdNIUwI3gQ+zwnJkiMI6vhNOVO5Gw5Xw8F3o7OE7XJhDb81Paoe/lbVCYPXdFfVUaXcVc94Fk4ER2VWExerLwTPvhiMIrkmDKWRSzsk05Mtz0I/V8Oj4xNzVx40cEhGJxDo+551QpqBLTdWcGzN6AopH8wXqPTx6mIpKHITTVVXA9JvAHsDZXbCIYnato2m65T/KslBSRKgXeYU2Yb/1OFBux24naaNRkTDxzpsnQCObgq4BZHgm9Aq2Czi5uT+lHMZElf4jbuqERFVtlUzFKgkBzzL++5d0enbaz0KlzQzO4d01mqXhdQRaTmxKXctuLaW4u7ucngMfapEqoz4ZLaWyA9fXGdA0i4+m/ILwdqqx1RKr32xGg4+4gWijDM8PjfRrdjGrUw21v9SHJ6xfbiZ6uJ3G9gknmc2Hpt++/D9kB+38Kxd2zcc1fndlEjhHYFprgGBB8/lIZOZh0ZX9x1RWY+2jmFrEdcrsczzayth0ISF6nKBWV/EyeZvDVp3+onWqK48Nq/PM0wglfOVoZotTaKsLGsAClOhEEvfhnW5YJ8Sbd2nSkRLH0TM4h5NSKVCuM/dqFlFRgVajOrY0qe2FvedKKF9TrHy/NWHErvXoWJ2amuU8MzCUPNz5GTbaD4GHSlDjRqcz0bKQcif23117oAJvluzsWb89QSWiM/I1dYbonzc0z3JVOa3uEKNTjnqGLqF3SFTCrIHiiVkjuDxsQTPXabW1uZZHLGiy/dOJ52em0HqETTiK9xZtqt75UER/MyedmqJBb1JfLqDbH9BMsji+3P7RwiQ18CDvD6HAKxy7y/3lS9CV0Xf9q1VGu18TaDKnso1Qs6/aeAP4j4+PQiMOIMsVJq9ElOnMlh/7Cy1kW9LlMokA8HEBucRDyb/OKX84gnzj8Rv+5ei85lu8acWd1CzJkD2bjO9WIj8c8HbdczTM69jquSP+yWAfK8p7Ugtp5iZSplID1ncU76d3E4Kg=</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </wsse:Security>
+ <wsa:To>http://localhost:8081/axis2/services/sample04</wsa:To>
+ <wsa:MessageID>urn:uuid:BD9F0E2AF11BC797341214227535941</wsa:MessageID>
+ <wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</wsa:Action>
+ </soapenv:Header>
+ <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-12675864">
+ <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-12675864" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <wsse:Reference URI="#derivedKeyId-6169134" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>XNAHHDEFk05rH/5clOgRx4gZa3c5erLcVJibI44syKfnC1n2guBWpujceQFpflgrvDf3Rw6m4qthtbJQwBPCJwQzzVsY4j3MFRk7BtXJ/Tw1jwF+E+v29qNrvgE4ZKQ48vP9MlLesBGizXNz8IaJWah3wolz7HAXIipRhtHsuYaTRtYttz0rFtO0dyDjhoKZtcMvdYTOPQ+4d6PyKH50em09aFuT/fN7DWd4s9OI+6BEoxGZ2V8ObQckSpyRTyGHDWt6NIfKxbqEwXHXnADmpcykiWXmIsCDOxKph8F3NFxa3Q2sG/rftROHCxhv9sq/3gaiNmSE1qw1kiKqVKkOPsGOf9CeU3FE6uisr9WTm6edSsK6uJMno+7BYWEb0AsQAUlFiqDSdkn5Z8XekeN4nsFcwXkBBa47J/MBKpy+vXcamdJG5V4cXCmZiDBvzF5ji7jvrX3/lOSYaU3UvRLjHFhesMySF2pOhQ6N5N245wPKVk337k71j9WTwQhOx6suAm2Uj/FWYfF8+nli7sPgrwn42fJcW+pTCZwaTd6NscHhH7tT6Ft4ZbHHYieqpViqX3v/CRraX1zfMXM86wnX4w3hsoJ92mW/dyc/z/WVh8++5VCvGfJhDnaI/FJWmKlh7dPrlDxShkcflPD9MDAKM8yPpgze5pxhofgGmhGHLpAEp1ZHbUxT1YJdw2rUJuqZVvp/xM31Mcr5cnkS/Oa57D5M3GQMOpHXXcKuaaVb/jYIXFm8IYQCPGFQD48vH17VriEiFlbz7v5Q7GDqvZljm12MtS4tQAh06uVFNFDsCXwsmlWGWko6dZj7Iv7nQU89nHQuzncKhsT7uV0Wh2aoG/AHYE41AX7dhL0qVOp7fK+ve3Qax8mZqX9KEhn9UUg2q/an2GGF+7fBBS4F2fZIgsuA2yyxFx1buf1cuNshDqjjXTBH0mB+g5ewXKZ6BWebIddnS9edKeEQioKsxEE3Jdd30DW+47gkoyDk5nKHIR4=</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </soapenv:Body>
+ </soapenv:Envelope>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/msgs/cres04.xml b/1_5/modules/documentation/src/site/resources/samples/msgs/cres04.xml
new file mode 100644
index 0000000..1b792cc
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/msgs/cres04.xml
@@ -0,0 +1,56 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+ <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
+ <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-10163824">
+ <wsu:Created>2008-06-23T13:25:36.119Z</wsu:Created>
+ <wsu:Expires>2008-06-23T13:30:36.119Z</wsu:Expires>
+ </wsu:Timestamp>
+ <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-14765441">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="urn:uuid:20189D76AA5794EBCA12142275347662" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </wsse:SecurityTokenReference>
+ <wsc:Offset>0</wsc:Offset>
+ <wsc:Length>16</wsc:Length>
+ <wsc:Nonce>0KWR9ekXOIuW9G3tK4nnNg==</wsc:Nonce>
+ </wsc:DerivedKeyToken>
+ <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <xenc:DataReference URI="#EncDataId-33355664" />
+ <xenc:DataReference URI="#EncDataId-31361307" />
+ </xenc:ReferenceList>
+ <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-31346136">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="urn:uuid:20189D76AA5794EBCA12142275347662" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </wsse:SecurityTokenReference>
+ <wsc:Offset>0</wsc:Offset>
+ <wsc:Length>16</wsc:Length>
+ <wsc:Nonce>rq51rXQ1eUqPz4o8J3LW4w==</wsc:Nonce>
+ </wsc:DerivedKeyToken>
+ <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-31361307" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="#derivedKeyId-14765441" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>xmAr5CVUrAydkaG05w1ozsIO3ukZgHAhtRzXAFNk0nXmH/GZ1uVyUG+upDktbnrp0hHKMVmYFfnZnILSqvjI0/qA5Bdh/DWaH18jyGmQsQUXXIaCPDthBTx4iokklSKjnYjUbsry8MRfHeC7AKhB3OrwU85q75S3WBYIHRRH28b2bbdBkjn9wTrdcPMkh54Kx1yZTuZ2H0El6g5xkLP1k4Vf/7sZ3VYRklmA4yy/r13MEYQ0kLnXIaSkQO1PUtONLJiiHCBW07xUwmf7bLDpLBtm4Jo6gjqDwEMSJdkLJrqEFxs0kLXFx53+7/pZ1S0SvHByjF2cFqxVjNFJc66D+yhIYlaB3sVtHa42vp9Vk1fJewww2dd7Xs7Oj9M0MWZaBlH/SPVxevGr3AJE5+Jvg0SRah7Nb7Aq49tU64wiMdJoWmQe7+TlZouZsGFxX6/9xqT/6iDOD9a7sbVhO3cVv7MCx0B+WdD6zczJpBTJJNtOIWBWXdgJJrioN+J8T4o9dZQ5hdLPm68CS4BZBTj08UtoMuLyO4Xirh08jbQ+No6BnjFw3FbgcwL9Gx40WXGXsZO4JTOP2uUGnH4ybd2SMkrx85PE9D+P+NVXKD/4smfXNlp05esRLPGMiXN14SxLqgKhRkzCo8RdikWlE//N1q0VyRZWn+Zlz1CkfB9lm6VxK0b9795MfsKd5PHuldsH81Y2T3ms8ePgWjeBS9B5Fby9zZtZhyDBmEzbt8LsuDj2LdR2CQaLqjco03Q5CyKRNhMRmnPsPNmUU3r0Sx2FOEZOpTYvq9trUT31BLEEJVDAfQG/1hD3117AL994mNhlCN1h3BIhuYbugrbbxnVrdNI2xJ7se2gsPDqvWXu/6kIxAngcRDWF6frgWSSO+/Wzy/mnYvyVxnfYP64rirMWSiWGUcIMen0DB/nGI/sioIfDl1pWMROmMowdi0IlQ/mdggnXd+8F0DKWWg1EnGFAGFv6FALxw/4YuzugZYopI1nIuV8edi+7yFHUfWoM+Liqi+/5WNasiRnCbeZs5uKBxsdrs6tfJhrWXiLqYgF03L1bF7xa9HAiWqbq1UkeKHvqw/7wAAMnGR36aX6np9DeJ7a82Ro7895xwcGjcYhHxcqJgwqO/0d6wN3ExgSWl+jCLNgMRTp00F7iI6qG/lynubLs8OHVfRiS0806DxRytzcjhlK55cMHp7wPvJgHZOt78I58YfyoqTKHAbv4p5moBrNSaBxmCsbqiqf6uIFwi1mX8jjmhWluDhBi2V6chd4siqmqjsT/KFke1RL6Ry9OGdGJa/VVg0tLk/hXYX2l6gckqTtNTHO3QnhovCUMpWsIsmnO5c+Ne4gLlAgUVE3yxDznLuUgvI4PvqhE7b9Zj4f9QjCT+DqTM0FNHUx8lwsXEVtZuKnA79jqnFS5CVNn6PwVoHWuFJ/roZI2B0/kUjr0fU+S/0oFrly22VOtodgHItvFqUPPbWrhs8WyYUbzNQhruDMlJWxqV2nE7ne2N1Q=</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </wsse:Security>
+ <wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Cancel</wsa:Action>
+ <wsa:RelatesTo>urn:uuid:BD9F0E2AF11BC797341214227535941</wsa:RelatesTo>
+ </soapenv:Header>
+ <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-33355664">
+ <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-33355664" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <wsse:Reference URI="#derivedKeyId-14765441" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>Y09S9IsFW31fIw62vUPPkQ45DUtG/HuN5gQbcZPUtUIKzJnZm5x0YLO0bh5wr9/tXFPooAdgZnARzraojulwLjMC/IZI1NDgPuTdm0JWdHpmolS2CuJ6qrqKC0FZB41CyygvAqvSjw5aTlYSYS1rQ2iy8h04NxcegmdaEw3cV+0zduq2NnK19TuL4CTthYiN8ViGbO/x0KwG4ZIHUKXEh1Tx2wGOMhD3QjX+awT1jFCnyveopdc/1uH3mOdMiXnCTg53j38uRLFY/pHWl00QbJVcADUkf73/Bt7zOT3rSYgKp53wO043mOEEiQBUddFSELlu24W8uNFb651TiPctqnZfbZ3RhKmymBbc5YBvQ3hEkz37akgJMKOKfISALzFD8NXGjgF98tEp1TsHX5vPM5MddnLa1Ul26MilQpuWpUGc9FQVUWDydRrj7joy/s7SuMZg21gETL/dqikntobpz5RIGVczHLEKUvJtszWBJ+w=</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </soapenv:Body>
+ </soapenv:Envelope>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/msgs/req01.xml b/1_5/modules/documentation/src/site/resources/samples/msgs/req01.xml
new file mode 100644
index 0000000..69bdbc9
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/msgs/req01.xml
@@ -0,0 +1,22 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+ <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
+ <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-12468716">
+ <wsu:Created>2008-06-23T13:17:13.841Z</wsu:Created>
+ <wsu:Expires>2008-06-23T13:22:13.841Z</wsu:Expires>
+ </wsu:Timestamp>
+ <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-31571602">
+ <wsse:Username>alice</wsse:Username>
+ <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">bobPW</wsse:Password>
+ </wsse:UsernameToken>
+ </wsse:Security>
+ <wsa:To>http://localhost:8081/axis2/services/sample01</wsa:To>
+ <wsa:MessageID>urn:uuid:AEDBA74A8D1FC94B631214227032877</wsa:MessageID>
+ <wsa:Action>urn:echo</wsa:Action>
+ </soapenv:Header>
+ <soapenv:Body>
+ <ns1:echo xmlns:ns1="http://sample01.policy.samples.rampart.apache.org">
+ <param0>Hello world</param0>
+ </ns1:echo>
+ </soapenv:Body>
+ </soapenv:Envelope>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/msgs/req02.xml b/1_5/modules/documentation/src/site/resources/samples/msgs/req02.xml
new file mode 100644
index 0000000..e7d6ecc
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/msgs/req02.xml
@@ -0,0 +1,55 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
+ <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-671035">
+ <wsu:Created>2008-06-23T13:10:54.892Z</wsu:Created>
+ <wsu:Expires>2008-06-23T13:15:54.892Z</wsu:Expires>
+ </wsu:Timestamp>
+ <xenc:EncryptedKey Id="EncKeyId-urn:uuid:4BB2B4A78829897FA412142266555822">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference>
+ <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">HYL371NzoOs2+IA24VDkBGcUFQM=</wsse:KeyIdentifier>
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>DPqhh74Sed1b4ftUFuxdJDN+EqacoDLWwLuhioh+JBdJdeUrMcBT35CVENhQLjdmn1KupGz7AOA5MnKZTxTz9db4vvb0NWSENw6LYRMbMoosSOEhIA661kl7Nh2DSu1zUCj1uaBEUcSLanoLXV2ukBl5xpOztsjnxtv+PBDATuk=</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedKey>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-24833256">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
+ <ds:Reference URI="#Id-17427094">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>ER13nSQoU0r4ClwmIomrNeFT/GM=</ds:DigestValue>
+ </ds:Reference>
+ <ds:Reference URI="#Timestamp-671035">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>0c73jMRXfdIP8g12FVgtXWZEJVs=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>lnQpzG7gC0ScRaVLZZeZac/dbDA=</ds:SignatureValue>
+ <ds:KeyInfo Id="KeyId-5313146">
+ <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-9708927">
+ <wsse:Reference URI="#EncKeyId-urn:uuid:4BB2B4A78829897FA412142266555822" ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#EncryptedKey" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ </ds:Signature>
+ </wsse:Security>
+ <wsa:To>http://localhost:8081/axis2/services/sample02</wsa:To>
+ <wsa:MessageID>urn:uuid:62D436CDF33F6A15561214226653256</wsa:MessageID>
+ <wsa:Action>urn:echo</wsa:Action>
+ </soapenv:Header>
+ <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-17427094">
+ <ns1:echo xmlns:ns1="http://sample02.policy.samples.rampart.apache.org">
+ <param0>Hello world</param0>
+ </ns1:echo>
+ </soapenv:Body>
+</soapenv:Envelope>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/msgs/req03.xml b/1_5/modules/documentation/src/site/resources/samples/msgs/req03.xml
new file mode 100644
index 0000000..9693cb9
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/msgs/req03.xml
@@ -0,0 +1,69 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
+ <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-27682895">
+ <wsu:Created>2008-06-23T13:20:49.334Z</wsu:Created>
+ <wsu:Expires>2008-06-23T13:25:49.334Z</wsu:Expires>
+ </wsu:Timestamp>
+ <xenc:EncryptedKey Id="EncKeyId-urn:uuid:64DB4A7E53F67EF3F112142272504712">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference>
+ <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">HYL371NzoOs2+IA24VDkBGcUFQM=</wsse:KeyIdentifier>
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>Y1G4IvsVfHLHWEW89D7wC7wVYfks1/Q5JHru0NaZlDE89rRTIITZrjjS6ajcXcjNiRcQMbElYoG4tnfXOyqOYYPAWaBGXbQIQo+jFZq+hHfYt+j8YrOP8hg9uELzwtmPT7GAv1bFn+dEwEU6Ez5ZdCVH0cImWcf1fdezMkxvXcY=</xenc:CipherValue>
+ </xenc:CipherData>
+ <xenc:ReferenceList>
+ <xenc:DataReference URI="#EncDataId-3808966" />
+ </xenc:ReferenceList>
+ </xenc:EncryptedKey>
+ <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1" wsu:Id="CertId-148082">MIICTDCCAbUCBEbJZMQwDQYJKoZIhvcNAQEEBQAwbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDAgFw0wNzA4MjAwOTU0MTJaGA8yMDYyMDUyMzA5NTQxMlowbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhjQp2NJRUrAEsPYIlg26m34O16E6WkyBWMbkSvy/FJQoNg2HSOtqF/DHmej7qqJCDtiHtdZqCTOo28cpyB3XJ0g6y23ADTy1v7qUjYieF4Bn3p9QFtyznUmKyZ6hK4CjGraYvcDgjRlnPkfeyVnNamkzJB7TVRaLkumRlxHgxm0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBNLSbNEaGBj8GBoXWBndY3JFvblPvI2mDbtZsNiggGOCezyAufGe6RnR3s5DjR5YQqPcMiDtlskFQm4/SRN2Yh16E6l7LfsOhGQsPiPrDrci4T18pz1eDLSrtJiiBah1NdeISaD0kpoUiaNKiQiu16JCnxc8tGSw3nSPg44aLYmA==</wsse:BinarySecurityToken>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-10233621">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <ds:Reference URI="#Id-3808966">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>tcezUPWEWmP8G5BUusQhkrWU7aw=</ds:DigestValue>
+ </ds:Reference>
+ <ds:Reference URI="#Timestamp-27682895">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>jJppWrhxEVdbWqD6QwgDzMfkObc=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>a7ZfqKgggx+1r/0hg/Mt8y6S5MXUM/9Fzb9F/FTSENm+4QfI6Q8wRYj38hKYcOUU5cZ/hAk0WkmnTHDVjjKuvgxRIuQ5E/awM4t248TgGRjYrTcv5HQdqe/6KJSIxxdLj900B39hEMpYXmkZvkPPUCsvCrIawkKfe0I9WyRv1N4=</ds:SignatureValue>
+ <ds:KeyInfo Id="KeyId-3823508">
+ <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-1503089">
+ <wsse:Reference URI="#CertId-148082" ValueT
+5f0
+ype="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ </ds:Signature>
+ </wsse:Security>
+ <wsa:To>http://localhost:8081/axis2/services/sample03</wsa:To>
+ <wsa:MessageID>urn:uuid:24DADACCF0309270B71214227248314</wsa:MessageID>
+ <wsa:Action>urn:echo</wsa:Action>
+ </soapenv:Header>
+ <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-3808966">
+ <xenc:EncryptedData Id="EncDataId-3808966" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <wsse:Reference URI="#EncKeyId-urn:uuid:64DB4A7E53F67EF3F112142272504712" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>lSDNH2zpu/R0039i85GoB93Sp2hg3rl20exTPccmN26YCt9rX54cbXFDwbZuIATYl52YPYHkHLK1WZP0JW+o7G8mjPAxiwBUK5hWwoOO1/I35wV7wJIvARS6CxS+IhHK3fnXsee8nLZulYaH1LDv7R+if2S1/v6YdhNodtZh2UqEZq0iHkr+GChEDwWpaiOUnyQ8mJS3hRq4GYnJEk4apQBIeuF8t64mNmY+ISlqNvQes2w5YVOsTUptmH4HPyVnfRuO/5tr7VNbh00myh0/309W8qgLCUlMJqN9nRa1v5+MX9t68pUgg92V1bV/46wE4xGDxyGgxk9asrJDvt+vNreMl5o3dOnvIaI8W5Dwpp/o7IkMtlFlT3aP7cETJ/Kb7VXLasQju2qPnSceXLJOWjLmMlqf9HraAmjaM/IbyEo=</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </soapenv:Body>
+ </soapenv:Envelope>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/msgs/req04.xml b/1_5/modules/documentation/src/site/resources/samples/msgs/req04.xml
new file mode 100644
index 0000000..85fd05c
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/msgs/req04.xml
@@ -0,0 +1,60 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+ <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
+ <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-3808966">
+ <wsu:Created>2008-06-23T13:25:33.480Z</wsu:Created>
+ <wsu:Expires>2008-06-23T13:30:33.480Z</wsu:Expires>
+ </wsu:Timestamp>
+ <wsc:SecurityContextToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="sctId-5683514">
+ <wsc:Identifier>urn:uuid:20189D76AA5794EBCA12142275347662</wsc:Identifier>
+ </wsc:SecurityContextToken>
+ <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-24666758">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="#sctId-5683514" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </wsse:SecurityTokenReference>
+ <wsc:Offset>0</wsc:Offset>
+ <wsc:Length>16</wsc:Length>
+ <wsc:Nonce>KaI3GpoIgWoAv4LgJ1vzWQ==</wsc:Nonce>
+ </wsc:DerivedKeyToken>
+ <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <xenc:DataReference URI="#EncDataId-24124380" />
+ <xenc:DataReference URI="#EncDataId-9199266" />
+ </xenc:ReferenceList>
+ <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-20700470">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="#sctId-5683514" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </wsse:SecurityTokenReference>
+ <wsc:Offset>0</wsc:Offset>
+ <wsc:Length>16</wsc:Length>
+ <wsc:Nonce>pZ24ckrNMfd/VbP+TxkD0A==</wsc:Nonce>
+ </wsc:DerivedKeyToken>
+ <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-9199266" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="#derivedKeyId-24666758" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>KpDwIrT0cobs0P8DXa5msyP0mH2QEYkbm5MQh5egtKx4MuRS6cZteSW+M+5h2w4DPCLZD9V+B0KQPaDUU726ih4c4RaF8dT5Ed62S+xTADHnnJGPtRRYteC3LdZ29mqLDCKhAGDLmGJGCF9UnP9/sJ3tu3xc3qvxMRJ7RaKP6XezXCXUjHFpViSx3IKSvApYWcCWQqhG8+k2W70577nXw69HKT1E0q3py5tvfkkir2l5mXEcykg4CTKYLAkS5N9/301LfmOZz1Q0v4TeiPA4Qx/IwtgtQhT3/a3LxSW1eUK8ciDrlVwaUBya9vHDG3PMcyQlwjdUi4cnTLessS5X6ab7UWNp5sD7vJmgL4AEh8CFmsRaZJfaFwQNKfdmA5VioegRw7QLQfLuZt4INjF3L7SNPO+X8Q5jmTTA7Txosys760GcA7AysGQ4UIcZ7fFnPy3UwPv/f54T1jRruhPL/FCxNEGFQS3fcX8oZkws3rf0633o0wuJEt3Fhvr/qzOqpw2P3dUU28/mXUGKfjtzXyeztJTMSo4PlzprhsEaIfMofdU/uKMjx+FuL/ssp+aSbsWBORHi1iIfrLzTYpwrTKjHrbXum3w08CdpgVUZaJJ+E0WQ9jAwe1lZYSLaK/eBZU7FFL0clrfixe05EbEOkIEFHN+zjx+quwIn1+adL1Gx18nt2Vb6U+ApFdBDV8qfxAfXGtyNprqtcu17wQAm1l6U7ol5MzEMTsmyR7rO0GMLkzg2oXehzozYxlr6EixVY/gqCXvlLlUWBNbd5IuRcAP0MuIs3moCRKq7scGR5tIP5EVe6yx6fWHMCfka9FQO1xR1VX1LLUFKKC2JOwaOiN7vHWRbLouGo5/WdKQcu7EZrmn0qg98/XnLSYb3DFm8gVJS33Q+394JimF8WeQskeFvT2ak7U51h45rIEezVjDFKrheUIlGsFxBnopdl8N3EN1SVcea2IXrU93HJ7p7HHlDOWCrz2XbjWRRi0TBnlVNY8/nr9ke0VXW/T5gVRsdFLU7cVRiTEEnQfzVvlRhQDJlCuhnCdSXlAoLMFiUEll1qwMfXJSuXmf7BsUNYz/r29Jr5vGyDeGjLFjs38u+ZuXOw+ualUPdaSV7jmVhljo35OJQLi+CACUHGt+gMnuJsoXuN/dUOBm31rF7uC0X6vJ7sRv5qhU4gji6wzWaXjbTB7Iqp16bLmV9PAWoaAb9mfhikyYL3gDiWRptU17l5QluviV0a48jucN77Hxk9V8GeJPmuuPs2PN5oNsXlKLQNGo2r/CB+Niv4pcmBvZH/JMqEeTblF7WNtyx7XMP9uNAZWoSw7eTAHYuYkt9OB2TOarxFQ+saOvpeVeSRUn/uc70HKs9DlZDw/Gjj+qHld5FcXolz0cuRxYqC+SeFx7P3PWGXq0NGnefHODxyS99fh2AVBxYXeL+3KMeDxsSKWOKnk4jtgl5J3yGsRI1AxM+aIzkIHM+RjlEa4KqsDuAcyQJkQktUfitp7z7YoetfBk=</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </wsse:Security>
+ <wsa:To>http://localhost:8081/axis2/services/sample04</wsa:To>
+ <wsa:MessageID>urn:uuid:BD9F0E2AF11BC797341214227532472</wsa:MessageID>
+ <wsa:Action>urn:echo</wsa:Action>
+ </soapenv:Header>
+ <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-24124380">
+ <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-24124380" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <wsse:Reference URI="#derivedKeyId-24666758" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>sTJduVO8zqRUxHAou5OXAPjqQfGXnplm2a05btJ73RTTAGQYXGMOqh3JyTJoWUMsu355Qdq1dZV5U9ehQ8ZL9TrmO2ykNKcMQKg23lR1pCblS0o5qnAi24SR2lFzg2vFgY+Vu2nbx0U9jHNyfP+NW6k8Q0oQBZ6Cs+6k+EnhF2JsTBsViKT3cAgGcPDny/dgo3Wzf5sUPFY0E8JxS5itE9QgPAaWxYHvuo4eFruCrUx24JfIN4JsdeWCzGNGYTP5RCZLCHtIa0n/YJDntG55GdizdSWbmUjTHAqmSPJedB/JWwVjJR7+u0/01thQ2r1o9kjw/xngO/tHHIt98+XifS44THxLdwYuXgT2WccmXQwGVxZeL2o110N3VQ0dvbOP</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </soapenv:Body>
+ </soapenv:Envelope>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/msgs/res01.xml b/1_5/modules/documentation/src/site/resources/samples/msgs/res01.xml
new file mode 100644
index 0000000..445a569
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/msgs/res01.xml
@@ -0,0 +1,11 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+ <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ <wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action>
+ <wsa:RelatesTo>urn:uuid:AEDBA74A8D1FC94B631214227032877</wsa:RelatesTo>
+ </soapenv:Header>
+ <soapenv:Body>
+ <ns:echoResponse xmlns:ns="http://sample01.policy.samples.rampart.apache.org">
+ <ns:return>Hello world</ns:return>
+ </ns:echoResponse>
+ </soapenv:Body>
+ </soapenv:Envelope>
diff --git a/1_5/modules/documentation/src/site/resources/samples/msgs/res02.xml b/1_5/modules/documentation/src/site/resources/samples/msgs/res02.xml
new file mode 100644
index 0000000..fea586d
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/msgs/res02.xml
@@ -0,0 +1,51 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+ <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
+ <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-6068467">
+ <wsu:Created>2008-06-23T13:10:58.684Z</wsu:Created>
+ <wsu:Expires>2008-06-23T13:15:58.684Z</wsu:Expires>
+ </wsu:Timestamp>
+ <wsse11:SignatureConfirmation xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Value="lnQpzG7gC0ScRaVLZZeZac/dbDA=" wsu:Id="SigConf-2978880" />
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-9131644">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
+ <ds:Reference URI="#Id-3113238">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>8Iw0fcrzAlpQTWYUpBu+buoja1U=</ds:DigestValue>
+ </ds:Reference>
+ <ds:Reference URI="#Timestamp-6068467">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>71u8cNu/ryfjOyBMikPMtH9S4mc=</ds:DigestValue>
+ </ds:Reference>
+ <ds:Reference URI="#SigConf-2978880">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>c9CrB86xdRLBxXKP3c/eyiAhVg4=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>8O+EyTq5iO/Fbyv6dpER6yTWpYk=</ds:SignatureValue>
+ <ds:KeyInfo Id="KeyId-29477163">
+ <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-25054702">
+ <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1">ZPkio0wGfnnM6UNibtVTOwWGON8=</wsse:KeyIdentifier>
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ </ds:Signature>
+ </wsse:Security>
+ <wsa:Action>urn:echoResponse</wsa:Action>
+ <wsa:RelatesTo>urn:uuid:62D436CDF33F6A15561214226653256</wsa:RelatesTo>
+ </soapenv:Header>
+ <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-3113238">
+ <ns:echoResponse xmlns:ns="http://sample02.policy.samples.rampart.apache.org">
+ <ns:return>Hello world</ns:return>
+ </ns:echoResponse>
+ </soapenv:Body>
+</soapenv:Envelope>
diff --git a/1_5/modules/documentation/src/site/resources/samples/msgs/res03.xml b/1_5/modules/documentation/src/site/resources/samples/msgs/res03.xml
new file mode 100644
index 0000000..d3162eb
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/msgs/res03.xml
@@ -0,0 +1,72 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
+ <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-12626425">
+ <wsu:Created>2008-06-23T13:20:50.749Z</wsu:Created>
+ <wsu:Expires>2008-06-23T13:25:50.749Z</wsu:Expires>
+ </wsu:Timestamp>
+ <xenc:EncryptedKey Id="EncKeyId-urn:uuid:B589FBB48DDA12104612142272508274">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference>
+ <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">CJ+I51M5honzWpG12gKyLwsXErk=</wsse:KeyIdentifier>
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>Kk0j8Zk5KqJ7Jcc9LkbkxM5stlcpjDy9n4O0AfpgbngsJX7Z/HK5jYvMe5ChYMS++IRIKqqfUca5LBZtZtJJX3sMqY49OR5F/spB1d4KjQdS5BL/GjOy/ZAT73BMC0hl+CHIt9v3tSYFOlBjajHONRbtSr8tHun7sc556nC9rCg=</xenc:CipherValue>
+ </xenc:CipherData>
+ <xenc:ReferenceList>
+ <xenc:DataReference URI="#EncDataId-14098944" />
+ </xenc:ReferenceList>
+ </xenc:EncryptedKey>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-27790058">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <ds:Reference URI="#Id-14098944">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>2Df7AEDjv1rqZRAmbOK/Yv8O0JQ=</ds:DigestValue>
+ </ds:Reference>
+ <ds:Reference URI="#Timestamp-12626425">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>plHpVd2xj/dm5zK1y0RZL2X8h2w=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>ZX+lCvF+cKhzUaQmqydUMSgHBpaQQff1hwElqe3Fx5AOOyRvrE+J/MCvz1OVf3BNRBsDfSpRMcqdl55W5SBhrABGadYulA4Zu//ooMwRQJHiuWXZjoC5Pbjm5QDHhRzGusf0+nD5Jecsi9vAoRgx+P/CO8Q0VF6IJPSusy23PgI=</ds:SignatureValue>
+ <ds:KeyInfo Id="KeyId-23378358">
+ <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-31220901">
+ <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">HYL371NzoOs2+IA24VDkBGcUFQM=</wsse:KeyIdentifier>
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ </ds:Signature>
+ </wsse:Security>
+ <wsa:Action>urn:echoResponse</wsa:Action>
+ <wsa:RelatesTo>urn:uuid:24DADACCF0309270B71214227248314</wsa:RelatesTo>
+ </soapenv:Header>
+ <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-14098944">
+ <xenc:EncryptedData Id="EncDataId-14098944" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <wsse:Reference URI="#EncKeyId-urn:uuid:B589FBB48DDA12104612142272508274" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>9LzEPjoSFIy/HF4rzKtNvXqy6Cg7JCbzJnxRz2YYoYdSr30jEZsmwpHBHncACf62FPbjm45Gy+v8NeNMlGO4nkI
+1d6
+v89IH2IAofXQ2emi6xP8Isn6Tq7REOVECoIDMGDN5HlOGmE8FWtCgbU226MEWHR2l
+jwb+BzPTyd5w4b4LbhjN9ZZz9CaP1Pl/vAhxiOCpRnCqFdevOMfp9t+vGBvzTI7gmgIs+WwbuOoW
+KEzaUVj4yPNeA3M/X545+RhEs04zb/7Pukq31p5Vh8Hy3zIZyaXqlUrlHtcQn/YMWSg2OJtTmt2M
+NbXQCiXrNz7nB0xMSi+MeV46JUgWwPH4Sa9aOOuGFzF3LXOmDKgAX7brzzJ6IlpjUEOqTo7+QTDO
+GK6vk8aY1w3ctZXKOhQ67NalE8YRozqNctmeedINNXp5rDftlcYkYjt19zLRpuaravKUuWvKLBMm
+cjI=</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </soapenv:Body>
+ </soapenv:Envelope>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/msgs/res04.xml b/1_5/modules/documentation/src/site/resources/samples/msgs/res04.xml
new file mode 100644
index 0000000..4200f21
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/msgs/res04.xml
@@ -0,0 +1,56 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+ <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
+ <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-17240206">
+ <wsu:Created>2008-06-23T13:25:35.100Z</wsu:Created>
+ <wsu:Expires>2008-06-23T13:30:35.100Z</wsu:Expires>
+ </wsu:Timestamp>
+ <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-25106497">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="urn:uuid:20189D76AA5794EBCA12142275347662" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </wsse:SecurityTokenReference>
+ <wsc:Offset>0</wsc:Offset>
+ <wsc:Length>16</wsc:Length>
+ <wsc:Nonce>KIJiXAuNJTvoaiL44sQbZQ==</wsc:Nonce>
+ </wsc:DerivedKeyToken>
+ <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <xenc:DataReference URI="#EncDataId-28291271" />
+ <xenc:DataReference URI="#EncDataId-17922592" />
+ </xenc:ReferenceList>
+ <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-13623369">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="urn:uuid:20189D76AA5794EBCA12142275347662" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </wsse:SecurityTokenReference>
+ <wsc:Offset>0</wsc:Offset>
+ <wsc:Length>16</wsc:Length>
+ <wsc:Nonce>xEZqEIZj46Nlc8XNDC3V+Q==</wsc:Nonce>
+ </wsc:DerivedKeyToken>
+ <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-17922592" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="#derivedKeyId-25106497" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>siDF8c4esfSq3ip6Ye20UY1syF42AMyEBUV0rat2qZsHqVPmLmCCJdZ2b5InaXg4Yk8xU0sFSi+IYqLBnwLFDdMvmedzwSHgVvIyKDIn16xEp9cf5pdDc9vgJ+O9iLONSFGSvXHhlx1+O+xNraZioz+1kTbzx7YGX53o+bdbfblgY+P2CA/tMdFudjSCsebdxksLk6rQmPlT4BkuOr0+B4YUx+5gqCecFxukSTE78j2mLbaMRY8k4rjqnRgHcrzIsRcRjqK7Ajz55h9O+JsajECLcEmRaSx+2LDCiBuL+3yD0ZGjFLTDFBCafH6v51mzB+tHcGJb3kWoA+qH7YYCR7+SwaO7nQA89X9S3RKYRrIkln36MzFa6VOI1GD58moYc0Ij2MYC0uzENWLk/gM2DWaJqYct5WRLXcVl3VgEKcBmjb1TuX83J/bYEjkqPaDbtE86k/5I0qnNtuyMioERi1p/3pEtT9fUzRL9QApHsYMMQtNbOVCwWnbeZgcI6mO3v7uVA3n+2CGAyTOz+a8Qy1KiPtg3o0Mw7KHzCThnPWMNrrEcHv+RYEHsxEzDXEMavzu6JJ7SVAgOAwKYrviOZDWZnvQyiqKM5fMExNvcc2lo1Yjo2lXsCFnbNSYWrTsgOWtTNOvVK+j90sb8yEbIvmfdoCkNngYen/0SAhtBPJHXU7S1CSpYuMwEv33GiMDrUsS6SXJchO/HA+OUg/MxTFkxCaqbqyDqnfPSDW/G7/z1D2pw48nRFhev8WsJBp1NDMuBmLOVh2JcOYrmixYyXlZArLB4Wd3Zp57yqguOse4L5tJ//Tb3ZSRn6DU3Ndr4iL88Jj/D++tGjidRhayVHMEdP7oUpDINMJQXRXTtPNhQLWXBRqUvtDTCJ4K2qMavnPOYObYsRae05CA9lJOGIoqM2q7wV2/wAPBkzL2lmaurs2ji+lhecSV+XFCUfxoiczV6f5xawp4fWZPETs4nfhh8Xn2czXQ2wYWyJQopGA55GHrAY895XcNgqYThZXS/gNvWdeHwooacHlOjUe/0qROU3Ge+fv8tdq6YYkKHRFwP80vvH8uZb6pr/tM9AgnXGPLRnzNkCbB3bfIYK19txZrvK2w0DfP7vftAjJ76Qunn5yr2Dyzpdeypspm+B8pdcRO2ONDE09kR+KUFwQJ5WIQCSFSFK44T6qKExpbS+n20X3OEpiNfqRrVNzV0WLgoaDRR6V/9GOkQ1K7QORGXJ5VHFUrzouhxEBsUJbzO9GIyTb1/NtWQs38840sBpkOSX8ZMEpOuiP/AywwJVGSkVwcDEpIfaNWDqp6jXhhFpZfiUTg0BOP+oBUthwRw8l96wWXY/kQDPU9m6YyPnXasFRJuzJRhudPiojegUTHCY0qYSNl39WJcTrLkDLgeAqXFv2Oa6JAFeDpZYOg3xTbuA2rxFjF3lrbAxsRvp4Vnl/nBSuWoRoto2CcNEfSHPxbvQaA7XAuofRmZbe+r1hn8b3Cmi0gAnkBdbZzdazCQOUU=</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </wsse:Security>
+ <wsa:Action>urn:echoResponse</wsa:Action>
+ <wsa:RelatesTo>urn:uuid:BD9F0E2AF11BC797341214227532472</wsa:RelatesTo>
+ </soapenv:Header>
+ <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004514/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-28291271">
+ <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-28291271" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <wsse:Reference URI="#derivedKeyId-25106497" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>w/UNfm7u/dN4madTnK3ClmZ0q03RA55IRMoy6L/YmZTi/arP19svjPuKyXa7qgY2ah7wrmWzOKboAQEyuOuet1P8N+pb160BNLYYoLpUB51Cxco3pEQn05MLXn+DlMIrpm3b8oxPKHZ66oLRtRuEsc21hsyt/fqIcBB0MIEe91j0WsXif8HFpsVKhAYKjNHSG166cTJgYS1oecyBkXW0xvDfhNQaeX7uwvt9ZyQDIb++tf8ij0PW7IHahcR7dAOEoVixIwb7aaouO4NTxmSQMwXmyF58jN21Oxx46Yzidt8FBZCLOdu5xf7wFDRfaZZjdFkJ8Gr0KJ3kSvwRZ4/h6YyOWp6yJ6l3bY86jHHEKwbhGJhx1PbvyUjQHCdilkLQFW6BHoRC6VLM5rbcmsbc5w==</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </soapenv:Body>
+ </soapenv:Envelope>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/msgs/rst04.xml b/1_5/modules/documentation/src/site/resources/samples/msgs/rst04.xml
new file mode 100644
index 0000000..c94031a
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/msgs/rst04.xml
@@ -0,0 +1,97 @@
+<?xml version='1.0' encoding='UTF-8'?>
+ <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
+ <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-15855697">
+ <wsu:Created>2008-06-23T13:25:33.597Z</wsu:Created>
+ <wsu:Expires>2008-06-23T13:30:33.597Z</wsu:Expires>
+ </wsu:Timestamp>
+ <xenc:EncryptedKey Id="EncKeyId-urn:uuid:A4CC588C97FAD2AA9D12142275341932">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference>
+ <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">HYL371NzoOs2+IA24VDkBGcUFQM=</wsse:KeyIdentifier>
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>LXeQVa/sqiYZ+D+hxeEHigVMsBJn4SkmYhsuEutZEhueDuIKpNnmFGhXsF9H187dwWJLgAm4hE4nE6tTA/nhJq/nLiwEbjR3G4b6c5kFvKJMBSxzjGZeW7urbDZ1qaIjX4U69pdmh/POqegtJ35OvHE8IJ9oCtbXVkxUwz5DIBA=</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedKey>
+ <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-14949315">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="#EncKeyId-urn:uuid:A4CC588C97FAD2AA9D12142275341932" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />
+ </wsse:SecurityTokenReference>
+ <wsc:Offset>0</wsc:Offset>
+ <wsc:Length>16</wsc:Length>
+ <wsc:Nonce>8GNOzdMY+l532yPT/gCHHg==</wsc:Nonce>
+ </wsc:DerivedKeyToken>
+ <xenc:ReferenceList>
+ <xenc:DataReference URI="#EncDataId-13994297" />
+ </xenc:ReferenceList>
+ <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1" wsu:Id="CertId-148082">MIICTDCCAbUCBEbJZMQwDQYJKoZIhvcNAQEEBQAwbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDAgFw0wNzA4MjAwOTU0MTJaGA8yMDYyMDUyMzA5NTQxMlowbDELMAkGA1UEBhMCTEsxEDAOBgNVBAgTB1dlc3Rlcm4xEDAOBgNVBAcTB0NvbG9tYm8xDzANBgNVBAoTBkFwYWNoZTEQMA4GA1UECxMHUmFtcGFydDEWMBQGA1UEAxMNU2FtcGxlIENsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhjQp2NJRUrAEsPYIlg26m34O16E6WkyBWMbkSvy/FJQoNg2HSOtqF/DHmej7qqJCDtiHtdZqCTOo28cpyB3XJ0g6y23ADTy1v7qUjYieF4Bn3p9QFtyznUmKyZ6hK4CjGraYvcDgjRlnPkfeyVnNamkzJB7TVRaLkumRlxHgxm0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBNLSbNEaGBj8GBoXWBndY3JFvblPvI2mDbtZsNiggGOCezyAufGe6RnR3s5DjR5YQqPcMiDtlskFQm4/SRN2Yh16E6l7LfsOhGQsPiPrDrci4T18pz1eDLSrtJiiBah1NdeISaD0kpoUiaNKiQiu16JCnxc8tGSw3nSPg44aLYmA==</wsse:BinarySecurityToken>
+ <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-28318458">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="#EncKeyId-urn:uuid:A4CC588C97FAD2AA9D12142275341932" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />
+ </wsse:SecurityTokenReference>
+ <wsc:Offset>0</wsc:Offset>
+ <wsc:Length>16</wsc:Length>
+ <wsc:Nonce>xmvBzN+/IS2QXtCRe0dAjQ==</wsc:Nonce>
+ </wsc:DerivedKeyToken>
+ <xenc:EncryptedData Id="EncDataId-13994297" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="#derivedKeyId-14949315" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>w2Zv0Qv615LWUV4iViAwMhAjhzI9Sxjq2T+GIJyKY3VDgYLQc0G8tXLVfwv1QgZc2xb2Hx7Qj3Jvn1w0ggvroYFBBPHtnkpKkjrnF/hUvrf54DwyS3icMsiC+5CxAEluskDj7KxmCMLt0+pWmgtR9Z5rUAIAGrqB6EZAuqQLJiEQvjicC8W9E9DtniD24VcpQer++65sRyUT5p7DOy+YknRJJ05hf4bu/fBKSveZvtxlXQ/Z0+9wS35kxGMWmnayvP9752S9AshPjTkOXD5vV+R2gUmG6aHdnKa2bWYBSkf4ZT8DQTAeTp/e0joBDSR8vwuNBjUF9t9fnpJN0NgpegfxHsJ8Nux1FW7umIQ/dztYqpPj6hHBdWK+nR8dP8ewQuan2enD+2t8QpdBL8siUdl4eyAHkHvqxM4odEUeBLOBUicQFOhZvp/PYpdo1MgVNYwAi6P9XeNvUoia16AIgp7h9NcyHi9HfD6pCmeq4pQvImWJv6YSlykGQ1pb8W59nTyV9k/7TdswB4gMz0acmimTwU4/tv1csiWDkmPJnxge+RsueLJH7xoqsw+sslt/Z5cwcb+W16YG7xoHeHLTzTk9EX2FRpg8DhjRZEDhmnFIVZEnSQHGx9lo66BfugKCV5QpIAeD+QqRZjvcW3bBFw/xsDKNOCjcdTHrmn6QDfr217wVgSJx6vuLcczBMgQdiOjFYxHotpJN19J+r6Bk2cKViGa3NT6khBZ2y3+4G8ZTtfuntwxNyoLHaPsL1FWh74HBIAosBViQmdT/YxR1smlrc9teLkxJtmx8MCjY1O9qn02ZamVaeHJE5ULjOgTuiDOHx05VTrBWV3EgrCt0gIiRzahhKmXxOiXh7TorW5Ecv+rg4/Zrj2HfVrzpCEWX1Vm3gHpEKJkzWvNjbl7kN7dsHE9iyl+48SZfRQYPDMCe2qN5ifDyvGpYQvMzJymHTivCNIG1t62rpB0LhbnzSr9u69l03gLO2RtPim0luqh+6I70Hd+bVMhUjt6wvfTovTZbVqCuZsBDcOFfZTSOc+oyEAvM4u+JWC6yT08ITnr2fIejD9OwKFf/VxvzhisBurU7ZWw425BKQcGvjEv7C4XdJzWG1ye2Ng4SIkK06vQc4ylteF3Yg3v2l5LZPYJWXOGRJFvlmzUDJXN+z7AZAeYQWmU9P++I3xGhqchQKugQhxoFoAF9Mx3yNHx4TqugowUwuI6tn/E9EF32tspK3stXYvqLSaKZg/tB61jodsNippVXNTsfWK6o8TOtBrQdQTjX/SaVz/Lt8PuF3NuOxg6ZBsqOV9FvLJpO7j4lbsIupPKVQe7X/Cn+DKSn0+ksXGi4R0u1bJOYygtAGLqhM1U5ZqKeXWBIcSHJIj8gYzvqq1NVDXfk9cclTjHllNy5KUnIfiqQjOGzZVajpjgCC0u7Qp8JBgVYjtodLAe6NAOJvLLxR7/V7SSOQFzNJa6Sa+t3fzF3ifw1AjQeOxBy2bCqryfeaULdqEBLl0cSnLs0mAkSsiUbvVxAAs5HBA2sW1UvBZjlChbpNaX/UIDfKJHL06fgyLDF2Ml0jYEoFuAOo4AWXZGLoK4E3C52lyVlrKqs9axF68ryp/V8vrZwkA3JnS1wIVAjYRc6ZqWhPnUiGkygx/tw7oKbhOHM2Zu9VY6071KrxBNi09SmIzhbe7ObgH+n/edbTh/k6SruAiRHsysxU+C9/LbwH+rja53a</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-1668655">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <ds:Reference URI="#Signature-29945809">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>nHZS/5KwQR/dTCtdpIqDwilRR8s=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>QB+Xyuvruvws9z/Mq2b7JVVHByBMdkA4Nf7LEdYqSt2s98llkrrhuaGkZ2DAbagXwFn14BeJ7x4CDyJ8A+nK0YE2vYBRtHWNnlsue2tU/9apEF3ItOFOgvw0H9YrzG1BmEgECeYvpPzOtCGmc1rAjXmMdPZqpg9I79IrmumOOKE=</ds:SignatureValue>
+ <ds:KeyInfo Id="KeyId-10481832">
+ <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-7388808">
+ <wsse:Reference URI="#CertId-148082" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ </ds:Signature>
+ </wsse:Security>
+ <wsa:To>http://localhost:8081/axis2/services/sample04</wsa:To>
+ <wsa:ReplyTo>
+ <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
+ </wsa:ReplyTo>
+ <wsa:MessageID>urn:uuid:BD9F0E2AF11BC797341214227533594</wsa:MessageID>
+ <wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</wsa:Action>
+ </soapenv:Header>
+ <soapenv:Body>
+ <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
+ <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
+ <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsa:EndpointReference xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
+ <wsa:Address>http://localhost:8081/axis2/services/sample04</wsa:Address>
+ </wsa:EndpointReference>
+ </wsp:AppliesTo>
+ <wst:Lifetime>
+ <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2008-06-23T13:25:33.580Z</wsu:Created>
+ <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2008-06-23T13:30:33.580Z</wsu:Expires>
+ </wst:Lifetime>
+ <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType>
+ <wst:Entropy>
+ <wst:BinarySecret Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">LvNYXcA6HKhPIAzUrsswYA==</wst:BinarySecret>
+ </wst:Entropy>
+ <wst:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</wst:ComputedKeyAlgorithm>
+ </wst:RequestSecurityToken>
+ </soapenv:Body>
+ </soapenv:Envelope>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/msgs/rstr04.xml b/1_5/modules/documentation/src/site/resources/samples/msgs/rstr04.xml
new file mode 100644
index 0000000..ad43e9f
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/msgs/rstr04.xml
@@ -0,0 +1,97 @@
+ <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+ <soapenv:Header xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
+ <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-26918187">
+ <wsu:Created>2008-06-23T13:25:34.780Z</wsu:Created>
+ <wsu:Expires>2008-06-23T13:30:34.780Z</wsu:Expires>
+ </wsu:Timestamp>
+ <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-9633996">
+ <wsse:SecurityTokenReference>
+ <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1">Ex5vdwadjBaRqNFUi5w1L7JcgFs=</wsse:KeyIdentifier>
+ </wsse:SecurityTokenReference>
+ <wsc:Offset>0</wsc:Offset>
+ <wsc:Length>16</wsc:Length>
+ <wsc:Nonce>Mf8glJ0/L8UtteM6uMSsEA==</wsc:Nonce>
+ </wsc:DerivedKeyToken>
+ <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <xenc:DataReference URI="#EncDataId-26665270" />
+ </xenc:ReferenceList>
+ <wsse11:SignatureConfirmation xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Value="QB+Xyuvruvws9z/Mq2b7JVVHByBMdkA4Nf7LEdYqSt2s98llkrrhuaGkZ2DAbagXwFn14BeJ7x4CDyJ8A+nK0YE2vYBRtHWNnlsue2tU/9apEF3ItOFOgvw0H9YrzG1BmEgECeYvpPzOtCGmc1rAjXmMdPZqpg9I79IrmumOOKE=" wsu:Id="SigConf-11446032" />
+ <wsse11:SignatureConfirmation xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Value="UPx8N9c32i9RGIr0618ZawNnGZ0=" wsu:Id="SigConf-5910186" />
+ <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="derivedKeyId-11382417">
+ <wsse:SecurityTokenReference>
+ <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1">Ex5vdwadjBaRqNFUi5w1L7JcgFs=</wsse:KeyIdentifier>
+ </wsse:SecurityTokenReference>
+ <wsc:Offset>0</wsc:Offset>
+ <wsc:Length>16</wsc:Length>
+ <wsc:Nonce>nkGdUk1zK2gHmFBGS2l46w==</wsc:Nonce>
+ </wsc:DerivedKeyToken>
+ <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-26665270" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference>
+ <wsse:Reference URI="#derivedKeyId-9633996" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>Mae0zgDx0V/jpaT6sgWRXNJ9TQSfBAgsxFG1TutgTEGG4u512QSmvv1EhCpoLnSc1mEaQSVhYGkXMkw4mVPe8YXznxVnzQQjW6NXAmw/BIqz6mDGDfikmjs/c/8j/Jpkij13pbUrT9L9x24DV5i76bWt/uI8yHEW04t+c5HdeKOXqgFp1MdcaqVGamGhBHK+T39tCxsv0VpSJDRG6Et3I7mzsjGg7ElisFV90qZT54s3nIQFoIWNL4Ju+BT3vAzymR4r88sKWxk9NuvVDTqT9YyjGpMQD0ZvVAl8KtO4+58ChmEjJZuZjv5KTEVvPP0NfWJc8U8cvo+H3iFngQPx6FDehytBDZocioZwOxixNc/Q5ZNQ9dRqGo2fdMbIsgt5xKrISM4WvXfJDZCEfNpwH0+dJyWj/BVAym6331LZn783n3qRTrRIJ48zN8me9EMQMtUGsgzUuABg3d7L4Yj9+VgazfJiRSrDQ4iP97ddXt8UQbOwCO3+r4IAuodDHxoFsUvAQ+AhEsMuWDjkjPNtwGNf/xC37x6vn8QNo3xpZwq9JbXSykbzU3gj2qeH6RhX//MXMprx/DJcev+mYzvxjq1c9GwNMOfj3XSFrNDYla8ZDnpAm/xa//5uffuBHHg+tjRCN1q7icaSKLoqVgbg7l5Tf3i1ZN0vpJFZ+VHfceDEDlENHCrZzkhETU5J6enDHvtKU/+enhtFks7PCzbbCOHiVVqniKITp+srcvmcVYmV7DsmtjqwrCfxb5ChuJRMTE6MSn4Gr1F7a2+S5I+oLx6MQjvauuAwTPsCE6O/y/ZEw1NJK5lCa9gfa0zCbo+aNn
+e9d
+a2
+CSTUncCIr9tlAR8R1gQRwN2wFqHg7Lj71jaVkF7PSlICQMZZsXATYNPRscxNN0JzAsDqLvb9IWA0
+vkeL+mK7kRn46Tm9ivo1bfkl9q+Ihj2nZOg1i0KcZoDNLdwFFmVnus23bMrMJJPsXXBu0F23mhEq
+xolAy6pnNYGptsYZWtEB58KKp08MS89bZ3PGve9zHM8slLl12mBxp/9DYE9z8YYIBVGNtwC5PrW3
+ryFE5GWsdkoiTd7TVNTL4FlSWHuZvHgEvdPO1DWfsAMtPl8e3+l/W2sqvUw+JHjhtzUGXrUnfv1D
+r82PLvT3GiXXeFucSu+lYNyqSDaJyIkMw3GibFQZtO6uR0RXVymL0PTflkxDgfkTXs2DgjZF48GS
+KXejdiBfX//hosv1loqXzFKzOyaac2jQd/IbOv/3d1Xb/s/fX4byn+IQ8Akq3mCsYHIOkgsfyd/f
+b5eTB08rqMlvQpFk4w7Tms2ngxhj+AB7DejrjdqAd+HFoMYnsf5Bs2l7QQe7OS5p6lCpIQKla0y0
+7rcwjFU8AqWrDvN9Q39POzl+OUzJi4rRHmji/W/Tcuh1/1nXxk2WfwLle1LS++4ypqWw6eY5K2Mg
+wRO5IjjsD1fFuVgc1FIOywLJ2bj/xF6EzOn6MpsiC9t8sUt5+s7dYSdotvLg4kCcmPQqfeCrH7zY
+mrslAmmy1xRwPza2OFS9iNRYcJ5IerGJv8TB3tWIJznXczjW95SZrvRd1CRcDnYkGjaz0WddWlAe
+GuXuXvKhBScp5n1d+4TI1HuohK7dpLjPvng68rTaSgtQSVwdJrihxj8oZNQlK+4aF/jBA42Y3v38
+7UKyRwYw7pqnyfh4BDM68EKN+Ra0yz+RTOEudJyKJUWYah+oJPADNZepk6lOS0mKSCPjmv4bXj82
+8gfRnnp/foIDUzPQnJwYBhyPtkjjth43AZpTFBoYqAPDXIncvd5Jrfd5U3Y5oPJ5W2HORqDzW/z3
+6BUSRYu3ht/w6K7U1hg0TyZD0RsVL9zpsPFlwMtsWcDK37RSuD1E9YL3dHbT12gEcbyKEHBKGLC6
+yTaN/03Mctek+oGE7ycVk9dujooSmJ3aW6TjG44h1uNofsnB0P1Ui4z7G1R5gwGsrWLLooQQHrQX
+T9BOzb9pFCZsMrHrCBgahUzUnxSwMVTnyoPwL5oFHKzW5V4DfD3jq8nzAzfWa8bhzSIc2XJ1ErHm
+sxRvVWdXVCCAnpAfb3NwIUbyZuASJONl1TROudLv+DN0OM8QbzarMv65uVSPDrgOozuwvrdi5KiD
+TdwEXhVJyNY8iC76WN1EBGTblr0RcBOaSUJXswbV9Bo3Y3nbqcjcF7vg6MRjkPUjR7WmhAjXRsIf
+At0Yzv9EcowGqf5HxJDouldsN4H3kUXuiXABF1GLRaAGf6+O0qndnuAF1CJzE9V454wXjR5ZdfjA
+W7Ac9oCExPgLLeXHCi8S9wLtkOQV9fkmsfGqfhEQIq285zCgsLij5H5FLQePRxBHZobIQd+gm7Oz
+huNnRNx89tFPTV8urEO8yp3X3tMvy31RQZl08V3WxoH5MOSzhS0NmJkgDX4VI7de8njgp8aKQzZy
+JaKO8xchtLfoTOYzeybQqU0cI51szvTEYm8lMyWNdPaVvM2IjGI1eRRO3vpqF9s5yEydPap+gqDC
+kxt9UYq1hQ==</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </wsse:Security>
+ <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
+ <wsa:MessageID>urn:uuid:ECC3D6AB9593AF9DA41214227534790</wsa:MessageID>
+ <wsa:Action>http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT</wsa:Action>
+ <wsa:RelatesTo>urn:uuid:BD9F0E2AF11BC797341214227533594</wsa:RelatesTo>
+ </soapenv:Header>
+ <soapenv:Body>
+ <wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
+ <wst:RequestedSecurityToken>
+ <wsc:SecurityContextToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="sctId-5683514">
+ <wsc:Identifier>urn:uuid:20189D76AA5794EBCA12142275347662</wsc:Identifier>
+ </wsc:SecurityContextToken>
+ </wst:RequestedSecurityToken>
+ <wst:RequestedAttachedReference>
+ <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <wsse:Reference URI="#sctId-5683514" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </wsse:SecurityTokenReference>
+ </wst:RequestedAttachedReference>
+ <wst:RequestedUnattachedReference>
+ <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <wsse:Reference URI="urn:uuid:20189D76AA5794EBCA12142275347662" ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </wsse:SecurityTokenReference>
+ </wst:RequestedUnattachedReference>
+ <wst:Lifetime>
+ <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2008-06-23T13:25:34.767Z</wsu:Created>
+ <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2008-06-23T13:30:34.767Z</wsu:Expires>
+ </wst:Lifetime>
+ <wst:RequestedProofToken>
+ <wst:BinarySecret>WWrxszI9Rg5Iy5klit8SdFt+X05pewNBbvotsYPtX9A=</wst:BinarySecret>
+ </wst:RequestedProofToken>
+ </wst:RequestSecurityTokenResponse>
+ </soapenv:Body>
+ </soapenv:Envelope>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/policy/sample01.xml b/1_5/modules/documentation/src/site/resources/samples/policy/sample01.xml
new file mode 100644
index 0000000..c4df639
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/policy/sample01.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/policy/sample02.xml b/1_5/modules/documentation/src/site/resources/samples/policy/sample02.xml
new file mode 100644
index 0000000..7d5508c
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/policy/sample02.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/policy/sample03.xml b/1_5/modules/documentation/src/site/resources/samples/policy/sample03.xml
new file mode 100644
index 0000000..f5d86c5
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/policy/sample03.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/documentation/src/site/resources/samples/policy/sample04.xml b/1_5/modules/documentation/src/site/resources/samples/policy/sample04.xml
new file mode 100644
index 0000000..afac818
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/policy/sample04.xml
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/policy/sample05.xml b/1_5/modules/documentation/src/site/resources/samples/policy/sample05.xml
new file mode 100644
index 0000000..d16bca6
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/policy/sample05.xml
@@ -0,0 +1,75 @@
+<wsp:Policy wsu:Id="SgnOnlyAnonymous"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/STS</Address>
+ </Issuer>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ <sp:SignedParts>
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/resources/samples/policy/sample06.xml b/1_5/modules/documentation/src/site/resources/samples/policy/sample06.xml
new file mode 100644
index 0000000..bccbfe6
--- /dev/null
+++ b/1_5/modules/documentation/src/site/resources/samples/policy/sample06.xml
@@ -0,0 +1,87 @@
+<wsp:Policy wsu:Id="SgnOnlyAnonymous"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/STS</Address>
+ <Metadata xmlns="http://www.w3.org/2005/08/addressing">
+ <mex:Metadata
+ xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
+ <mex:MetadataReference>
+ <Address
+ xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/mex</Address>
+ </mex:MetadataReference>
+ </mex:MetadataSection>
+ </mex:Metadata>
+ </Metadata>
+ </Issuer>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ <sp:SignedParts>
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/site.xml b/1_5/modules/documentation/src/site/site.xml
new file mode 100644
index 0000000..3731d60
--- /dev/null
+++ b/1_5/modules/documentation/src/site/site.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<project name="Apache Rampart">
+
+ <bannerLeft>
+ <name>Apache Rampart</name>
+ <href>images/apache-rampart-logo.jpg</href>
+ </bannerLeft>
+
+ <bannerRight>
+ <src>images/apache-rampart-banner.jpg</src>
+ <href>http://www.apache.org</href>
+ </bannerRight>
+
+ <skin>
+ <groupId>org.apache.maven.skins</groupId>
+ <artifactId>maven-default-skin</artifactId>
+ <version>1.0</version>
+ </skin>
+
+ <publishDate format="dd MMM yyyy"/>
+
+ <body>
+ <links>
+ <item name="WebServices" href="http://ws.apache.org/"/>
+ <item name="Axis2/Java" href="http://ws.apache.org/axis2" />
+ </links>
+
+ <menu name="Apache Rampart">
+ <item name="Home" href="index.html" />
+ <item name="Downloads">
+ <item name="Releases" href="download.html"/>
+ <item name="Source Code" href="source-repository.html"/>
+ </item>
+ <item name="Documentation">
+ <item name="Getting Started" href="quick-start.html"/>
+ <item name="Samples" href="samples.html"/>
+ <item name="FAQ" href="http://wiki.apache.org/ws/FrontPage/Rampart/FAQ"/>
+ <item name="Rampart Configuration" href="rampartconfig-guide.html"/>
+ <item name="STS Configuration" href="setting-up-sts.html"/>
+ <item name="Developer Guide" href="developer-guide.html"/>
+ <item name="Build the Site" href="siteHowTo.html" />
+ </item>
+ <item name="Resources">
+ <item name="Articles" href="articles.html" />
+ <item name="Specifications" href="specifications.html"/>
+ <item name="Online Javadocs" href="apidocs/index.html"/>
+ </item>
+ <item name="Project Information">
+ <item name="Project Team" href="team-list.html" />
+ <item name="Issue Tracking" href="http://issues.apache.org/jira/browse/Rampart" />
+ <item name="Mailing Lists" href="mail-lists.html"/>
+ <item name="Source Code"
+ href="http://svn.apache.org/viewcvs.cgi/webservices/rampart/trunk/?root=Apache-SVN" />
+ <item name="Dependencies" href="dependencies.html"/>
+ <item name="License"
+ href="http://www.apache.org/licenses/LICENSE-2.0.html" />
+ </item>
+ </menu>
+
+ </body>
+</project>
diff --git a/1_5/modules/documentation/src/site/xdoc/articles.xml b/1_5/modules/documentation/src/site/xdoc/articles.xml
new file mode 100644
index 0000000..d6c23ab
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/articles.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+</head>
+<body>
+<h1>Apache Rampart Knowledge Base</h1>
+<p>This page contains articles, tutorials, presentations and
+question and answers published on various Web sites on the Apache
+Rampart. </p>
+<h2>Articles:</h2>
+<ul>
+<li><a href="http://wso2.org/library/240">
+UsernameToken Authentication with Rampart</a>- By Ruchith Ferenando</li>
+<li><a href="http://www.xml.com/pub/a/2007/05/02/sure-reliable-web-services-with-apache.html">
+Secure, Reliable Web Services with Apache</a>- By Kyle Gabhart</li>
+<li><a href="http://wso2.org/library/3132">
+Understanding WS - Security Policy Language</a>- By Nandana Mihindukulasooriya</li>
+<li><a href="http://wso2.org/library/1027">
+Integrating WS-Security and WS-SecureConversation Implementations with Apache Sandesha2 </a>- By Chamikara Jayalath</li>
+</ul>
+
+<h2>Tutorials</h2>
+<ul>
+<li><a href="http://wso2.org/library/140">Secure Message Exchanges with Multiple Users</a>- By
+Ruchith Fernando</li>
+<li><a href="http://wso2.org/library/174">Setting Up Keystores for a Client and a Service</a>- By
+Ruchith Fernando</li>
+<li><a href="http://wso2.org/library/3190">Web Services Security with Apache Rampart - Part 1 (Transport Level Security)</a>- By
+Nandana Mihindukulasooriya</li>
+<li><a href="http://wso2.org/library/3415">Web Services Security with Apache Rampart - Part 2 (Message-Level Security)</a>- By
+Nandana Mihindukulasooriya</li>
+</ul>
+
+<h2>Presentations</h2>
+<ul>
+<li><a href="http://www.slideshare.net/prabathsiriwardena/the-secured-enterprise-leverage-openid-with-web-service">The Secured Enterprise</a>- By
+Prabath Siriwardena</li>
+<li><a href="http://wso2.org/library/136">Secure Web Services with Apache Rampart</a>- By
+Ruchith Fernando</li>
+<li><a href="http://wso2.org/library/2534">Apache Rahas</a>- By
+Ruchith Fernando</li>
+</ul>
+<h2>Interviews</h2>
+<ul>
+<li><a href="http://wso2.org/library/695">Secure Messaging with Apache Rampart/Java</a>- By
+Ruchith Fernando</li>
+</ul>
+<h2>Blogs</h2>
+<ul>
+<li><a href="http://RampartFAQ.com">http://RampartFAQ.com</a></li>
+</ul>
+<h2>Questions and Answers</h2>
+<ul>
+<li><a href="http://wso2.org/library/2507">Timestamp validation fails! Why?</a></li>
+<li><a href="http://wso2.org/library/2506">How can I convert an LLOM AXIOM tree into a DOOM AXIOM tree?</a></li>
+<li><a href="http://wso2.org/library/169">How can I obtain UsernameToken information at the service?</a></li>
+<li><a href="http://wso2.org/library/116">Unexpected number of X509Data: for Signature. Why?</a></li>
+</ul>
+</body>
+</html>
diff --git a/1_5/modules/documentation/src/site/xdoc/developer-guide.xml b/1_5/modules/documentation/src/site/xdoc/developer-guide.xml
new file mode 100644
index 0000000..d7471f1
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/developer-guide.xml
@@ -0,0 +1,192 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+ <title></title>
+</head>
+ <body >
+<h1>Apache Rampart Developer Guide</h1>
+<h2>Getting Involved in Rampart</h2>
+
+<h3>Introduction</h3>
+
+Components of Rampart
+<ul>
+ <li>Rampart Core</li>
+ <li>Rampart Policy</li>
+ <li>Rampart Trust</li>
+</ul>
+
+<p></p>
+<img alt="Rampart Components and WS-Security Stack"
+title="Rampart Components and WS-Security Stack" src="images/security-stack.jpg" align="middle" />
+
+<p><strong><em>Figure 1 : Rampart Components and WS-Security
+Stack</em></strong></p>
+
+<h3>Building Rampart</h3>
+<ol>
+ <li>Install maven2. Refer to the <a
+ href="http://maven.apache.org/guides/getting-started/maven-in-five-minutes.html">Installation
+ guide</a>.</li>
+ <li>Install SVN on your machine. (The Rampart repository uses SVN.) Please
+ read the ASF <a
+ href="http://www.apache.org/dev/version-control.html">Source Code
+ Repositories page.</a></li>
+ <li>Download the source code.
+ <ul>
+ <li>Anon Checkout <a
+ href="http://svn.apache.org/repos/asf/webservices/rampart/trunk/java/">http://svn.apache.org/repos/asf/webservices/rampart/trunk/java/</a></li>
+ <li>Committers <a
+ href="https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/">https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/</a></li>
+ </ul>
+ </li>
+ <li>The Rampart project has 8 modules under it. They are:
+ <ul>
+ <li>rampart-policy contains security policy assertions.</li>
+ <li>rampart-core has core components that process and enforce
+ security.</li>
+ <li>rampart-trust contains trust components.</li>
+ <li>rampart-mar builds the rampart.mar that is deployed in the
+ "modules" directory of the Axis2 repository.</li>
+ <li>rampart-trust-mar builds the rahas.mar that adds WS-Trust into
+ Axis2.</li>
+ <li>rampart-test has a set of unit test cases.</li>
+ <li>integration-test has functional tests.</li>
+ <li>rampart-samples consist of samples provided with the
+ distribution.</li>
+ </ul>
+ </li>
+ <li>Build by typing <code>$mvn clean install</code></li>
+</ol>
+
+<p>When deploying rampart.mar and rampart-trust.mar in the Axis2 repository,
+you may notice that they do not contain any dependencies. Therefore all the
+dependencies must be in the classpath.</p>
+
+<h3>Rampart in Axis2</h3>
+
+<p>Rampart is deployed as a module in Axis2, in the security phase. The
+security phase is right after the transport phase. The Rampart module
+introduces a couple of handlers -
+"org.apache.rampart.handler.RampartReciever" and
+"org.apache.rampart.handler.RampartSender" to the security phase.</p>
+
+<p></p>
+<img alt="DOOM" title="Rampart in Axis2" src="images/rampart-handlers.jpg"
+align="middle" />
+
+<p><strong><em>Figure 2 : Rampart in Axis2</em></strong></p>
+
+<p>The "RampartReciver" handler intercepts the incoming message. Then Rampart
+validates the security of the incoming message, and checks whether it is
+in-line with the specified security policy. All security actions such as
+decryption of the message, validating the digital signature, validating the
+timestamp, and authenticating the user happens inside the Rampart module.</p>
+
+<p>"RampartSender" is the last handler in the outflow. The outgoing message
+is intercepted by this handler and Rampart takes the security actions. For
+example SOAP message can be encrypted, digitally signed, and security tokens
+are included according to the security policy.</p>
+
+<h3>Rampart, WSS4J, and DOOM</h3>
+
+<p>Rampart uses WSS4J for securing SOAP messages. WSS4J is an Apache project
+which implements the WS-Security specification. SOAP messages are signed and
+encrypted according to the <a href="http://www.w3.org/TR/xmlenc-core/">XML
+Encryption</a> and <a href="http://www.w3.org/TR/xmldsig-core/">XML Digital
+Signature</a> specifications, but the WS-Security specification introduces an
+additional set of rules. Therefore WSS4J ensures that SOAP messages are
+singed according to all the rules defined in the specifications. WSS4J uses
+Apache's <a href="http://santuario.apache.org/Java/index.html">xmlsec
+libraries</a> for XML Encryption and XML Digital Signature.</p>
+
+<p>Rather than re-inventing the wheel, it was decided to use WSS4J for SOAP
+message security in Rampart but there was a fundamental problem. WSS4J and
+all the incorporating XML security libraries use "DOM" for parsing and
+generating XML, while Axis2 uses "AXIOM" as the object model. This was
+resolved by using a new object model named "DOOM". DOOM is both AXIOM and DOM
+implementations. Therefore you can manipulate/access a DOOM object structure
+through DOM interfaces and AXIOM interfaces.</p>
+
+<p>When Rampart is engaged and configured, the incoming SOAP messages are
+converted to DOOM. Since DOOM implements the DOM interface it is possible for
+WSS4J to process messages. After performing the security validations, before
+flushing the message down the message inflow, the DOOM SOAP message is
+converted back to OM. At the outgoing flow, the message is converted to DOOM
+and then the security functions are performed using WSS4J.</p>
+
+<h3>Rampart Core</h3>
+
+<p>Rampart core drives security enforcement and validation on SOAP messages.
+It binds all components together to create the final product. The important
+components of Rampart core are,</p>
+<ul>
+ <li>org.apache.rampart.RampartEngine</li>
+ <li>org.apache.rampart.MessageBuilder</li>
+</ul>
+
+<p><strong>SOAP Message Inflow</strong></p>
+
+<p>Incoming messages are intercepted by RampartReciver and handed over to the
+RampartEngine. RampartEngine is responsible for handling validation of
+security in the incoming SOAP message.</p>
+<img alt="Rampart Engine" title="Rampart Engine"
+src="images/rampart-engine.jpg" align="middle" />
+
+<p><strong><em>Figure 3: Control flow in RampartEngine</em></strong></p>
+
+<p><strong>Note</strong>: RampartMessageData stores
+"org.apache.rampart.policy.RampartPolicyData", which contains security policy
+in the manner required by "RampartEngine" and "MessageBuilder".</p>
+
+<p><strong>SOAP Message Outflow</strong></p>
+
+<p>Outgoing messages are intercepted by RampartSender and handed over to
+org.apache.rampart.RampartMessageBuilder. It is responsible for enforcing
+security on an outgoing SOAP message.</p>
+<img alt="Message Builder" title="Message Builder"
+src="images/message-builder.jpg" align="middle" />
+
+<p><strong><em>Figure 4: Control flow in MessageBuilder</em></strong></p>
+
+<h3>Rampart Policy</h3>
+
+<p>WS - Security Policy is an extension of WS-Policy specification.
+Corresponding to this, the implementation of the security policy in Rampart
+is based on "Neethi", which is the Apache implementation of WS Policy
+specification. For each policy assertion introduced in the WS-Security
+Policy, there is an "Assertion Builder" and an "Assertion Model" defined in
+Rampart-policy.</p>
+
+<p>Apache Neethi is a highly extensible framework. When reading a security
+policy file, these builders and models in Rampart Policy are picked up by the
+Neethi framework using the "Jar file Service Provider Mechanism". All Rampart
+builders are listed in the
+META-INF/services/org.apache.neethi.builders.AssertionBuilder file. When
+adding a new Policy assertion it requires only a builder, assertion model,
+and an entry in the file.</p>
+
+<p>The RampartPolicyBuilder creates a RampartPolicyData given a "Policy"
+object created using the Rampart-policy and Neethi frameworks.</p>
+
+<h3>Rampart Trust</h3>
+
+<p>Rampart Trust implements the WS-Trust specification, which can be used
+in-conjunction with the Rampart Core and Rampart Policy modules. Rampart
+Trust defines a framework that can be used to issue, cancel, renew, and
+validate tokens, i.e., it defines a set of interfaces that must be
+implemented by different token issuing parties. Basically, Rampart Trust
+provides the functionality needed to host a STS - Security Token Service.</p>
+<img alt="Rampart Trust" title="Rampart Trust" src="images/rampart-trust.jpg"
+align="middle" />
+
+<p><strong><em>Figure 5: Control flow in Rampart Trust</em></strong></p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+ </body>
+</html>
diff --git a/1_5/modules/documentation/src/site/xdoc/download.xml b/1_5/modules/documentation/src/site/xdoc/download.xml
new file mode 100644
index 0000000..a42ae83
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/download.xml
@@ -0,0 +1,90 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <body>
+ <h1>Download Apache Rampart module</h1>
+ <h2>Apache Rampart Releases</h2>
+ <p>This page provides links to the release versions of Apache Rampart Java.</p>
+ <table border="1" style="border-collapse: collapse" width="93%" id="table1">
+ <tbody>
+ <tr>
+ <th>Version</th>
+ <th>Date</th>
+ <th>Description</th>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.5/download.cgi">
+ <strong>1.5</strong>
+ </a>
+ </td>
+ <td></td>
+ <td>1.5 Release (Mirrored)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.4/download.cgi">
+ <strong>1.4</strong>
+ </a>
+ </td>
+ <td>12 Jun 2008</td>
+ <td>1.4 Release (Archived)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.3/download.cgi">
+ <strong>1.3</strong>
+ </a>
+ </td>
+ <td>06 Sep 2007</td>
+ <td>1.3 Release (Archived)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.2/download.cgi">
+ <strong>1.2</strong>
+ </a>
+ </td>
+ <td>02 Jun 2007</td>
+ <td>1.2 Release (Archived)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.1/download.cgi">
+ <strong>1.1</strong>
+ </a>
+ </td>
+ <td>11 Dec 2006</td>
+ <td>1.1 Release (Archived)</td>
+ </tr>
+ </tbody>
+ </table>
+ <p>
+ <strong>Apache Rampart Distributions : <a href="http://people.apache.org/~ruchithf/rampart/SNAPSHOT">Nightly builds</a>
+ </strong>
+ </p>
+ <p>
+ <strong>Maven Repository: <a href="http://people.apache.org/repo/m2-ibiblio-rsync-repository/">Released Apache Rampart jars</a> | <a href="http://people.apache.org/repo/m2-snapshot-repository/">Nightly SNAPSHOT</a>
+ <a href=""></a>
+ </strong>
+ </p>
+ </body>
+</html>
diff --git a/1_5/modules/documentation/src/site/xdoc/download/1.1/download.cgi b/1_5/modules/documentation/src/site/xdoc/download/1.1/download.cgi
new file mode 100644
index 0000000..8bdb438
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/download/1.1/download.cgi
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Wrapper script around mirrors.cgi script
+# (we must change to that directory in order for python to pick up the
+# python includes correctly)
+cd /www/www.apache.org/dyn/mirrors
+/www/www.apache.org/dyn/mirrors/mirrors.cgi $*
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/xdoc/download/1.1/download.xml b/1_5/modules/documentation/src/site/xdoc/download/1.1/download.xml
new file mode 100644
index 0000000..b8ce317
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/download/1.1/download.xml
@@ -0,0 +1,97 @@
+<!--
+~ Licensed to the Apache Software Foundation (ASF) under one
+~ or more contributor license agreements. See the NOTICE file
+~ distributed with this work for additional information
+~ regarding copyright ownership. The ASF licenses this file
+~ to you under the Apache License, Version 2.0 (the
+~ "License"); you may not use this file except in compliance
+~ with the License. You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing,
+~ software distributed under the License is distributed on an
+~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~ KIND, either express or implied. See the License for the
+~ specific language governing permissions and limitations
+~ under the License.
+-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content=
+"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
+<meta http-equiv="content-type" content="" />
+<title>Apache Rampart 1.1 Release</title>
+</head>
+<body>
+<!--Google Anayitcs tracking code-->
+<script type="text/javascript" src=
+"http://www.google-analytics.com/urchin.js">
+</script><script type="text/javascript">
+//<![CDATA[
+_uacct = "UA-1954378-3";
+urchinTracker();
+//]]>
+</script>
+<!--End of Google Anayitcs tracking code-->
+<h2>Apache Rampart 1.1 Release</h2>
+<div>
+<table border="1" cellpadding="1">
+<tbody>
+<tr>
+<th scope="col">Distribution Name</th>
+<th scope="col">Description</th>
+<!--<th scope="col">Items</th>-->
+<th scope="col">Download</th>
+</tr>
+<tr>
+<td><a name="std-bin" id="std-bin"></a><strong>Standard Binary
+Distribution</strong></td>
+<td>This is the complete version of Apache Rampart and will contain samples
+as well.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.1.zip');">zip</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.md5"
+title="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.asc"
+title="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><a name="src" id="src"></a> <strong>Source
+Distribution</strong></td>
+<td>This will contain the sources of Apache Rampart distribution.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.1-src.zip');">zip</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.md5"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.md5">MD5</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.asc"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><strong>Documents Distribution</strong></td>
+<td>This will contain all the documentation in one package.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.1-docs.zip');">zip</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.md5"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.md5">MD5</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.asc"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.asc">PGP</a></td>
+</tr>
+</tbody>
+</table>
+</div>
+</body>
+</html>
diff --git a/1_5/modules/documentation/src/site/xdoc/download/1.2/download.cgi b/1_5/modules/documentation/src/site/xdoc/download/1.2/download.cgi
new file mode 100644
index 0000000..8bdb438
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/download/1.2/download.cgi
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Wrapper script around mirrors.cgi script
+# (we must change to that directory in order for python to pick up the
+# python includes correctly)
+cd /www/www.apache.org/dyn/mirrors
+/www/www.apache.org/dyn/mirrors/mirrors.cgi $*
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/xdoc/download/1.2/download.xml b/1_5/modules/documentation/src/site/xdoc/download/1.2/download.xml
new file mode 100644
index 0000000..70822ce
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/download/1.2/download.xml
@@ -0,0 +1,97 @@
+<!--
+~ Licensed to the Apache Software Foundation (ASF) under one
+~ or more contributor license agreements. See the NOTICE file
+~ distributed with this work for additional information
+~ regarding copyright ownership. The ASF licenses this file
+~ to you under the Apache License, Version 2.0 (the
+~ "License"); you may not use this file except in compliance
+~ with the License. You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing,
+~ software distributed under the License is distributed on an
+~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~ KIND, either express or implied. See the License for the
+~ specific language governing permissions and limitations
+~ under the License.
+-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content=
+"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
+<meta http-equiv="content-type" content="" />
+<title>Apache Rampart 1.2 Release</title>
+</head>
+<body>
+<!--Google Anayitcs tracking code-->
+<script type="text/javascript" src=
+"http://www.google-analytics.com/urchin.js">
+</script><script type="text/javascript">
+//<![CDATA[
+_uacct = "UA-1954378-3";
+urchinTracker();
+//]]>
+</script>
+<!--End of Google Anayitcs tracking code-->
+<h2>Apache Rampart 1.2 Release</h2>
+<div>
+<table border="1" cellpadding="1">
+<tbody>
+<tr>
+<th scope="col">Distribution Name</th>
+<th scope="col">Description</th>
+<!--<th scope="col">Items</th>-->
+<th scope="col">Download</th>
+</tr>
+<tr>
+<td><a name="std-bin" id="std-bin"></a><strong>Standard Binary
+Distribution</strong></td>
+<td>This is the complete version of Apache Rampart and will contain samples
+as well.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.2.zip');">zip</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5"
+title="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc"
+title="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><a name="src" id="src"></a> <strong>Source
+Distribution</strong></td>
+<td>This will contain the sources of Apache Rampart distribution.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.2-src.zip');">zip</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5">MD5</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><strong>Documents Distribution</strong></td>
+<td>This will contain all the documentation in one package.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.2-docs.zip');">zip</a>
+<a href=
+"hhttp://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5">MD5</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc">PGP</a></td>
+</tr>
+</tbody>
+</table>
+</div>
+</body>
+</html>
diff --git a/1_5/modules/documentation/src/site/xdoc/download/1.3/download.cgi b/1_5/modules/documentation/src/site/xdoc/download/1.3/download.cgi
new file mode 100644
index 0000000..8bdb438
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/download/1.3/download.cgi
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Wrapper script around mirrors.cgi script
+# (we must change to that directory in order for python to pick up the
+# python includes correctly)
+cd /www/www.apache.org/dyn/mirrors
+/www/www.apache.org/dyn/mirrors/mirrors.cgi $*
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/xdoc/download/1.3/download.xml b/1_5/modules/documentation/src/site/xdoc/download/1.3/download.xml
new file mode 100644
index 0000000..50dde84
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/download/1.3/download.xml
@@ -0,0 +1,97 @@
+<!--
+~ Licensed to the Apache Software Foundation (ASF) under one
+~ or more contributor license agreements. See the NOTICE file
+~ distributed with this work for additional information
+~ regarding copyright ownership. The ASF licenses this file
+~ to you under the Apache License, Version 2.0 (the
+~ "License"); you may not use this file except in compliance
+~ with the License. You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing,
+~ software distributed under the License is distributed on an
+~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~ KIND, either express or implied. See the License for the
+~ specific language governing permissions and limitations
+~ under the License.
+-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content=
+"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
+<meta http-equiv="content-type" content="" />
+<title>Apache Rampart 1.3 Release</title>
+</head>
+<body>
+<!--Google Anayitcs tracking code-->
+<script type="text/javascript" src=
+"http://www.google-analytics.com/urchin.js">
+</script><script type="text/javascript">
+//<![CDATA[
+_uacct = "UA-1954378-3";
+urchinTracker();
+//]]>
+</script>
+<!--End of Google Anayitcs tracking code-->
+<h2>Apache Rampart 1.3 Release</h2>
+<div>
+<table border="1" cellpadding="1">
+<tbody>
+<tr>
+<th scope="col">Distribution Name</th>
+<th scope="col">Description</th>
+<!--<th scope="col">Items</th>-->
+<th scope="col">Download</th>
+</tr>
+<tr>
+<td><a name="std-bin" id="std-bin"></a><strong>Standard Binary
+Distribution</strong></td>
+<td>This is the complete version of Apache Rampart and will contain samples
+as well.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.3.zip');">zip</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.md5"
+title="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.asc"
+title="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><a name="src" id="src"></a> <strong>Source
+Distribution</strong></td>
+<td>This will contain the sources of Apache Rampart distribution.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.3-src.zip');">zip</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.md5"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.md5">MD5</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.asc"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><strong>Documents Distribution</strong></td>
+<td>This will contain all the documentation in one package.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.3-docs.zip');">zip</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.md5"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.md5">MD5</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.asc"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.asc">PGP</a></td>
+</tr>
+</tbody>
+</table>
+</div>
+</body>
+</html>
diff --git a/1_5/modules/documentation/src/site/xdoc/download/1.4/download.cgi b/1_5/modules/documentation/src/site/xdoc/download/1.4/download.cgi
new file mode 100644
index 0000000..8bdb438
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/download/1.4/download.cgi
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Wrapper script around mirrors.cgi script
+# (we must change to that directory in order for python to pick up the
+# python includes correctly)
+cd /www/www.apache.org/dyn/mirrors
+/www/www.apache.org/dyn/mirrors/mirrors.cgi $*
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/xdoc/download/1.4/download.xml b/1_5/modules/documentation/src/site/xdoc/download/1.4/download.xml
new file mode 100644
index 0000000..76a0ab1
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/download/1.4/download.xml
@@ -0,0 +1,97 @@
+<!--
+~ Licensed to the Apache Software Foundation (ASF) under one
+~ or more contributor license agreements. See the NOTICE file
+~ distributed with this work for additional information
+~ regarding copyright ownership. The ASF licenses this file
+~ to you under the Apache License, Version 2.0 (the
+~ "License"); you may not use this file except in compliance
+~ with the License. You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing,
+~ software distributed under the License is distributed on an
+~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~ KIND, either express or implied. See the License for the
+~ specific language governing permissions and limitations
+~ under the License.
+-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content=
+"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
+<meta http-equiv="content-type" content="" />
+<title>Apache Rampart 1.3 Release</title>
+</head>
+<body>
+<!--Google Anayitcs tracking code-->
+<script type="text/javascript" src=
+"http://www.google-analytics.com/urchin.js">
+</script><script type="text/javascript">
+//<![CDATA[
+_uacct = "UA-1954378-3";
+urchinTracker();
+//]]>
+</script>
+<!--End of Google Anayitcs tracking code-->
+<h2>Apache Rampart 1.3 Release</h2>
+<div>
+<table border="1" cellpadding="1">
+<tbody>
+<tr>
+<th scope="col">Distribution Name</th>
+<th scope="col">Description</th>
+<!--<th scope="col">Items</th>-->
+<th scope="col">Download</th>
+</tr>
+<tr>
+<td><a name="std-bin" id="std-bin"></a><strong>Standard Binary
+Distribution</strong></td>
+<td>This is the complete version of Apache Rampart and will contain samples
+as well.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.4.zip');">zip</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip.md5"
+title="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip.asc"
+title="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><a name="src" id="src"></a> <strong>Source
+Distribution</strong></td>
+<td>This will contain the sources of Apache Rampart distribution.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-dist-1.4-src.zip');">zip</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.md5"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.md5">MD5</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.asc"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><strong>Documents Distribution</strong></td>
+<td>This will contain all the documentation in one package.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.4-docs.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.4-docs.zip');">zip</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.md5"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-1.4-docs.zip.md5">MD5</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.asc"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-1.4-docs.zip.asc">PGP</a></td>
+</tr>
+</tbody>
+</table>
+</div>
+</body>
+</html>
diff --git a/1_5/modules/documentation/src/site/xdoc/index.xml b/1_5/modules/documentation/src/site/xdoc/index.xml
new file mode 100644
index 0000000..62b2bf9
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/index.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<document>
+
+ <properties>
+
+ </properties>
+
+ <body>
+ <h1>Apache Rampart - Axis2 Security Module</h1>
+ <section name="Welcome to Apache Rampart">
+ <p>Rampart is the security module of Axis2. With Rampary module, you can secure Axis2
+ web services for authentication, integrity, confidentiality and non - repudiation.
+ Rampart secures SOAP messages according to specifications in the WS-Security stack.
+ Please go through the <a href="articles.html">Apache Rampart Knowledge Base</a> to
+ get more information about Rampart and it's usage.
+ </p>
+ </section>
+
+ <h2>Features of Rampart Latest Version</h2>
+ <p>
+ Rampart supports the following specifications:
+ </p>
+ <ul>
+ <li>WS - Security 1.0</li>
+ <li>WS - Security 1.1</li>
+ <li>WS - Secure Conversation - February 2005</li>
+ <li>WS - Security Policy - 1.1 - July 2005</li>
+ <li>WS - Security Policy - 1.2 </li>
+ <li>WS - Trust - February 2005</li>
+ <li>WS - Trust - WS-SX</li>
+ <li>SAML 1.1</li>
+ <li>SAML 2.0 - Issurance</li>
+ </ul>
+
+ <h2>Apache Rampart News</h2>
+ <h3>Oct xx, 2009 : Apache Rampart 1.5 released</h3>
+ <p>Apache Rampart 1.5 was released with lots of bug fixes and new features.<br></br>
+ New features include</p>
+ <ul>
+ <li>SAML 2.0 support</li>
+ <li>Key store caching</li>
+ <li>Signing / Encrypting with multiple keys</li>
+ <li>Tests for negative scenarios</li>
+ </ul>
+ </body>
+</document>
diff --git a/1_5/modules/documentation/src/site/xdoc/quick-start.xml b/1_5/modules/documentation/src/site/xdoc/quick-start.xml
new file mode 100644
index 0000000..a5d41cc
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/quick-start.xml
@@ -0,0 +1,38 @@
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ </head>
+ <body>
+ <h1>Rampart Quick Start Guide</h1>
+
+ <h3>Installing Rampart module in Axis2</h3>
+ <p>Steps to install</p>
+ <ol>
+ <li>If you haven't installed Axis2, then download and extract the standard binary distribution. Make sure you have set the AXIS2_HOME environment variable</li>
+ <li>Run ant from the "samples" directory to copy the required libraries and modules to relevant directories in AXIS2_HOME.</li>
+ </ol>
+ <p></p>
+
+ <h3>Engaging Rampart</h3>
+ <p>When securing a SOAP message, the sender must know the security actions to be performed on the message and the receiver must know enough details to process and validate the security of the message. Therefore when using Rampart with Axis2, it must be engaged at both ends.</p>
+ <p>Observe how module has been engaged in server side by opening samples/policy/sample01/services.xml. The following line has engaged the module.</p>
+ <p>Engaging Rampart at client side is done programatically as follows.</p>
+ <pre>
+ ServiceClient client = new ServiceClient(ctx, null);<br/>
+ client.engageModule("rampart");
+ </pre>
+ <h3>Understanding policy</h3>
+ <p>WS-Security Policy can be used to indicate what security actions that needs be performed on SOAP messages and and what actions should be validated. The file 'samples/policy/sample01/policy.xml' configures Rampart to add Username Token with Timestamp to this message. The element <RampartConfig> in policy.xml defines Rampart specific configurations. </p>
+ <p>Policy at serverside is included in samples/policy/sample01/services.xml file. This configures Rampart module at serverside to validate the message for Username Token an Timestamp.</p>
+ <p>More details on RampartConfig can be found <a href="rampartconfig-guide.html">here</a>.</p>
+
+ <h3>Viewing the Message on wire</h3>
+ <p>It is interesting to view the secured SOAP message on the wire using TCP monitor. Change the "client.port" property in samples/policy/build.xml file to the listening port of TCP monitor. This will send all the messages through TCP monitor when you execute the ant script. Observe the <wsse:Security> header in the SOAP message.</p>
+
+
+
+ </body>
+</html>
+
diff --git a/1_5/modules/documentation/src/site/xdoc/rampartconfig-guide.xml b/1_5/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
new file mode 100644
index 0000000..3dccfb6
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
@@ -0,0 +1,76 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+</head>
+ <body>
+<h1>Apache Rampart - Configuration Guide</h1>
+<h2>Rampart Configurations</h2>
+<p>RampartConfig element can have any of the following child elements. Schema is available <a href="rampart-config.xsd">here</a></p>
+<table class="bodyTable"><tbody>
+ <tr class="a"><td><b>Parameter</b></td><td><b>Description</b></td><td><b>Example</b></td></tr>
+
+ <tr class="b"><td>user</td><td>The user's name</td><td>Set username of UsernameToken to be used <br></br>
+ <user> bob</user></td></tr>
+ <tr class="a"><td>userCertAlias</td><td>The user's cert alias</td><td>Set alias of the key to be used to sign<br></br>
+ <userCertAlias> bob</userCertAlias></td></tr>
+ <tr class="b"><td>encryptionUser</td><td>The user's name for encryption.</td><td>
+ <encryptionUser>alice</encryptionUser></td></tr>
+ <tr class="a"><td>passwordCallbackClass</td><td>Callback class used to provide the password required to create the
+ UsernameToken or to sign the message</td><td>
+<pre>
+<passwordCallbackClass>
+ org.apache.axis2.security.PWCallback
+</passwordCallbackClass>
+</pre></td></tr>
+ <tr class="b"><td>policyValidatorCbClass</td><td>Callback class used to provide custom validater </td><td>
+<pre>
+<policyValidatorCbClass>
+ org.apache.axis2.security.CustomPolicyValidater
+</policyValidatorCbClass>
+</pre></td></tr>
+ <tr class="a"><td>signatureCrypto</td><td>properties to needed perform signature, such as crypto
+ provider, keystore and its password</td><td>
+<pre>
+<signatureCrypto>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">client.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>
+ </crypto>
+<signatureCrypto>
+</pre>
+ </td></tr>
+ <tr class="b"><td>encryptionCypto</td><td>properties to needed perform signature, such as crypto
+ provider, keystore and its password</td><td>
+<pre>
+<encryptionCypto>
+ ....crypto element ......
+</encryptionCypto>
+</pre></td></tr>
+ <tr class="a"><td>decryptionCrypto</td><td>properties to needed perform signature, such as crypto
+ provider, keystore and its password</td><td>
+<pre>
+<decryptionCrypto>
+ ....crypto element ......
+</decryptionCrypto></pre></td></tr>
+ <tr class="b"><td>timestampTTL</td><td>Time to live of Timestamp</td><td>The default timestamp time to live is 300 seconds</td></tr>
+ <tr class="a"><td>timestampMaxSkew</td><td>The maximum tolerence limit for timeskew of the timestamp</td><td>Rampart allows timestamps created slightly ahead of the reciever's time.<br/> This parameter allows to specify the tolerence limit</td></tr>
+ <tr class="b"><td>timestampPrecisionInMilliseconds</td><td> Whether the timestamps precision should be milliseconds </td><td>When this value is set false, generated timestamps doesn't contain milliseconds </td></tr>
+ <tr class="a"><td>optimizeParts</td><td></td><td></td></tr>
+ <tr class="b"><td>tokenStoreClass</td><td></td><td></td></tr>
+ <tr class="a"><td>sslConfig</td><td>SSL Configuration need for Transportbinding</td><td>Can specify the properties such as "javax.net.ssl.trustStore" and "javax.net.ssl.trustStorePassword". Please see below for more information.</td></tr>
+ </tbody></table>
+<br></br>
+<h3>Crypto Provider</h3>
+ <p>org.apache.ws.security.crypto.provider defines the implementation of
+the org.apache.ws.security.components.crypto.Crypto interface to provide the
+crypto information required by WSS4J. The other properties defined are the
+configuration properties used by the implementation class
+(org.apache.ws.security.components.crypto.Merlin).
+<br></br>
+<a name="ref"></a><a name="references"></a></p>
+<a name="References"></a>
+<h3>References</h3>1. <a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a>
+ </body>
+</html>
diff --git a/1_5/modules/documentation/src/site/xdoc/samples.xml b/1_5/modules/documentation/src/site/xdoc/samples.xml
new file mode 100644
index 0000000..574d7f7
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/samples.xml
@@ -0,0 +1,135 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+ <document>
+ <properties>
+ <title>Apache Rampart Samples</title>
+ </properties>
+ <head>
+ </head>
+ <body>
+ <h1>Rampart Samples</h1>
+ <h2> Basic samples </h2>
+ <p>These samples use parameter based configuration model. This will be a great starting point to get a basic understanding of how WS Security really works. </p>
+ <h2> Policy samples </h2>
+ <p>These samples use WS Security Policy Language for configuration. It is recommended to use policy based configuration model for all production scenarios </p>
+ <h3>Running Samples</h3>
+ <p>Now we'll look at how to run the first sample inside samples/policy folder.</p>
+ <ol>
+ <li>Open a console and change the directory to sample/policy and give the following command. This will start the server at port 8080</li>
+ <pre>
+<code>$ant service.01</code>
+ </pre>
+ <li>Open a new console and change the directory to sample/policy and type the following command.</li>
+ <pre>
+<code>$ant client.01</code>
+ </pre>
+ </ol>
+ <p>Congratulations! Now you have executed the first sample. Rest of the samples can be run by changing the sample number.</p>
+ <br></br>
+ <br></br>
+ <h3>Samples</h3>
+ <br></br>
+ <table class="bodyTable">
+ <tbody>
+ <tr class="a"><td>Sample 01</td></tr>
+ <tr/>
+ </tbody>
+ </table>
+ <div style="margin-left:2px;margin-right:-2px;">UsernameToken Authentication, The policy uses a TransportBinding and requires a SignedSupportingToken which
+is a UsernameToken and the inclusion of a TimeStamp. </div>
+ <ul>
+ <li><a href="samples/policy/sample01.xml">Policy</a></li>
+ <li><a href="samples/msgs/req01.xml">Request Message</a></li>
+ <li><a href="samples/msgs/res01.xml">Response Message</a></li>
+ </ul>
+
+ <br></br>
+ <table class="bodyTable">
+ <tbody>
+ <tr class="a"><td>Sample 02</td></tr>
+ <tr/>
+ </tbody>
+ </table>
+ <div class="b" style="margin-left:2px;margin-right:-2px;">Sign only, An AsymmetricBinding is used. Entire headers and body to be signed.
+Algorithm suite is TripleDesRsa15.</div>
+ <ul>
+ <li><a href="samples/policy/sample02.xml">Policy</a></li>
+ <li><a href="samples/msgs/req02.xml">Request Message</a></li>
+ <li><a href="samples/msgs/res02.xml">Response Message</a></li>
+ </ul>
+ <br></br>
+ <table class="bodyTable">
+ <tbody>
+ <tr class="a"><td>Sample 03</td></tr>
+ <tr/>
+ </tbody>
+ </table>
+ <div class="b" style="margin-left:2px;margin-right:-2px;">Sign and Encrypt messages, An AsymmetricBinding is used. Entire headers and body to be signed.
+EncryptionParts specifies the Body to be encrypted. </div>
+ <ul>
+ <li><a href="samples/policy/sample03.xml">Policy</a></li>
+ <li><a href="samples/msgs/req03.xml">Request Message</a></li>
+ <li><a href="samples/msgs/res03.xml">Response Message</a></li>
+ </ul>
+ <br></br>
+ <table class="bodyTable">
+ <tbody>
+ <tr class="a"><td>Sample 04</td></tr>
+ <tr/>
+ </tbody>
+ </table>
+ <div class="b" style="margin-left:2px;margin-right:-2px;">SecureConversation , The secure session is bootstrapped using a SymetricBinding which uses derived keys based on an ephemeral key.
+Messages in the secure conversation includes a timestamp, all headers are signed along with the timestamp, signature encrypted and body encrypted.</div>
+ <ul>
+ <li><a href="samples/policy/sample04.xml">Policy</a></li>
+ <li><a href="samples/msgs/rst04.xml">Bootstrap request (RST)</a></li>
+ <li><a href="samples/msgs/rstr04.xml">Bootstrap response (RSTR)</a></li>
+ <li><a href="samples/msgs/req04.xml">Request Message</a></li>
+ <li><a href="samples/msgs/res04.xml">Response Message</a></li>
+ <li><a href="samples/msgs/creq04.xml">Cancel request </a></li>
+ <li><a href="samples/msgs/cres04.xml">Cancel response</a></li>
+ </ul>
+ <br></br>
+ <table class="bodyTable">
+ <tbody>
+ <tr class="a"><td>Sample 05</td></tr>
+ <tr/>
+ </tbody>
+ </table>
+ <div class="b" style="margin-left:2px;margin-right:-2px;">WS-Trust - RST - Resquest Security Token Service - Issuing a SAML token - issuing a token </div>
+ <ul>
+ <li><a href="samples/policy/sample05.xml">Policy</a></li>
+ <li><a href="samples/msgs/req05.xml">Request Message</a></li>
+ <li><a href="samples/msgs/res05.xml">Response Message</a></li>
+ </ul>
+ <br></br>
+ <table class="bodyTable">
+ <tbody>
+ <tr class="a"><td>Sample 06</td></tr>
+ <tr/>
+ </tbody>
+ </table>
+ <div class="b" style="margin-left:2px;margin-right:-2px;">WS-Trust ( With WS Metada Exchange) - RST - Resquest Security Token Service - Issuing a SAML token </div>
+ <ul>
+ <li><a href="samples/policy/sample01.xml">Policy</a></li>
+ <li><a href="samples/msgs/req06.xml">Request Message</a></li>
+ <li><a href="samples/msgs/res06.xml">Response Message</a></li>
+ </ul>
+ </body>
+ </document>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/xdoc/setting-up-sts.xml b/1_5/modules/documentation/src/site/xdoc/setting-up-sts.xml
new file mode 100644
index 0000000..14fc044
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/setting-up-sts.xml
@@ -0,0 +1,64 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+ <document>
+ <properties>
+ <title>Setting up a Security Token Service</title>
+ </properties>
+ <head>
+ </head>
+ <body>
+ <h1>Setting up a Security Token Service</h1>
+ <h3>Setting up a Security Token Service</h3>
+ <p>Security Token Service can be set up as per WS-Trust specification using Rampart. The default security token service shipped with the rampart distribution is contained in the rampart-trust.mar module. It can issue SCT tokens and SAML tokens. Sample05 contains a client that connects to the default STS and obtain a SAML token. The services.xml in the sample contains "saml-issuer-config" parameter that is used to configure the default SAML issuer.</p>
+ <strong>STS with a custom issuer</strong>
+ <p>First the default rampart.mar has to be removed from the modules. Then write you own issuer implementing the <code>"org.apache.rahas.TokenIssuer"</code> interface. Let's say that your issuer is <code>"org.custom.MyIssuer"</code>. Then create a Axis2 service archive with the following in the services.xml. Drop the archive into the repository and you have a STS with a CustomToken issuer.</p>
+
+ <pre>
+
+<module ref="rampart" />
+
+<operation name="IssueToken"
+ mep="http://www.w3.org/2006/01/wsdl/in-out">
+ <messageReceiver
+ class="org.apache.rahas.STSMessageReceiver"/>
+
+ <!-- Action mapping to accept RST requests -->
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
+
+ <parameter name="token-dispatcher-configuration">
+ <token-dispatcher-configuration>
+ <!-- Issuers. You may have many issuers. -->
+ <issuer class="org.custom.MyIssuer" default="true">
+ <configuration
+ type="parameter">saml-issuer-config</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+ </issuer>
+ </token-dispatcher-configuration>
+ </parameter>
+
+</operation>
+
+</pre>
+ </body>
+ </document>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/xdoc/siteHowTo.xml b/1_5/modules/documentation/src/site/xdoc/siteHowTo.xml
new file mode 100644
index 0000000..1ccdbe2
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/siteHowTo.xml
@@ -0,0 +1,60 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title></title>
+</head>
+<body>
+<h1>How to Build the Rampart Project's Website</h1>
+<h2>Installing Maven2</h2>
+<p>The Apache Rampart website build system solely depends on <a href=
+"http://maven.apache.org/">Maven2</a>. The build has been
+specifically tested to work with Maven version 2.0.7. To install
+Maven, download the distributions and follow the instructions in
+the documentation. Make sure you don't forget to add MAVEN_HOME/bin
+directory in the path.</p>
+<h2>Checking out Apache Rampart</h2>
+<p>Checkout the <a href=
+"http://svn.apache.org/repos/asf/webservices/rampart/trunk/java">latest
+source</a> using your favorite SVN client. If you are a committer,
+get a <a href=
+"https://svn.apache.org/repos/asf/webservices/rampart/trunk/java">commiter
+check out.</a></p>
+<h2>Building the Site</h2>
+<p>cd to modules/documentation and type <i>mvn install</i> The built
+site will be available under target/site.</p>
+<h2>FAQ</h2>
+<ol>
+<li>How can I update a document in the site ?<br />
+Get a commiter check out. All the documents are in XHTML format
+under the modules/documentation/src/site/xdoc folder, and you can change only the documents found
+under this folder. Change the relevant file and run <i>mvn
+install</i>. New documentation will be available under
+the target folder.</li>
+<li>How can I add a new document?<br />
+Add the new document in the xdoc folder. Change the site.xml
+found under the modules/documentation/src/site folder by adding a link to the newly added
+document. Re-generate the site.<br />
+Please make sure you have not included any of the illegal
+characters and your document should be well formed.</li>
+</ol>
+</body>
+</html>
diff --git a/1_5/modules/documentation/src/site/xdoc/specifications.xml b/1_5/modules/documentation/src/site/xdoc/specifications.xml
new file mode 100644
index 0000000..70f4559
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/specifications.xml
@@ -0,0 +1,60 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+ <document>
+ <properties>
+ <title></title>
+ </properties>
+ <head>
+
+ </head>
+ <body>
+ <h1>WS Security Specifications</h1>
+ <h2>WSS: SOAP Message Security </h2>
+ <ul>
+ <li><a href="http://www.oasis-open.org/committees/download.php/5941/oasis-200401-wss-soap-message-security-1.0.pdf">
+ SOAP Message Security 1.0 </a></li>
+ <li><a href="http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf">
+ SOAP Message Security 1.1 </a></li>
+ </ul>
+ <h2>WS Security Policy</h2>
+ <ul>
+ <li><a href="http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf">
+ WS-SecurityPolicy 1.1</a></li>
+ </ul>
+ <h2>Web Services Trust Language (WS-Trust)</h2>
+ <ul>
+ <li><a href="http://specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf">
+ WS Trust 1.0 </a></li>
+ </ul>
+ <h2>WS Secure Conversation</h2>
+ <ul>
+ <li><a href="http://specs.xmlsoap.org/ws/2005/02/sc/WS-SecureConversation.pdf">
+ WS Secure Conversation 1.0 </a></li>
+ </ul>
+ <h2>WS-SX specifications</h2>
+ <ul>
+ <li><a href="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.pdf">
+ WS-SecurityPolicy 1.2 </a></li>
+ <li><a href="http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.pdf">
+ WS Trust 1.3</a></li>
+ <li><a href="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.pdf">
+ WS Secure Conversation 1.3</a></li>
+ </ul>
+ </body>
+ </document>
\ No newline at end of file
diff --git a/1_5/modules/documentation/src/site/xdoc/svn.xml b/1_5/modules/documentation/src/site/xdoc/svn.xml
new file mode 100644
index 0000000..21da0ff
--- /dev/null
+++ b/1_5/modules/documentation/src/site/xdoc/svn.xml
@@ -0,0 +1,114 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>Developing Apache Rampart</title>
+</head>
+<body lang="en" xml:lang="en">
+<h1>Developing Apache Rampart</h1>
+<p>This document provides information on how to use SVN to get an
+SVN checkout/update, make commits to the repository, etc., in the
+process of contributing to Apache projects (specifically Apache Rampart).
+Instructions on configuring IDEs for development and using Maven to
+build the project is also included here.</p>
+<h2>Content</h2>
+<ul>
+<li><a href="#svn">Working with Subversion (SVN)</a></li>
+<li><a href="#checkout">Checkout Rampart from Subversion</a></li>
+<li><a href="#maven">Installing Maven 2</a></li>
+<li><a href="#ide">Configuring your IDE</a></li>
+</ul>
+<a name="svn" id="svn"></a>
+<h2>Working with Subversion (SVN)</h2>
+<p>The Rampart development team uses Subversion (SVN) for source
+control. Subversion is a compelling replacement for CVS, developed
+under the auspices of the Tigris community and licensed under an
+Apache compatible license. To learn more about Subversion or to
+download the latest distribution, visit the <a href=
+"http:///subversion.tigris.org" target="_blank">Subversion project
+site</a>. If you are looking for guidance on setting up and
+installing Subversion, please read the ASF <a href=
+"http://www.apache.org/dev/version-control.html" target=
+"_blank">Source Code Repositories page</a>.</p>
+<a name="checkout" id="checkout"></a>
+<h2>Checkout Axis2 from Subversion</h2>
+<p>To check out the latest version of Rampart from the Foundation's
+Subversion repository, you must use one of the following URLs
+depending on your level of access to the Rampart source code:</p>
+<ul>
+<li><b>If you are not a committer:</b> <a href=
+"http://svn.apache.org/repos/asf/webservices/rampart/trunk/java"
+target=
+"_blank">http://svn.apache.org/repos/asf/webservices/rampart/trunk/java</a></li>
+<li><b>If you are a committer:</b> <a href=
+"https://svn.apache.org/repos/asf/webservices/rampart/trunk/java"
+target=
+"_blank">https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</a></li>
+</ul>
+If you are a committer, make sure that you have selected an
+svnpasswd. To do this, you must log into svn.apache.org. For more
+information, please read the ASF <a href=
+"http://www.apache.org/dev/version-control.html" target=
+"_blank">Source Code Repositories page</a>.
+<p>Once you have successfully installed Subversion, you can check
+out Rampart trunk by following these steps:</p>
+<ol type="1">
+<li>Run <strong>svn co <repository URL> axis2</strong> where
+the repository URL is one of the URLs from the previous list.</li>
+<li>This step will check out the latest version of the Rampart Java
+codebase to a directory named "rampart". The second parameter to the
+<strong>svn co</strong> selects a directory to create on your local
+machine. If you want to checkout Rampart to a different directory,
+feel free to change rampart to any other directory name.</li>
+<li>To update your working copy to the latest version from the
+repository, execute the <strong>svn update</strong> command.</li>
+<li>If you would like to submit a patch, you can execute
+<strong>svn diff</strong> to create a unified diff for submission
+to the Rampart JIRA issue tracker.</li>
+</ol>
+<a name="maven" id="maven"></a>
+<h2>Installing Maven 2</h2>
+<p>Rampart's build is based on Maven 2. Maven is a build system that
+allows for the reuse of common build projects across multiple
+projects. For information about obtaining, installing, and
+configuring Maven 2, please see the <a href=
+"http://maven.apache.org" target="_blank">Maven project page</a>.
+To use Maven to build the Axis2 project, Please install <a href="http://maven.apache.org/download.html" target=
+"_blank">Maven2</a> and follow instructions here - <a href="maven-help.html">Quick Guide to Maven for Axis 2.0</a></p>.
+<a name="ide" id="ide"></a>
+<h2>Configuring your IDE</h2>
+<p>The Rampart development team uses a variety of development tools
+from vi to emacs to eclipse to Intellij/IDEA. The following section
+is not an endorsement of a specific set of tools, it is simply
+meant as a pointer to ease the process of getting started with
+Rampart development.</p>
+<ul>
+<li><strong>Intellij IDEA</strong> - type <strong>mvn
+idea:idea</strong>. Generates the necessary IDEA .ipr, .iml
+and .iws project files</li>
+<li><strong>Eclipse</strong>- type <strong>mvn eclipse:eclipse</strong>. Then in Eclipse, setup a Classpath Variable
+for MAVEN_REPO, and select File > Import > Existing Projects
+into Workspace > Select root directory. Selecting the root of
+the Rampart source discovers all the modules and allows them to be
+imported as individual projects at once.</li>
+</ul>
+</body>
+</html>
diff --git a/1_5/modules/rampart-core/pom.xml b/1_5/modules/rampart-core/pom.xml
new file mode 100644
index 0000000..cbd1919
--- /dev/null
+++ b/1_5/modules/rampart-core/pom.xml
@@ -0,0 +1,64 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.5</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-core</artifactId>
+ <packaging>jar</packaging>
+ <name>Rampart - Core</name>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ <excludes>
+ <exclude>**/*.java</exclude>
+ </excludes>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent"/>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
diff --git a/1_5/modules/rampart-core/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder b/1_5/modules/rampart-core/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
new file mode 100644
index 0000000..34900b9
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
@@ -0,0 +1,3 @@
+org.apache.rampart.policy.builders.CryptoConfigBuilder
+org.apache.rampart.policy.builders.RampartConfigBuilder
+org.apache.rampart.policy.builders.SSLConfigBuilder
\ No newline at end of file
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
new file mode 100644
index 0000000..40f9563
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
@@ -0,0 +1,188 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.AddressingConstants.Final;
+import org.apache.axis2.addressing.AddressingConstants.Submission;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.util.XMLUtils;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustUtil;
+import org.apache.rampart.builder.AsymmetricBindingBuilder;
+import org.apache.rampart.builder.SymmetricBindingBuilder;
+import org.apache.rampart.builder.TransportBindingBuilder;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.OptimizePartsConfig;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.MessageOptimizer;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import javax.xml.namespace.QName;
+
+public class MessageBuilder {
+
+ private static Log log = LogFactory.getLog(MessageBuilder.class);
+
+ public void build(MessageContext msgCtx) throws WSSPolicyException,
+ RampartException, WSSecurityException, AxisFault {
+
+ Axis2Util.useDOOM(true);
+
+ RampartMessageData rmd = new RampartMessageData(msgCtx, true);
+
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if(rpd == null || isSecurityValidationFault(msgCtx) ||
+ !RampartUtil.isSecHeaderRequired(rpd, rmd.isInitiator(),false)) {
+
+ Document doc = rmd.getDocument();
+ WSSecHeader secHeader = rmd.getSecHeader();
+
+ if ( secHeader != null && secHeader.isEmpty(doc) ) {
+ secHeader.removeSecurityHeader(doc);
+ }
+
+ return;
+ }
+
+ //Copy the RECV_RESULTS if available
+ if(!rmd.isInitiator()) {
+ OperationContext opCtx = msgCtx.getOperationContext();
+ MessageContext inMsgCtx;
+ if(opCtx != null &&
+ (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
+ msgCtx.setProperty(WSHandlerConstants.RECV_RESULTS,
+ inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+ }
+ }
+
+
+ String isCancelreq = (String)msgCtx.getProperty(RampartMessageData.CANCEL_REQUEST);
+ if(isCancelreq != null && Constants.VALUE_TRUE.equals(isCancelreq)) {
+ try {
+
+ String cancelAction = TrustUtil.getWSTNamespace(rmd.getWstVersion()) + RahasConstants.RST_ACTION_CANCEL_SCT;
+ //Set action
+ msgCtx.getOptions().setAction(cancelAction);
+
+ //Change the wsa:Action header
+ String wsaNs = Final.WSA_NAMESPACE;
+ Object addressingVersionFromCurrentMsgCtxt = msgCtx.getProperty(AddressingConstants.WS_ADDRESSING_VERSION);
+ if (Submission.WSA_NAMESPACE.equals(addressingVersionFromCurrentMsgCtxt)) {
+ wsaNs = Submission.WSA_NAMESPACE;
+ }
+ OMElement header = msgCtx.getEnvelope().getHeader();
+ if(header != null) {
+ OMElement actionElem = header.getFirstChildWithName(new QName(wsaNs, AddressingConstants.WSA_ACTION));
+ if(actionElem != null) {
+ actionElem.setText(cancelAction);
+ }
+ }
+
+ //set payload to a cancel request
+ String ctxIdKey = RampartUtil.getContextIdentifierKey(msgCtx);
+ String tokenId = (String)RampartUtil.getContextMap(msgCtx).get(ctxIdKey);
+
+ if(tokenId != null && RampartUtil.isTokenValid(rmd, tokenId)) {
+ OMElement bodyElem = msgCtx.getEnvelope().getBody();
+ OMElement child = bodyElem.getFirstElement();
+ SecurityContextToken sct = new SecurityContextToken(
+ (Element) rmd.getTokenStorage().getToken(tokenId)
+ .getToken());
+ OMElement newChild = TrustUtil.createCancelRequest(sct
+ .getIdentifier(), rmd.getWstVersion());
+ Element newDomChild = XMLUtils.toDOM(newChild);
+ Node importedNode = rmd.getDocument().importNode((Element) newDomChild, true);
+ ((Element) bodyElem).replaceChild(importedNode, (Element) child);
+ } else {
+ throw new RampartException("tokenToBeCancelledInvalid");
+ }
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new RampartException("errorInTokenCancellation");
+ }
+ }
+
+ if(rpd.isTransportBinding()) {
+ log.debug("Building transport binding");
+ TransportBindingBuilder building = new TransportBindingBuilder();
+ building.build(rmd);
+ } else if(rpd.isSymmetricBinding()) {
+ log.debug("Building SymmetricBinding");
+ SymmetricBindingBuilder builder = new SymmetricBindingBuilder();
+ builder.build(rmd);
+ } else {
+ AsymmetricBindingBuilder builder = new AsymmetricBindingBuilder();
+ builder.build(rmd);
+ }
+
+ //TODO remove following check, we don't need this check here as we do a check to see whether
+ // security header required
+
+ Document doc = rmd.getDocument();
+ WSSecHeader secHeader = rmd.getSecHeader();
+
+ if ( secHeader != null && secHeader.isEmpty(doc) ) {
+ secHeader.removeSecurityHeader(doc);
+ }
+
+ /*
+ * Checking whether MTOMSerializable is there. If so set optimizeElement.
+ * */
+ if(rpd.isMTOMSerialize()){
+ msgCtx.setProperty(Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
+ OptimizePartsConfig config= rpd.getOptimizePartsConfig();
+ if(config != null){
+ MessageOptimizer.optimize(msgCtx.getEnvelope(), config.getExpressions(), config.getNamespaces());
+ }
+ }
+
+ }
+
+ private boolean isSecurityValidationFault(MessageContext msgCtx) throws AxisFault {
+
+ OperationContext opCtx = msgCtx.getOperationContext();
+ MessageContext inMsgCtx;
+ if(opCtx != null &&
+ (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
+ Boolean secErrorFlag = (Boolean) inMsgCtx.getProperty(RampartConstants.SEC_FAULT);
+
+ if (secErrorFlag != null && secErrorFlag.equals(Boolean.TRUE)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
new file mode 100644
index 0000000..fe8f49f
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -0,0 +1,963 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.om.xpath.AXIOMXPath;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.SupportingPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.*;
+import org.apache.ws.security.*;
+import org.apache.ws.security.message.token.Timestamp;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.jaxen.XPath;
+import org.jaxen.JaxenException;
+
+import javax.xml.namespace.QName;
+import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+import java.util.*;
+
+public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandler {
+
+ private static Log log = LogFactory.getLog(PolicyBasedResultsValidator.class);
+
+ /**
+ * {@inheritDoc}
+ */
+ public void validate(ValidatorData data, Vector results)
+ throws RampartException {
+
+ RampartMessageData rmd = data.getRampartMessageData();
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ //If there's Security policy present and no results
+ //then we should throw an error
+ if(rpd != null && results == null) {
+ throw new RampartException("noSecurityResults");
+ }
+
+ //Check presence of timestamp
+ WSSecurityEngineResult tsResult = null;
+ if(rpd != null && rpd.isIncludeTimestamp()) {
+ tsResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
+ if(tsResult == null) {
+ throw new RampartException("timestampMissing");
+ }
+
+ }
+
+ //sig/encr
+ Vector encryptedParts = RampartUtil.getEncryptedParts(rmd);
+ if(rpd != null && rpd.isSignatureProtection() && isSignatureRequired(rmd)) {
+
+ String sigId = RampartUtil.getSigElementId(rmd);
+
+ encryptedParts.add(new WSEncryptionPart(WSConstants.SIG_LN,
+ WSConstants.SIG_NS, "Element"));
+ }
+
+ Vector signatureParts = RampartUtil.getSignedParts(rmd);
+
+ //Timestamp is not included in sig parts
+ if(rpd != null && rpd.isIncludeTimestamp() && !rpd.isTransportBinding()) {
+ signatureParts.add(new WSEncryptionPart("timestamp"));
+ }
+
+ if(!rmd.isInitiator()) {
+
+ //Just an indicator for EndorsingSupportingToken signature
+ SupportingToken endSupportingToken = rpd.getEndorsingSupportingTokens();
+ if(endSupportingToken != null) {
+ SignedEncryptedParts endSignedParts = endSupportingToken.getSignedParts();
+ if((endSignedParts != null &&
+ (endSignedParts.isBody() ||
+ endSignedParts.getHeaders().size() > 0)) ||
+ rpd.isIncludeTimestamp()) {
+ signatureParts.add(
+ new WSEncryptionPart("EndorsingSupportingTokens"));
+ }
+ }
+ //Just an indicator for SignedEndorsingSupportingToken signature
+ SupportingToken sgndEndSupportingToken = rpd.getSignedEndorsingSupportingTokens();
+ if(sgndEndSupportingToken != null) {
+ SignedEncryptedParts sgndEndSignedParts = sgndEndSupportingToken.getSignedParts();
+ if((sgndEndSignedParts != null &&
+ (sgndEndSignedParts.isBody() ||
+ sgndEndSignedParts.getHeaders().size() > 0)) ||
+ rpd.isIncludeTimestamp()) {
+ signatureParts.add(
+ new WSEncryptionPart("SignedEndorsingSupportingTokens"));
+ }
+ }
+
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ SupportingToken supportingToken = (SupportingToken) supportingToks.get(i);
+ if (supportingToken != null) {
+ SupportingPolicyData policyData = new SupportingPolicyData();
+ policyData.build(supportingToken);
+ encryptedParts.addAll(RampartUtil.getSupportingEncryptedParts(rmd, policyData));
+ signatureParts.addAll(RampartUtil.getSupportingSignedParts(rmd, policyData));
+ }
+ }
+ }
+
+ validateEncrSig(data,encryptedParts, signatureParts, results);
+
+ if(!rpd.isTransportBinding()) {
+ validateProtectionOrder(data, results);
+ }
+
+ validateEncryptedParts(data, encryptedParts, results);
+
+ validateSignedPartsHeaders(data, signatureParts, results);
+
+ validateRequiredElements(data);
+
+ //Supporting tokens
+ if(!rmd.isInitiator()) {
+ validateSupportingTokens(data, results);
+ }
+
+ /*
+ * Now we can check the certificate used to sign the message. In the
+ * following implementation the certificate is only trusted if either it
+ * itself or the certificate of the issuer is installed in the keystore.
+ *
+ * Note: the method verifyTrust(X509Certificate) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the signature action result from the action vector
+ WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
+ results, WSConstants.SIGN);
+
+ if (actionResult != null) {
+ X509Certificate returnCert = (X509Certificate) actionResult
+ .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+
+ if (returnCert != null) {
+ if (!verifyTrust(returnCert, rmd)) {
+ throw new RampartException ("trustVerificationError");
+ }
+ }
+ }
+
+ /*
+ * Perform further checks on the timestamp that was transmitted in the
+ * header.
+ * In the following implementation the timestamp is valid if :
+ * Timestamp->Created < 'now' < Timestamp->Expires (Last test already handled by WSS4J)
+ *
+ * Note: the method verifyTimestamp(Timestamp) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the timestamp action result from the action vector
+ actionResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
+
+ if (actionResult != null) {
+ Timestamp timestamp = (Timestamp) actionResult
+ .get(WSSecurityEngineResult.TAG_TIMESTAMP);
+
+ if (timestamp != null) {
+ if (!verifyTimestamp(timestamp, rmd)) {
+ throw new RampartException("cannotValidateTimestamp");
+ }
+ }
+ }
+ }
+
+ /**
+ * @param encryptedParts
+ * @param signatureParts
+ */
+ protected void validateEncrSig(ValidatorData data,Vector encryptedParts, Vector signatureParts, Vector results)
+ throws RampartException {
+ ArrayList actions = getSigEncrActions(results);
+ boolean sig = false;
+ boolean encr = false;
+ for (Iterator iter = actions.iterator(); iter.hasNext();) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.SIGN) {
+ sig = true;
+ } else if(act.intValue() == WSConstants.ENCR) {
+ encr = true;
+ }
+ }
+
+ RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
+
+ SupportingToken sgndSupTokens = rpd.getSignedSupportingTokens();
+ SupportingToken sgndEndorSupTokens = rpd.getSignedEndorsingSupportingTokens();
+
+ if(sig && signatureParts.size() == 0
+ && (sgndSupTokens == null || sgndSupTokens.getTokens().size() == 0)
+ && (sgndEndorSupTokens == null || sgndEndorSupTokens.getTokens().size() == 0)) {
+
+ //Unexpected signature
+ throw new RampartException("unexprectedSignature");
+ } else if(!sig && signatureParts.size() > 0) {
+
+ //required signature missing
+ throw new RampartException("signatureMissing");
+ }
+
+ if(encr && encryptedParts.size() == 0) {
+
+ //Check whether its just an encrypted key
+ ArrayList list = this.getResults(results, WSConstants.ENCR);
+ boolean encrDataFound = false;
+ for (Iterator iter = list.iterator(); iter.hasNext();) {
+ WSSecurityEngineResult result = (WSSecurityEngineResult) iter.next();
+ ArrayList dataRefURIs = (ArrayList)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+ if ( dataRefURIs != null && dataRefURIs.size() != 0) {
+ encrDataFound = true;
+ }
+ }
+ //TODO check whether the encrptedDataFound is an UsernameToken
+ if(encrDataFound && !isUsernameTokenPresent(data)) {
+ //Unexpected encryption
+ throw new RampartException("unexprectedEncryptedPart");
+ }
+ } else if(!encr && encryptedParts.size() > 0) {
+
+ //required signature missing
+ throw new RampartException("encryptionMissing");
+ }
+ }
+
+ /**
+ * @param data
+ * @param results
+ */
+ protected void validateSupportingTokens(ValidatorData data, Vector results)
+ throws RampartException {
+
+ //Check for UsernameToken
+ RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ SupportingToken suppTok = (SupportingToken) supportingToks.get(i);
+ handleSupportingTokens(results, suppTok);
+ }
+ SupportingToken signedSuppToken = rpd.getSignedSupportingTokens();
+ handleSupportingTokens(results, signedSuppToken);
+ SupportingToken signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens();
+ handleSupportingTokens(results, signedEndSuppToken);
+ SupportingToken endSuppToken = rpd.getEndorsingSupportingTokens();
+ handleSupportingTokens(results, endSuppToken);
+ }
+
+ /**
+ * @param results
+ * @param suppTok
+ * @throws RampartException
+ */
+ protected void handleSupportingTokens(Vector results, SupportingToken suppTok) throws RampartException {
+
+ if(suppTok == null) {
+ return;
+ }
+
+ ArrayList tokens = suppTok.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof UsernameToken) {
+ //Check presence of a UsernameToken
+ WSSecurityEngineResult utResult = WSSecurityUtil.fetchActionResult(results, WSConstants.UT);
+ if(utResult == null) {
+ throw new RampartException("usernameTokenMissing");
+ }
+
+ } else if ( token instanceof IssuedToken ) {
+ //TODO is is enough to check for ST_UNSIGNED results ??
+ WSSecurityEngineResult samlResult = WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+ if(samlResult == null) {
+ throw new RampartException("samlTokenMissing");
+ }
+ } else if ( token instanceof X509Token) {
+ WSSecurityEngineResult x509Result = WSSecurityUtil.fetchActionResult(results, WSConstants.BST);
+ if(x509Result == null) {
+ throw new RampartException("binaryTokenMissing");
+ }
+ }
+ }
+ }
+
+
+
+
+ /**
+ * @param data
+ * @param results
+ */
+ protected void validateProtectionOrder(ValidatorData data, Vector results)
+ throws RampartException {
+
+ String protectionOrder = data.getRampartMessageData().getPolicyData().getProtectionOrder();
+ ArrayList sigEncrActions = this.getSigEncrActions(results);
+
+ if(sigEncrActions.size() < 2) {
+ //There are no results to COMPARE
+ return;
+ }
+
+ boolean sigNotPresent = true;
+ boolean encrNotPresent = true;
+
+ for (Iterator iter = sigEncrActions.iterator(); iter.hasNext();) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.SIGN) {
+ sigNotPresent = false;
+ } else if(act.intValue() == WSConstants.ENCR) {
+ encrNotPresent = false;
+ }
+ }
+
+ // Only one action is present, so there is no order to check
+ if ( sigNotPresent || encrNotPresent ) {
+ return;
+ }
+
+
+ boolean done = false;
+ if(SPConstants.SIGN_BEFORE_ENCRYPTING.equals(protectionOrder)) {
+
+ boolean sigFound = false;
+ for (Iterator iter = sigEncrActions.iterator();
+ iter.hasNext() || !done;) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.ENCR && ! sigFound ) {
+ // We found ENCR and SIGN has not been found - break and fail
+ break;
+ }
+ if(act.intValue() == WSConstants.SIGN) {
+ sigFound = true;
+ } else if(sigFound) {
+ //We have an ENCR action after sig
+ done = true;
+ }
+ }
+
+ } else {
+ boolean encrFound = false;
+ for (Iterator iter = sigEncrActions.iterator(); iter.hasNext();) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.SIGN && ! encrFound ) {
+ // We found SIGN and ENCR has not been found - break and fail
+ break;
+ }
+ if(act.intValue() == WSConstants.ENCR) {
+ encrFound = true;
+ } else if(encrFound) {
+ //We have an ENCR action after sig
+ done = true;
+ }
+ }
+ }
+
+ if(!done) {
+ throw new RampartException("protectionOrderMismatch");
+ }
+ }
+
+
+ protected ArrayList getSigEncrActions(Vector results) {
+ ArrayList sigEncrActions = new ArrayList();
+ for (Iterator iter = results.iterator(); iter.hasNext();) {
+ Integer actInt = (Integer) ((WSSecurityEngineResult) iter.next())
+ .get(WSSecurityEngineResult.TAG_ACTION);
+ int action = actInt.intValue();
+ if(WSConstants.SIGN == action || WSConstants.ENCR == action) {
+ sigEncrActions.add(new Integer(action));
+ }
+
+ }
+ return sigEncrActions;
+ }
+
+ protected void validateEncryptedParts(ValidatorData data, Vector encryptedParts, Vector results)
+ throws RampartException {
+
+ RampartMessageData rmd = data.getRampartMessageData();
+
+ ArrayList encrRefs = getEncryptedReferences(results);
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ // build the list of encrypted nodes based on the dataRefs xpath expressions
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+ Set namespaces = RampartUtil.findAllPrefixNamespaces(envelope,
+ rpd.getDeclaredNamespaces());
+
+ Map decryptedElements = new HashMap();
+ for (int i = 0; i < encrRefs.size() ; i++) {
+ WSDataRef dataRef = (WSDataRef)encrRefs.get(i);
+
+ if(dataRef == null || dataRef.getXpath() == null) {
+ continue;
+ }
+
+ try {
+ XPath xp = new AXIOMXPath(dataRef.getXpath());
+
+ Iterator nsIter = namespaces.iterator();
+
+ while (nsIter.hasNext())
+ {
+ OMNamespace tmpNs = (OMNamespace)nsIter.next();
+ xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
+ }
+
+ Iterator nodesIterator = xp.selectNodes(envelope).iterator();
+
+ while (nodesIterator.hasNext()) {
+ decryptedElements.put(nodesIterator.next(), Boolean.valueOf(dataRef.isContent()));
+ }
+
+
+ } catch (JaxenException e) {
+ // This has to be changed to propagate an instance of a RampartException up
+ throw new RampartException("An error occurred while searching for decrypted elements.", e);
+ }
+
+ }
+
+
+ //Check for encrypted body
+ if(rpd.isEncryptBody()) {
+
+ if( !isRefIdPresent(encrRefs, data.getBodyEncrDataId())){
+ throw new RampartException("encryptedPartMissing",
+ new String[]{data.getBodyEncrDataId()});
+ }
+ }
+
+ for (int i = 0 ; i < encryptedParts.size() ; i++) {
+
+ WSEncryptionPart encPart = (WSEncryptionPart)encryptedParts.get(i);
+
+ //This is the encrypted Body and we already checked encrypted body
+ if (encPart.getType() == WSConstants.PART_TYPE_BODY) {
+ continue;
+ }
+
+ if ((WSConstants.SIG_LN.equals(encPart.getName()) &&
+ WSConstants.SIG_NS.equals(encPart.getNamespace()))
+ || encPart.getType() == WSConstants.PART_TYPE_HEADER ) {
+ if (!isRefIdPresent(encrRefs, new QName(encPart.getNamespace(),encPart.getName()))) {
+ throw new RampartException("encryptedPartMissing",
+ new String[]{encPart.getNamespace()+":"+encPart.getName()});
+ }
+ continue;
+ }
+
+ // it is not a header or body part... verify encrypted xpath elements
+ String xpath = encPart.getXpath();
+ boolean found = false;
+ try {
+ XPath xp = new AXIOMXPath(xpath);
+ Iterator nsIter = namespaces.iterator();
+
+ while (nsIter.hasNext()) {
+ OMNamespace tmpNs = (OMNamespace) nsIter.next();
+ xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
+ }
+
+ Iterator nodesIterator = xp.selectNodes(envelope).iterator();
+
+ while (nodesIterator.hasNext()) {
+ Object result = decryptedElements.get(nodesIterator.next());
+ if (result != null &&
+ ("Element".equals(encPart.getEncModifier())
+ ^ ((Boolean) result).booleanValue())) {
+ found = true;
+ break;
+ }
+ }
+
+ if (!found) {
+ throw new RampartException("encryptedPartMissing",
+ new String[]{xpath});
+ }
+
+
+ } catch (JaxenException e) {
+ // This has to be changed to propagate an instance of a RampartException up
+ throw new RampartException("An error occurred while searching for decrypted elements.", e);
+ }
+
+ }
+
+ }
+
+ public void validateRequiredElements(ValidatorData data) throws RampartException {
+
+ RampartMessageData rmd = data.getRampartMessageData();
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+
+ Iterator elementsIter = rpd.getRequiredElements().iterator();
+
+ while (elementsIter.hasNext()) {
+
+ String expression = (String) elementsIter.next();
+
+ if ( !RampartUtil.checkRequiredElements(envelope, rpd.getDeclaredNamespaces(), expression)) {
+ throw new RampartException("requiredElementsMissing", new String[] { expression } );
+ }
+ }
+
+ }
+
+ protected void validateSignedPartsHeaders(ValidatorData data, Vector signatureParts, Vector results)
+ throws RampartException {
+
+ RampartMessageData rmd = data.getRampartMessageData();
+
+ Node envelope = rmd.getDocument().getFirstChild();
+
+ WSSecurityEngineResult[] actionResults = fetchActionResults(results, WSConstants.SIGN);
+
+ // Find elements that are signed
+ Vector actuallySigned = new Vector();
+ if (actionResults != null) {
+ for (int j = 0; j < actionResults.length; j++) {
+ WSSecurityEngineResult actionResult = actionResults[j];
+ Set signedIDs = (Set) actionResult
+ .get(WSSecurityEngineResult.TAG_SIGNED_ELEMENT_IDS);
+ for (Iterator i = signedIDs.iterator(); i.hasNext();) {
+ String e = (String) i.next();
+
+ Element element = WSSecurityUtil.findElementById(envelope, e,
+ WSConstants.WSU_NS);
+ actuallySigned.add(element);
+ }
+ }
+ }
+
+ for(int i=0; i<signatureParts.size(); i++) {
+ WSEncryptionPart wsep = (WSEncryptionPart) signatureParts.get( i );
+
+ if (wsep.getType() == WSConstants.PART_TYPE_BODY) {
+
+ Element body;
+
+ if (WSConstants.URI_SOAP11_ENV.equals(envelope.getNamespaceURI())) {
+ body = WSSecurityUtil.findBodyElement(rmd.getDocument(), new SOAP11Constants());
+ } else {
+ body = WSSecurityUtil.findBodyElement(rmd.getDocument(), new SOAP12Constants());
+ }
+
+ if (!actuallySigned.contains(body)) {
+ // soap body is not signed
+ throw new RampartException("bodyNotSigned");
+ }
+
+ } else if (wsep.getType() == WSConstants.PART_TYPE_HEADER ||
+ wsep.getType() == WSConstants.PART_TYPE_ELEMENT) {
+
+ Element element = (Element) WSSecurityUtil.findElement(
+ envelope, wsep.getName(), wsep.getNamespace() );
+ if( element == null ) {
+ // The signedpart header or element we are checking is not present in
+ // soap envelope - this is allowed
+ continue;
+ }
+
+ // header or the element present in soap envelope - verify that it is part of signature
+ if( actuallySigned.contains( element) ) {
+ continue;
+ }
+
+ String msg = wsep.getType() == WSConstants.PART_TYPE_HEADER ?
+ "signedPartHeaderNotSigned" : "signedElementNotSigned";
+
+ // header or the element defined in policy is present but not signed
+ throw new RampartException(msg, new String[] { wsep.getNamespace()+":"+wsep.getName() });
+
+ }
+ }
+ }
+
+
+ protected boolean isSignatureRequired(RampartMessageData rmd) {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ return (rpd.isSymmetricBinding() && rpd.getSignatureToken() != null) ||
+ (!rpd.isSymmetricBinding() && !rpd.isTransportBinding() &&
+ ((rpd.getInitiatorToken() != null && rmd.isInitiator())
+ || rpd.getRecipientToken() != null && !rmd.isInitiator()));
+ }
+
+
+ /*
+ * Verify that ts->Created is before 'now'
+ * - testing that timestamp has not expired ('now' is before ts->Expires) is handled earlier by WSS4J
+ */
+ protected boolean verifyTimestamp(Timestamp timestamp, RampartMessageData rmd) throws RampartException {
+
+ Calendar cre = timestamp.getCreated();
+ if (cre != null) {
+ long now = Calendar.getInstance().getTimeInMillis();
+
+ // adjust 'now' with allowed timeskew
+ long maxSkew = RampartUtil.getTimestampMaxSkew( rmd );
+ if( maxSkew > 0 ) {
+ now += (maxSkew * 1000);
+ }
+
+ // fail if ts->Created is after 'now'
+ if( cre.getTimeInMillis() > now ) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Evaluate whether a given certificate should be trusted.
+ * Hook to allow subclasses to implement custom validation methods however they see fit.
+ * <p/>
+ * Policy used in this implementation:
+ * 1. Search the keystore for the transmitted certificate
+ * 2. Search the keystore for a connection to the transmitted certificate
+ * (that is, search for certificate(s) of the issuer of the transmitted certificate
+ * 3. Verify the trust path for those certificates found because the search for the issuer might be fooled by a phony DN (String!)
+ *
+ * @param cert the certificate that should be validated against the keystore
+ * @return true if the certificate is trusted, false if not (AxisFault is thrown for exceptions during CertPathValidation)
+ * @throws WSSecurityException
+ */
+ protected boolean verifyTrust(X509Certificate cert, RampartMessageData rmd) throws RampartException {
+
+ // If no certificate was transmitted, do not trust the signature
+ if (cert == null) {
+ return false;
+ }
+
+ String[] aliases = null;
+ String alias = null;
+ X509Certificate[] certs;
+
+ String subjectString = cert.getSubjectDN().getName();
+ String issuerString = cert.getIssuerDN().getName();
+ BigInteger issuerSerial = cert.getSerialNumber();
+
+ boolean doDebug = log.isDebugEnabled();
+
+ if (doDebug) {
+ log.debug("WSHandler: Transmitted certificate has subject " +
+ subjectString);
+ log.debug("WSHandler: Transmitted certificate has issuer " +
+ issuerString + " (serial " + issuerSerial + ")");
+ }
+
+ // FIRST step
+ // Search the keystore for the transmitted certificate
+
+ // Search the keystore for the alias of the transmitted certificate
+ try {
+ alias = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getAliasForX509Cert(
+ issuerString, issuerSerial);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("cannotFindAliasForCert", new String[]{subjectString}, ex);
+ }
+
+ if (alias != null) {
+ // Retrieve the certificate for the alias from the keystore
+ try {
+ certs = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getCertificates(alias);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("noCertForAlias", new String[] {alias}, ex);
+ }
+
+ // If certificates have been found, the certificates must be compared
+ // to ensure againgst phony DNs (compare encoded form including signature)
+ if (certs != null && certs.length > 0 && cert.equals(certs[0])) {
+ if (doDebug) {
+ log.debug("Direct trust for certificate with " + subjectString);
+ }
+ return true;
+ }
+ } else {
+ if (doDebug) {
+ log.debug("No alias found for subject from issuer with " + issuerString + " (serial " + issuerSerial + ")");
+ }
+ }
+
+ // SECOND step
+ // Search for the issuer of the transmitted certificate in the keystore
+
+ // Search the keystore for the alias of the transmitted certificates issuer
+ try {
+ aliases = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getAliasesForDN(issuerString);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("cannotFindAliasForCert", new String[]{issuerString}, ex);
+ }
+
+ // If the alias has not been found, the issuer is not in the keystore
+ // As a direct result, do not trust the transmitted certificate
+ if (aliases == null || aliases.length < 1) {
+ if (doDebug) {
+ log.debug("No aliases found in keystore for issuer " + issuerString + " of certificate for " + subjectString);
+ }
+ return false;
+ }
+
+ // THIRD step
+ // Check the certificate trust path for every alias of the issuer found in the keystore
+ for (int i = 0; i < aliases.length; i++) {
+ alias = aliases[i];
+
+ if (doDebug) {
+ log.debug("Preparing to validate certificate path with alias " + alias + " for issuer " + issuerString);
+ }
+
+ // Retrieve the certificate(s) for the alias from the keystore
+ try {
+ certs = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getCertificates(alias);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("noCertForAlias", new String[] {alias}, ex);
+ }
+
+ // If no certificates have been found, there has to be an error:
+ // The keystore can find an alias but no certificate(s)
+ if (certs == null || certs.length < 1) {
+ throw new RampartException("noCertForAlias", new String[] {alias});
+ }
+
+ // Form a certificate chain from the transmitted certificate
+ // and the certificate(s) of the issuer from the keystore
+ // First, create new array
+ X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
+ // Then add the first certificate ...
+ x509certs[0] = cert;
+ // ... and the other certificates
+ for (int j = 0; j < certs.length; j++) {
+ cert = certs[j];
+ x509certs[j + 1] = cert;
+ }
+ certs = x509certs;
+
+ // Use the validation method from the crypto to check whether the subjects certificate was really signed by the issuer stated in the certificate
+ try {
+ if (RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).validateCertPath(certs)) {
+ if (doDebug) {
+ log.debug("WSHandler: Certificate path has been verified for certificate with subject " + subjectString);
+ }
+ return true;
+ }
+ } catch (WSSecurityException ex) {
+ throw new RampartException("certPathVerificationFailed", new String[]{subjectString}, ex);
+ }
+ }
+
+ log.debug("WSHandler: Certificate path could not be verified for certificate with subject " + subjectString);
+ return false;
+ }
+
+
+ protected ArrayList getEncryptedReferences(Vector results) {
+
+ //there can be multiple ref lists
+ ArrayList encrResults = getResults(results, WSConstants.ENCR);
+
+ ArrayList refs = new ArrayList();
+
+ for (Iterator iter = encrResults.iterator(); iter.hasNext();) {
+ WSSecurityEngineResult engineResult = (WSSecurityEngineResult) iter.next();
+ ArrayList dataRefUris = (ArrayList) engineResult
+ .get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+
+ //take only the ref list processing results
+ if(dataRefUris != null) {
+ for (Iterator iterator = dataRefUris.iterator(); iterator
+ .hasNext();) {
+ WSDataRef uri = (WSDataRef) iterator.next();
+ refs.add(uri);
+ }
+ }
+ }
+
+ return refs;
+ }
+
+
+
+ protected ArrayList getResults(Vector results, int action) {
+
+ ArrayList list = new ArrayList();
+
+ for (int i = 0; i < results.size(); i++) {
+ // Check the result of every action whether it matches the given
+ // action
+ Integer actInt = (Integer)((WSSecurityEngineResult) results.get(i)).get(WSSecurityEngineResult.TAG_ACTION);
+ if (actInt.intValue() == action) {
+ list.add((WSSecurityEngineResult) results.get(i));
+ }
+ }
+
+ return list;
+ }
+
+ protected boolean isUsernameTokenPresent(ValidatorData data) {
+
+ //TODO This can be integrated with supporting token processing
+ // which also checks whether Username Tokens present
+
+ RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
+
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ SupportingToken suppTok = (SupportingToken) supportingToks.get(i);
+ if (isUsernameTokenPresent(suppTok)) {
+ return true;
+ }
+ }
+
+ SupportingToken signedSuppToken = rpd.getSignedSupportingTokens();
+ if(isUsernameTokenPresent(signedSuppToken)) {
+ return true;
+ }
+
+ SupportingToken signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens();
+ if(isUsernameTokenPresent(signedEndSuppToken)) {
+ return true;
+ }
+
+ SupportingToken endSuppToken = rpd.getEndorsingSupportingTokens();
+ if(isUsernameTokenPresent(endSuppToken)){
+ return true;
+ }
+
+ return false;
+
+
+ }
+
+ protected boolean isUsernameTokenPresent(SupportingToken suppTok) {
+
+ if(suppTok == null) {
+ return false;
+ }
+
+ ArrayList tokens = suppTok.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof UsernameToken) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ private boolean isRefIdPresent(ArrayList refList , String id) {
+
+ if(id != null && id.charAt(0) == '#') {
+ id = id.substring(1);
+ }
+
+ for (int i = 0; i < refList.size() ; i++) {
+ WSDataRef dataRef = (WSDataRef)refList.get(i);
+
+ //ArrayList can contain null elements
+ if(dataRef == null) {
+ continue;
+ }
+ //Try to get the wsuId of the decrypted element
+ String dataRefUri = dataRef.getWsuId();
+ //If not found, try the reference Id of encrypted element ( we set the same Id when we
+ // decrypted element in WSS4J)
+ if (dataRefUri == null) {
+ dataRefUri = dataRef.getDataref();
+ }
+ if (dataRefUri != null && dataRefUri.equals(id)) {
+ return true;
+ }
+ }
+
+ return false;
+
+ }
+
+ public static WSSecurityEngineResult[] fetchActionResults(Vector wsResultVector, int action) {
+ List wsResult = new ArrayList();
+
+ // Find the part of the security result that matches the given action
+ for (int i = 0; i < wsResultVector.size(); i++) {
+ // Check the result of every action whether it matches the given action
+ WSSecurityEngineResult result = (WSSecurityEngineResult) wsResultVector.get(i);
+ int resultAction = ((java.lang.Integer) result.get(WSSecurityEngineResult.TAG_ACTION))
+ .intValue();
+ if (resultAction == action) {
+ wsResult.add((WSSecurityEngineResult) wsResultVector.get(i));
+ }
+ }
+
+ return (WSSecurityEngineResult[]) wsResult.toArray(new WSSecurityEngineResult[wsResult
+ .size()]);
+ }
+
+ private boolean isRefIdPresent(ArrayList refList , QName qname) {
+
+ for (int i = 0; i < refList.size() ; i++) {
+ WSDataRef dataRef = (WSDataRef)refList.get(i);
+
+ //ArrayList can contain null elements
+ if(dataRef == null) {
+ continue;
+ }
+ //QName of the decrypted element
+ QName dataRefQName = dataRef.getName();
+
+ if ( dataRefQName != null && dataRefQName.equals(qname)) {
+ return true;
+ }
+
+ }
+
+ return false;
+
+ }
+
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/PolicyValidatorCallbackHandler.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/PolicyValidatorCallbackHandler.java
new file mode 100644
index 0000000..725af1c
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/PolicyValidatorCallbackHandler.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart;
+
+import java.util.Vector;
+
+/**
+ * Callback handler interface to allow different implementations of policy based results validation.
+ * Default implementation is <code>org.apache.rampart.PolicyBasedResultsValidator</code>.
+ * Custom implementations could be provided in rampart config as shown in below example.
+ *
+ * Example:
+ * <PRE>
+ * <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ * <ramp:policyValidatorCbClass>xx.yy.CustomPolicyValidator</ramp:policyValidatorCbClass>
+ * ...
+ * </ramp:RampartConfig>
+ * </PRE>
+ */
+
+public interface PolicyValidatorCallbackHandler {
+ /**
+ * Validate policy based results.
+ *
+ * @param data validator data
+ * @param results policy based ws-security results
+ * @throws RampartException Rampart exception
+ */
+ public abstract void validate(ValidatorData data, Vector results) throws RampartException;
+
+}
\ No newline at end of file
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
new file mode 100644
index 0000000..87cac0e
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.description.AxisDescription;
+import org.apache.axis2.description.AxisModule;
+import org.apache.axis2.modules.Module;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+
+public class Rampart implements Module /* , ModulePolicyExtension */ {
+
+ public void init(ConfigurationContext configContext, AxisModule module)
+ throws AxisFault {
+ }
+
+ public void engageNotify(AxisDescription axisDescription) throws AxisFault {
+ //Nothing to do here, since RampartMessageData will pick up the
+ //effective policy from the message context
+ }
+
+ public void shutdown(ConfigurationContext configurationContext) throws AxisFault {
+ // at the moment, nothing needs to be done ..
+ }
+
+// public PolicyExtension getPolicyExtension() {
+// throw new UnsupportedOperationException("TODO");
+// }
+
+ public void applyPolicy(Policy policy, AxisDescription axisDescription) throws AxisFault {
+ //Do not do anything
+ }
+
+ public boolean canSupportAssertion(Assertion assertion) {
+ //TODO doesn't we need to check whether policy is security policy or
+ // RampartConfig assertion
+ return true;
+ }
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartConfigCallbackHandler.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartConfigCallbackHandler.java
new file mode 100644
index 0000000..7217e26
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartConfigCallbackHandler.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart;
+
+import org.apache.rampart.policy.model.RampartConfig;
+
+/**
+ * Callback handler interface to update Rampart Configuration dynamically. Updater class should
+ * implement this interface and should be registered using the Rampart Configuration as below.
+ *
+ * Example:
+ * <PRE>
+ * <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ * <ramp:rampartConfigCallbackClass>o.a.r.ConfigUpdater</ramp:rampartConfigCallbackClass>
+ * ...
+ * </ramp:RampartConfig>
+ * </PRE>
+ */
+
+public interface RampartConfigCallbackHandler {
+
+ public void update(RampartConfig rampartConfig);
+
+}
\ No newline at end of file
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java
new file mode 100644
index 0000000..a21c048
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java
@@ -0,0 +1,9 @@
+package org.apache.rampart;
+
+public class RampartConstants {
+
+ public static final String TIME_LOG = "org.apache.rampart.TIME";
+ public static final String MESSAGE_LOG = "org.apache.rampart.MESSAGE";
+ public static final String SEC_FAULT = "SECURITY_VALIDATION_FAILURE";
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
new file mode 100644
index 0000000..5e3e5b8
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@ -0,0 +1,319 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.*;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.impl.util.SAML2KeyInfo;
+import org.apache.rahas.impl.util.SAML2Utils;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.saml.SAMLKeyInfo;
+import org.apache.ws.security.saml.SAMLUtil;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+
+import javax.xml.namespace.QName;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.Vector;
+
+public class RampartEngine {
+
+ private static Log log = LogFactory.getLog(RampartEngine.class);
+ private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
+
+ public Vector process(MessageContext msgCtx) throws WSSPolicyException,
+ RampartException, WSSecurityException, AxisFault {
+
+ boolean doDebug = log.isDebugEnabled();
+ boolean dotDebug = tlog.isDebugEnabled();
+
+ if(doDebug){
+ log.debug("Enter process(MessageContext msgCtx)");
+ }
+
+ RampartMessageData rmd = new RampartMessageData(msgCtx, false);
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ msgCtx.setProperty(RampartMessageData.RAMPART_POLICY_DATA, rpd);
+
+ RampartUtil.validateTransport(rmd);
+
+ // If there is no policy information return immediately
+ if (rpd == null) {
+ return null;
+ }
+
+
+ //TODO these checks have to be done before the convertion to avoid unnecessary convertion to LLOM -> DOOM
+ // If the message is a security fault or no security
+ // header required by the policy
+ if(isSecurityFault(rmd) || !RampartUtil.isSecHeaderRequired(rpd,rmd.isInitiator(),true)) {
+ SOAPEnvelope env = Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
+
+ //Convert back to llom since the inflow cannot use llom
+ msgCtx.setEnvelope(env);
+ Axis2Util.useDOOM(false);
+ if(doDebug){
+ log.debug("Return process MessageContext msgCtx)");
+ }
+ return null;
+ }
+
+
+ Vector results = null;
+
+ WSSecurityEngine engine = new WSSecurityEngine();
+
+ ValidatorData data = new ValidatorData(rmd);
+
+ SOAPHeader header = rmd.getMsgContext().getEnvelope().getHeader();
+ if(header == null) {
+ throw new RampartException("missingSOAPHeader");
+ }
+
+ ArrayList headerBlocks = header.getHeaderBlocksWithNSURI(WSConstants.WSSE_NS);
+ SOAPHeaderBlock secHeader = null;
+ //Issue is axiom - a returned collection must not be null
+ if(headerBlocks != null) {
+ Iterator headerBlocksIterator = headerBlocks.iterator();
+ while (headerBlocksIterator.hasNext()) {
+ SOAPHeaderBlock elem = (SOAPHeaderBlock) headerBlocksIterator.next();
+ if(elem.getLocalName().equals(WSConstants.WSSE_LN)) {
+ secHeader = elem;
+ break;
+ }
+ }
+ }
+
+ if(secHeader == null) {
+ throw new RampartException("missingSecurityHeader");
+ }
+
+ long t0=0, t1=0, t2=0, t3=0;
+ if(dotDebug){
+ t0 = System.currentTimeMillis();
+ }
+
+ String actorValue = secHeader.getAttributeValue(new QName(rmd
+ .getSoapConstants().getEnvelopeURI(), "actor"));
+
+ Crypto signatureCrypto = RampartUtil.getSignatureCrypto(rpd.getRampartConfig(),
+ msgCtx.getAxisService().getClassLoader());
+ TokenCallbackHandler tokenCallbackHandler = new TokenCallbackHandler(rmd.getTokenStorage(), RampartUtil.getPasswordCB(rmd));
+ if(rpd.isSymmetricBinding()) {
+ //Here we have to create the CB handler to get the tokens from the
+ //token storage
+ if(doDebug){
+ log.debug("Processing security header using SymetricBinding");
+ }
+ results = engine.processSecurityHeader(rmd.getDocument(),
+ actorValue,
+ tokenCallbackHandler,
+ signatureCrypto,
+ RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(),
+ msgCtx.getAxisService().getClassLoader()));
+ } else {
+ if(doDebug){
+ log.debug("Processing security header in normal path");
+ }
+ results = engine.processSecurityHeader(rmd.getDocument(),
+ actorValue,
+ tokenCallbackHandler,
+ signatureCrypto,
+ RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(),
+ msgCtx.getAxisService().getClassLoader()));
+ }
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ }
+
+ //Store symm tokens
+ //Pick the first SAML token
+ //TODO : This is a hack , MUST FIX
+ //get the sec context id from the req msg ctx
+
+ //Store username in MessageContext property
+
+ for (int j = 0; j < results.size(); j++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(j);
+ final Integer actInt =
+ (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (WSConstants.ST_UNSIGNED == actInt.intValue()) {
+
+ // If this is a SAML2.0 assertion
+ if (wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION) instanceof Assertion) {
+
+ final Assertion assertion = (Assertion) wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ String id = assertion.getID();
+ Subject subject = assertion.getSubject();
+ SubjectConfirmationData scData = subject.getSubjectConfirmations()
+ .get(0).getSubjectConfirmationData();
+ Date dateOfCreation = scData.getNotBefore().toDate();
+ Date dateOfExpiration = scData.getNotOnOrAfter().toDate();
+
+ // TODO : SAML2KeyInfo element needs to be moved to WSS4J.
+ SAML2KeyInfo saml2KeyInfo = SAML2Utils.
+ getSAML2KeyInfo(assertion, signatureCrypto, tokenCallbackHandler);
+
+ //Store the token
+ try {
+ TokenStorage store = rmd.getTokenStorage();
+ if (store.getToken(id) == null) {
+ Token token = new Token(id, (OMElement) SAML2Utils.getElementFromAssertion(assertion), dateOfCreation, dateOfExpiration);
+ token.setSecret(saml2KeyInfo.getSecret());
+ store.add(token);
+ }
+ } catch (Exception e) {
+ throw new RampartException(
+ "errorInAddingTokenIntoStore", e);
+ }
+
+ }
+ //if this is a SAML1.1 assertion
+ else {
+ final SAMLAssertion assertion =
+
+ ((SAMLAssertion) wser
+ .get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
+ String id = assertion.getId();
+ Date created = assertion.getNotBefore();
+ Date expires = assertion.getNotOnOrAfter();
+ SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(assertion,
+ signatureCrypto, tokenCallbackHandler);
+ try {
+ TokenStorage store = rmd.getTokenStorage();
+ if (store.getToken(id) == null) {
+ Token token = new Token(id, (OMElement) assertion.toDOM(), created, expires);
+ token.setSecret(samlKi.getSecret());
+ store.add(token);
+ }
+ } catch (Exception e) {
+ throw new RampartException(
+ "errorInAddingTokenIntoStore", e);
+ }
+
+ }
+ } else if (WSConstants.UT == actInt.intValue()) {
+ String username = ((Principal) wser.get(WSSecurityEngineResult.TAG_PRINCIPAL))
+ .getName();
+ msgCtx.setProperty(RampartMessageData.USERNAME, username);
+ } else if (WSConstants.SIGN == actInt.intValue()) {
+ X509Certificate cert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ msgCtx.setProperty(RampartMessageData.X509_CERT, cert);
+ }
+
+ }
+
+ SOAPEnvelope env = Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
+
+ if(dotDebug){
+ t2 = System.currentTimeMillis();
+ }
+
+ //Convert back to llom since the inflow cannot use DOOM
+ msgCtx.setEnvelope(env);
+ Axis2Util.useDOOM(false);
+
+ PolicyValidatorCallbackHandler validator = RampartUtil.getPolicyValidatorCB(msgCtx, rpd);
+
+ validator.validate(data, results);
+
+ if(dotDebug){
+ t3 = System.currentTimeMillis();
+ tlog.debug("processHeader by WSSecurityEngine took : " + (t1 - t0) +
+ ", DOOM conversion took :" + (t2 - t1) +
+ ", PolicyBasedResultsValidattor took " + (t3 - t2));
+ }
+
+ if(doDebug){
+ log.debug("Return process(MessageContext msgCtx)");
+ }
+ return results;
+ }
+
+ // Check whether this a soap fault because of failure in processing the security header
+ //and if so, we don't expect the security header
+ //
+ //
+
+
+ private boolean isSecurityFault(RampartMessageData rmd) {
+
+ SOAPEnvelope soapEnvelope = rmd.getMsgContext().getEnvelope();
+
+ SOAPFault soapFault = soapEnvelope.getBody().getFault();
+
+ // This is not a soap fault
+ if (soapFault == null) {
+ return false;
+ }
+
+ String soapVersionURI = rmd.getMsgContext().getEnvelope().getNamespace().getNamespaceURI();
+
+ if (soapVersionURI.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI) ) {
+
+ SOAPFaultCode faultCode = soapFault.getCode();
+
+ // This is a fault processing the security header
+ if (faultCode.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ return true;
+ }
+
+
+ } else if (soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
+
+ //TODO AXIOM API returns only one fault sub code, there can be many
+ SOAPFaultSubCode faultSubCode = soapFault.getCode().getSubCode();
+
+ if (faultSubCode != null) {
+ SOAPFaultValue faultSubCodeValue = faultSubCode.getValue();
+
+ // This is a fault processing the security header
+ if (faultSubCodeValue != null &&
+ faultSubCodeValue.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ return true;
+ }
+ }
+
+ }
+
+ return false;
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java
new file mode 100644
index 0000000..f76de9c
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import java.text.MessageFormat;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+public class RampartException extends Exception {
+
+ private static final long serialVersionUID = 8674795537585339704L;
+
+ private static ResourceBundle resources;
+
+ private String faultCode;
+ private String faultString;
+
+ static {
+ try {
+ resources = ResourceBundle.getBundle("org.apache.rampart.errors");
+ } catch (MissingResourceException e) {
+ throw new RuntimeException(e.getMessage());
+ }
+ }
+
+ public RampartException(String faultCode, Object[] args) {
+ super(getMessage(faultCode, args));
+ this.faultCode = getFaultCode(faultCode);
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ /**
+ * Construct the fault properly code for the standard faults
+ * @param faultCode2
+ * @return
+ */
+ private String getFaultCode(String code) {
+ //TODO check for spec specific error codes
+ return code;
+ }
+
+ public RampartException(String faultCode) {
+ this(faultCode, (Object[])null);
+ }
+
+ public RampartException(String faultCode, Object[] args, Throwable e) {
+ super(getMessage(faultCode, args),e);
+ this.faultCode = faultCode;
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ public RampartException(String faultCode, Throwable e) {
+ this(faultCode, null, e);
+ }
+
+ /**
+ * get the message from resource bundle.
+ * <p/>
+ *
+ * @return the message translated from the property (message) file.
+ */
+ protected static String getMessage(String faultCode, Object[] args) {
+ String msg = null;
+ try {
+ msg = MessageFormat.format(resources.getString(faultCode), args);
+ } catch (MissingResourceException e) {
+ throw new RuntimeException("Undefined '" + faultCode + "' resource property");
+ }
+ return msg;
+ }
+
+ /**
+ * @return Returns the faultCode.
+ */
+ protected String getFaultCode() {
+ return faultCode;
+ }
+
+ /**
+ * @return Returns the faultString.
+ */
+ protected String getFaultString() {
+ return faultString;
+ }
+
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
new file mode 100644
index 0000000..6e1921b
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
@@ -0,0 +1,746 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.util.PolicyUtil;
+import org.apache.axis2.engine.AxisConfiguration;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.PolicyComponent;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.SimpleTokenStore;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.policy.RampartPolicyBuilder;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.SOAPConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.util.Loader;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.opensaml.SAMLAssertion;
+import org.w3c.dom.Document;
+
+import java.util.List;
+import java.util.Vector;
+import java.util.ArrayList;
+
+public class RampartMessageData {
+
+ /**
+ * Axis2 parameter name to be used in the client's axis2 xml
+ */
+ public final static String KEY_RAMPART_POLICY = "rampartPolicy";
+
+ public final static String KEY_RAMPART_IN_POLICY = "rampartInPolicy";
+
+ public final static String KEY_RAMPART_OUT_POLICY = "rampartOutPolicy";
+
+ /**
+ * Key to hold the populated RampartPolicyData object
+ */
+ public final static String RAMPART_POLICY_DATA = "rampartPolicyData";
+
+ public final static String RAMPART_STS_POLICY = "rampartStsPolicy";
+
+ /**
+ * Key to hold the custom issued token identifier
+ */
+ public final static String KEY_CUSTOM_ISSUED_TOKEN = "customIssuedToken";
+
+ /**
+ * Key to hold username which was used to authenticate
+ */
+ public final static String USERNAME = "username";
+
+ /**
+ * Key to hold the WS-Trust version
+ */
+ public final static String KEY_WST_VERSION = "wstVersion";
+
+ public final static String PARAM_CLIENT_SIDE = "CLIENT_SIDE";
+
+ /**
+ * Key to hold the WS-SecConv version
+ */
+ public final static String KEY_WSSC_VERSION = "wscVersion";
+
+ public static final String KEY_SCT_ISSUER_POLICY = "sct-issuer-policy";
+
+ public final static String CANCEL_REQUEST = "cancelrequest";
+
+ public final static String SCT_ID = "sctID";
+
+ public final static String X509_CERT ="X509Certificate";
+
+ private MessageContext msgContext = null;
+
+ private RampartPolicyData policyData = null;
+
+ private WSSecHeader secHeader = null;
+
+ private WSSConfig config = null;
+
+ private int timeToLive = 300;
+
+ private int timestampMaxSkew = 0;
+
+ private String timestampId;
+
+ private Document document;
+
+ private TokenStorage tokenStorage;
+
+ /**
+ * WS-Trust version to use.
+ *
+ * Possible values:
+ * RahasConstants.VERSION_05_02
+ * RahasConstants.VERSION_05_12
+ */
+
+ private int wstVersion = RahasConstants.VERSION_05_02;
+
+ private int secConvVersion = ConversationConstants.DEFAULT_VERSION;
+
+ /*
+ * IssuedTokens or SecurityContextTokens can be used
+ * as the encryption token, signature token
+ */
+ private String issuedEncryptionTokenId;
+
+ private String issuedSignatureTokenId;
+
+ /**
+ * The service policy extracted from the message context.
+ * If policy is specified in the RampartConfig <b>this</b> will take precedence
+ */
+ private Policy servicePolicy;
+
+ private boolean isInitiator;
+
+ private boolean sender;
+
+ private ClassLoader customClassLoader;
+
+ private SOAPConstants soapConstants;
+
+ public RampartMessageData(MessageContext msgCtx, boolean sender) throws RampartException {
+
+ this.msgContext = msgCtx;
+
+ try {
+
+ //Extract known properties from the msgCtx
+
+ if(msgCtx.getProperty(KEY_WST_VERSION) != null) {
+ this.wstVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WST_VERSION));
+ }
+
+ if(msgCtx.getProperty(KEY_WSSC_VERSION) != null) {
+ this.secConvVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WSSC_VERSION));
+ }
+
+ // First obtain the axis service as we have to do a null check, there can be situations
+ // where Axis Service is null
+ AxisService axisService = msgCtx.getAxisService();
+
+ if(axisService != null && axisService.getParameter(PARAM_CLIENT_SIDE) != null) {
+ this.isInitiator = true;
+ } else {
+ this.isInitiator = !msgCtx.isServerSide();
+ //TODO if Axis Service is null at this point, do we have to create a dummy one ??
+ if(this.isInitiator && axisService != null ) {
+ Parameter clientSideParam = new Parameter();
+ clientSideParam.setName(PARAM_CLIENT_SIDE);
+ clientSideParam.setLocked(true);
+ msgCtx.getAxisService().addParameter(clientSideParam);
+ }
+ }
+
+ if(msgCtx.getProperty(KEY_RAMPART_POLICY) != null) {
+ this.servicePolicy = (Policy)msgCtx.getProperty(KEY_RAMPART_POLICY);
+ }
+
+
+ // Checking which flow we are in
+ int flow = msgCtx.getFLOW();
+
+ // If we are IN flow or IN_FAULT flow and the KEY_RAMPART_IN_POLICY is set , we set the
+ // merge that policy to the KEY_RAMPART_POLICY if it is present. Else we set
+ // KEY_RAMPART_IN_POLICY as the service policy
+ if ( (flow == MessageContext.IN_FLOW || flow == MessageContext.IN_FAULT_FLOW )
+ && msgCtx.getProperty(KEY_RAMPART_IN_POLICY) != null) {
+ if ( this.servicePolicy == null ) {
+ this.servicePolicy = (Policy)msgCtx.getProperty(KEY_RAMPART_IN_POLICY);
+ } else {
+ this.servicePolicy = this.servicePolicy.merge((Policy)msgCtx
+ .getProperty(KEY_RAMPART_IN_POLICY));
+ }
+
+ // If we are OUT flow or OUT_FAULT flow and the KEY_RAMPART_OUT_POLICY is set , we set
+ // the merge that policy to the KEY_RAMPART_POLICY if it is present. Else we set
+ // KEY_RAMPART_OUT_POLICY as the service policy
+ } else if ( (flow == MessageContext.OUT_FLOW || flow == MessageContext.OUT_FAULT_FLOW )
+ && msgCtx.getProperty(KEY_RAMPART_OUT_POLICY) != null) {
+ if (this.servicePolicy == null) {
+ this.servicePolicy = (Policy)msgCtx.getProperty(KEY_RAMPART_OUT_POLICY);
+ } else {
+ this.servicePolicy = this.servicePolicy.merge((Policy)msgCtx
+ .getProperty(KEY_RAMPART_OUT_POLICY));
+ }
+ }
+
+ /*
+ * Init policy:
+ * When creating the RampartMessageData instance we
+ * extract the service policy is set in the msgCtx.
+ * If it is missing then try to obtain from the configuration files.
+ */
+
+ if (this.servicePolicy == null) {
+ try {
+ this.servicePolicy = msgCtx.getEffectivePolicy();
+ } catch (NullPointerException e) {
+ //TODO remove this once AXIS2-4114 is fixed
+ if (axisService != null) {
+ List<PolicyComponent> policyList = new ArrayList<PolicyComponent>();
+ policyList.addAll(axisService.getPolicySubject().getAttachedPolicyComponents());
+ AxisConfiguration axisConfiguration = axisService.getAxisConfiguration();
+ policyList.addAll(axisConfiguration.getPolicySubject().getAttachedPolicyComponents());
+ this.servicePolicy = PolicyUtil.getMergedPolicy(policyList, axisService);
+ }
+ }
+ }
+
+ if(this.servicePolicy == null) {
+ Parameter param = msgCtx.getParameter(RampartMessageData.KEY_RAMPART_POLICY);
+ if(param != null) {
+ OMElement policyElem = param.getParameterElement().getFirstElement();
+ this.servicePolicy = PolicyEngine.getPolicy(policyElem);
+ }
+ }
+
+ if(this.servicePolicy != null){
+ List it = (List)this.servicePolicy.getAlternatives().next();
+
+ //Process policy and build policy data
+ this.policyData = RampartPolicyBuilder.build(it);
+ }
+
+
+ if(this.policyData != null) {
+
+ // Get the SOAP envelope as document, then create a security
+ // header and insert into the document (Envelope)
+ // WE SHOULD ONLY DO THE CONVERTION IF THERE IS AN APPLICABLE POLICY
+ this.document = Axis2Util.getDocumentFromSOAPEnvelope(msgCtx.getEnvelope(), true);
+ msgCtx.setEnvelope((SOAPEnvelope)this.document.getDocumentElement());
+
+ this.soapConstants = WSSecurityUtil.getSOAPConstants(this.document.getDocumentElement());
+
+ // Update the Rampart Config if RampartConfigCallbackHandler is present in the
+ // RampartConfig
+
+ RampartConfigCallbackHandler rampartConfigCallbackHandler = RampartUtil
+ .getRampartConfigCallbackHandler(msgCtx, policyData);
+
+ if (rampartConfigCallbackHandler != null) {
+ rampartConfigCallbackHandler.update(policyData.getRampartConfig());
+ }
+
+ //Check for RST and RSTR for an SCT
+ if((WSSHandlerConstants.RST_ACTON_SCT.equals(msgContext.getWSAAction())
+ || WSSHandlerConstants.RSTR_ACTON_SCT.equals(msgContext.getWSAAction())) &&
+ this.policyData.getIssuerPolicy() != null) {
+
+ this.servicePolicy = this.policyData.getIssuerPolicy();
+
+ RampartConfig rampartConfig = policyData.getRampartConfig();
+ if(rampartConfig != null) {
+ /*
+ * Copy crypto info into the new issuer policy
+ */
+ RampartConfig rc = new RampartConfig();
+ rc.setEncrCryptoConfig(rampartConfig.getEncrCryptoConfig());
+ rc.setSigCryptoConfig(rampartConfig.getSigCryptoConfig());
+ rc.setDecCryptoConfig(rampartConfig.getDecCryptoConfig());
+ rc.setUser(rampartConfig.getUser());
+ rc.setUserCertAlias(rc.getUserCertAlias());
+ rc.setEncryptionUser(rampartConfig.getEncryptionUser());
+ rc.setPwCbClass(rampartConfig.getPwCbClass());
+ rc.setSSLConfig(rampartConfig.getSSLConfig());
+
+ this.servicePolicy.addAssertion(rc);
+ }
+
+ List it = (List)this.servicePolicy.getAlternatives().next();
+
+ //Process policy and build policy data
+ this.policyData = RampartPolicyBuilder.build(it);
+ }
+ }
+
+
+ this.sender = sender;
+
+ OperationContext opCtx = this.msgContext.getOperationContext();
+
+ if(!this.isInitiator && this.sender) {
+ //Get hold of the incoming msg ctx
+ MessageContext inMsgCtx;
+ if (opCtx != null
+ && (inMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null
+ && msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS,
+ inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+
+ //If someone set the sct_id externally use it at the receiver
+ msgContext.setProperty(SCT_ID, inMsgCtx.getProperty(SCT_ID));
+ }
+ }
+
+ if(this.isInitiator && !this.sender) {
+ MessageContext outMsgCtx;
+ if (opCtx != null
+ && (outMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE)) != null) {
+
+ //If someone set the sct_id externally use it at the receiver
+ msgContext.setProperty(SCT_ID, outMsgCtx.getProperty(SCT_ID));
+ }
+ }
+
+ // Check whether RampartConfig is present
+ if (this.policyData != null && this.policyData.getRampartConfig() != null) {
+
+ boolean timestampPrecisionInMilliseconds = Boolean.valueOf(this.policyData
+ .getRampartConfig().getTimestampPrecisionInMilliseconds()).booleanValue();
+
+ // This is not the default behavior, we clone the default WSSConfig to prevent this
+ // affecting globally
+ if (timestampPrecisionInMilliseconds == WSSConfig.getDefaultWSConfig()
+ .isPrecisionInMilliSeconds()) {
+ this.config = WSSConfig.getDefaultWSConfig();
+ } else {
+ this.config = RampartUtil.getWSSConfigInstance();
+ this.config.setPrecisionInMilliSeconds(timestampPrecisionInMilliseconds);
+ }
+ } else {
+ this.config = WSSConfig.getDefaultWSConfig();
+ }
+
+ // To handle scenarios where password type is not set by default.
+ this.config.setHandleCustomPasswordTypes(true);
+
+ this.customClassLoader = msgCtx.getAxisService().getClassLoader();
+
+ if(this.sender && this.policyData != null) {
+ this.secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(this.document);
+ }
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ } catch (AxisFault e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ } catch (WSSPolicyException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ }
+
+ }
+
+ /**
+ * @return Returns the document.
+ */
+ public Document getDocument() {
+ return document;
+ }
+
+ /**
+ * @param document The document to set.
+ * @deprecated document is derived from MessageContext passed in constructor
+ */
+ public void setDocument(Document document) {
+ this.document = document;
+ }
+
+ /**
+ * @return Returns the timeToLive.
+ */
+ public int getTimeToLive() {
+ return timeToLive;
+ }
+
+ /**
+ * @param timeToLive The timeToLive to set.
+ */
+ public void setTimeToLive(int timeToLive) {
+ this.timeToLive = timeToLive;
+ }
+
+ /**
+ * @return Returns the timestampMaxSkew.
+ */
+ public int getTimestampMaxSkew() {
+ return timestampMaxSkew;
+ }
+
+ /**
+ * @param timestampMaxSkew The timestampMaxSkew to set.
+ */
+ public void setTimestampMaxSkew(int timestampMaxSkew) {
+ this.timestampMaxSkew = timestampMaxSkew;
+ }
+
+ /**
+ * @return Returns the config.
+ */
+ public WSSConfig getConfig() {
+ return config;
+ }
+
+ /**
+ * @param config
+ * The config to set.
+ */
+ public void setConfig(WSSConfig config) {
+ this.config = config;
+ }
+
+ /**
+ * @return Returns the msgContext.
+ */
+ public MessageContext getMsgContext() {
+ return msgContext;
+ }
+
+ /**
+ * @param msgContext The msgContext to set.
+ * @deprecated MessageContext is set in constructor
+ */
+ public void setMsgContext(MessageContext msgContext) {
+ this.msgContext = msgContext;
+ }
+
+ /**
+ * @return Returns the policyData.
+ */
+ public RampartPolicyData getPolicyData() {
+ return policyData;
+ }
+
+ /**
+ * @param policyData The policyData to set.
+ * @deprecated Policy data determined within constructor
+ */
+ public void setPolicyData(RampartPolicyData policyData) throws RampartException {
+ this.policyData = policyData;
+
+ try {
+ //if client side then check whether sig conf enabled
+ //and get hold of the stored signature values
+ if(this.isInitiator && !this.sender && policyData.isSignatureConfirmation()) {
+ OperationContext opCtx = msgContext.getOperationContext();
+ MessageContext outMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
+ msgContext.setProperty(WSHandlerConstants.SEND_SIGV, outMsgCtx
+ .getProperty(WSHandlerConstants.SEND_SIGV));
+ }
+ } catch (AxisFault e) {
+ throw new RampartException("errorGettingSignatureValuesForSigconf", e);
+ }
+ }
+
+ /**
+ * @return Returns the secHeader.
+ */
+ public WSSecHeader getSecHeader() {
+ return secHeader;
+ }
+
+ /**
+ * @param secHeader
+ * The secHeader to set.
+ */
+ public void setSecHeader(WSSecHeader secHeader) {
+ this.secHeader = secHeader;
+ }
+
+ /**
+ * @return Returns the issuedEncryptionTokenId.
+ */
+ public String getIssuedEncryptionTokenId() {
+ return issuedEncryptionTokenId;
+ }
+
+ /**
+ * @param issuedEncryptionTokenId The issuedEncryptionTokenId to set.
+ */
+ public void setIssuedEncryptionTokenId(String issuedEncryptionTokenId) {
+ this.issuedEncryptionTokenId = issuedEncryptionTokenId;
+ }
+
+ /**
+ * @return Returns the issuedSignatureTokenId.
+ */
+ public String getIssuedSignatureTokenId() {
+ if(this.isInitiator) {
+ return issuedSignatureTokenId;
+ } else {
+ //Pick the first SAML token
+ //TODO : This is a hack , MUST FIX
+ //get the sec context id from the req msg ctx
+ Vector results = (Vector)this.msgContext.getProperty(WSHandlerConstants.RECV_RESULTS);
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult = (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
+ .get(j);
+ final Integer actInt =
+ (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if(WSConstants.ST_UNSIGNED == actInt.intValue()) {
+ final SAMLAssertion assertion =
+ ((SAMLAssertion) wser
+ .get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
+ return assertion.getId();
+ }
+
+ }
+ }
+ return null;
+ }
+ }
+
+ /**
+ * @param issuedSignatureTokenId The issuedSignatureTokenId to set.
+ */
+ public void setIssuedSignatureTokenId(String issuedSignatureTokenId) {
+ this.issuedSignatureTokenId = issuedSignatureTokenId;
+ }
+
+ /**
+ * @return Returns the secConvTokenId.
+ */
+ public String getSecConvTokenId() {
+ String id = null;
+
+ if(this.isInitiator) {
+ String contextIdentifierKey = RampartUtil.getContextIdentifierKey(this.msgContext);
+ id = (String) RampartUtil.getContextMap(this.msgContext).get(contextIdentifierKey);
+ } else {
+ //get the sec context id from the req msg ctx
+ Vector results = (Vector)this.msgContext.getProperty(WSHandlerConstants.RECV_RESULTS);
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult = (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
+ .get(j);
+ final Integer actInt =
+ (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if(WSConstants.SCT == actInt.intValue()) {
+ final SecurityContextToken sct =
+ ((SecurityContextToken) wser
+ .get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN));
+ id = sct.getID();
+ }
+
+ }
+ }
+ }
+
+ if(id == null || id.length() == 0) {
+ //If we can't find the sec conv token id up to this point then
+ //check if someone has specified which one to use
+ id = (String)this.msgContext.getProperty(SCT_ID);
+ }
+
+ return id;
+ }
+
+ /**
+ * @param secConvTokenId The secConvTokenId to set.
+ */
+ public void setSecConvTokenId(String secConvTokenId) {
+ String contextIdentifierKey = RampartUtil.getContextIdentifierKey(this.msgContext);
+ RampartUtil.getContextMap(this.msgContext).put(
+ contextIdentifierKey,
+ secConvTokenId);
+ }
+
+
+
+ /**
+ * @return Returns the tokenStorage.
+ */
+ public TokenStorage getTokenStorage() throws RampartException {
+
+ if(this.tokenStorage != null) {
+ return this.tokenStorage;
+ }
+
+ TokenStorage storage = (TokenStorage) this.msgContext.getProperty(
+ TokenStorage.TOKEN_STORAGE_KEY);
+
+ if (storage != null) {
+ this.tokenStorage = storage;
+ } else {
+
+ if (this.policyData.getRampartConfig() != null &&
+ this.policyData.getRampartConfig().getTokenStoreClass() != null) {
+ Class stClass = null;
+ String storageClass = this.policyData.getRampartConfig()
+ .getTokenStoreClass();
+ try {
+ stClass = Loader.loadClass(msgContext.getAxisService()
+ .getClassLoader(), storageClass);
+ } catch (ClassNotFoundException e) {
+ throw new RampartException(
+ "WSHandler: cannot load token storage class: "
+ + storageClass, e);
+ }
+ try {
+ this.tokenStorage = (TokenStorage) stClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new RampartException(
+ "Cannot create instance of token storage: "
+ + storageClass, e);
+ }
+ } else {
+ this.tokenStorage = new SimpleTokenStore();
+
+ }
+
+ //Set the storage instance
+ this.msgContext.getConfigurationContext().setProperty(
+ TokenStorage.TOKEN_STORAGE_KEY, this.tokenStorage);
+ }
+
+
+ return tokenStorage;
+ }
+
+ /**
+ * @param tokenStorage The tokenStorage to set.
+ */
+ public void setTokenStorage(TokenStorage tokenStorage) {
+ this.tokenStorage = tokenStorage;
+ }
+
+ /**
+ * @return Returns the wstVersion.
+ */
+ public int getWstVersion() {
+ return wstVersion;
+ }
+
+ /**
+ * @param wstVersion The wstVersion to set.
+ * @deprecated This is defined by the class.
+ */
+ public void setWstVersion(int wstVersion) {
+ this.wstVersion = wstVersion;
+ }
+
+ /**
+ * @return Returns the secConvVersion.
+ */
+ public int getSecConvVersion() {
+ return secConvVersion;
+ }
+
+ /**
+ * @return Returns the servicePolicy.
+ */
+ public Policy getServicePolicy() {
+ return servicePolicy;
+ }
+
+ /**
+ * @param servicePolicy The servicePolicy to set.
+ * @deprecated servicePolicy determined in constructor
+ */
+ public void setServicePolicy(Policy servicePolicy) {
+ this.servicePolicy = servicePolicy;
+ }
+
+ /**
+ * @return Returns the timestampId.
+ */
+ public String getTimestampId() {
+ return timestampId;
+ }
+
+ /**
+ * @param timestampId The timestampId to set.
+ */
+ public void setTimestampId(String timestampId) {
+ this.timestampId = timestampId;
+ }
+
+ /**
+ * @return Returns the Initiator value
+ */
+ public boolean isInitiator() {
+ return isInitiator;
+ }
+
+ /**
+ * Returns the custom class loader if we are using one
+ * @return Returns the custom class loader if we are using one
+ */
+ public ClassLoader getCustomClassLoader() {
+ return customClassLoader;
+ }
+
+ /**
+ * Returns an <code>org.apache.ws.security.SOAPConstants</code> instance
+ * with soap version information of this request.
+ * @return Returns soap version information of this request
+ */
+ public SOAPConstants getSoapConstants() {
+ return soapConstants;
+ }
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
new file mode 100644
index 0000000..d54fd42
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.rahas.EncryptedKeyToken;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
+import org.apache.ws.security.WSPasswordCallback;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+
+public class TokenCallbackHandler implements CallbackHandler {
+
+ private TokenStorage store;
+ private CallbackHandler handler;
+
+ public TokenCallbackHandler(TokenStorage store, CallbackHandler handler) {
+ this.store = store;
+ this.handler = handler;
+ }
+
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ String id = pc.getIdentifer();
+
+ if((pc.getUsage() == WSPasswordCallback.SECURITY_CONTEXT_TOKEN ||
+ pc.getUsage() == WSPasswordCallback.CUSTOM_TOKEN) &&
+ this.store != null) {
+ Token tok;
+ try {
+ //Pick up the token from the token store
+ tok = this.store.getToken(id);
+ if(tok != null) {
+ //Get the secret and set it in the callback object
+ pc.setKey(tok.getSecret());
+ pc.setCustomToken((Element)tok.getToken());
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new IOException(e.getMessage());
+ }
+ } else if (pc.getUsage() == WSPasswordCallback.ENCRYPTED_KEY_TOKEN){
+ try {
+ String[] tokenIdentifiers = this.store.getTokenIdentifiers();
+ Token tok;
+ for (int j = 0 ; j < tokenIdentifiers.length ; j++) {
+
+ tok = this.store.getToken(tokenIdentifiers[j]);
+
+ if (tok instanceof EncryptedKeyToken &&
+ ((EncryptedKeyToken)tok).getSHA1().equals(id)){
+ pc.setKey(tok.getSecret());
+ pc.setCustomToken((Element)tok.getToken());
+ }
+ }
+
+ } catch (TrustException e) {
+ e.printStackTrace();
+ throw new IOException(e.getMessage());
+ }
+ } else {
+ //Handle other types of callbacks with the usual handler
+ if(this.handler != null) {
+ handler.handle(new Callback[]{pc});
+ }
+ }
+
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i],
+ "Unrecognized Callback");
+ }
+ }
+ }
+
+
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/ValidatorData.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/ValidatorData.java
new file mode 100644
index 0000000..cd7c76b
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/ValidatorData.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.ws.security.WSConstants;
+import org.apache.xml.security.utils.EncryptionConstants;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import java.util.ArrayList;
+
+public class ValidatorData {
+
+ private RampartMessageData rmd;
+ ArrayList encryptedDataRefIds = new ArrayList();
+ private String bodyEncrDataId;
+
+ public ValidatorData(RampartMessageData rmd) {
+ this.rmd = rmd;
+ this.extractEncryptedPartInformation();
+ }
+
+ private void extractEncryptedPartInformation() {
+ Element start = rmd.getDocument().getDocumentElement();
+ if(start != null) {
+ extractEncryptedPartInformation(start);
+ }
+
+ }
+
+ private void extractEncryptedPartInformation(Element parent) {
+
+ NodeList childNodes = parent.getChildNodes();
+ Node node;
+ for (int i = 0; i < childNodes.getLength(); i++) {
+ node = childNodes.item(i);
+ if (node instanceof Element) {
+ Element elem = (Element) node;
+ if (elem.getNamespaceURI() != null
+ && elem.getNamespaceURI().equals(WSConstants.ENC_NS)
+ && elem.getLocalName().equals(
+ EncryptionConstants._TAG_ENCRYPTEDDATA)) {
+ if (parent.getLocalName().equals(
+ SOAP11Constants.BODY_LOCAL_NAME)
+ && parent.getNamespaceURI().equals(
+ rmd.getSoapConstants().getEnvelopeURI())) {
+ this.bodyEncrDataId = elem.getAttribute("Id");
+ } else {
+ encryptedDataRefIds.add(elem.getAttribute("Id"));
+ }
+ break;
+ } else {
+ extractEncryptedPartInformation(elem);
+ }
+ }
+ }
+ }
+
+ public ArrayList getEncryptedDataRefIds() {
+ return encryptedDataRefIds;
+ }
+
+ public RampartMessageData getRampartMessageData() {
+ return rmd;
+ }
+
+ public String getBodyEncrDataId() {
+ return bodyEncrDataId;
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
new file mode 100644
index 0000000..6f69a2f
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
@@ -0,0 +1,877 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.SupportingPolicyData;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecSignature;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Vector;
+
+public class AsymmetricBindingBuilder extends BindingBuilder {
+
+ private static Log log = LogFactory.getLog(AsymmetricBindingBuilder.class);
+ private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
+ private boolean dotDebug = false;
+
+ private Token sigToken;
+
+ private WSSecSignature sig;
+
+ private WSSecEncryptedKey encrKey;
+
+ private String encryptedKeyId;
+
+ private byte[] encryptedKeyValue;
+
+ private Vector signatureValues = new Vector();
+
+ private Element encrTokenElement;
+
+ private Element sigDKTElement;
+
+ private Element encrDKTElement;
+
+ private Vector sigParts = new Vector();
+
+ private Element signatureElement;
+
+ public AsymmetricBindingBuilder(){
+ dotDebug = tlog.isDebugEnabled();
+ }
+
+ public void build(RampartMessageData rmd) throws RampartException {
+ log.debug("AsymmetricBindingBuilder build invoked");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if (rpd.isIncludeTimestamp()) {
+ this.addTimestamp(rmd);
+ }
+
+ if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ this.doEncryptBeforeSig(rmd);
+ } else {
+ this.doSignBeforeEncrypt(rmd);
+ }
+
+ log.debug("AsymmetricBindingBuilder build invoked : DONE");
+ }
+
+ private void doEncryptBeforeSig(RampartMessageData rmd)
+ throws RampartException {
+
+ long t0 = 0, t1 = 0, t2 = 0;
+ if(dotDebug){
+ t0 = System.currentTimeMillis();
+ }
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+ RampartConfig config = rpd.getRampartConfig();
+
+ /*
+ * We need to hold on to these two element to use them as refence in the
+ * case of encypting the signature
+ */
+ Element encrDKTokenElem = null;
+ WSSecEncrypt encr = null;
+ Element refList = null;
+ WSSecDKEncrypt dkEncr = null;
+
+ /*
+ * We MUST use keys derived from the same token
+ */
+ Token encryptionToken = null;
+ if(rmd.isInitiator()) {
+ encryptionToken = rpd.getRecipientToken();
+ } else {
+ encryptionToken = rpd.getInitiatorToken();
+ }
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ //Signed parts are determined before encryption because encrypted signed headers
+ //will not be included otherwise
+ this.sigParts = RampartUtil.getSignedParts(rmd);
+
+ if(encryptionToken == null && encrParts.size() > 0) {
+ throw new RampartException("encryptionTokenMissing");
+ }
+
+ if (encryptionToken != null && encrParts.size() > 0) {
+
+ //Check for RampartConfig assertion
+ if(rpd.getRampartConfig() == null) {
+ //We'er missing the extra info rampart needs
+ throw new RampartException("rampartConigMissing");
+ }
+
+ if (encryptionToken.isDerivedKeys()) {
+ try {
+ this.setupEncryptedKey(rmd, encryptionToken);
+ // Create the DK encryption builder
+ dkEncr = new WSSecDKEncrypt();
+ dkEncr.setParts(encrParts);
+ dkEncr.setExternalKey(this.encryptedKeyValue,
+ this.encryptedKeyId);
+ dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength()/8);
+ dkEncr.prepare(doc);
+
+ // Get and add the DKT element
+ this.encrDKTElement = dkEncr.getdktElement();
+ encrDKTokenElem = RampartUtil.appendChildToSecHeader(rmd, this.encrDKTElement);
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr", e);
+ }
+ } else {
+ try {
+ encr = new WSSecEncrypt();
+ encr.setParts(encrParts);
+ encr.setWsConfig(rmd.getConfig());
+ encr.setDocument(doc);
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ RampartUtil.setKeyIdentifierType(rpd,encr, encryptionToken);
+ encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader()));
+
+ Element bstElem = encr.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+
+ this.encrTokenElement = encr.getEncryptedKeyElement();
+ this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
+ encrTokenElement);
+
+ refList = encr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+
+ RampartUtil.appendChildToSecHeader(rmd, refList);
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ }
+
+ this.setInsertionLocation(encrTokenElement);
+
+ RampartUtil.handleEncryptedSignedHeaders(encrParts, this.sigParts, doc);
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ HashMap sgndEncSuppTokMap = null;
+ HashMap endEncSuppTokMap = null;
+ HashMap sgndEndEncSuppTokMap = null;
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }
+
+ if (rmd.isInitiator()) {
+
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
+
+ SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
+ sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
+
+ SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
+ endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
+
+ SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
+ sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
+
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ }
+
+ SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
+ this.handleSupportingTokens(rmd, encryptedSupportingToks);
+
+ //Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);
+
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+
+ if(( sigParts.size() > 0 &&
+ rmd.isInitiator() && rpd.getInitiatorToken() != null) ||
+ (!rmd.isInitiator() && rpd.getRecipientToken() != null)) {
+ this.doSignature(rmd);
+ }
+
+ if (rmd.isInitiator()) {
+
+ endSuppTokMap.putAll(endEncSuppTokMap);
+ // Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd,
+ endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
+ // Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
+ sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ if(dotDebug){
+ t2 = System.currentTimeMillis();
+ tlog.debug("Encryption took :" + (t1 - t0)
+ +", Signature tool :" + (t2 - t1) );
+ }
+
+ // Check for signature protection
+ if (rpd.isSignatureProtection() && this.mainSigId != null) {
+ long t3 = 0, t4 = 0;
+ if(dotDebug){
+ t3 = System.currentTimeMillis();
+ }
+ Vector secondEncrParts = new Vector();
+
+ // Now encrypt the signature using the above token
+ secondEncrParts.add(new WSEncryptionPart(this.mainSigId,
+ "Element"));
+
+ if(rmd.isInitiator()) {
+ for (int i = 0 ; i < encryptedTokensIdList.size(); i++) {
+ secondEncrParts.add(new WSEncryptionPart((String)encryptedTokensIdList.get(i),"Element"));
+ }
+ }
+
+ Element secondRefList = null;
+
+ if (encryptionToken.isDerivedKeys()) {
+ try {
+
+ secondRefList = dkEncr.encryptForExternalRef(null,
+ secondEncrParts);
+ RampartUtil.insertSiblingAfter(rmd, encrDKTokenElem,
+ secondRefList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey",
+ e);
+ }
+ } else {
+ try {
+ // Encrypt, get hold of the ref list and add it
+ secondRefList = encr.encryptForExternalRef(null,
+ secondEncrParts);
+
+ // Insert the ref list after the encrypted key elem
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfter(rmd, encrTokenElement,
+ secondRefList));
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ if(dotDebug){
+ t4 = System.currentTimeMillis();
+ tlog.debug("Signature protection took :" + (t4 - t3));
+ }
+ }
+ }
+
+
+
+ }
+
+ private void doSignBeforeEncrypt(RampartMessageData rmd)
+ throws RampartException {
+
+ long t0 = 0, t1 = 0, t2 = 0;
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ HashMap sgndEncSuppTokMap = null;
+ HashMap endEncSuppTokMap = null;
+ HashMap sgndEndEncSuppTokMap = null;
+
+ sigParts = RampartUtil.getSignedParts(rmd);
+
+ //Add timestamp
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }else{
+ this.setInsertionLocation(null);
+ }
+
+ if(dotDebug){
+ t0 = System.currentTimeMillis();
+ }
+
+ if (rmd.isInitiator()) {
+
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
+
+ SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
+ sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
+
+ SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
+ endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
+
+ SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
+ sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
+
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ }
+
+ SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
+ this.handleSupportingTokens(rmd, encryptedSupportingToks);
+
+ //Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);
+
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+
+ if( sigParts.size() > 0 &&
+ ((rmd.isInitiator() && rpd.getInitiatorToken() != null) ||
+ (!rmd.isInitiator() && rpd.getRecipientToken() != null))) {
+ // Do signature
+ this.doSignature(rmd);
+ }
+
+ Vector supportingToks = rpd.getSupportingPolicyData();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ SupportingPolicyData policyData = null;
+ if (supportingToks.get(i) != null) {
+ policyData = (SupportingPolicyData) supportingToks.get(i);
+ Vector supportingSigParts = RampartUtil.getSupportingSignedParts(rmd,
+ policyData);
+
+ if (supportingSigParts.size() > 0
+ && ((rmd.isInitiator() && rpd.getInitiatorToken() != null) || (!rmd
+ .isInitiator() && rpd.getRecipientToken() != null))) {
+ // Do signature for policies defined under SupportingToken.
+ this.doSupportingSignature(rmd, supportingSigParts,policyData);
+ }
+ }
+ }
+
+ //Do endorsed signature
+
+ if (rmd.isInitiator()) {
+
+ // Adding the endorsing encrypted supporting tokens to endorsing supporting tokens
+ endSuppTokMap.putAll(endEncSuppTokMap);
+ // Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd,
+ endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ //Adding the signed endorsed encrypted tokens to signed endorsed supporting tokens
+ sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
+ // Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
+ sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ }
+
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ //Check for signature protection
+ if(rpd.isSignatureProtection() && this.mainSigId != null) {
+ encrParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement)this.signatureElement), "Element"));
+ }
+
+ if(rmd.isInitiator()) {
+ for (int i = 0 ; i < encryptedTokensIdList.size(); i++) {
+ encrParts.add(new WSEncryptionPart((String)encryptedTokensIdList.get(i),"Element"));
+ }
+ }
+
+ //Do encryption
+ Token encrToken;
+ if (rmd.isInitiator()) {
+ encrToken = rpd.getRecipientToken();
+ } else {
+ encrToken = rpd.getInitiatorToken();
+ }
+
+ if(encrToken != null && encrParts.size() > 0) {
+ Element refList = null;
+ AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
+ if(encrToken.isDerivedKeys()) {
+
+ try {
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+
+ if(this.encrKey == null) {
+ this.setupEncryptedKey(rmd, encrToken);
+ }
+
+ dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+ dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ + WSConstants.ENC_KEY_VALUE_TYPE);
+ dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
+ dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()/8);
+ dkEncr.prepare(doc);
+
+
+ if(this.encrTokenElement != null) {
+ this.encrDKTElement = RampartUtil.insertSiblingAfter(
+ rmd, this.encrTokenElement, dkEncr.getdktElement());
+ } else {
+ this.encrDKTElement = RampartUtil.insertSiblingBefore(
+ rmd, this.sigDKTElement, dkEncr.getdktElement());
+ }
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ RampartUtil.insertSiblingAfter(rmd,
+ this.encrDKTElement,
+ refList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr", e);
+ }
+ } else {
+ try {
+
+ WSSecEncrypt encr = new WSSecEncrypt();
+
+ RampartUtil.setKeyIdentifierType(rpd, encr, encrToken);
+
+ encr.setWsConfig(rmd.getConfig());
+
+ encr.setDocument(doc);
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
+ encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()));
+
+ if(this.timestampElement != null){
+ this.setInsertionLocation(this.timestampElement);
+ }else{
+ this.setInsertionLocation(null);
+ }
+
+ if(encr.getBSTTokenId() != null) {
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfterOrPrepend(rmd,
+ this.getInsertionLocation(),
+ encr.getBinarySecurityTokenElement()));
+ }
+
+
+ Element encryptedKeyElement = encr.getEncryptedKeyElement();
+
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForInternalRef(null, encrParts);
+
+ //Add internal refs
+ encryptedKeyElement.appendChild(refList);
+
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfterOrPrepend(rmd,
+ this.getInsertionLocation(),
+ encryptedKeyElement));
+
+// RampartUtil.insertSiblingAfter(rmd,
+// this.getInsertionLocation(),
+// refList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ }
+
+ Vector supportingTokens = rpd.getSupportingPolicyData();
+ for (int i = 0; i < supportingTokens.size(); i++) {
+ SupportingPolicyData policyData = null;
+ if (supportingTokens.get(i) != null) {
+ policyData = (SupportingPolicyData) supportingTokens.get(i);
+ Token supportingEncrToken = policyData.getEncryptionToken();
+ Vector supoortingEncrParts = RampartUtil.getSupportingEncryptedParts(rmd,
+ policyData);
+
+ if (supportingEncrToken != null && supoortingEncrParts.size() > 0) {
+ doEncryptionWithSupportingToken(rpd, rmd, supportingEncrToken, doc,
+ supoortingEncrParts);
+ }
+ }
+ }
+
+ if(dotDebug){
+ t2 = System.currentTimeMillis();
+ tlog.debug("Signature took :" + (t1 - t0)
+ +", Encryption took :" + (t2 - t1) );
+ }
+
+ }
+
+ private void doSupportingSignature(RampartMessageData rmd, Vector supportingSigParts,
+ SupportingPolicyData supportingData) throws RampartException {
+
+ Token supportingSigToken;
+ WSSecSignature supportingSig;
+ Element supportingSignatureElement;
+
+ long t0 = 0, t1 = 0;
+ if (dotDebug) {
+ t0 = System.currentTimeMillis();
+ }
+
+ supportingSigToken = supportingData.getSignatureToken();
+
+ if (!(supportingSigToken instanceof X509Token)) {
+ return;
+ }
+ supportingSig = this.getSignatureBuider(rmd, supportingSigToken,
+ ((X509Token) supportingSigToken).getUserCertAlias());
+ Element bstElem = supportingSig.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ bstElem = RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), bstElem);
+ this.setInsertionLocation(bstElem);
+ }
+
+ if (rmd.getPolicyData().isTokenProtection() && supportingSig.getBSTTokenId() != null) {
+ supportingSigParts.add(new WSEncryptionPart(supportingSig.getBSTTokenId()));
+ }
+
+ try {
+ supportingSig.addReferencesToSign(supportingSigParts, rmd.getSecHeader());
+ supportingSig.computeSignature();
+
+ supportingSignatureElement = supportingSig.getSignatureElement();
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd, this
+ .getInsertionLocation(), supportingSignatureElement));
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+
+ signatureValues.add(supportingSig.getSignatureValue());
+
+ if (dotDebug) {
+ t1 = System.currentTimeMillis();
+ tlog.debug("Signature took :" + (t1 - t0));
+ }
+
+ }
+
+ private void doSignature(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ long t0 = 0, t1 = 0;
+ if(dotDebug){
+ t0 = System.currentTimeMillis();
+ }
+ if(rmd.isInitiator()) {
+ sigToken = rpd.getInitiatorToken();
+ } else {
+ sigToken = rpd.getRecipientToken();
+ }
+
+ if (sigToken.isDerivedKeys()) {
+ // Set up the encrypted key to use
+ if(this.encrKey == null) {
+ setupEncryptedKey(rmd, sigToken);
+ }
+
+ WSSecDKSign dkSign = new WSSecDKSign();
+ dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+
+ // Set the algo info
+ dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite()
+ .getSymmetricSignature());
+ dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite()
+ .getSignatureDerivedKeyLength() / 8);
+ dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ + WSConstants.ENC_KEY_VALUE_TYPE);
+ try {
+ dkSign.prepare(doc, rmd.getSecHeader());
+
+ if (rpd.isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(encrKey.getId()));
+ }
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ // Do signature
+ dkSign.computeSignature();
+
+ ;
+ // Add elements to header
+ this.sigDKTElement = RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), dkSign.getdktElement());
+ this.setInsertionLocation(this.sigDKTElement);
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), dkSign
+ .getSignatureElement()));
+
+ this.mainSigId = RampartUtil
+ .addWsuIdToElement((OMElement) dkSign
+ .getSignatureElement());
+
+ signatureValues.add(dkSign.getSignatureValue());
+
+ signatureElement = dkSign.getSignatureElement();
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+ sig = this.getSignatureBuider(rmd, sigToken);
+ Element bstElem = sig.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ bstElem = RampartUtil.insertSiblingAfter(rmd, this
+ .getInsertionLocation(), bstElem);
+ this.setInsertionLocation(bstElem);
+ }
+
+ if (rmd.getPolicyData().isTokenProtection()
+ && sig.getBSTTokenId() != null) {
+ sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ }
+
+ try {
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+ sig.computeSignature();
+
+ signatureElement = sig.getSignatureElement();
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd, this.getInsertionLocation(), signatureElement));
+
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) signatureElement);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+ signatureValues.add(sig.getSignatureValue());
+ }
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ tlog.debug("Signature took :" + (t1 - t0));
+ }
+
+ }
+
+ private void doEncryptionWithSupportingToken(RampartPolicyData rpd, RampartMessageData rmd,
+ Token encrToken, Document doc, Vector encrParts) throws RampartException {
+ Element refList = null;
+ try {
+ if (!(encrToken instanceof X509Token)) {
+ return;
+ }
+
+ WSSecEncrypt encr = new WSSecEncrypt();
+
+ RampartUtil.setKeyIdentifierType(rpd, encr, encrToken);
+
+ encr.setWsConfig(rmd.getConfig());
+
+ encr.setDocument(doc);
+ RampartUtil.setEncryptionUser(rmd, encr, ((X509Token) encrToken).getEncryptionUser());
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd
+ .getCustomClassLoader()));
+
+ if (this.timestampElement != null) {
+ this.setInsertionLocation(this.timestampElement);
+ } else {
+ this.setInsertionLocation(null);
+ }
+
+ if (encr.getBSTTokenId() != null) {
+ this.setInsertionLocation(RampartUtil.insertSiblingAfterOrPrepend(rmd, this
+ .getInsertionLocation(), encr.getBinarySecurityTokenElement()));
+ }
+
+ Element encryptedKeyElement = encr.getEncryptedKeyElement();
+
+ // Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForInternalRef(null, encrParts);
+
+ // Add internal refs
+ encryptedKeyElement.appendChild(refList);
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfterOrPrepend(rmd, this
+ .getInsertionLocation(), encryptedKeyElement));
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+
+
+ /**
+ * @param rmd
+ * @throws RampartException
+ */
+ private void setupEncryptedKey(RampartMessageData rmd, Token token)
+ throws RampartException {
+ if(!rmd.isInitiator() && token.isDerivedKeys()) {
+
+ //If we already have them, simply return
+ if(this.encryptedKeyId != null && this.encryptedKeyValue != null) {
+ return;
+ }
+
+ //Use the secret from the incoming EncryptedKey element
+ Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ if(resultsObj != null) {
+ encryptedKeyId = RampartUtil.getRequestEncryptedKeyId((Vector)resultsObj);
+ encryptedKeyValue = RampartUtil.getRequestEncryptedKeyValue((Vector)resultsObj);
+
+ //In the case where we don't have the EncryptedKey in the
+ //request, for the control to have reached this state,
+ //the scenario MUST be a case where this is the response
+ //message by a listener created for an async client
+ //Therefor we will create a new EncryptedKey
+ if(encryptedKeyId == null && encryptedKeyValue == null) {
+ createEncryptedKey(rmd, token);
+ }
+ } else {
+ throw new RampartException("noSecurityResults");
+ }
+ } else {
+ createEncryptedKey(rmd, token);
+ }
+
+ }
+
+ /**
+ * Create an encrypted key element
+ * @param rmd
+ * @param token
+ * @throws RampartException
+ */
+ private void createEncryptedKey(RampartMessageData rmd, Token token) throws RampartException {
+ //Set up the encrypted key to use
+ encrKey = this.getEncryptedKeyBuilder(rmd, token);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ // If a BST is available then use it
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+
+ // Add the EncryptedKey
+ encrTokenElement = encrKey.getEncryptedKeyElement();
+ this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
+ encrTokenElement);
+ encryptedKeyValue = encrKey.getEphemeralKey();
+ encryptedKeyId = encrKey.getId();
+
+ //Store the token for client - response verification
+ // and server - response creation
+ try {
+ org.apache.rahas.Token tok = new org.apache.rahas.Token(
+ encryptedKeyId, (OMElement)encrTokenElement , null, null);
+ tok.setSecret(encryptedKeyValue);
+ rmd.getTokenStorage().add(tok);
+ } catch (TrustException e) {
+ throw new RampartException("errorInAddingTokenIntoStore", e);
+ }
+ }
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
new file mode 100644
index 0000000..cb8ab37
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
@@ -0,0 +1,806 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.client.Options;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.EncryptedKeyToken;
+import org.apache.rahas.SimpleTokenStore;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.SupportingPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.UsernameToken;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.message.WSSecSignatureConfirmation;
+import org.apache.ws.security.message.WSSecTimestamp;
+import org.apache.ws.security.message.WSSecUsernameToken;
+import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.Vector;
+import java.util.Map.Entry;
+
+public abstract class BindingBuilder {
+ private static Log log = LogFactory.getLog(BindingBuilder.class);
+
+ private Element insertionLocation;
+
+ protected String mainSigId = null;
+
+ protected ArrayList encryptedTokensIdList = new ArrayList();
+
+ protected Element timestampElement;
+
+ protected Element mainRefListElement;
+
+
+ /**
+ * @param rmd
+ */
+ protected void addTimestamp(RampartMessageData rmd) {
+ log.debug("Adding timestamp");
+
+ WSSecTimestamp timestampBuilder = new WSSecTimestamp();
+ timestampBuilder.setWsConfig(rmd.getConfig());
+
+ timestampBuilder.setTimeToLive(RampartUtil.getTimeToLive(rmd));
+
+ // add the Timestamp to the SOAP Enevelope
+
+ timestampBuilder.build(rmd.getDocument(), rmd
+ .getSecHeader());
+
+ log.debug("Timestamp id: " + timestampBuilder.getId());
+
+ rmd.setTimestampId(timestampBuilder.getId());
+
+ this.timestampElement = timestampBuilder.getElement();
+ log.debug("Adding timestamp: DONE");
+ }
+
+ /**
+ * Add a UsernameToken to the security header
+ * @param rmd
+ * @return The <code>WSSecUsernameToken</code> instance
+ * @throws RampartException
+ */
+ protected WSSecUsernameToken addUsernameToken(RampartMessageData rmd, UsernameToken token) throws RampartException {
+
+ log.debug("Adding a UsernameToken");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ //Get the user
+ //First try options
+ Options options = rmd.getMsgContext().getOptions();
+ String user = options.getUserName();
+ if(user == null || user.length() == 0) {
+ //Then try RampartConfig
+ if(rpd.getRampartConfig() != null) {
+ user = rpd.getRampartConfig().getUser();
+ }
+ }
+
+ if(user != null && !"".equals(user)) {
+ log.debug("User : " + user);
+
+ // If NoPassword property is set we don't need to set the password
+ if (token.isNoPassword()) {
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+ utBuilder.setUserInfo(user, null);
+ utBuilder.setPasswordType(null);
+ if (rmd.getConfig() != null) {
+ utBuilder.setWsConfig(rmd.getConfig());
+ }
+ return utBuilder;
+ }
+
+ //Get the password
+
+ //First check options object for a password
+ String password = options.getPassword();
+
+ if(password == null || password.length() == 0) {
+
+ //Then try to get the password from the given callback handler
+ CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
+
+ if(handler == null) {
+ //If the callback handler is missing
+ throw new RampartException("cbHandlerMissing");
+ }
+
+ WSPasswordCallback[] cb = { new WSPasswordCallback(user,
+ WSPasswordCallback.USERNAME_TOKEN) };
+ try {
+ handler.handle(cb);
+ } catch (Exception e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ }
+
+ //get the password
+ password = cb[0].getPassword();
+ }
+
+ log.debug("Password : " + password);
+
+ if(password != null && !"".equals(password)) {
+ //If the password is available then build the token
+
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+ if(rmd.getConfig() != null) {
+ utBuilder.setWsConfig(rmd.getConfig());
+ }
+ if (token.isHashPassword()) {
+ utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
+ } else {
+ utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
+ }
+
+ utBuilder.setUserInfo(user, password);
+
+ return utBuilder;
+ } else {
+ //If there's no password then throw an exception
+ throw new RampartException("noPasswordForUser",
+ new String[]{user});
+ }
+
+ } else {
+ log.debug("No user value specified in the configuration");
+ throw new RampartException("userMissing");
+ }
+
+ }
+
+
+ /**
+ * @param rmd
+ * @param token
+ * @return
+ * @throws WSSecurityException
+ * @throws RampartException
+ */
+ protected WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rmd, Token token) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+
+ try {
+ RampartUtil.setKeyIdentifierType(rpd, encrKey, token);
+ RampartUtil.setEncryptionUser(rmd, encrKey);
+ encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
+ encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+
+ encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));
+
+ return encrKey;
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey", e);
+ }
+ }
+
+ protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token token)
+ throws RampartException {
+ return getSignatureBuider(rmd, token, null);
+ }
+
+ protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token token,
+ String userCertAlias) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ WSSecSignature sig = new WSSecSignature();
+ checkForX509PkiPath(sig, token);
+ sig.setWsConfig(rmd.getConfig());
+
+ log.debug("Token inclusion: " + token.getInclusion());
+
+ RampartUtil.setKeyIdentifierType(rpd, sig, token);
+
+ String user = null;
+
+ if (userCertAlias != null) {
+ user = userCertAlias;
+ }
+
+ // Get the user - First check whether userCertAlias present
+ if (user == null) {
+ user = rpd.getRampartConfig().getUserCertAlias();
+ }
+
+ // If userCertAlias is not present, use user property as Alias
+
+ if (user == null) {
+ user = rpd.getRampartConfig().getUser();
+ }
+
+ String password = null;
+
+ if(user != null && !"".equals(user)) {
+ log.debug("User : " + user);
+
+ //Get the password
+ CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
+
+ if(handler == null) {
+ //If the callback handler is missing
+ throw new RampartException("cbHandlerMissing");
+ }
+
+ WSPasswordCallback[] cb = { new WSPasswordCallback(user,
+ WSPasswordCallback.SIGNATURE) };
+
+ try {
+ handler.handle(cb);
+ if(cb[0].getPassword() != null && !"".equals(cb[0].getPassword())) {
+ password = cb[0].getPassword();
+ log.debug("Password : " + password);
+ } else {
+ //If there's no password then throw an exception
+ throw new RampartException("noPasswordForUser",
+ new String[]{user});
+ }
+ } catch (IOException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ } catch (UnsupportedCallbackException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ }
+
+ } else {
+ log.debug("No user value specified in the configuration");
+ throw new RampartException("userMissing");
+ }
+
+ sig.setUserInfo(user, password);
+ sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
+ sig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
+
+ try {
+ sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()),
+ rmd.getSecHeader());
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+
+ return sig;
+ }
+
+ /**
+ * @param rmd
+ * @param suppTokens
+ * @throws RampartException
+ */
+ protected HashMap handleSupportingTokens(RampartMessageData rmd, SupportingToken suppTokens)
+ throws RampartException {
+
+ //Create the list to hold the tokens
+ HashMap endSuppTokMap = new HashMap();
+
+ if(suppTokens != null && suppTokens.getTokens() != null &&
+ suppTokens.getTokens().size() > 0) {
+ log.debug("Processing supporting tokens");
+
+ ArrayList tokens = suppTokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ org.apache.rahas.Token endSuppTok = null;
+ if(token instanceof IssuedToken && rmd.isInitiator()){
+ String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token);
+ try {
+ endSuppTok = rmd.getTokenStorage().getToken(id);
+ } catch (TrustException e) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{id}, e);
+ }
+
+ if(endSuppTok == null) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{id});
+ }
+
+ //Add the token to the header
+ Element siblingElem = RampartUtil
+ .insertSiblingAfter(rmd, this.getInsertionLocation(),
+ (Element) endSuppTok.getToken());
+ this.setInsertionLocation(siblingElem);
+
+ if (suppTokens.isEncryptedToken()) {
+ this.encryptedTokensIdList.add(endSuppTok.getId());
+ }
+
+ //Add the extracted token
+ endSuppTokMap.put(token, endSuppTok);
+
+ } else if(token instanceof X509Token) {
+
+ //We have to use a cert
+ //Prepare X509 signature
+ WSSecSignature sig = this.getSignatureBuider(rmd, token);
+ Element bstElem = sig.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ bstElem = RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), bstElem);
+ this.setInsertionLocation(bstElem);
+
+ SupportingPolicyData supportingPolcy = new SupportingPolicyData();
+ supportingPolcy.build(suppTokens);
+ supportingPolcy.setSignatureToken(token);
+ supportingPolcy.setEncryptionToken(token);
+ rmd.getPolicyData().addSupportingPolicyData(supportingPolcy);
+
+ if (suppTokens.isEncryptedToken()) {
+ this.encryptedTokensIdList.add(sig.getBSTTokenId());
+ }
+ }
+ endSuppTokMap.put(token, sig);
+
+ } else if(token instanceof UsernameToken) {
+ WSSecUsernameToken utBuilder = addUsernameToken(rmd, (UsernameToken)token);
+
+ utBuilder.prepare(rmd.getDocument());
+
+ //Add the UT
+ Element elem = utBuilder.getUsernameTokenElement();
+ elem = RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), elem);
+
+ encryptedTokensIdList.add(utBuilder.getId());
+
+ //Move the insert location to the next element
+ this.setInsertionLocation(elem);
+ Date now = new Date();
+ try {
+ org.apache.rahas.Token tempTok = new org.apache.rahas.Token(
+ utBuilder.getId(), (OMElement) elem, now,
+ new Date(now.getTime() + 300000));
+ endSuppTokMap.put(token, tempTok);
+ } catch (TrustException e) {
+ throw new RampartException("errorCreatingRahasToken", e);
+ }
+ }
+ }
+ }
+
+ return endSuppTokMap;
+ }
+ /**
+ * @param tokenMap
+ * @param sigParts
+ * @throws RampartException
+ */
+ protected Vector addSignatureParts(HashMap tokenMap, Vector sigParts) throws RampartException {
+
+ Set entrySet = tokenMap.entrySet();
+
+ for (Iterator iter = entrySet.iterator(); iter.hasNext();) {
+ Object tempTok = ((Entry)iter.next()).getValue();
+ WSEncryptionPart part = null;
+
+ if(tempTok instanceof org.apache.rahas.Token) {
+
+ part = new WSEncryptionPart(
+ ((org.apache.rahas.Token) tempTok).getId());
+
+ } else if(tempTok instanceof WSSecSignature) {
+ WSSecSignature tempSig = (WSSecSignature) tempTok;
+ if(tempSig.getBSTTokenId() != null) {
+ part = new WSEncryptionPart(tempSig.getBSTTokenId());
+ }
+ } else {
+
+ throw new RampartException("UnsupportedTokenInSupportingToken");
+ }
+ sigParts.add(part);
+ }
+
+ return sigParts;
+ }
+
+
+ public Element getInsertionLocation() {
+ return insertionLocation;
+ }
+
+ public void setInsertionLocation(Element insertionLocation) {
+ this.insertionLocation = insertionLocation;
+ }
+
+
+ protected Vector doEndorsedSignatures(RampartMessageData rmd, HashMap tokenMap) throws RampartException {
+
+ Set tokenSet = tokenMap.keySet();
+
+ Vector sigValues = new Vector();
+
+ for (Iterator iter = tokenSet.iterator(); iter.hasNext();) {
+
+ Token token = (Token)iter.next();
+
+ Object tempTok = tokenMap.get(token);
+
+ Vector sigParts = new Vector();
+ sigParts.add(new WSEncryptionPart(this.mainSigId));
+
+ if (tempTok instanceof org.apache.rahas.Token) {
+ org.apache.rahas.Token tok = (org.apache.rahas.Token)tempTok;
+ if(rmd.getPolicyData().isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(tok.getId()));
+ }
+
+ this.doSymmSignature(rmd, token, (org.apache.rahas.Token)tempTok, sigParts);
+
+ } else if (tempTok instanceof WSSecSignature) {
+ WSSecSignature sig = (WSSecSignature)tempTok;
+ if(rmd.getPolicyData().isTokenProtection() &&
+ sig.getBSTTokenId() != null) {
+ sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ }
+
+ try {
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+ sig.computeSignature();
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ sig.getSignatureElement()));
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+ sigValues.add(sig.getSignatureValue());
+ }
+ }
+
+ return sigValues;
+
+ }
+
+
+ protected byte[] doSymmSignature(RampartMessageData rmd, Token policyToken, org.apache.rahas.Token tok, Vector sigParts) throws RampartException {
+
+ Document doc = rmd.getDocument();
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if(policyToken.isDerivedKeys()) {
+ try {
+ WSSecDKSign dkSign = new WSSecDKSign();
+
+ //Check whether it is security policy 1.2 and use the secure conversation accordingly
+ if (SPConstants.SP_V12 == policyToken.getVersion()) {
+ dkSign.setWscVersion(ConversationConstants.VERSION_05_12);
+ }
+
+ //Check for whether the token is attached in the message or not
+ boolean attached = false;
+
+ if (SPConstants.INCLUDE_TOEKN_ALWAYS == policyToken.getInclusion() ||
+ SPConstants.INCLUDE_TOKEN_ONCE == policyToken.getInclusion() ||
+ (rmd.isInitiator() && SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT
+ == policyToken.getInclusion())) {
+ attached = true;
+ }
+
+ // Setting the AttachedReference or the UnattachedReference according to the flag
+ OMElement ref;
+ if (attached == true) {
+ ref = tok.getAttachedReference();
+ } else {
+ ref = tok.getUnattachedReference();
+ }
+
+ if(ref != null) {
+ dkSign.setExternalKey(tok.getSecret(), (Element)
+ doc.importNode((Element) ref, true));
+ } else if (!rmd.isInitiator() && policyToken.isDerivedKeys()) {
+
+ // If the Encrypted key used to create the derived key is not
+ // attached use key identifier as defined in WSS1.1 section
+ // 7.7 Encrypted Key reference
+ SecurityTokenReference tokenRef = new SecurityTokenReference(doc);
+ if(tok instanceof EncryptedKeyToken) {
+ tokenRef.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken)tok).getSHA1());;
+ }
+ dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
+
+ } else {
+ dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ }
+
+ //Set the algo info
+ dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+ dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite().getSignatureDerivedKeyLength()/8);
+ if(tok instanceof EncryptedKeyToken) {
+ //Set the value type of the reference
+ dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ + WSConstants.ENC_KEY_VALUE_TYPE);
+ }
+
+ dkSign.prepare(doc, rmd.getSecHeader());
+
+ if(rpd.isTokenProtection()) {
+
+ //Hack to handle reference id issues
+ //TODO Need a better fix
+ String sigTokId = tok.getId();
+ if(sigTokId.startsWith("#")) {
+ sigTokId = sigTokId.substring(1);
+ }
+ sigParts.add(new WSEncryptionPart(sigTokId));
+ }
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ dkSign.computeSignature();
+
+ //Add elements to header
+
+ if (rpd.getProtectionOrder().equals(SPConstants.ENCRYPT_BEFORE_SIGNING) &&
+ this.getInsertionLocation() == null ) {
+ this.setInsertionLocation(RampartUtil
+
+ .insertSiblingBefore(rmd,
+ this.mainRefListElement,
+ dkSign.getdktElement()));
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ dkSign.getSignatureElement()));
+ } else {
+ this.setInsertionLocation(RampartUtil
+
+ .insertSiblingAfter(rmd,
+ this.getInsertionLocation(),
+ dkSign.getdktElement()));
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ dkSign.getSignatureElement()));
+ }
+
+ return dkSign.getSignatureValue();
+
+ } catch (ConversationException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ }
+ } else {
+ try {
+ WSSecSignature sig = new WSSecSignature();
+ sig.setWsConfig(rmd.getConfig());
+
+ // If a EncryptedKeyToken is used, set the correct value type to
+ // be used in the wsse:Reference in ds:KeyInfo
+ if (policyToken instanceof X509Token) {
+ if (rmd.isInitiator()) {
+ sig.setCustomTokenValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ + WSConstants.ENC_KEY_VALUE_TYPE);
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ } else {
+ // the tok has to be an EncryptedKey token
+ sig.setEncrKeySha1value(((EncryptedKeyToken) tok).getSHA1());
+ sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ }
+
+ } else if (policyToken instanceof IssuedToken) {
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
+ + WSConstants.SAML_ASSERTION_ID);
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ }
+
+ String sigTokId;
+
+ if ( policyToken instanceof SecureConversationToken) {
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ OMElement ref = tok.getAttachedReference();
+ if(ref == null) {
+ ref = tok.getUnattachedReference();
+ }
+
+ if (ref != null) {
+ sigTokId = SimpleTokenStore.getIdFromSTR(ref);
+ } else {
+ sigTokId = tok.getId();
+ }
+ } else {
+ sigTokId = tok.getId();
+ }
+
+ //Hack to handle reference id issues
+ //TODO Need a better fix
+ if(sigTokId.startsWith("#")) {
+ sigTokId = sigTokId.substring(1);
+ }
+
+ sig.setCustomTokenId(sigTokId);
+ sig.setSecretKey(tok.getSecret());
+ sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
+ sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+ sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()),
+ rmd.getSecHeader());
+
+ sig.setParts(sigParts);
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ sig.computeSignature();
+
+ if (rpd.getProtectionOrder().equals(SPConstants.ENCRYPT_BEFORE_SIGNING) &&
+ this.getInsertionLocation() == null) {
+ this.setInsertionLocation(RampartUtil.insertSiblingBefore(
+ rmd,
+ this.mainRefListElement,
+ sig.getSignatureElement()));
+ } else {
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ sig.getSignatureElement()));
+ }
+
+ return sig.getSignatureValue();
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithACustomToken", e);
+ }
+
+ }
+ }
+
+
+ /**
+ * Get hold of the token from the token storage
+ * @param rmd
+ * @param tokenId
+ * @return token from the token storage
+ * @throws RampartException
+ */
+ protected org.apache.rahas.Token getToken(RampartMessageData rmd,
+ String tokenId) throws RampartException {
+ org.apache.rahas.Token tok = null;
+ try {
+ tok = rmd.getTokenStorage().getToken(tokenId);
+ } catch (TrustException e) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{tokenId}, e);
+ }
+
+ if(tok == null) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{tokenId});
+ }
+ return tok;
+ }
+
+
+ protected void addSignatureConfirmation(RampartMessageData rmd, Vector sigParts) {
+
+ if(!rmd.getPolicyData().isSignatureConfirmation()) {
+
+ //If we don't require sig confirmation simply go back :-)
+ return;
+ }
+
+ Document doc = rmd.getDocument();
+
+ Vector results = (Vector)rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ /*
+ * loop over all results gathered by all handlers in the chain. For each
+ * handler result get the various actions. After that loop we have all
+ * signature results in the signatureActions vector
+ */
+ Vector signatureActions = new Vector();
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult wshResult = (WSHandlerResult) results.get(i);
+
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.SIGN, signatureActions);
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.ST_SIGNED, signatureActions);
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.UT_SIGN, signatureActions);
+ }
+
+ // prepare a SignatureConfirmation token
+ WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
+ if (signatureActions.size() > 0) {
+ if (log.isDebugEnabled()) {
+ log.debug("Signature Confirmation: number of Signature results: "
+ + signatureActions.size());
+ }
+ for (int i = 0; i < signatureActions.size(); i++) {
+ WSSecurityEngineResult wsr = (WSSecurityEngineResult) signatureActions
+ .get(i);
+ byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
+ wsc.setSignatureValue(sigVal);
+ wsc.prepare(doc);
+ RampartUtil.appendChildToSecHeader(rmd, wsc.getSignatureConfirmationElement());
+ if(sigParts != null) {
+ sigParts.add(new WSEncryptionPart(wsc.getId()));
+ }
+ }
+ } else {
+ //No Sig value
+ wsc.prepare(doc);
+ RampartUtil.appendChildToSecHeader(rmd, wsc.getSignatureConfirmationElement());
+ if(sigParts != null) {
+ sigParts.add(new WSEncryptionPart(wsc.getId()));
+ }
+ }
+ }
+ private void checkForX509PkiPath(WSSecSignature sig, Token token){
+ if (token instanceof X509Token) {
+ X509Token x509Token = (X509Token) token;
+ if (x509Token.getTokenVersionAndType().equals(Constants.WSS_X509_PKI_PATH_V1_TOKEN10)
+ || x509Token.getTokenVersionAndType().equals(Constants.WSS_X509_PKI_PATH_V1_TOKEN11)) {
+ sig.setUseSingleCertificate(false);
+ }
+ }
+ }
+
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
new file mode 100644
index 0000000..abc7e27
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
@@ -0,0 +1,929 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.context.MessageContext;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.EncryptedKeyToken;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.util.Base64;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Vector;
+
+
+public class SymmetricBindingBuilder extends BindingBuilder {
+
+ private static Log log = LogFactory.getLog(SymmetricBindingBuilder.class);
+ private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
+ private boolean dotDebug = false;
+
+
+ public SymmetricBindingBuilder(){
+ dotDebug = tlog.isDebugEnabled();
+ }
+
+ public void build(RampartMessageData rmd) throws RampartException {
+
+ log.debug("SymmetricBindingBuilder build invoked");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if(rpd.isIncludeTimestamp()) {
+ this.addTimestamp(rmd);
+ }
+
+ if(rmd.isInitiator()) {
+ //Setup required tokens
+ initializeTokens(rmd);
+ }
+
+
+ if(SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ this.doEncryptBeforeSig(rmd);
+ } else {
+ this.doSignBeforeEncrypt(rmd);
+ }
+
+
+ log.debug("SymmetricBindingBuilder build invoked : DONE");
+
+ }
+
+ private void doEncryptBeforeSig(RampartMessageData rmd) throws RampartException {
+
+ long t0 = 0, t1 = 0, t2 = 0;
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ Vector signatureValues = new Vector();
+
+ if(dotDebug){
+ t0 = System.currentTimeMillis();
+ }
+
+ Token encryptionToken = rpd.getEncryptionToken();
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ Vector sigParts = RampartUtil.getSignedParts(rmd);
+
+ if(encryptionToken == null && encrParts.size() > 0) {
+ throw new RampartException("encryptionTokenMissing");
+ }
+
+ if(encryptionToken != null && encrParts.size() > 0) {
+ //The encryption token can be an IssuedToken or a
+ //SecureConversationToken
+ String tokenId = null;
+ org.apache.rahas.Token tok = null;
+
+ if(encryptionToken instanceof IssuedToken) {
+ tokenId = rmd.getIssuedEncryptionTokenId();
+ log.debug("Issued EncryptionToken Id : " + tokenId);
+ } else if(encryptionToken instanceof SecureConversationToken) {
+ tokenId = rmd.getSecConvTokenId();
+ log.debug("SCT Id : " + tokenId);
+ } else if (encryptionToken instanceof X509Token) {
+ if (rmd.isInitiator()) {
+ tokenId = setupEncryptedKey(rmd, encryptionToken);
+ } else {
+ tokenId = getEncryptedKey(rmd);
+ }
+ } //TODO SAMLToken
+
+ if(tokenId == null || tokenId.length() == 0) {
+ throw new RampartException("noSecurityToken");
+ }
+
+ //Hack to handle reference id issues
+ //TODO Need a better fix
+ if(tokenId.startsWith("#")) {
+ tokenId = tokenId.substring(1);
+ }
+
+ /*
+ * Get hold of the token from the token storage
+ */
+ tok = this.getToken(rmd, tokenId);
+
+ /*
+ * Attach the token into the message based on token inclusion
+ * values
+ */
+ boolean attached = false;
+ Element encrTokenElement = null;
+ Element refList = null;
+ WSSecDKEncrypt dkEncr = null;
+ WSSecEncrypt encr = null;
+ Element encrDKTokenElem = null;
+
+ if(SPConstants.INCLUDE_TOEKN_ALWAYS == encryptionToken.getInclusion() ||
+ SPConstants.INCLUDE_TOKEN_ONCE == encryptionToken.getInclusion() ||
+ (rmd.isInitiator() && SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == encryptionToken.getInclusion())) {
+ encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, tok.getToken());
+ attached = true;
+ } else if(encryptionToken instanceof X509Token && rmd.isInitiator()) {
+ encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, tok.getToken());
+ }
+
+ Document doc = rmd.getDocument();
+
+ AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
+ if(encryptionToken.isDerivedKeys()) {
+ log.debug("Use drived keys");
+
+ dkEncr = new WSSecDKEncrypt();
+
+ if(attached && tok.getAttachedReference() != null) {
+
+ dkEncr.setExternalKey(tok.getSecret(), (Element) doc
+ .importNode((Element) tok.getAttachedReference(),
+ true));
+
+ } else if(tok.getUnattachedReference() != null) {
+ dkEncr.setExternalKey(tok.getSecret(), (Element) doc
+ .importNode((Element) tok.getUnattachedReference(),
+ true));
+ } else {
+ dkEncr.setExternalKey(tok.getSecret(), tok.getId());
+ }
+ try {
+ dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
+ dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()/8);
+ dkEncr.prepare(doc);
+ encrDKTokenElem = dkEncr.getdktElement();
+ RampartUtil.appendChildToSecHeader(rmd, encrDKTokenElem);
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ log.debug("NO derived keys, use the shared secret");
+ encr = new WSSecEncrypt();
+
+ encr.setWsConfig(rmd.getConfig());
+ encr.setEncKeyId(tokenId);
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setEphemeralKey(tok.getSecret());
+ encr.setDocument(doc);
+ encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
+ // SymmKey is already encrypted, no need to do it again
+ encr.setEncryptSymmKey(false);
+ if (!rmd.isInitiator() && tok instanceof EncryptedKeyToken) {
+ encr.setUseKeyIdentifier(true);
+ encr.setCustomReferenceValue(((EncryptedKeyToken)tok).getSHA1());
+ encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ }
+
+ try {
+
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()));
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForExternalRef(null, encrParts);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+
+ this.mainRefListElement = RampartUtil.appendChildToSecHeader(rmd, refList);
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ }
+
+ // Sometimes encryption token is not included in the the message
+ if (encrTokenElement != null) {
+ this.setInsertionLocation(encrTokenElement);
+ } else if (timestampElement != null) {
+ this.setInsertionLocation(timestampElement);
+ }
+
+ RampartUtil.handleEncryptedSignedHeaders(encrParts, sigParts, doc);
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ HashMap sgndEncSuppTokMap = null;
+ HashMap endEncSuppTokMap = null;
+ HashMap sgndEndEncSuppTokMap = null;
+
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }
+
+ if(rmd.isInitiator()) {
+
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
+
+ SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
+ sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
+
+ SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
+ endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
+
+ SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
+ sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
+
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ }
+
+ SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
+ this.handleSupportingTokens(rmd, encryptedSupportingToks);
+
+ //Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);
+
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+
+
+ //Sign the message
+ //We should use the same key in the case of EncryptBeforeSig
+ if ( sigParts.size() > 0) {
+ signatureValues.add(this.doSymmSignature(rmd, encryptionToken, tok, sigParts));
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)this.getInsertionLocation());
+ }
+
+ if(rmd.isInitiator()) {
+
+ endSuppTokMap.putAll(endEncSuppTokMap);
+ //Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
+ //Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ if(dotDebug){
+ t2 = System.currentTimeMillis();
+ tlog.debug("Encryption took :" + (t1 - t0)
+ +", Signature tool :" + (t2 - t1) );
+ }
+
+ //Check for signature protection and encryption of UsernameToken
+ if(rpd.isSignatureProtection() && this.mainSigId != null ||
+ encryptedTokensIdList.size() > 0 && rmd.isInitiator()) {
+ long t3 = 0, t4 = 0;
+ if(dotDebug){
+ t3 = System.currentTimeMillis();
+ }
+ log.debug("Signature protection");
+ Vector secondEncrParts = new Vector();
+
+ //Now encrypt the signature using the above token
+ if(rpd.isSignatureProtection()) {
+ secondEncrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
+ }
+
+ if(rmd.isInitiator()) {
+ for (int i = 0 ; i < encryptedTokensIdList.size(); i++) {
+ secondEncrParts.add(new WSEncryptionPart((String)encryptedTokensIdList.get(i),"Element"));
+ }
+ }
+
+ Element secondRefList = null;
+
+ if(encryptionToken.isDerivedKeys()) {
+ try {
+ secondRefList = dkEncr.encryptForExternalRef(null,
+ secondEncrParts);
+ RampartUtil.insertSiblingAfter(
+ rmd,
+ encrDKTokenElem,
+ secondRefList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ try {
+ //Encrypt, get hold of the ref list and add it
+ secondRefList = encr.encryptForExternalRef(null,
+ encrParts);
+ RampartUtil.insertSiblingAfter(
+ rmd,
+ encrTokenElement,
+ secondRefList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ if(dotDebug){
+ t4 = System.currentTimeMillis();
+ tlog.debug("Signature protection took :" + (t4 - t3));
+ }
+ }
+
+ } else {
+ throw new RampartException("encryptionTokenMissing");
+ }
+ }
+
+
+ private void doSignBeforeEncrypt(RampartMessageData rmd) throws RampartException {
+
+ long t0 = 0, t1 = 0, t2 = 0;
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ if(dotDebug){
+ t0 = System.currentTimeMillis();
+ }
+ Token sigToken = rpd.getSignatureToken();
+
+ String encrTokId = null;
+ String sigTokId = null;
+
+ org.apache.rahas.Token encrTok = null;
+ org.apache.rahas.Token sigTok = null;
+
+ Element sigTokElem = null;
+
+ Vector signatureValues = new Vector();
+
+ if(sigToken != null) {
+ if(sigToken instanceof SecureConversationToken) {
+ sigTokId = rmd.getSecConvTokenId();
+ } else if(sigToken instanceof IssuedToken) {
+ sigTokId = rmd.getIssuedSignatureTokenId();
+ } else if(sigToken instanceof X509Token) {
+ if (rmd.isInitiator()) {
+ sigTokId = setupEncryptedKey(rmd, sigToken);
+ } else {
+ sigTokId = getEncryptedKey(rmd);
+ }
+ }
+ } else {
+ throw new RampartException("signatureTokenMissing");
+ }
+
+ if(sigTokId == null || sigTokId.length() == 0) {
+ throw new RampartException("noSecurityToken");
+ }
+
+ sigTok = this.getToken(rmd, sigTokId);
+
+ if(SPConstants.INCLUDE_TOEKN_ALWAYS == sigToken.getInclusion() ||
+ SPConstants.INCLUDE_TOKEN_ONCE == sigToken.getInclusion() ||
+ (rmd.isInitiator() &&
+ SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == sigToken.getInclusion())) {
+ sigTokElem = RampartUtil.appendChildToSecHeader(rmd,
+ sigTok.getToken());
+ this.setInsertionLocation(sigTokElem);
+ } else if ((rmd.isInitiator() && sigToken instanceof X509Token)
+ || sigToken instanceof SecureConversationToken) {
+ sigTokElem = RampartUtil.appendChildToSecHeader(rmd, sigTok.getToken());
+
+ //Set the insertion location
+ this.setInsertionLocation(sigTokElem);
+ }
+
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ HashMap sgndEncSuppTokMap = null;
+ HashMap endEncSuppTokMap = null;
+ HashMap sgndEndEncSuppTokMap = null;
+
+ Vector sigParts = RampartUtil.getSignedParts(rmd);
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }
+
+ if(rmd.isInitiator()) {
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
+
+ SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
+ sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
+
+ SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
+ endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
+
+ SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
+ sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
+
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ }
+
+ SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
+ this.handleSupportingTokens(rmd, encryptedSupportingToks);
+
+ //Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEncSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndEncSuppTokMap, sigParts);
+
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+
+ if (sigParts.size() > 0 ) {
+ //Sign the message
+ signatureValues.add(this.doSymmSignature(rmd, sigToken, sigTok, sigParts));
+
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)this.getInsertionLocation());
+
+ }
+
+ if(rmd.isInitiator()) {
+ // Adding the endorsing encrypted supporting tokens to endorsing supporting tokens
+ endSuppTokMap.putAll(endEncSuppTokMap);
+ //Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);
+
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ //Adding the signed endorsed encrypted tokens to signed endorsed supporting tokens
+ sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
+ //Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ }
+
+ //Encryption
+ Token encrToken = rpd.getEncryptionToken();
+ Element encrTokElem = null;
+ if(sigToken.equals(encrToken)) {
+ //Use the same token
+ encrTokId = sigTokId;
+ encrTok = sigTok;
+ encrTokElem = sigTokElem;
+ } else {
+ encrTokId = rmd.getIssuedEncryptionTokenId();
+ encrTok = this.getToken(rmd, encrTokId);
+
+ if(SPConstants.INCLUDE_TOEKN_ALWAYS == encrToken.getInclusion() ||
+ SPConstants.INCLUDE_TOKEN_ONCE == encrToken.getInclusion() ||
+ (rmd.isInitiator() && SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == encrToken.getInclusion())) {
+ encrTokElem = (Element)encrTok.getToken();
+
+ //Add the encrToken element before the sigToken element
+ RampartUtil.insertSiblingBefore(rmd, sigTokElem, encrTokElem);
+ }
+
+ }
+
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ //Check for signature protection
+ if(rpd.isSignatureProtection() && this.mainSigId != null) {
+ //Now encrypt the signature using the above token
+ encrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
+ }
+
+ if(rmd.isInitiator()) {
+ for (int i = 0 ; i < encryptedTokensIdList.size(); i++) {
+ encrParts.add(new WSEncryptionPart((String)encryptedTokensIdList.get(i),"Element"));
+ }
+ }
+
+ Element refList = null;
+ if(encrParts.size() > 0) {
+ //The sec conv token can be used without derived keys
+ if(encrToken.isDerivedKeys()) {
+
+ try {
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+
+ //Check whether it is security policy 1.2 and use the secure conversation accordingly
+ if (SPConstants.SP_V12 == encrToken.getVersion()) {
+ dkEncr.setWscVersion(ConversationConstants.VERSION_05_12);
+ }
+
+ if(encrTokElem != null && encrTok.getAttachedReference() != null) {
+
+ dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc
+ .importNode((Element) encrTok.getAttachedReference(),
+ true));
+ } else if(encrTok.getUnattachedReference() != null) {
+ dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc
+ .importNode((Element) encrTok.getUnattachedReference(),
+ true));
+ } else if (!rmd.isInitiator() && encrToken.isDerivedKeys()) {
+
+ // If the Encrypted key used to create the derived key is not
+ // attached use key identifier as defined in WSS1.1 section
+ // 7.7 Encrypted Key reference
+ SecurityTokenReference tokenRef = new SecurityTokenReference(doc);
+ if(encrTok instanceof EncryptedKeyToken) {
+ tokenRef.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken)encrTok).getSHA1());
+ }
+ dkEncr.setExternalKey(encrTok.getSecret(), tokenRef.getElement());
+
+ } else {
+ dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());
+ }
+
+ if(encrTok instanceof EncryptedKeyToken) {
+ dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ + WSConstants.ENC_KEY_VALUE_TYPE);
+ }
+
+ dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength()/8);
+ dkEncr.prepare(doc);
+ Element encrDKTokenElem = null;
+ encrDKTokenElem = dkEncr.getdktElement();
+ if(encrTokElem != null) {
+ RampartUtil.insertSiblingAfter(rmd, encrTokElem, encrDKTokenElem);
+ } else if (timestampElement != null){
+ RampartUtil.insertSiblingAfter(rmd, this.timestampElement, encrDKTokenElem);
+ } else {
+ RampartUtil.insertSiblingBefore(rmd, this.getInsertionLocation(), encrDKTokenElem);
+ }
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ RampartUtil.insertSiblingAfter(rmd,
+ encrDKTokenElem,
+ refList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ try {
+
+ WSSecEncrypt encr = new WSSecEncrypt();
+
+ encr.setWsConfig(rmd.getConfig());
+ //Hack to handle reference id issues
+ //TODO Need a better fix
+ if(encrTokId.startsWith("#")) {
+ encrTokId = encrTokId.substring(1);
+ }
+ encr.setEncKeyId(encrTokId);
+
+ encr.setEphemeralKey(encrTok.getSecret());
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setDocument(doc);
+ encr.setEncryptSymmKey(false);
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ // Use key identifier in the KeyInfo in server side
+ if (!rmd.isInitiator()) {
+ if(encrTok instanceof EncryptedKeyToken) {
+ encr.setUseKeyIdentifier(true);
+ encr.setCustomReferenceValue(((EncryptedKeyToken)encrTok).getSHA1());
+ encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+ }
+ }
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()));
+
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForExternalRef(null, encrParts);
+
+ if(encrTokElem != null) {
+ RampartUtil.insertSiblingAfter(rmd,
+ encrTokElem,
+ refList);
+ } else {
+ RampartUtil.insertSiblingBeforeOrPrepend(rmd,
+ this.getInsertionLocation(),
+ refList);
+ }
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ }
+
+ if(dotDebug){
+ t2 = System.currentTimeMillis();
+ tlog.debug("Signature took :" + (t1 - t0)
+ +", Encryption took :" + (t2 - t1) );
+ }
+
+
+ }
+
+ /**
+ * @param rmd
+ * @param sigToken
+ * @return
+ * @throws RampartException
+ */
+ private String setupEncryptedKey(RampartMessageData rmd, Token sigToken)
+ throws RampartException {
+ try {
+ WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(rmd,
+ sigToken);
+ String id = encrKey.getId();
+ byte[] secret = encrKey.getEphemeralKey();
+ //Create a rahas token from this info and store it so we can use
+ //it in the next steps
+
+ Date created = new Date();
+ Date expires = new Date();
+ //TODO make this lifetime configurable ???
+ expires.setTime(System.currentTimeMillis() + 300000);
+ org.apache.rahas.EncryptedKeyToken tempTok = new org.apache.rahas.EncryptedKeyToken(
+ id,
+ (OMElement) encrKey.getEncryptedKeyElement(),
+ created,
+ expires);
+
+
+ tempTok.setSecret(secret);
+
+ // Set the SHA1 value of the encrypted key, this is used when the encrypted
+ // key is referenced via a key identifier of type EncryptedKeySHA1
+ tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));
+
+ rmd.getTokenStorage().add(tempTok);
+
+ String bstTokenId = encrKey.getBSTTokenId();
+ //If direct ref is used to refer to the cert
+ //then add the cert to the sec header now
+ if(bstTokenId != null && bstTokenId.length() > 0) {
+ RampartUtil.appendChildToSecHeader(rmd,
+ encrKey.getBinarySecurityTokenElement());
+ }
+
+ return id;
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInAddingTokenIntoStore");
+ }
+ }
+
+ private String getSHA1(byte[] input) throws RampartException{
+
+ MessageDigest sha = null;
+ try {
+ sha = MessageDigest.getInstance("SHA-1");
+ } catch (NoSuchAlgorithmException e1) {
+ throw new RampartException("noSHA1availabe", e1);
+ }
+ sha.reset();
+ sha.update(input);
+ byte[] data = sha.digest();
+
+ return Base64.encode(data);
+ }
+
+ private String getEncryptedKey(RampartMessageData rmd ) throws RampartException {
+
+ Vector results = (Vector)rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (actInt.intValue() == WSConstants.ENCR) {
+
+ if (wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID) != null &&
+ ((String)wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID)).length() != 0) {
+
+ try {
+
+ String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID);
+
+ Date created = new Date();
+ Date expires = new Date();
+ expires.setTime(System.currentTimeMillis() + 300000);
+ EncryptedKeyToken tempTok = new EncryptedKeyToken(encryptedKeyID,created,expires);
+ tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY));
+ tempTok.setSHA1(getSHA1((byte[])wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
+ rmd.getTokenStorage().add(tempTok);
+
+ return encryptedKeyID;
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInAddingTokenIntoStore");
+ }
+
+ }
+ }
+ }
+ }
+ return null;
+ }
+
+
+ /**
+ * Setup the required tokens
+ * @param rmd
+ * @param rpd
+ * @throws RampartException
+ */
+ private void initializeTokens(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ MessageContext msgContext = rmd.getMsgContext();
+ if(rpd.isSymmetricBinding() && !msgContext.isServerSide()) {
+ log.debug("Processing symmetric binding: " +
+ "Setting up encryption token and signature token");
+ //Setting up encryption token and signature token
+
+ Token sigTok = rpd.getSignatureToken();
+ Token encrTok = rpd.getEncryptionToken();
+ if(sigTok instanceof IssuedToken) {
+
+ log.debug("SignatureToken is an IssuedToken");
+
+ if(rmd.getIssuedSignatureTokenId() == null) {
+ log.debug("No Issuedtoken found, requesting a new token");
+
+ IssuedToken issuedToken = (IssuedToken)sigTok;
+
+ String id = RampartUtil.getIssuedToken(rmd,
+ issuedToken);
+ rmd.setIssuedSignatureTokenId(id);
+
+ }
+
+ } else if(sigTok instanceof SecureConversationToken) {
+
+ log.debug("SignatureToken is a SecureConversationToken");
+
+ //TODO check for an existing token and use it
+
+ String secConvTokenId = rmd.getSecConvTokenId();
+
+ //The RSTR has to be secured with the cancelled token
+ String action = msgContext.getOptions().getAction();
+ boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT);
+
+ //In the case of the cancel req or resp we should mark the token as cancelled
+ if(secConvTokenId != null && cancelReqResp) {
+ try {
+ rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);
+ msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
+
+ //remove from the local map of contexts
+ String contextIdentifierKey = RampartUtil.getContextIdentifierKey(msgContext);
+ RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken");
+ }
+ }
+
+ if (secConvTokenId == null
+ || (secConvTokenId != null &&
+ (!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {
+
+ log.debug("No SecureConversationToken found, " +
+ "requesting a new token");
+
+ SecureConversationToken secConvTok =
+ (SecureConversationToken) sigTok;
+
+ try {
+
+ String id = RampartUtil.getSecConvToken(rmd, secConvTok);
+ rmd.setSecConvTokenId(id);
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInObtainingSct", e);
+ }
+ }
+ }
+
+ //If it was the ProtectionToken assertion then sigTok is the
+ //same as encrTok
+ if(sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {
+
+ log.debug("Symmetric binding uses a ProtectionToken, both" +
+ " SignatureToken and EncryptionToken are the same");
+
+ rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
+ } else {
+ //Now we'll have to obtain the encryption token as well :-)
+ //ASSUMPTION: SecureConversationToken is used as a
+ //ProtectionToken therefore we only have to process a issued
+ //token here
+
+ log.debug("Obtaining the Encryption Token");
+ if(rmd.getIssuedEncryptionTokenId() != null) {
+
+ log.debug("EncrytionToken not alredy set");
+
+ IssuedToken issuedToken = (IssuedToken)encrTok;
+
+ String id = RampartUtil.getIssuedToken(rmd,
+ issuedToken);
+ rmd.setIssuedEncryptionTokenId(id);
+
+ }
+
+ }
+ }
+
+ //TODO : Support processing IssuedToken and SecConvToken assertoins
+ //in supporting tokens, right now we only support UsernameTokens and
+ //X.509 Tokens
+ }
+
+
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
new file mode 100644
index 0000000..6d10dd2
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
@@ -0,0 +1,646 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.Vector;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.UsernameToken;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.message.WSSecUsernameToken;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+public class TransportBindingBuilder extends BindingBuilder {
+
+ private static Log log = LogFactory.getLog(TransportBindingBuilder.class);
+ private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
+ private boolean dotDebug = false;
+
+ public TransportBindingBuilder(){
+ dotDebug = tlog.isDebugEnabled();
+ }
+
+ public void build(RampartMessageData rmd) throws RampartException {
+
+ log.debug("TransportBindingBuilder build invoked");
+
+ long t0 = 0, t1 = 0;
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ }
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if (rpd.isIncludeTimestamp()) {
+ addTimestamp(rmd);
+ }
+
+ /*
+ * Process Supporting tokens
+ */
+ if(rmd.isInitiator()) {
+ Vector signatureValues = new Vector();
+
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ if(sgndSuppTokens != null && sgndSuppTokens.getTokens() != null &&
+ sgndSuppTokens.getTokens().size() > 0) {
+
+ log.debug("Processing signed supporting tokens");
+
+ ArrayList tokens = sgndSuppTokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+
+ Token token = (Token) iter.next();
+ if(token instanceof UsernameToken) {
+ WSSecUsernameToken utBuilder = addUsernameToken(rmd,(UsernameToken)token);
+
+ utBuilder.prepare(rmd.getDocument());
+
+ //Add the UT
+ utBuilder.appendToHeader(rmd.getSecHeader());
+
+ } else {
+ throw new RampartException("unsupportedSignedSupportingToken",
+ new String[]{"{" +token.getName().getNamespaceURI()
+ + "}" + token.getName().getLocalPart()});
+ }
+ }
+ }
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ if(sgndEndSuppTokens != null && sgndEndSuppTokens.getTokens() != null &&
+ sgndEndSuppTokens.getTokens().size() > 0) {
+
+ log.debug("Processing endorsing signed supporting tokens");
+
+ ArrayList tokens = sgndEndSuppTokens.getTokens();
+ SignedEncryptedParts signdParts = sgndEndSuppTokens.getSignedParts();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof IssuedToken && rmd.isInitiator()) {
+ signatureValues.add(doIssuedTokenSignature(rmd, token, signdParts));
+ } else if(token instanceof X509Token) {
+ signatureValues.add(doX509TokenSignature(rmd, token, signdParts));
+ }
+ }
+ }
+
+ SupportingToken endSupptokens = rpd.getEndorsingSupportingTokens();
+ if(endSupptokens != null && endSupptokens.getTokens() != null &&
+ endSupptokens.getTokens().size() > 0) {
+ log.debug("Processing endorsing supporting tokens");
+ ArrayList tokens = endSupptokens.getTokens();
+ SignedEncryptedParts signdParts = endSupptokens.getSignedParts();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof IssuedToken && rmd.isInitiator()){
+ signatureValues.add(doIssuedTokenSignature(rmd, token, signdParts));
+ } else if(token instanceof X509Token) {
+ signatureValues.add(doX509TokenSignature(rmd, token, signdParts));
+ } else if (token instanceof SecureConversationToken) {
+ handleSecureConversationTokens(rmd, (SecureConversationToken)token);
+ signatureValues.add(doSecureConversationSignature(rmd, token, signdParts));
+ }
+ }
+ }
+
+
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ }
+
+
+ //Store the signature values vector
+ rmd.getMsgContext().setProperty(WSHandlerConstants.SEND_SIGV, signatureValues);
+ } else {
+ addSignatureConfirmation(rmd, null);
+ }
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ tlog.debug("Transport binding build took "+ (t1 - t0));
+ }
+ }
+
+
+
+ /**
+ * X.509 signature
+ * @param rmd
+ * @param token
+ * @param signdParts
+ */
+ private byte[] doX509TokenSignature(RampartMessageData rmd, Token token, SignedEncryptedParts signdParts) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ Vector sigParts = new Vector();
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+ }
+
+ if(signdParts != null) {
+ if(signdParts.isBody()) {
+ SOAPEnvelope env = rmd.getMsgContext().getEnvelope();
+ sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody())));
+ }
+
+ ArrayList headers = signdParts.getHeaders();
+ for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
+ Header header = (Header) iterator.next();
+ WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
+ header.getNamespace(),
+ "Content");
+ sigParts.add(wep);
+ }
+ }
+ if(token.isDerivedKeys()) {
+ //In this case we will have to encrypt the ephmeral key with the
+ //other party's key and then use it as the parent key of the
+ // derived keys
+ try {
+
+ WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(rmd, token);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+
+ encrKey.appendToHeader(rmd.getSecHeader());
+
+ WSSecDKSign dkSig = new WSSecDKSign();
+
+ dkSig.setWsConfig(rmd.getConfig());
+
+ dkSig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
+ dkSig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+ dkSig.setDerivedKeyLength(rpd.getAlgorithmSuite().getSignatureDerivedKeyLength()/8);
+
+ dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+
+ dkSig.prepare(doc, rmd.getSecHeader());
+
+
+ if(rpd.isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(encrKey.getBSTTokenId()));
+ }
+
+ dkSig.setParts(sigParts);
+
+ dkSig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ dkSig.computeSignature();
+
+ dkSig.appendDKElementToHeader(rmd.getSecHeader());
+
+ dkSig.appendSigToHeader(rmd.getSecHeader());
+
+ return dkSig.getSignatureValue();
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+
+ try {
+ WSSecSignature sig = this.getSignatureBuider(rmd, token);
+
+
+ sig.appendBSTElementToHeader(rmd.getSecHeader());
+
+ if (rpd.isTokenProtection()
+ && !(SPConstants.INCLUDE_TOKEN_NEVER == token.getInclusion())) {
+ sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ }
+
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ sig.appendToHeader(rmd.getSecHeader());
+
+ sig.computeSignature();
+
+ return sig.getSignatureValue();
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+
+
+ }
+
+ }
+
+
+ /**
+ * IssuedToken signature
+ * @param rmd
+ * @param token
+ * @param signdParts
+ * @throws RampartException
+ */
+ private byte[] doIssuedTokenSignature(RampartMessageData rmd, Token token, SignedEncryptedParts signdParts) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc= rmd.getDocument();
+
+ //Get the issued token
+ String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token);
+
+ int inclusion = token.getInclusion();
+ org.apache.rahas.Token tok = null;
+ try {
+ tok = rmd.getTokenStorage().getToken(id);
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken",
+ new String[]{id} ,e);
+ }
+
+ boolean tokenIncluded = false;
+
+ if(inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS ||
+ ((inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT
+ || inclusion == SPConstants.INCLUDE_TOKEN_ONCE)
+ && rmd.isInitiator())) {
+
+ //Add the token
+ rmd.getSecHeader().getSecurityHeader().appendChild(
+ doc.importNode((Element) tok.getToken(), true));
+
+ tokenIncluded = true;
+ }
+
+ Vector sigParts = new Vector();
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+ }
+
+
+ if(rpd.isTokenProtection() && tokenIncluded) {
+ sigParts.add(new WSEncryptionPart(id));
+ }
+
+ if(signdParts != null) {
+ if(signdParts.isBody()) {
+ SOAPEnvelope env = rmd.getMsgContext().getEnvelope();
+ sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody())));
+ }
+
+ ArrayList headers = signdParts.getHeaders();
+ for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
+ Header header = (Header) iterator.next();
+ WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
+ header.getNamespace(),
+ "Content");
+ sigParts.add(wep);
+ }
+ }
+
+ //check for derived keys
+ AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
+ if(token.isDerivedKeys()) {
+ //Create a derived key and add
+ try {
+
+ //Do Signature with derived keys
+ WSSecDKSign dkSign = new WSSecDKSign();
+
+ // Setting the AttachedReference or the UnattachedReference according to the flag
+ OMElement ref;
+ if (tokenIncluded == true) {
+ ref = tok.getAttachedReference();
+ } else {
+ ref = tok.getUnattachedReference();
+ }
+
+ if(ref != null) {
+ dkSign.setExternalKey(tok.getSecret(), (Element)
+ doc.importNode((Element) ref, true));
+ } else {
+ dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ }
+
+ //Set the algo info
+ dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+ dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength());
+
+ dkSign.prepare(doc);
+
+ dkSign.appendDKElementToHeader(rmd.getSecHeader());
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ dkSign.computeSignature();
+
+ dkSign.appendSigToHeader(rmd.getSecHeader());
+
+ return dkSign.getSignatureValue();
+
+ } catch (ConversationException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+ try {
+ WSSecSignature sig = new WSSecSignature();
+ sig.setWsConfig(rmd.getConfig());
+ String tokId = tok.getId();
+ if (tokId.charAt(0) == '#') {
+ tokId = tokId.substring(1);
+ }
+ sig.setCustomTokenId(tokId);
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS +
+ WSConstants.SAML_ASSERTION_ID);
+ sig.setSecretKey(tok.getSecret());
+ sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
+ sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()),
+ rmd.getSecHeader());
+
+ sig.setParts(sigParts);
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ sig.computeSignature();
+
+ //Add elements to header
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ sig.getSignatureElement()));
+
+ return sig.getSignatureValue();
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithACustomToken", e);
+ }
+ }
+ }
+
+ private byte[] doSecureConversationSignature(RampartMessageData rmd, Token token, SignedEncryptedParts signdParts) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc= rmd.getDocument();
+
+ //Get the issued token
+ String id = rmd.getSecConvTokenId();
+
+ int inclusion = token.getInclusion();
+ org.apache.rahas.Token tok = null;
+ try {
+ tok = rmd.getTokenStorage().getToken(id);
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken",
+ new String[]{id} ,e);
+ }
+
+ boolean tokenIncluded = false;
+
+ if(inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS ||
+ ((inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT
+ || inclusion == SPConstants.INCLUDE_TOKEN_ONCE)
+ && rmd.isInitiator())) {
+
+ //Add the token
+ rmd.getSecHeader().getSecurityHeader().appendChild(
+ doc.importNode((Element) tok.getToken(), true));
+
+ tokenIncluded = true;
+ }
+
+ Vector sigParts = new Vector();
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+ }
+
+
+ if(rpd.isTokenProtection() && tokenIncluded) {
+ sigParts.add(new WSEncryptionPart(id));
+ }
+
+ if(signdParts != null) {
+ if(signdParts.isBody()) {
+ SOAPEnvelope env = rmd.getMsgContext().getEnvelope();
+ sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody())));
+ }
+
+ ArrayList headers = signdParts.getHeaders();
+ for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
+ Header header = (Header) iterator.next();
+ WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
+ header.getNamespace(),
+ "Content");
+ sigParts.add(wep);
+ }
+ }
+
+ //check for derived keys
+ AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
+ if(token.isDerivedKeys()) {
+ //Create a derived key and add
+ try {
+
+ //Do Signature with derived keys
+ WSSecDKSign dkSign = new WSSecDKSign();
+
+ // Setting the AttachedReference or the UnattachedReference according to the flag
+ OMElement ref;
+ if (tokenIncluded == true) {
+ ref = tok.getAttachedReference();
+ } else {
+ ref = tok.getUnattachedReference();
+ }
+
+ if(ref != null) {
+ dkSign.setExternalKey(tok.getSecret(), (Element)
+ doc.importNode((Element) ref, true));
+ } else {
+ dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ }
+
+ //Set the algo info
+ dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+ dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength());
+
+ dkSign.prepare(doc);
+
+ dkSign.appendDKElementToHeader(rmd.getSecHeader());
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ dkSign.computeSignature();
+
+ dkSign.appendSigToHeader(rmd.getSecHeader());
+
+ return dkSign.getSignatureValue();
+
+ } catch (ConversationException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+ try {
+ WSSecSignature sig = new WSSecSignature();
+ sig.setWsConfig(rmd.getConfig());
+ sig.setCustomTokenId(tok.getId().substring(1));
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS +
+ WSConstants.SAML_ASSERTION_ID);
+ sig.setSecretKey(tok.getSecret());
+ sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
+ sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()),
+ rmd.getSecHeader());
+
+ sig.setParts(sigParts);
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ sig.computeSignature();
+
+ //Add elements to header
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ sig.getSignatureElement()));
+
+ return sig.getSignatureValue();
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithACustomToken", e);
+ }
+ }
+ }
+
+ private void handleSecureConversationTokens(RampartMessageData rmd,
+ SecureConversationToken secConvTok) throws RampartException {
+
+
+ MessageContext msgContext = rmd.getMsgContext();
+
+ String secConvTokenId = rmd.getSecConvTokenId();
+
+ //The RSTR has to be secured with the cancelled token
+ String action = msgContext.getOptions().getAction();
+ boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT);
+
+ //In the case of the cancel req or resp we should mark the token as cancelled
+ if(secConvTokenId != null && cancelReqResp) {
+ try {
+ rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);
+ msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
+
+ //remove from the local map of contexts
+ String contextIdentifierKey = RampartUtil.getContextIdentifierKey(msgContext);
+ RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken",e);
+ }
+ }
+
+ if (secConvTokenId == null
+ || (secConvTokenId != null &&
+ (!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {
+
+ log.debug("No SecureConversationToken found, " +
+ "requesting a new token");
+
+ try {
+
+ secConvTokenId = RampartUtil.getSecConvToken(rmd, secConvTok);
+ rmd.setSecConvTokenId(secConvTokenId);
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInObtainingSct", e);
+ }
+ }
+
+/* org.apache.rahas.Token token;
+ try {
+ token = rmd.getTokenStorage().getToken(secConvTokenId);
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken", e);
+ }
+
+
+ //Add the token to the header
+ Element siblingElem = RampartUtil
+ .insertSiblingAfter(rmd, this.getInsertionLocation(),
+ (Element) token.getToken());
+ this.setInsertionLocation(siblingElem);*/
+
+ }
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
new file mode 100644
index 0000000..04e7507
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
@@ -0,0 +1,98 @@
+# -------------------------------------------------------------------
+# Copyright 2001-2004 The Apache Software Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -------------------------------------------------------------------
+
+
+missingConfiguration = Missing or malformed configuration: \"{0}\"
+expectedParameterMissing = Expected parameter missing : \"{0}\"
+missingScopeValue = Missing or incorrect scope value
+canotFindContextIdentifier = Cannot find context identifier
+missingWSAAction = wsa:Action value missing
+missingWSATo = wsa:To address value missing
+cannotCrateCryptoInstance = Cannot create Crypto instance
+noInfoForCBhandler = Cannot obtain a callback handler with available configuration information
+cannotLoadPolicyValidatorCbClass = Cannot load custom policy validator callback class : \"{0}\"
+cannotCreatePolicyValidatorCallbackInstance = Cannot create custom policy validator callback class instance : \"{0}\"
+cannotLoadRampartConfigCallbackClass = Cannot load rampart config callback class : \"{0}\"
+cannotCreateRampartConfigCallbackInstance = Cannot create rampart config callback class instance : \"{0}\"
+missingEncryptionUser=Encryption user not specified (The context is created by the initiating party)
+
+missingSignatureCrypto=Signature crypto information not available
+missingEncryptionCrypto=Encryption crypto information not available
+missingCallbackHandler=Password callback handler cannot be located
+errorInObtainingSct=Error in obtaining SCT from \"{0}\"
+errorInObtainingToken=Error in obtaining a token
+errorInExtractingMsgProps = Error in extracting message properties
+userMissing = No user value in the rampart configuration policy
+cbHandlerMissing = Password CallbackHandler not specified in rampart configuration policy or the CallbackHandler instance not available in the MessageContext
+errorInGettingPasswordForUser = Error in getting password for user : \"{0}\"
+noPasswordForUser = No password supplied by the callback handler for the user : \"{0}\"
+unsupportedSignedSupportingToken = Unsupported SignedSupportingToken : \"{0}\"
+errorExtractingToken = Error extracting token : \"{0}\"
+errorInAddingTokenIntoStore = Error in adding token into store
+errorInDerivedKeyTokenSignature = Error in DerivedKeyToken signature
+errorInSignatureWithX509Token = Error in signature with X509Token
+errorInSignatureWithACustomToken = Error in signature with a custom token
+errorCreatingEncryptedKey = Error in creating an encrypted key
+errorGettingSignatureValuesForSigconf = Error in getting signature values for signature confirmation
+cannotLoadPWCBClass = Cannot load password callback class: {0}
+cannotCreatePWCBInstance = Cannot create instance of password callback : {0}
+pwcbFailed = password callback failed
+unknownKeyRefSpeficier = Unknown key reference specifier for X509Token
+errorInRetrievingTokenId = Error in retrieving token : {0}
+errorInEncryption = Error in encryption
+errorInDKEncr = Error in encryption with a derived key
+errorCreatingRahasToken = Error in creating a org.apache.rahas.Token instance
+UnsupportedTokenInSupportingToken = Unsupported token in supporting tokens
+encryptionTokenMissing = Encryption token missing
+signatureTokenMissing = Signature token missing
+sctIssuerPolicyMissing = sct-issuer-policy parameter missing
+errorInTokenCancellation = Error in canceling token
+tokenToBeCancelledInvalid = Token to be canceled is invalid or expired
+errorCreatingRSTTemplateForSCT=Error in creating RST template for SCT
+noSecurityToken = Missing security token
+noSecurityResults= No security processing results from the incoming message
+missingEncryptedKeyInRequest=There was no EncryptedKey in the request message
+rampartConigMissing = Please include configured RampartConfiguration assertion in policy
+missingSecurityHeader = Missing wsse:Security header in request
+missingSOAPHeader = SOAP header missing
+clientAuthRequired= Service requires SSL mutual authentication
+
+#Errors in processors
+errorProcessingUT = Error in processing UsernameToken
+
+cannotValidateTimestamp = The timestamp could not be validated
+trustVerificationError = The certificate used for the signature is not trusted
+cannotFindAliasForCert = Could not get alias for certificate with {0}
+noCertForAlias = Could not get certificates for alias {0}
+certPathVerificationFailed = Certificate path verification failed for certificate with subject
+
+#Rampart Results Validation Errors
+timestampMissing = Missing Timestamp
+encryptedPartMissing = Missing encryption result for id : {0}
+invalidNumberOfEncryptedParts = Invalid number of encrypted parts
+protectionOrderMismatch = Protection order mismatch
+samlTokenMissing = SAML Token missing in request
+binaryTokenMissing = Binary Security Token missing in request
+usernameTokenMissing = UsernameToken missing in request
+signatureMissing = Message is not signed
+unexprectedEncryptedPart = Unexpected encrypted data found, no encryption required
+encryptionMissing = Expected encrypted part missing
+signedPartHeaderNotSigned = Soap Header must be signed : {0}
+signedElementNotSigned = Element must be signed : {0}
+bodyNotSigned = Soap Body must be signed
+unexprectedSignature = Unexpected signature
+invalidTransport = Expected transport is "https" but incoming transport found : \"{0}\"
+requiredElementsMissing = Required Elements not found in the incoming message : {0}
\ No newline at end of file
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
new file mode 100644
index 0000000..2b6d4d4
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
@@ -0,0 +1,230 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMException;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axiom.soap.impl.dom.soap11.SOAP11HeaderBlockImpl;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.HandlerDescription;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.Handler;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.HandlerParameterDecoder;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.model.Binding;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.Vector;
+
+/**
+ * Handler to verify the message security after dispatch
+ *
+ */
+public class PostDispatchVerificationHandler implements Handler {
+
+ private HandlerDescription handlerDesc;
+
+ /**
+ * @see org.apache.axis2.engine.Handler#cleanup()
+ */
+ public void cleanup() {
+ }
+
+ /**
+ * @see org.apache.axis2.engine.Handler#flowComplete(org.apache.axis2.context.MessageContext)
+ */
+ public void flowComplete(MessageContext msgContext) {
+ }
+
+ /**
+ * @see org.apache.axis2.engine.Handler#getHandlerDesc()
+ */
+ public HandlerDescription getHandlerDesc() {
+ return this.handlerDesc;
+ }
+
+ /**
+ * @see org.apache.axis2.engine.Handler#getName()
+ */
+ public String getName() {
+ return "Post dispatch security verification handler";
+ }
+
+ /**
+ * @see org.apache.axis2.engine.Handler#getParameter(java.lang.String)
+ */
+ public Parameter getParameter(String name) {
+ return this.handlerDesc.getParameter(name);
+ }
+
+ /**
+ * @see org.apache.axis2.engine.Handler#init(org.apache.axis2.description.HandlerDescription)
+ */
+ public void init(HandlerDescription handlerDesc) {
+ this.handlerDesc = handlerDesc;
+ }
+
+ /**
+ * @see org.apache.axis2.engine.Handler#invoke(org.apache.axis2.context.MessageContext)
+ */
+ public InvocationResponse invoke(MessageContext msgContext)
+ throws AxisFault {
+
+ if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ Policy policy = msgContext.getEffectivePolicy();
+
+ if(msgContext.getProperty(RampartMessageData.KEY_RAMPART_POLICY) != null) {
+ policy = (Policy)msgContext.getProperty(RampartMessageData.KEY_RAMPART_POLICY);
+ }
+
+
+ if(policy == null) {
+ policy = msgContext.getEffectivePolicy();
+ }
+
+ if(policy == null) {
+ Parameter param = msgContext.getParameter(RampartMessageData.KEY_RAMPART_POLICY);
+ if(param != null) {
+ OMElement policyElem = param.getParameterElement().getFirstElement();
+ policy = PolicyEngine.getPolicy(policyElem);
+ }
+ }
+
+ if(policy == null) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ Iterator alternatives = policy.getAlternatives();
+
+ boolean securityPolicyPresent = false;
+ if(alternatives.hasNext()) {
+ List assertions = (List)alternatives.next();
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ Assertion assertion = (Assertion) iterator.next();
+ //Check for any *Binding assertion
+ if (assertion instanceof Binding) {
+ securityPolicyPresent = true;
+ break;
+ // There can be security policies containing only supporting tokens
+ } else if (assertion instanceof SupportingToken) {
+ securityPolicyPresent = true;
+ break;
+ }
+ }
+ }
+
+
+
+ if (securityPolicyPresent) {
+ RampartPolicyData rpd = (RampartPolicyData)msgContext.
+ getProperty(RampartMessageData.RAMPART_POLICY_DATA);
+ // Security policy data has not been populated at the time of verification
+ if (rpd == null ) {
+ throw new AxisFault("InvalidSecurity");
+ }
+
+ boolean isInitiator = false;
+ Parameter clientSideParam = msgContext.getAxisService().
+ getParameter(RampartMessageData.PARAM_CLIENT_SIDE);
+ if(clientSideParam != null) {
+ isInitiator = true;
+ }
+
+ //Now check for security processing results if security policy is available
+ if(RampartUtil.isSecHeaderRequired(rpd,isInitiator,true) &&
+ msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
+ throw new AxisFault("InvalidSecurity");
+ }
+
+ }
+
+ //Check for an empty security processing results when parameter based
+ //configuration is used
+ if(msgContext.getParameter(WSSHandlerConstants.INFLOW_SECURITY) != null ||
+ msgContext.getProperty(WSSHandlerConstants.INFLOW_SECURITY) != null) {
+ if(msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
+ throw new AxisFault("InvalidSecurity");
+ } else {
+ if(((Vector)msgContext.getProperty(WSHandlerConstants.RECV_RESULTS)).size() == 0) {
+ throw new AxisFault("InvalidSecurity");
+ }
+ }
+ }
+
+ // If a security header is there and Rampart is engaged, it has to be processed.
+ // If it is not processed, there must have been a problem in picking the policy
+
+ SOAPHeaderBlock secHeader = getSecurityHeader(msgContext);
+
+ if (secHeader != null && (secHeader.isProcessed() == false)) {
+ throw new AxisFault("InvalidSecurity - Security policy not found");
+ }
+
+ return InvocationResponse.CONTINUE;
+
+ }
+
+ private SOAPHeaderBlock getSecurityHeader(MessageContext msgContext) throws AxisFault {
+
+ SOAPHeader header = null;
+ try {
+ header = msgContext.getEnvelope().getHeader();
+ } catch (OMException ex) {
+ throw new AxisFault(
+ "PostDispatchVerificationHandler: cannot get SOAP header after security processing",
+ ex);
+ }
+
+ if(header == null) {
+ return null;
+ }
+
+ Iterator headers = header.getChildElements();
+
+ SOAPHeaderBlock headerBlock = null;
+
+ while (headers.hasNext()) {
+ // Find the wsse header
+ SOAPHeaderBlock hb = (SOAPHeaderBlock) headers.next();
+ if (hb.getLocalName().equals(WSConstants.WSSE_LN)
+ && hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ headerBlock = hb;
+ break;
+ }
+ }
+
+ return headerBlock;
+
+
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
new file mode 100644
index 0000000..0a53077
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axiom.om.OMException;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.HandlerDescription;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.Handler;
+import org.apache.axis2.namespace.Constants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.RampartEngine;
+import org.apache.rampart.RampartException;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+
+/**
+ * Rampart inflow handler.
+ * This processes the incoming message and validates it against the effective
+ * policy.
+ */
+public class RampartReceiver implements Handler {
+
+ private static Log mlog = LogFactory.getLog(RampartConstants.MESSAGE_LOG);
+
+ private static HandlerDescription EMPTY_HANDLER_METADATA =
+ new HandlerDescription("default Handler");
+
+ private HandlerDescription handlerDesc;
+
+ public RampartReceiver() {
+ this.handlerDesc = EMPTY_HANDLER_METADATA;
+ }
+
+ public void cleanup() {
+ }
+
+ public void init(HandlerDescription handlerdesc) {
+ this.handlerDesc = handlerdesc;
+ }
+
+ public void flowComplete(MessageContext msgContext)
+ {
+
+ }
+
+ public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
+
+ if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ if(mlog.isDebugEnabled()){
+ mlog.debug("*********************** RampartReceiver received \n"
+ + msgContext.getEnvelope());
+ }
+
+ RampartEngine engine = new RampartEngine();
+ Vector wsResult = null;
+ try {
+ wsResult = engine.process(msgContext);
+
+ } catch (WSSecurityException e) {
+ setFaultCodeAndThrowAxisFault(msgContext, e);
+ } catch (WSSPolicyException e) {
+ setFaultCodeAndThrowAxisFault(msgContext, e);
+ } catch (RampartException e) {
+ setFaultCodeAndThrowAxisFault(msgContext, e);
+ }
+
+ if(wsResult == null) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ Vector results = null;
+ if ((results = (Vector) msgContext
+ .getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
+ results = new Vector();
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS, results);
+ }
+ WSHandlerResult rResult = new WSHandlerResult("", wsResult);
+ results.add(0, rResult);
+
+ SOAPHeader header = null;
+ try {
+ header = msgContext.getEnvelope().getHeader();
+ } catch (OMException ex) {
+ throw new AxisFault(
+ "RampartReceiver: cannot get SOAP header after security processing",
+ ex);
+ }
+
+ Iterator headers = header.getChildElements();
+
+ SOAPHeaderBlock headerBlock = null;
+
+ while (headers.hasNext()) { // Find the wsse header
+ SOAPHeaderBlock hb = (SOAPHeaderBlock) headers.next();
+ if (hb.getLocalName().equals(WSConstants.WSSE_LN)
+ && hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ headerBlock = hb;
+ break;
+ }
+ }
+
+ if(headerBlock != null) {
+ headerBlock.setProcessed();
+ }
+
+ return InvocationResponse.CONTINUE;
+
+ }
+
+
+ public HandlerDescription getHandlerDesc() {
+ return this.handlerDesc;
+ }
+
+ public String getName() {
+ return "Apache Rampart inflow handler";
+ }
+
+ public Parameter getParameter(String name) {
+ return this.handlerDesc.getParameter(name);
+ }
+
+ private void setFaultCodeAndThrowAxisFault(MessageContext msgContext, Exception e) throws AxisFault {
+
+ msgContext.setProperty(RampartConstants.SEC_FAULT, Boolean.TRUE);
+ String soapVersionURI = msgContext.getEnvelope().getNamespace().getNamespaceURI();
+ QName invalidSecurity = new QName(WSConstants.INVALID_SECURITY.getNamespaceURI(),WSConstants.INVALID_SECURITY.getLocalPart(),"wsse");
+
+ if (soapVersionURI.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI) ) {
+
+ throw new AxisFault(invalidSecurity,e.getMessage(),e);
+
+ } else if (soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
+
+ List subfaultCodes = new ArrayList();
+ subfaultCodes.add(invalidSecurity);
+ throw new AxisFault(Constants.FAULT_SOAP12_SENDER,subfaultCodes,e.getMessage(),e);
+
+ }
+
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java
new file mode 100644
index 0000000..cdc0cc5
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.HandlerDescription;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.Handler;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.MessageBuilder;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.RampartException;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSSecurityException;
+
+/**
+ * Rampart outflow handler.
+ * This constructs the secured message according to the effective policy.
+ */
+public class RampartSender implements Handler {
+
+ private static Log mlog = LogFactory.getLog(RampartConstants.MESSAGE_LOG);
+
+ private static HandlerDescription EMPTY_HANDLER_METADATA =
+ new HandlerDescription("default Handler");
+
+ private HandlerDescription handlerDesc;
+
+ public RampartSender() {
+ this.handlerDesc = EMPTY_HANDLER_METADATA;
+ }
+
+ public void cleanup() {
+ }
+
+ public void init(HandlerDescription handlerdesc) {
+ this.handlerDesc = handlerdesc;
+ }
+
+ public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
+
+ if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ MessageBuilder builder = new MessageBuilder();
+ try {
+ builder.build(msgContext);
+ } catch (WSSecurityException e) {
+ throw new AxisFault(e.getMessage(), e);
+ } catch (WSSPolicyException e) {
+ throw new AxisFault(e.getMessage(), e);
+ } catch (RampartException e) {
+ throw new AxisFault(e.getMessage(), e);
+ }
+
+ if(mlog.isDebugEnabled()){
+ mlog.debug("*********************** RampartSender sent out \n" +
+ msgContext.getEnvelope());
+ }
+
+ return InvocationResponse.CONTINUE;
+ }
+
+ public void flowComplete(MessageContext msgContext)
+ {
+ }
+
+ public HandlerDescription getHandlerDesc() {
+ return this.handlerDesc;
+ }
+
+ public String getName() {
+ return "Apache Rampart outflow handler";
+ }
+
+ public Parameter getParameter(String name) {
+ return this.handlerDesc.getParameter(name);
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllHandler.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllHandler.java
new file mode 100644
index 0000000..1c80f50
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllHandler.java
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.HandlerDescription;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.Handler;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.ws.security.handler.WSHandler;
+
+/**
+ * Class WSDoAllHandler
+ */
+public abstract class WSDoAllHandler extends WSHandler implements Handler {
+
+ /**
+ * Field EMPTY_HANDLER_METADATA
+ */
+ private static HandlerDescription EMPTY_HANDLER_METADATA =
+ new HandlerDescription("default Handler");
+
+ private final static String WSS_PASSWORD = "password";
+
+ private final static String WSS_USERNAME = "username";
+
+ /**
+ * Field handlerDesc
+ */
+ protected HandlerDescription handlerDesc;
+
+ /**
+ * In Axis2, the user cannot set inflow and outflow parameters.
+ * Therefore, we need to map the Axis2 specific inflow and outflow
+ * parameters to WSS4J params,
+ * <p/>
+ * Knowledge of inhandler and out handler is used to get the mapped value.
+ */
+ protected boolean inHandler;
+
+ /**
+ * Constructor AbstractHandler.
+ */
+ public WSDoAllHandler() {
+ handlerDesc = EMPTY_HANDLER_METADATA;
+ }
+
+ public abstract void processMessage(MessageContext msgContext) throws AxisFault;
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.engine.Handler#invoke(org.apache.axis2.context.MessageContext)
+ */
+ public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
+ //If the security module is not engaged for this service
+ //do not do any processing
+ if (msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
+ this.processMessage(msgContext);
+ }
+ return InvocationResponse.CONTINUE;
+ }
+
+ public void flowComplete(MessageContext msgContext)
+ {
+ }
+
+ /**
+ * Method getName.
+ *
+ * @return Returns name.
+ */
+ public String getName() {
+ return handlerDesc.getName();
+ }
+
+ /**
+ * Method cleanup.
+ */
+ public void cleanup() {
+ }
+
+ /**
+ * Method getParameter.
+ *
+ * @param name
+ * @return Returns parameter.
+ */
+ public Parameter getParameter(String name) {
+ return handlerDesc.getParameter(name);
+ }
+
+ /**
+ * Method init.
+ *
+ * @param handlerdesc
+ */
+ public void init(HandlerDescription handlerdesc) {
+ this.handlerDesc = handlerdesc;
+ }
+
+ /**
+ * Gets the handler description.
+ *
+ * @return Returns handler description.
+ */
+ public HandlerDescription getHandlerDesc() {
+ return handlerDesc;
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#toString()
+ */
+ public String toString() {
+ String name = this.getName();
+ return (name != null) ? name : "";
+ }
+
+
+ public Object getProperty(Object msgContext, String axisKey) {
+
+ int repetition = getCurrentRepetition(msgContext);
+
+ String key = Axis2Util.getKey(axisKey, inHandler, repetition);
+ Object property = ((MessageContext) msgContext).getProperty(key);
+ if (property == null) {
+ //Try the description hierarchy
+ Parameter parameter = ((MessageContext) msgContext).getParameter(key);
+ if (parameter != null) {
+ property = parameter.getValue();
+ }
+ }
+ return property;
+ }
+
+ /**
+ * Returns the repetition number from the message context
+ *
+ * @param msgContext
+ * @return Returns int.
+ */
+ protected int getCurrentRepetition(Object msgContext) {
+ //get the repetition from the message context
+ int repetition = 0;
+ if (!inHandler) {//We only need to repeat the out handler
+ Integer count = (Integer) ((MessageContext) msgContext).getProperty(WSSHandlerConstants.CURRENT_REPETITON);
+ if (count != null) { //When we are repeating the handler
+ repetition = count.intValue();
+ }
+ }
+ return repetition;
+ }
+
+ public String getPassword(Object msgContext) {
+ return (String) ((MessageContext) msgContext).getProperty(WSS_PASSWORD);
+ }
+
+ public void setPassword(Object msgContext, String password) {
+ ((MessageContext) msgContext).setProperty(WSS_PASSWORD, password);
+ }
+
+ public String getUsername(Object msgContext) {
+ return (String) ((MessageContext) msgContext).getProperty(WSS_USERNAME);
+ }
+
+ public void setUsername(Object msgContext, String username) {
+ ((MessageContext) msgContext).setProperty(WSS_USERNAME, username);
+ }
+
+ /**
+ * Gets option. Extracts the configuration values from the service.xml
+ * and/or axis2.xml. Values set in the service.xml takes priority over
+ * values of the axis2.xml
+ */
+ public Object getOption(String axisKey) {
+ Parameter parameter = this.handlerDesc.getParameter(axisKey);
+ return (parameter == null) ? null : parameter.getValue();
+ }
+
+ public void setProperty(Object msgContext, String key, Object value) {
+ ((MessageContext) msgContext).setProperty(key, value);
+ }
+
+ /**
+ * Overrides the class loader used to load the PW callback class.
+ *
+ * @param msgCtx MessageContext
+ * @return Returns class loader.
+ */
+ public java.lang.ClassLoader getClassLoader(Object msgCtx) {
+ try {
+ return ((MessageContext) msgCtx).getAxisService().getClassLoader();
+ } catch (Throwable t) {
+ return super.getClassLoader(msgCtx);
+ }
+ }
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java
new file mode 100644
index 0000000..e0dbe00
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java
@@ -0,0 +1,383 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMException;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.HandlerParameterDecoder;
+import org.apache.ws.security.SOAPConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.token.Timestamp;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+
+import java.security.cert.X509Certificate;
+import java.util.Iterator;
+import java.util.Vector;
+
+/**
+ * @deprecated
+ */
+public class WSDoAllReceiver extends WSDoAllHandler {
+
+ private static final Log log = LogFactory.getLog(WSDoAllReceiver.class);
+ private static Log mlog = LogFactory.getLog(RampartConstants.MESSAGE_LOG);
+
+ public WSDoAllReceiver() {
+ super();
+ inHandler = true;
+ }
+
+ public void processMessage(MessageContext msgContext) throws AxisFault {
+
+ if(mlog.isDebugEnabled()){
+ mlog.debug("*********************** WSDoAllReceiver recieved \n"+msgContext.getEnvelope());
+ }
+
+ boolean doDebug = log.isDebugEnabled();
+
+ if (doDebug) {
+ log.debug("WSDoAllReceiver: enter invoke() ");
+ }
+
+ String useDoomValue = (String) getProperty(msgContext,
+ WSSHandlerConstants.USE_DOOM);
+ boolean useDoom = useDoomValue != null
+ && Constants.VALUE_TRUE.equalsIgnoreCase(useDoomValue);
+
+ RequestData reqData = new RequestData();
+ try {
+
+ this.processBasic(msgContext, useDoom, reqData);
+ } catch (AxisFault axisFault) {
+ setAddressingInformationOnFault(msgContext);
+ throw axisFault;
+ } catch (Exception e) {
+ setAddressingInformationOnFault(msgContext);
+ throw new AxisFault(e.getMessage(), e);
+ } finally {
+
+ if (reqData != null) {
+ reqData.clear();
+ reqData = null;
+ }
+
+ if (doDebug) {
+ log.debug("WSDoAllReceiver: exit invoke()");
+ }
+ }
+
+ }
+
+ private void processBasic(MessageContext msgContext, boolean useDoom, RequestData reqData)
+ throws Exception {
+
+ // populate the properties
+ try {
+ HandlerParameterDecoder.processParameters(msgContext, true);
+ } catch (Exception e) {
+ throw new AxisFault("Configuration error", e);
+ }
+
+ reqData.setMsgContext(msgContext);
+
+ if (((getOption(WSSHandlerConstants.INFLOW_SECURITY)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.INFLOW_SECURITY)) == null)) {
+
+ if (msgContext.isServerSide() &&
+ ((getOption(WSSHandlerConstants.INFLOW_SECURITY_SERVER)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.INFLOW_SECURITY_SERVER)) == null)) {
+
+ return;
+ } else if (((getOption(WSSHandlerConstants.INFLOW_SECURITY_CLIENT)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.INFLOW_SECURITY_CLIENT)) == null)) {
+
+ return;
+ }
+ }
+
+ Vector actions = new Vector();
+ String action = null;
+ if ((action = (String) getOption(WSSHandlerConstants.ACTION_ITEMS)) == null) {
+ action = (String) getProperty(msgContext,
+ WSSHandlerConstants.ACTION_ITEMS);
+ }
+ if (action == null) {
+ throw new AxisFault("WSDoAllReceiver: No action items defined");
+ }
+ int doAction = WSSecurityUtil.decodeAction(action, actions);
+
+ if (doAction == WSConstants.NO_SECURITY) {
+ return;
+ }
+
+ String actor = (String) getOption(WSHandlerConstants.ACTOR);
+
+ Document doc = null;
+
+ try {
+ doc = Axis2Util.getDocumentFromSOAPEnvelope(msgContext
+ .getEnvelope(), useDoom);
+ } catch (WSSecurityException wssEx) {
+ throw new AxisFault(
+ "WSDoAllReceiver: Error in converting to Document", wssEx);
+ }
+
+ // Do not process faults
+ SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc
+ .getDocumentElement());
+ if (WSSecurityUtil.findElement(doc.getDocumentElement(), "Fault",
+ soapConstants.getEnvelopeURI()) != null) {
+ return;
+ }
+
+ /*
+ * To check a UsernameToken or to decrypt an encrypted message we need a
+ * password.
+ */
+ CallbackHandler cbHandler = null;
+ if ((doAction & (WSConstants.ENCR | WSConstants.UT)) != 0) {
+ cbHandler = getPasswordCB(reqData);
+ }
+
+ // Copy the WSHandlerConstants.SEND_SIGV over to the new message
+ // context - if it exists, if signatureConfirmation in the response msg
+ String sigConfEnabled = null;
+ if ((sigConfEnabled = (String) getOption(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION)) == null) {
+ sigConfEnabled = (String) getProperty(msgContext,
+ WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
+ }
+
+ // To handle sign confirmation of a sync response
+ // TODO Async response
+ if (!msgContext.isServerSide()
+ && !"false".equalsIgnoreCase(sigConfEnabled)) {
+ OperationContext opCtx = msgContext.getOperationContext();
+ MessageContext outMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
+ if (outMsgCtx != null) {
+ msgContext.setProperty(WSHandlerConstants.SEND_SIGV, outMsgCtx
+ .getProperty(WSHandlerConstants.SEND_SIGV));
+ } else {
+ throw new WSSecurityException(
+ "Cannot obtain request message context");
+ }
+ }
+
+ /*
+ * Get and check the Signature specific parameters first because they
+ * may be used for encryption too.
+ */
+
+ doReceiverAction(doAction, reqData);
+
+ Vector wsResult = null;
+ try {
+ wsResult = secEngine.processSecurityHeader(doc, actor, cbHandler,
+ reqData.getSigCrypto(), reqData.getDecCrypto());
+ } catch (WSSecurityException ex) {
+ throw new AxisFault("WSDoAllReceiver: security processing failed",
+ ex);
+ }
+ if (wsResult == null) { // no security header found
+ if (doAction == WSConstants.NO_SECURITY) {
+ return;
+ } else {
+ throw new AxisFault(
+ "WSDoAllReceiver: Incoming message does not contain required Security header");
+ }
+ }
+
+ if (reqData.getWssConfig().isEnableSignatureConfirmation()
+ && !msgContext.isServerSide()) {
+ checkSignatureConfirmation(reqData, wsResult);
+ }
+
+ /**
+ * Set the new SOAPEnvelope
+ */
+
+ msgContext.setEnvelope(Axis2Util.getSOAPEnvelopeFromDOMDocument(doc, useDoom));
+
+ /*
+ * After setting the new current message, probably modified because of
+ * decryption, we need to locate the security header. That is, we force
+ * Axis (with getSOAPEnvelope()) to parse the string, build the new
+ * header. Then we examine, look up the security header and set the
+ * header as processed.
+ *
+ * Please note: find all header elements that contain the same actor
+ * that was given to processSecurityHeader(). Then check if there is a
+ * security header with this actor.
+ */
+ SOAPHeader header = null;
+ try {
+ header = msgContext.getEnvelope().getHeader();
+ } catch (OMException ex) {
+ throw new AxisFault(
+ "WSDoAllReceiver: cannot get SOAP header after security processing",
+ ex);
+ }
+
+ Iterator headers = header.examineHeaderBlocks(actor);
+
+ SOAPHeaderBlock headerBlock = null;
+
+ while (headers.hasNext()) { // Find the wsse header
+ SOAPHeaderBlock hb = (SOAPHeaderBlock) headers.next();
+ if (hb.getLocalName().equals(WSConstants.WSSE_LN)
+ && hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ headerBlock = hb;
+ break;
+ }
+ }
+
+ if(headerBlock != null) {
+ headerBlock.setProcessed();
+ }
+
+ /*
+ * Now we can check the certificate used to sign the message. In the
+ * following implementation the certificate is only trusted if either it
+ * itself or the certificate of the issuer is installed in the keystore.
+ *
+ * Note: the method verifyTrust(X509Certificate) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the signature action result from the action vector
+ WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
+ wsResult, WSConstants.SIGN);
+
+ if (actionResult != null) {
+ X509Certificate returnCert = actionResult.getCertificate();
+
+ if (returnCert != null) {
+ if (!verifyTrust(returnCert, reqData)) {
+ throw new AxisFault(
+ "WSDoAllReceiver: The certificate used for the signature is not trusted");
+ }
+ }
+ }
+
+ /*
+ * Perform further checks on the timestamp that was transmitted in the
+ * header. In the following implementation the timestamp is valid if it
+ * was created after (now-ttl), where ttl is set on server side, not by
+ * the client.
+ *
+ * Note: the method verifyTimestamp(Timestamp) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the timestamp action result from the action vector
+ actionResult = WSSecurityUtil.fetchActionResult(wsResult,
+ WSConstants.TS);
+
+ if (actionResult != null) {
+ Timestamp timestamp = actionResult.getTimestamp();
+
+ if (timestamp != null) {
+ String ttl = null;
+ if ((ttl = (String) getOption(WSHandlerConstants.TTL_TIMESTAMP)) == null) {
+ ttl = (String) getProperty(msgContext,
+ WSHandlerConstants.TTL_TIMESTAMP);
+ }
+ int ttl_i = 0;
+ if (ttl != null) {
+ try {
+ ttl_i = Integer.parseInt(ttl);
+ } catch (NumberFormatException e) {
+ ttl_i = reqData.getTimeToLive();
+ }
+ }
+ if (ttl_i <= 0) {
+ ttl_i = reqData.getTimeToLive();
+ }
+
+ if (!verifyTimestamp(timestamp, ttl_i)) {
+ throw new AxisFault(
+ "WSDoAllReceiver: The timestamp could not be validated");
+ }
+ }
+ }
+
+ /*
+ * now check the security actions: do they match, in right order?
+ */
+ if (!checkReceiverResults(wsResult, actions)) {
+ throw new AxisFault(
+ "WSDoAllReceiver: security processing failed (actions mismatch)");
+
+ }
+ /*
+ * All ok up to this point. Now construct and setup the security result
+ * structure. The service may fetch this and check it. Also the
+ * DoAllSender will use this in certain situations such as:
+ * USE_REQ_SIG_CERT to encrypt
+ */
+ Vector results = null;
+ if ((results = (Vector) getProperty(msgContext,
+ WSHandlerConstants.RECV_RESULTS)) == null) {
+ results = new Vector();
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS, results);
+ }
+ WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
+ results.add(0, rResult);
+ }
+
+ private void setAddressingInformationOnFault(MessageContext msgContext) {
+ SOAPEnvelope env = msgContext.getEnvelope();
+ SOAPHeader header = env.getHeader();
+
+ if (header != null) {
+ OMElement msgIdElem = header.getFirstChildWithName(new QName(
+ AddressingConstants.Final.WSA_NAMESPACE,
+ AddressingConstants.WSA_MESSAGE_ID));
+ if (msgIdElem == null) {
+ msgIdElem = header.getFirstChildWithName(new QName(
+ AddressingConstants.Submission.WSA_NAMESPACE,
+ AddressingConstants.WSA_MESSAGE_ID));
+ }
+ if (msgIdElem != null && msgIdElem.getText() != null) {
+ msgContext.getOptions().setMessageId(msgIdElem.getText());
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
new file mode 100644
index 0000000..3a9bf0f
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
@@ -0,0 +1,270 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.HandlerParameterDecoder;
+import org.apache.rampart.util.MessageOptimizer;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+
+import java.util.Vector;
+
+/**
+ * @deprecated
+ */
+public class WSDoAllSender extends WSDoAllHandler {
+
+ private static final Log log = LogFactory.getLog(WSDoAllSender.class);
+ private static Log mlog = LogFactory.getLog(RampartConstants.MESSAGE_LOG);
+
+
+ public WSDoAllSender() {
+ super();
+ inHandler = false;
+ }
+
+ public void processMessage(MessageContext msgContext) throws AxisFault {
+
+ String useDoomValue = (String) getProperty(msgContext,
+ WSSHandlerConstants.USE_DOOM);
+ boolean useDoom = useDoomValue != null
+ && Constants.VALUE_TRUE.equalsIgnoreCase(useDoomValue);
+
+ RequestData reqData = new RequestData();
+ try {
+ //If the msgs are msgs to an STS then use basic WS-Sec
+ processBasic(msgContext, useDoom, reqData);
+
+ } catch (Exception e) {
+ throw new AxisFault(e.getMessage(), e);
+ }
+ finally {
+ if(reqData != null) {
+ reqData.clear();
+ reqData = null;
+ }
+ }
+
+ if(mlog.isDebugEnabled()){
+ mlog.debug("*********************** WSDoAllSender sent out \n"+msgContext.getEnvelope());
+ }
+ }
+
+ /**
+ * This will carryout the WS-Security related operations.
+ *
+ * @param msgContext
+ * @param useDoom
+ * @throws WSSecurityException
+ * @throws AxisFault
+ */
+ private void processBasic(MessageContext msgContext, boolean useDoom,
+ RequestData reqData) throws WSSecurityException, AxisFault {
+ boolean doDebug = log.isDebugEnabled();
+
+ try {
+ HandlerParameterDecoder.processParameters(msgContext,false);
+ } catch (Exception e) {
+ throw new AxisFault("Configureation error", e);
+ }
+
+ if (doDebug) {
+ log.debug("WSDoAllSender: enter invoke()");
+ }
+
+ /*
+ * Copy the RECV_RESULTS over to the current message context
+ * - IF available
+ */
+ OperationContext opCtx = msgContext.getOperationContext();
+ MessageContext inMsgCtx;
+ if(opCtx != null &&
+ (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS,
+ inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+ }
+
+
+
+ reqData.setNoSerialization(false);
+ reqData.setMsgContext(msgContext);
+
+ if (((getOption(WSSHandlerConstants.OUTFLOW_SECURITY)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.OUTFLOW_SECURITY)) == null)) {
+
+ if (msgContext.isServerSide() &&
+ ((getOption(WSSHandlerConstants.OUTFLOW_SECURITY_SERVER)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.OUTFLOW_SECURITY_SERVER)) == null)) {
+
+ return;
+ } else if (((getOption(WSSHandlerConstants.OUTFLOW_SECURITY_CLIENT)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.OUTFLOW_SECURITY_CLIENT)) == null)) {
+
+ return;
+ }
+ }
+
+ Vector actions = new Vector();
+ String action = null;
+ if ((action = (String) getOption(WSSHandlerConstants.ACTION_ITEMS)) == null) {
+ action = (String) getProperty(msgContext, WSSHandlerConstants.ACTION_ITEMS);
+ }
+ if (action == null) {
+ throw new AxisFault("WSDoAllReceiver: No action items defined");
+ }
+
+ int doAction = WSSecurityUtil.decodeAction(action, actions);
+ if (doAction == WSConstants.NO_SECURITY) {
+ return;
+ }
+
+ /*
+ * For every action we need a username, so get this now. The
+ * username defined in the deployment descriptor takes precedence.
+ */
+ reqData.setUsername((String) getOption(WSHandlerConstants.USER));
+ if (reqData.getUsername() == null || reqData.getUsername().length() == 0) {
+ String username = (String) getProperty(reqData.getMsgContext(), WSHandlerConstants.USER);
+ if (username != null) {
+ reqData.setUsername(username);
+ }
+ }
+
+ /*
+ * Now we perform some set-up for UsernameToken and Signature
+ * functions. No need to do it for encryption only. Check if
+ * username is available and then get a passowrd.
+ */
+ if ((doAction & (WSConstants.SIGN | WSConstants.UT | WSConstants.UT_SIGN)) != 0) {
+ /*
+ * We need a username - if none throw an AxisFault. For
+ * encryption there is a specific parameter to get a username.
+ */
+ if (reqData.getUsername() == null
+ || reqData.getUsername().length() == 0) {
+ throw new AxisFault(
+ "WSDoAllSender: Empty username for specified action");
+ }
+ }
+
+ /*
+ * Now get the SOAPEvelope from the message context and convert it
+ * into a Document
+ *
+ * Now we can perform our security operations on this request.
+ */
+
+
+ Document doc = null;
+ /*
+ * If the message context property conatins a document then this is
+ * a chained handler.
+ */
+ if ((doc = (Document) ((MessageContext)reqData.getMsgContext())
+ .getProperty(WSHandlerConstants.SND_SECURITY)) == null) {
+ try {
+ doc = Axis2Util.getDocumentFromSOAPEnvelope(msgContext.getEnvelope(), useDoom);
+ } catch (WSSecurityException wssEx) {
+ throw new AxisFault("WSDoAllReceiver: Error in converting to Document", wssEx);
+ }
+ }
+
+
+ doSenderAction(doAction, doc, reqData, actions, !msgContext.isServerSide());
+
+ /*
+ * If noSerialization is false, this handler shall be the last (or
+ * only) one in a handler chain. If noSerialization is true, just
+ * set the processed Document in the transfer property. The next
+ * Axis WSS4J handler takes it and performs additional security
+ * processing steps.
+ *
+ */
+ if (reqData.isNoSerialization()) {
+ ((MessageContext)reqData.getMsgContext()).setProperty(WSHandlerConstants.SND_SECURITY,
+ doc);
+ } else {
+ if(useDoom) {
+ msgContext.setEnvelope((SOAPEnvelope)doc.getDocumentElement());
+ } else {
+ msgContext.setEnvelope(Axis2Util.getSOAPEnvelopeFromDOMDocument(doc, useDoom));
+ }
+ ((MessageContext)reqData.getMsgContext()).setProperty(WSHandlerConstants.SND_SECURITY, null);
+ }
+
+
+ /**
+ * If the optimizeParts parts are set then optimize them
+ */
+ String optimizeParts;
+
+ if((optimizeParts = (String) getOption(WSSHandlerConstants.OPTIMIZE_PARTS)) == null) {
+ optimizeParts = (String)
+ getProperty(reqData.getMsgContext(), WSSHandlerConstants.OPTIMIZE_PARTS);
+ }
+ if(optimizeParts != null) {
+ // Optimize the Envelope
+ MessageOptimizer.optimize(msgContext.getEnvelope(),optimizeParts);
+ }
+
+ //Enable handler repetition
+ Integer repeat;
+ int repeatCount;
+ if ((repeat = (Integer)getOption(WSSHandlerConstants.SENDER_REPEAT_COUNT)) == null) {
+ repeat = (Integer)
+ getProperty(reqData.getMsgContext(), WSSHandlerConstants.SENDER_REPEAT_COUNT);
+ }
+
+ repeatCount = repeat.intValue();
+
+ //Get the current repetition from message context
+ int repetition = this.getCurrentRepetition(msgContext);
+
+ if(repeatCount > 0 && repetition < repeatCount) {
+
+ reqData.clear();
+ reqData = null;
+
+ // Increment the repetition to indicate the next repetition
+ // of the same handler
+ repetition++;
+ msgContext.setProperty(WSSHandlerConstants.CURRENT_REPETITON,
+ new Integer(repetition));
+
+ this.invoke(msgContext);
+ }
+
+ if (doDebug) {
+ log.debug("WSDoAllSender: exit invoke()");
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java
new file mode 100644
index 0000000..c693fc9
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+/**
+ * Constants specific to the Axis2 security module
+ */
+public class WSSHandlerConstants {
+
+ private WSSHandlerConstants() {
+ }
+
+ /**
+ * Name of the .mar file
+ */
+ public final static String SECURITY_MODULE_NAME = "rampart";
+
+ /**
+ * Inflow security parameter
+ */
+ public static final String INFLOW_SECURITY = "InflowSecurity";
+
+ public static final String INFLOW_SECURITY_SERVER = "InflowSecurity-server";
+ public static final String INFLOW_SECURITY_CLIENT = "InflowSecurity-client";
+
+ /**
+ * Outflow security parameter
+ */
+ public static final String OUTFLOW_SECURITY = "OutflowSecurity";
+
+ public static final String OUTFLOW_SECURITY_SERVER = "OutflowSecurity-server";
+ public static final String OUTFLOW_SECURITY_CLIENT = "OutflowSecurity-client";
+
+
+ /**
+ * Inflow security parameter of a client to talk to an STS
+ * when sec conv is used
+ */
+ public final static String STS_INFLOW_SECURITY = "STSInflowSecurity";
+
+ /**
+ * Outflow security parameter of a client to talk to an STS
+ * when sec conv is used
+ */
+ public final static String STS_OUTFLOW_SECURITY = "STSOutflowSecurity";
+
+
+ public static final String ACTION = "action";
+
+ public static final String ACTION_ITEMS = "items";
+
+
+ /**
+ * Repetition count
+ */
+ public static final String SENDER_REPEAT_COUNT = "senderRepeatCount";
+
+ /**
+ * The current repetition
+ */
+ public static final String CURRENT_REPETITON = "currentRepetition";
+
+ /**
+ * This is used to indicate the XPath expression used to indicate the
+ * Elements whose first child (must be a text node) is to be optimized
+ */
+ public static final String OPTIMIZE_PARTS = "optimizeParts";
+
+ public static final String PRESERVE_ORIGINAL_ENV = "preserveOriginalEnvelope";
+
+
+ /*
+ * These are useful in configuring using the OutflowConfiguration
+ * and InflowConfiguration
+ * The set of possible key identifiers
+ */
+
+ public static final String BST_DIRECT_REFERENCE = "DirectReference";
+
+ public static final String ISSUER_SERIAL = "IssuerSerial";
+
+ public static final String X509_KEY_IDENTIFIER = "X509KeyIdentifier";
+
+ public static final String SKI_KEY_IDENTIFIER = "SKIKeyIdentifier";
+
+ public static final String EMBEDDED_KEYNAME = "EmbeddedKeyName";
+
+ public static final String THUMBPRINT_IDENTIFIER = "Thumbprint";
+
+
+ public final static String SIGN_ALL_HEADERS = "signAllHeaders";
+ public final static String SIGN_BODY = "signBody";
+ public final static String ENCRYPT_BODY = "encryptBody";
+
+ /**
+ * Key to be used to set a flag in msg ctx to enable/disable using doom
+ */
+ public final static String USE_DOOM = "useDoom";
+
+
+ ///
+ /// WS-SecureConversation constants
+ ///
+
+
+ /**
+ * Key to hold the map of security context identifiers against the
+ * service epr addresses (service scope) or wsa:Action values (operation
+ * scope).
+ */
+ public final static String CONTEXT_MAP_KEY = "contextMap";
+
+ /**
+ * The <code>java.util.Properties</code> object holding the properties
+ * of a <code>org.apache.ws.security.components.crypto.Crypto</code> impl.
+ *
+ * This should ONLY be used when the CRYPTO_CLASS_KEY is specified.
+ *
+ * @see org.apache.ws.security.components.crypto.Crypto
+ */
+ public final static String CRYPTO_PROPERTIES_KEY = "cryptoPropertiesRef";
+
+ /**
+ * The class that implements
+ * <code>org.apache.ws.security.components.crypto.Crypto</code>.
+ */
+ public final static String CRYPTO_CLASS_KEY = "cryptoClass";
+
+ //TODO: Get these constants from the WS-Trust impl's constants
+ public final static String RST_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT";
+ public final static String RSTR_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT";
+ public final static String RSTR_ACTON_ISSUE = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue";
+
+ public final static String TOK_TYPE_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
+
+ public final static String WST_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+ public static final String REQUEST_SECURITY_TOKEN_RESPONSE_LN = "RequestSecurityTokenResponse";
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java
new file mode 100644
index 0000000..61d8df5
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import java.util.HashMap;
+import java.util.Iterator;
+
+/**
+ * This is the representation of the inflow configurations of the security
+ * module.
+ *
+ * @deprecated
+ */
+public class InflowConfiguration {
+
+ private HashMap action = new HashMap();
+
+ /**
+ * Returns the configuration as an OMElement.
+ * @return Returns Parameter.
+ */
+ public Parameter getProperty() {
+
+ if (! action.containsKey("items")) {
+ return null;
+ }
+
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ //TODO: Find the constants for "Parameter" and "name"
+ OMElement paramElement = fac.createOMElement("Parameter",null);
+ paramElement.addAttribute(fac.createOMAttribute("name", null ,WSSHandlerConstants.INFLOW_SECURITY));
+
+ OMElement actionElem = fac.createOMElement(
+ WSSHandlerConstants.ACTION, null);
+
+ // Get the set of kes of the selected action
+ Iterator keys = action.keySet().iterator();
+
+ while (keys.hasNext()) {
+ String key = (String) keys.next();
+ String value = (String) action.get(key);
+ if(value != null && value.length() > 0) {
+ // Create an element with the name of the key
+ OMElement elem = fac.createOMElement(key, null);
+ // Set the text value of the element
+ elem.setText(value);
+ // Add the element as a child of this action element
+ actionElem.addChild(elem);
+ }
+ }
+
+ paramElement.addChild(actionElem);
+
+ Parameter param = new Parameter();
+ param.setParameterElement(paramElement);
+ param.setValue(paramElement);
+ param.setName(WSSHandlerConstants.INFLOW_SECURITY);
+
+ return param;
+ }
+
+ /**
+ * Returns the action items.
+ * @return Returns String.
+ */
+ public String getActionItems() {
+ return (String)this.action.get(WSSHandlerConstants.ACTION_ITEMS);
+ }
+
+ /**
+ * Sets the action items.
+ * @param actionItems
+ */
+ public void setActionItems(String actionItems) {
+ this.action.put(WSSHandlerConstants.ACTION_ITEMS, actionItems);
+ }
+
+ /**
+ * Returns the decryption property file.
+ * @return Returns String.
+ */
+ public String getDecryptionPropFile() {
+ return (String)this.action.get(WSHandlerConstants.DEC_PROP_FILE);
+ }
+
+ /**
+ * Sets the decryption property file.
+ * @param decryptionPropFile
+ */
+ public void setDecryptionPropFile(String decryptionPropFile) {
+ this.action.put(WSHandlerConstants.DEC_PROP_FILE,decryptionPropFile);
+ }
+
+ /**
+ * Sets the decryption property ref key.
+ * @param decryptionPropRefKey
+ */
+ public void setDecryptionPropRefKey(String decryptionPropRefKey) {
+ this.action.put(WSHandlerConstants.DEC_PROP_REF_ID,decryptionPropRefKey);
+ }
+
+ /**
+ * Returns the password callback class name.
+ * @return Returns String.
+ */
+ public String getPasswordCallbackClass() {
+ return (String)this.action.get(WSHandlerConstants.PW_CALLBACK_CLASS);
+ }
+
+ /**
+ * Sets the password callback class name.
+ * @param passwordCallbackClass
+ */
+ public void setPasswordCallbackClass(String passwordCallbackClass) {
+ this.action.put(WSHandlerConstants.PW_CALLBACK_CLASS,passwordCallbackClass);
+ }
+
+ /**
+ * Returns the signature property file.
+ * @return Returns String.
+ */
+ public String getSignaturePropFile() {
+ return (String)this.action.get(WSHandlerConstants.SIG_PROP_FILE);
+ }
+
+ /**
+ * Sets the signature property file.
+ * @param signaturePropFile
+ */
+ public void setSignaturePropFile(String signaturePropFile) {
+ this.action.put(WSHandlerConstants.SIG_PROP_FILE, signaturePropFile);
+ }
+
+ /**
+ * Sets the signature property ref key.
+ * @param signaturePropRefId
+ */
+ public void setSignaturePropRefId(String signaturePropRefId) {
+ this.action.put(WSHandlerConstants.SIG_PROP_REF_ID, signaturePropRefId);
+ }
+
+ /**
+ * Sets whether signature confirmation should be enabled or not.
+ * @param value
+ */
+ public void setEnableSignatureConfirmation(boolean value) {
+ this.action.put(
+ WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, value?"true":"false");
+ }
+
+ /**
+ * Returns whether signature confirmation should be enabled or not.
+ * @return Returns String.
+ */
+ public String getEnableSignatureConfirmation() {
+ return (String) this.action
+ .get(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java
new file mode 100644
index 0000000..0fe5212
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java
@@ -0,0 +1,600 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import java.util.HashMap;
+import java.util.Iterator;
+
+/**
+ * This is the representation of the outflow configurations of the security
+ * module.
+ *
+ * @deprecated
+ */
+public class OutflowConfiguration {
+
+ private HashMap[] actionList;
+
+ private int currentAction = 0;
+
+ /**
+ * Creates a default outflow configuration instance with an action.
+ */
+ public OutflowConfiguration() {
+ this.actionList = new HashMap[1];
+ this.actionList[0] = new HashMap();
+ }
+
+ /**
+ * Creates a new outflow configuration instance with the given number of
+ * actions.
+ *
+ * @param actionCount
+ */
+ public OutflowConfiguration(int actionCount) {
+ this.actionList = new HashMap[actionCount];
+ for (int i = 0; i < actionCount; i++) {
+ this.actionList[i] = new HashMap();
+ }
+ }
+
+ /**
+ * Returns the configuration as an Parameter
+ *
+ * @return Returns Parameter.
+ */
+ public Parameter getProperty() {
+
+
+ for (int i = 0; i < actionList.length; i++) {
+ HashMap action = actionList[i];
+
+ if (! action.keySet().contains("items")) {
+ return null;
+ }
+ }
+
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ //TODO: Find the constants for "Parameter" and "name"
+ OMElement paramElement = fac.createOMElement("Parameter",null);
+ paramElement.addAttribute(fac.createOMAttribute("name", null ,WSSHandlerConstants.OUTFLOW_SECURITY));
+
+
+ for (int i = 0; i < this.actionList.length; i++) {
+ // Create the action element
+ OMElement actionElem = fac.createOMElement(
+ WSSHandlerConstants.ACTION, null);
+
+ // Get the current action
+ HashMap action = this.actionList[i];
+
+ // Get the set of kes of the selected action
+ Iterator keys = action.keySet().iterator();
+
+ while (keys.hasNext()) {
+ String key = (String) keys.next();
+ String value = (String) action.get(key);
+ if(value != null && value.length() > 0) {
+ // Create an element with the name of the key
+ OMElement elem = fac.createOMElement(key, null);
+ // Set the text value of the element
+ elem.setText(value);
+ // Add the element as a child of this action element
+ actionElem.addChild(elem);
+ }
+ }
+
+ paramElement.addChild(actionElem);
+ }
+
+ Parameter param = new Parameter();
+ param.setParameterElement(paramElement);
+ param.setValue(paramElement);
+ param.setName(WSSHandlerConstants.OUTFLOW_SECURITY);
+ return param;
+ }
+
+ /**
+ * Moves to the next action. If this is called when the current action is the
+ * last action then the current action will not change.
+ *
+ * @throws Exception
+ */
+ public void nextAction() {
+ if (currentAction < this.actionList.length - 1) {
+ this.currentAction++;
+ }
+ }
+
+ /**
+ * Moves to previous action. If this is called when the current action is the
+ * first option then then the current action will not change.
+ *
+ * @throws Exception
+ */
+ public void previousAction() {
+ if (this.currentAction > 0) {
+ this.currentAction--;
+ }
+ }
+
+ /**
+ * Sets the action items.
+ *
+ * @param actionItems
+ */
+ public void setActionItems(String actionItems) {
+ this.actionList[this.currentAction].put(
+ WSSHandlerConstants.ACTION_ITEMS, actionItems);
+ }
+
+ /**
+ * Returns the action items.
+ * @return Returns String.
+ */
+ public String getActionItems() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSSHandlerConstants.ACTION_ITEMS);
+ }
+
+ /**
+ * Sets the user of the current action.
+ *
+ * @param user
+ */
+ public void setUser(String user) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.USER, user);
+ }
+
+ /**
+ * Returns the user of the current action.
+ * @return Returns String.
+ */
+ public String getUser() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.USER);
+ }
+
+ /**
+ * Sets the name of the password callback class of the current action.
+ *
+ * @param passwordCallbackClass
+ */
+ public void setPasswordCallbackClass(String passwordCallbackClass) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.PW_CALLBACK_CLASS, passwordCallbackClass);
+ }
+
+ /**
+ * Returns the name of the password callback class of the current action.
+ * @return Returns String.
+ */
+ public String getPasswordCallbackClass() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.PW_CALLBACK_CLASS);
+ }
+
+ /**
+ * Sets the signature property file of the current action.
+ *
+ * @param signaturePropFile
+ */
+ public void setSignaturePropFile(String signaturePropFile) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SIG_PROP_FILE, signaturePropFile);
+ }
+
+ /**
+ * Sets the signature property ref key of the current action.
+ *
+ * @param signaturePropRefId
+ */
+ public void setSignaturePropRefId(String signaturePropRefId) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SIG_PROP_REF_ID, signaturePropRefId);
+ }
+
+ /**
+ * Returns the signature property file of the current action.
+ * @return Returns String.
+ */
+ public String getSignaturePropFile() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIG_PROP_FILE);
+ }
+
+ /**
+ * Sets the signatue key identifier of the current action.
+ *
+ * @param signatureKeyIdentifier
+ * Valid values:
+ * <ul>
+ * <li>X509KeyIdentifier - {@link WSSHandlerConstants#X509_KEY_IDENTIFIER}</li>
+ * <li>SKIKeyIdentifier - {@link WSSHandlerConstants#SKI_KEY_IDENTIFIER}</li>
+ * <li>IssuerSerial - {@link WSSHandlerConstants#ISSUER_SERIAL}</li>
+ * <li>DirectReference - {@link WSSHandlerConstants#BST_DIRECT_REFERENCE}</li>
+ * <li>Thumbprint - {@link WSSHandlerConstants#THUMBPRINT_IDENTIFIER}</li>
+ * </ul>
+ */
+ public void setSignatureKeyIdentifier(String signatureKeyIdentifier) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.SIG_KEY_ID,
+ signatureKeyIdentifier);
+ }
+
+ /**
+ * Returns the signatue key identifier of the current action.
+ * @return Returns String.
+ */
+ public String getSignatureKeyIdentifier() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIG_KEY_ID);
+ }
+
+ public void setSignatureAlgorithm(String signatureAlgo) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.SIG_ALGO,
+ signatureAlgo);
+ }
+
+ public String getSignatureAlgorithm() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIG_ALGO);
+ }
+
+ /**
+ * Sets the encrypted key identifier of the current action.
+ * <br/>
+ * @param encryptionKeyIdentifier
+ * Valid values:
+ * <ul>
+ * <li>X509KeyIdentifier - {@link WSSHandlerConstants#X509_KEY_IDENTIFIER}</li>
+ * <li>SKIKeyIdentifier - {@link WSSHandlerConstants#SKI_KEY_IDENTIFIER}</li>
+ * <li>IssuerSerial - {@link WSSHandlerConstants#ISSUER_SERIAL}</li>
+ * <li>DirectReference - {@link WSSHandlerConstants#BST_DIRECT_REFERENCE}</li>
+ * <li>EmbeddedKeyName - {@link WSSHandlerConstants#EMBEDDED_KEYNAME}</li>
+ * <li>Thumbprint - {@link WSSHandlerConstants#THUMBPRINT_IDENTIFIER}</li>
+ * </ul>
+ */
+ public void setEncryptionKeyIdentifier(String encryptionKeyIdentifier) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.ENC_KEY_ID,
+ encryptionKeyIdentifier);
+ }
+
+ /**
+ * Returns the encrypted key identifier of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionKeyIdentifier() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_KEY_ID);
+ }
+
+ /**
+ * Sets the encryption user of the current action.
+ *
+ * @param encryptionUser
+ */
+ public void setEncryptionUser(String encryptionUser) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENCRYPTION_USER, encryptionUser);
+ }
+
+ /**
+ * Returns the encryption user of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionUser() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENCRYPTION_USER);
+ }
+
+ /**
+ * Sets the signature parts of the current action.
+ *
+ * @param signatureParts
+ */
+ public void setSignatureParts(String signatureParts) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SIGNATURE_PARTS, signatureParts);
+ }
+
+ /**
+ * Returns the signature parts of the current action.
+ * @return Returns String.
+ */
+ public String getSignatureParts() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIGNATURE_PARTS);
+ }
+
+ /**
+ * Sets the encryption parts of the current action.
+ *
+ * @param encryptionParts
+ */
+ public void setEncryptionParts(String encryptionParts) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENCRYPTION_PARTS, encryptionParts);
+ }
+
+ /**
+ * Returns the encryption parts of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionParts() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENCRYPTION_PARTS);
+ }
+
+ /**
+ * Sets the password type of the current action
+ *
+ * @param passwordType
+ */
+ public void setPasswordType(String passwordType) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.PASSWORD_TYPE, passwordType);
+ }
+
+ /**
+ * Returns the password type of the current action.
+ * @return Returns String.
+ */
+ public String getPasswordType() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.PASSWORD_TYPE);
+ }
+
+ /**
+ * Sets the encryption symmetric algorithm of the current action
+ *
+ * @param encryptionSymAlgorithm
+ */
+ public void setEncryptionSymAlgorithm(String encryptionSymAlgorithm) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_SYM_ALGO, encryptionSymAlgorithm);
+ }
+
+ /**
+ * Returns the encryption symmetric algorithm of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionSymAlgorithm() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_SYM_ALGO);
+ }
+
+ /**
+ * Sets the encryption key transport algorithm of the current action
+ *
+ * @param encryptionKeyTransportAlgorithm
+ */
+ public void setEncryptionKeyTransportAlgorithm(
+ String encryptionKeyTransportAlgorithm) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_KEY_TRANSPORT,
+ encryptionKeyTransportAlgorithm);
+ }
+
+ /**
+ * Returns the encryption key transport algorithm of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionKeyTransportAlgorithm() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_KEY_TRANSPORT);
+ }
+
+ /**
+ * Sets the embedded key callback class of the current action
+ *
+ * @param embeddedKeyCallbackClass
+ */
+ public void setEmbeddedKeyCallbackClass(String embeddedKeyCallbackClass) {
+ this.actionList[this.currentAction]
+ .put(WSHandlerConstants.ENC_CALLBACK_CLASS,
+ embeddedKeyCallbackClass);
+ }
+
+ /**
+ * Returns the embedded key callback class of the current action.
+ *
+ * @return Returns String.
+ */
+ public String getEmbeddedKeyCallbackClass() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_CALLBACK_CLASS);
+ }
+
+ /**
+ * Sets the XPath expression to selecte the elements with content of the
+ * current action to be MTOM optimized.
+ *
+ * @param optimizePartsXPathExpr
+ */
+ public void setOptimizeParts(String optimizePartsXPathExpr) {
+ this.actionList[this.currentAction].put(
+ WSSHandlerConstants.OPTIMIZE_PARTS, optimizePartsXPathExpr);
+ }
+
+ /**
+ * Returns the Path expression to selecte the elements with content of the
+ * current action to be MTOM optimized.
+ *
+ * @return Returns String.
+ */
+ public String getOptimizeParts() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSSHandlerConstants.OPTIMIZE_PARTS);
+ }
+
+ /**
+ * Sets the SAML property file of the current action.
+ * @param samlPropFile
+ */
+ public void setSamlPropFile(String samlPropFile) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SAML_PROP_FILE, samlPropFile);
+ }
+
+ /**
+ * Returns the SAML property file of the current action.
+ * @return Returns String.
+ */
+ public String getSamlPropFile() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SAML_PROP_FILE);
+ }
+
+ /**
+ * Sets the encryption property file.
+ * @param encPropFile
+ */
+ public void setEncryptionPropFile(String encPropFile) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_PROP_FILE, encPropFile);
+ }
+
+ /**
+ * Sets the encryption property ref key of the current action.
+ *
+ * @param encryptionPropRefId
+ */
+ public void setEncryptionPropRefId(String encryptionPropRefId) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_PROP_REF_ID, encryptionPropRefId);
+ }
+
+ /**
+ * Returns the encryption property file.
+ * @return Returns String.
+ */
+ public String getEncryptionPropFile() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_PROP_FILE);
+ }
+
+ /**
+ * Enable/Disable PrecisionInMilliseconds
+ * @param value
+ */
+ public void setPrecisionInMilliseconds(boolean value) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.TIMESTAMP_PRECISION, value?"true":"false");
+ }
+
+ /**
+ * Returns whether PrecisionInMilliseconds is enabled or not
+ * @return Returns String.
+ */
+ public String getPrecisionInMilliseconds() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.TIMESTAMP_PRECISION);
+ }
+
+ /**
+ * Option to add additional elements in the username token element.
+ * Example: Nonce and Create elements
+ * @param addUTElements
+ */
+ public void setAddUTElements(String addUTElements) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ADD_UT_ELEMENTS, addUTElements);
+ }
+
+ /**
+ * Returns the additional elements to be added to the username token element.
+ */
+ public String getAddUTElements() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ADD_UT_ELEMENTS);
+ }
+
+ /**
+ * Sets the text of the key name that needs to be sent.
+ * @param embeddedKeyName
+ */
+ public void setEmbeddedKeyName(String embeddedKeyName) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_KEY_NAME, embeddedKeyName);
+ }
+
+ /**
+ * Returns the text of the key name that needs to be sent.
+ * @return Returns String.
+ */
+ public String getEmbeddedKeyName() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_KEY_NAME);
+ }
+
+ /**
+ * Sets whether signature confirmation should be enabled or not.
+ * @param value
+ */
+ public void setEnableSignatureConfirmation(boolean value) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, value?"true":"false");
+ }
+
+ /**
+ * Returns whether signature confirmation should be enabled or not
+ * @return Returns String.
+ */
+ public String getEnableSignatureConfirmation() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
+ }
+
+ /**
+ * Sets whether signature confirmation should be enabled or not
+ * @param value
+ */
+ public void setPreserveOriginalEnvelope(boolean value) {
+ this.actionList[this.currentAction].put(
+ WSSHandlerConstants.PRESERVE_ORIGINAL_ENV, value?"true":"false");
+ }
+
+ /**
+ * Returns whether signature confirmation should be enabled or not.
+ * @return Returns String.
+ */
+ public String getPreserveOriginalEnvelope() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSSHandlerConstants.PRESERVE_ORIGINAL_ENV);
+ }
+
+
+ public void setSignAllHeadersAndBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.SIGN_ALL_HEADERS, "true");
+ this.setSignBody();
+ }
+
+ public void setSignBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.SIGN_BODY, "true");
+ }
+
+ public void setEncryptBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.ENCRYPT_BODY, "true");
+ }
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
new file mode 100755
index 0000000..5a7f81d
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
@@ -0,0 +1,358 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy;
+
+import org.apache.axis2.policy.model.MTOMAssertion;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Assertion;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AsymmetricBinding;
+import org.apache.ws.secpolicy.model.Binding;
+import org.apache.ws.secpolicy.model.ContentEncryptedElements;
+import org.apache.ws.secpolicy.model.EncryptionToken;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.InitiatorToken;
+import org.apache.ws.secpolicy.model.ProtectionToken;
+import org.apache.ws.secpolicy.model.RecipientToken;
+import org.apache.ws.secpolicy.model.RequiredElements;
+import org.apache.ws.secpolicy.model.SignatureToken;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.SymmetricAsymmetricBindingBase;
+import org.apache.ws.secpolicy.model.SymmetricBinding;
+import org.apache.ws.secpolicy.model.TokenWrapper;
+import org.apache.ws.secpolicy.model.TransportBinding;
+import org.apache.ws.secpolicy.model.TransportToken;
+import org.apache.ws.secpolicy.model.Trust10;
+import org.apache.ws.secpolicy.model.Wss10;
+import org.apache.ws.secpolicy.model.Wss11;
+
+import java.util.Iterator;
+import java.util.List;
+
+public class RampartPolicyBuilder {
+
+ private static Log log = LogFactory.getLog(RampartPolicyBuilder.class);
+
+ /**
+ * Compile the parsed security data into one Policy data block.
+ *
+ * This methods loops over all top level Policy Engine data elements,
+ * extracts the parsed parameters and sets them into a single data block.
+ * During this processing the method prepares the parameters in a format
+ * that is ready for processing by the WSS4J functions.
+ *
+ * <p/>
+ *
+ * The WSS4J policy enabled handler takes this data block to control the
+ * setup of the security header.
+ *
+ * @param topLevelAssertions
+ * The iterator of the top level policy assertions
+ * @return The compile Poilcy data block.
+ * @throws WSSPolicyException
+ */
+ public static RampartPolicyData build(List topLevelAssertions)
+ throws WSSPolicyException {
+
+ RampartPolicyData rpd = new RampartPolicyData();
+
+ for (Iterator iter = topLevelAssertions.iterator(); iter.hasNext();) {
+ Assertion assertion = (Assertion) iter.next();
+ if (assertion instanceof Binding) {
+ if (assertion instanceof SymmetricBinding) {
+ processSymmetricPolicyBinding((SymmetricBinding) assertion, rpd);
+ } else if(assertion instanceof AsymmetricBinding) {
+ processAsymmetricPolicyBinding((AsymmetricBinding) assertion, rpd);
+ } else {
+ processTransportBinding((TransportBinding) assertion, rpd);
+ }
+
+ /*
+ * Don't change the order of Wss11 / Wss10 instance checks
+ * because Wss11 extends Wss10 - thus first check Wss11.
+ */
+ } else if (assertion instanceof Wss11) {
+ processWSS11((Wss11) assertion, rpd);
+ } else if (assertion instanceof Wss10) {
+ processWSS10((Wss10) assertion, rpd);
+ } else if (assertion instanceof SignedEncryptedElements) {
+ processSignedEncryptedElements((SignedEncryptedElements) assertion,
+ rpd);
+ } else if (assertion instanceof SignedEncryptedParts) {
+ processSignedEncryptedParts((SignedEncryptedParts) assertion, rpd);
+ } else if ( assertion instanceof RequiredElements) {
+ processRequiredElements((RequiredElements)assertion, rpd);
+ } else if (assertion instanceof ContentEncryptedElements) {
+ processContentEncryptedElements((ContentEncryptedElements) assertion, rpd);
+ }else if (assertion instanceof SupportingToken) {
+ processSupportingTokens((SupportingToken) assertion, rpd);
+ } else if (assertion instanceof Trust10) {
+ processTrust10((Trust10)assertion, rpd);
+ } else if (assertion instanceof RampartConfig) {
+ processRampartConfig((RampartConfig)assertion, rpd);
+ } else if (assertion instanceof MTOMAssertion){
+ processMTOMSerialization((MTOMAssertion)assertion, rpd);
+ } else {
+ log.debug("Unknown top level PED found: "
+ + assertion.getClass().getName());
+ }
+ }
+
+ return rpd;
+ }
+
+
+
+ /**
+ * @param binding
+ * @param rpd
+ */
+ private static void processTransportBinding(TransportBinding binding, RampartPolicyData rpd) {
+ binding(binding, rpd);
+ rpd.setTransportBinding(true);
+ TransportToken transportToken = binding.getTransportToken();
+ if ( transportToken != null ) {
+ rpd.setTransportToken(transportToken.getTransportToken());
+ }
+ }
+
+ /**
+ * Add TRust10 assertion info into rampart policy data
+ * @param trust10
+ * @param rpd
+ */
+ private static void processTrust10(Trust10 trust10, RampartPolicyData rpd) {
+ rpd.setTrust10(trust10);
+ }
+
+ /**
+ * Add the rampart configuration information into rampart policy data.
+ * @param config
+ * @param rpd
+ */
+ private static void processRampartConfig(RampartConfig config, RampartPolicyData rpd) {
+ rpd.setRampartConfig(config);
+ }
+
+ /**
+ * Evaluate the symmetric policy binding data.
+ *
+ * @param binding
+ * The binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ * @throws WSSPolicyException
+ */
+ private static void processSymmetricPolicyBinding(
+ SymmetricBinding symmBinding, RampartPolicyData rpd)
+ throws WSSPolicyException {
+ rpd.setSymmetricBinding(true);
+ binding(symmBinding, rpd);
+ symmAsymmBinding(symmBinding, rpd);
+ symmetricBinding(symmBinding, rpd);
+ }
+
+ private static void processWSS10(Wss10 wss10, RampartPolicyData rpd) {
+ rpd.setWss10(wss10);
+ }
+
+ /**
+ * Evaluate the asymmetric policy binding data.
+ *
+ * @param binding
+ * The binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ * @throws WSSPolicyException
+ */
+ private static void processAsymmetricPolicyBinding(
+ AsymmetricBinding binding, RampartPolicyData rpd)
+ throws WSSPolicyException {
+ rpd.setAsymmetricBinding(true);
+ binding(binding, rpd);
+ symmAsymmBinding(binding, rpd);
+ asymmetricBinding(binding, rpd);
+ }
+
+ private static void processWSS11(Wss11 wss11, RampartPolicyData rpd) {
+ rpd.setSignatureConfirmation(wss11.isRequireSignatureConfirmation());
+ rpd.setWss11(wss11);
+ }
+
+ /**
+ * Populate elements to sign and/or encrypt with the message tokens.
+ *
+ * @param sep
+ * The data describing the elements (XPath)
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void processSignedEncryptedElements(
+ SignedEncryptedElements see, RampartPolicyData rpd) {
+ Iterator it = see.getXPathExpressions().iterator();
+ if (see.isSignedElemets()) {
+ while (it.hasNext()) {
+ rpd.setSignedElements((String) it.next());
+ }
+ } else {
+ while (it.hasNext()) {
+ rpd.setEncryptedElements((String) it.next());
+ }
+ }
+ rpd.addDeclaredNamespaces(see.getDeclaredNamespaces());
+ }
+
+ /**
+ * Populate parts to sign and/or encrypt with the message tokens.
+ *
+ * @param sep
+ * The data describing the parts
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void processSignedEncryptedParts(SignedEncryptedParts sep,
+ RampartPolicyData rpd) {
+ Iterator it = sep.getHeaders().iterator();
+ if (sep.isSignedParts()) {
+ rpd.setSignBody(sep.isBody());
+ rpd.setSignAttachments(sep.isAttachments());
+ while (it.hasNext()) {
+ Header header = (Header) it.next();
+ rpd.addSignedPart(header.getNamespace(), header.getName());
+ }
+ } else {
+ rpd.setEncryptBody(sep.isBody());
+ rpd.setEncryptAttachments(sep.isAttachments());
+ while (it.hasNext()) {
+ Header header = (Header) it.next();
+ rpd.setEncryptedParts(header.getNamespace(), header.getName(),"Header");
+ }
+ }
+ }
+
+ private static void processContentEncryptedElements(ContentEncryptedElements cee,
+ RampartPolicyData rpd) {
+
+ Iterator it = cee.getXPathExpressions().iterator();
+ while (it.hasNext()) {
+ rpd.setContentEncryptedElements((String) it.next());
+ }
+ rpd.addDeclaredNamespaces(cee.getDeclaredNamespaces());
+ }
+
+ private static void processRequiredElements(RequiredElements req,
+ RampartPolicyData rpd) {
+
+ Iterator it = req.getXPathExpressions().iterator();
+ while (it.hasNext()) {
+ rpd.setRequiredElements((String) it.next());
+ }
+ rpd.addDeclaredNamespaces(req.getDeclaredNamespaces());
+ }
+ /**
+ * Evaluate policy data that is common to all bindings.
+ *
+ * @param binding
+ * The common binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void binding(Binding binding, RampartPolicyData rpd) {
+ rpd.setLayout(binding.getLayout().getValue());
+ rpd.setIncludeTimestamp(binding.isIncludeTimestamp());
+ rpd.setAlgorithmSuite(binding.getAlgorithmSuite());
+ }
+
+ /**
+ * Evaluate policy data that is common to symmetric and asymmetric bindings.
+ *
+ * @param binding
+ * The symmetric/asymmetric binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void symmAsymmBinding(
+ SymmetricAsymmetricBindingBase binding, RampartPolicyData rpd) {
+ rpd.setEntireHeadersAndBodySignatures(binding
+ .isEntireHeadersAndBodySignatures());
+ rpd.setProtectionOrder(binding.getProtectionOrder());
+ rpd.setSignatureProtection(binding.isSignatureProtection());
+ rpd.setTokenProtection(binding.isTokenProtection());
+ rpd.setAlgorithmSuite(binding.getAlgorithmSuite());
+ }
+
+ /**
+ * Evaluate policy data that is specific to symmetric binding.
+ *
+ * @param binding
+ * The symmetric binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void symmetricBinding(SymmetricBinding binding,
+ RampartPolicyData rpd) throws WSSPolicyException {
+ Assertion token = binding.getProtectionToken();
+
+ if (token != null) {
+ rpd.setProtectionToken(((ProtectionToken)token).getProtectionToken());
+ } else {
+ Assertion encrToken = binding.getEncryptionToken();
+ Assertion sigToken = binding.getSignatureToken();
+ if (token == null && sigToken == null) {
+ throw new WSSPolicyException("Symmetric binding should have a Protection token or" +
+ " both Signature and Encryption tokens defined");
+ }
+ rpd.setEncryptionToken(
+ ((EncryptionToken) encrToken).getEncryptionToken());
+ rpd.setSignatureToken(((SignatureToken) sigToken).getSignatureToken());
+ }
+ }
+
+ /**
+ * Evaluate policy data that is specific to asymmetric binding.
+ *
+ * @param binding
+ * The asymmetric binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void asymmetricBinding(AsymmetricBinding binding,
+ RampartPolicyData rpd) throws WSSPolicyException {
+ TokenWrapper tokWrapper = binding.getRecipientToken();
+ TokenWrapper tokWrapper1 = binding.getInitiatorToken();
+ if (tokWrapper == null || tokWrapper1 == null) {
+ throw new WSSPolicyException("Asymmetric binding should have both Initiator and " +
+ "Recipient tokens defined");
+ }
+ rpd.setRecipientToken(((RecipientToken) tokWrapper).getReceipientToken());
+ rpd.setInitiatorToken(((InitiatorToken) tokWrapper1).getInitiatorToken());
+ }
+
+ private static void processSupportingTokens(SupportingToken token,
+ RampartPolicyData rpd) throws WSSPolicyException {
+ rpd.setSupportingTokens(token);
+ }
+
+
+ private static void processMTOMSerialization(MTOMAssertion mtomAssertion, RampartPolicyData rpd)
+ {
+ rpd.setMTOMAssertion(mtomAssertion);
+ }
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
new file mode 100755
index 0000000..4d5c701
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
@@ -0,0 +1,896 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy;
+
+import org.apache.axis2.policy.model.MTOMAssertion;
+import org.apache.neethi.Policy;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.policy.model.OptimizePartsConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.Trust10;
+import org.apache.ws.secpolicy.model.Wss10;
+import org.apache.ws.secpolicy.model.Wss11;
+import org.apache.ws.security.WSEncryptionPart;
+
+import java.util.HashMap;
+import java.util.Vector;
+
+public class RampartPolicyData {
+
+ /*
+ * Global settings for overall security processing
+ */
+ private boolean symmetricBinding;
+
+ private boolean transportBinding;
+
+ private boolean asymmetricBinding;
+
+ private String layout;
+
+ private boolean includeTimestamp;
+
+ private boolean entireHeadersAndBodySignatures;
+
+ private String protectionOrder;
+
+ private boolean signatureProtection;
+
+ private boolean tokenProtection;
+
+ private boolean signatureConfirmation;
+
+ /*
+ * Message tokens for symmetrical binding
+ */
+ private Token encryptionToken;
+
+ private Token signatureToken;
+
+
+ /*
+ * Message token for transport binding
+ */
+ private Token transportToken;
+
+ /*
+ * Message tokens for asymmetrical binding
+ */
+ private Token recipientToken; // used to encrypt data to
+
+ // receipient
+
+ private Token initiatorToken; // used to sign data by
+
+ // initiator
+
+ /*
+ * Which parts or elements of the message to sign/encrypt with the messagen
+ * tokens. Parts or elements to sign/encrypt with supporting tokens are
+ * stored together with the tokens (see WSS4JPolicyToken).
+ */
+ private boolean signBody;
+
+ private boolean encryptBody;
+
+ private boolean signAttachments;
+
+ private boolean encryptAttachments;
+
+ private Vector signedParts = new Vector();
+
+ private Vector signedElements = new Vector();
+
+ private Vector encryptedParts = new Vector();
+
+ private Vector encryptedElements = new Vector();
+
+ private Vector requiredElements = new Vector();
+
+ private Vector contentEncryptedElements = new Vector();
+
+ private HashMap declaredNamespaces = new HashMap();
+
+ /*
+ * Holds the supporting tokens elements
+ */
+ //private SupportingToken supportingTokens;
+
+ private SupportingToken signedSupportingTokens;
+
+ private SupportingToken endorsingSupportingTokens;
+
+ private SupportingToken signedEndorsingSupportingTokens;
+
+ private SupportingToken encryptedSupportingTokens;
+
+ private SupportingToken signedEncryptedSupportingTokens;
+
+ private SupportingToken endorsingEncryptedSupportingTokens;
+
+ private SupportingToken signedEndorsingEncryptedSupportingTokens;
+
+ private AlgorithmSuite algorithmSuite;
+
+ private RampartConfig rampartConfig;
+
+ private MTOMAssertion mtomAssertion;
+
+ private Trust10 trust10;
+
+ private HashMap supportingTokensIdMap;
+ private HashMap signedSupportingTokensIdMap;
+ private HashMap endorsingSupportingTokensIdMap;
+ private HashMap signedEndorsingSupportingTokensIdMap;
+
+ private Wss10 wss10;
+ private Wss11 wss11;
+
+ private Policy issuerPolicy;
+
+ private Vector supportingPolicyData = new Vector();
+
+ private Vector supportingTokens = new Vector();
+
+ public Vector getSupportingPolicyData() {
+ return supportingPolicyData;
+ }
+
+ public void addSupportingPolicyData(SupportingPolicyData supportingPolicyData) {
+ this.supportingPolicyData.add(supportingPolicyData);
+ }
+
+ /**
+ * @return Returns the symmetricBinding.
+ */
+ public boolean isSymmetricBinding() {
+ return symmetricBinding;
+ }
+
+ /**
+ * @param symmetricBinding
+ * The symmetricBinding to set.
+ */
+ public void setSymmetricBinding(boolean symmetricBinding) {
+ this.symmetricBinding = symmetricBinding;
+ }
+
+ /**
+ * @return Returns a boolean value indicating whether a Asymmetric Binding
+ */
+ public boolean isAsymmetricBinding() {
+ return asymmetricBinding;
+ }
+
+ /**
+ * @param asymmetricBinding
+ * boolean value indicating whether a Asymmetric Binding
+ */
+ public void setAsymmetricBinding(boolean asymmetricBinding) {
+ this.asymmetricBinding = asymmetricBinding;
+ }
+ /**
+ * @return Returns the entireHeaderAndBodySignatures.
+ */
+ public boolean isEntireHeadersAndBodySignatures() {
+ return entireHeadersAndBodySignatures;
+ }
+
+ /**
+ * @param entireHeaderAndBodySignatures
+ * The entireHeaderAndBodySignatures to set.
+ */
+ public void setEntireHeadersAndBodySignatures(
+ boolean entireHeaderAndBodySignatures) {
+ this.entireHeadersAndBodySignatures = entireHeaderAndBodySignatures;
+ }
+
+ /**
+ * @return Returns the includeTimestamp.
+ */
+ public boolean isIncludeTimestamp() {
+ return includeTimestamp;
+ }
+
+ /**
+ * @param includeTimestamp
+ * The includeTimestamp to set.
+ */
+ public void setIncludeTimestamp(boolean includeTimestamp) {
+ this.includeTimestamp = includeTimestamp;
+ }
+
+ /**
+ * @return Returns the layout.
+ */
+ public String getLayout() {
+ return layout;
+ }
+
+ /**
+ * @param layout
+ * The layout to set.
+ */
+ public void setLayout(String layout) {
+ this.layout = layout;
+ }
+
+ /**
+ * @return Returns the protectionOrder.
+ */
+ public String getProtectionOrder() {
+ return protectionOrder;
+ }
+
+ /**
+ * @param protectionOrder
+ * The protectionOrder to set.
+ */
+ public void setProtectionOrder(String protectionOrder) {
+ this.protectionOrder = protectionOrder;
+ }
+
+ /**
+ * @return Returns the signatureProtection.
+ */
+ public boolean isSignatureProtection() {
+ return signatureProtection;
+ }
+
+ /**
+ * @param signatureProtection
+ * The signatureProtection to set.
+ */
+ public void setSignatureProtection(boolean signatureProtection) {
+ this.signatureProtection = signatureProtection;
+ }
+
+ /**
+ * @return Returns the tokenProtection.
+ */
+ public boolean isTokenProtection() {
+ return tokenProtection;
+ }
+
+ /**
+ * @param tokenProtection
+ * The tokenProtection to set.
+ */
+ public void setTokenProtection(boolean tokenProtection) {
+ this.tokenProtection = tokenProtection;
+ }
+
+ /**
+ * @return Returns the signatureConfirmation.
+ */
+ public boolean isSignatureConfirmation() {
+ return signatureConfirmation;
+ }
+
+ /**
+ * @param signatureConfirmation
+ * The signatureConfirmation to set.
+ */
+ public void setSignatureConfirmation(boolean signatureConfirmation) {
+ this.signatureConfirmation = signatureConfirmation;
+ }
+
+ /**
+ * @return Returns the encryptedElements.
+ */
+ public Vector getEncryptedElements() {
+ return encryptedElements;
+ }
+
+ /**
+ * @param encElement
+ * The encrypted Element (XPath) to set.
+ */
+ public void setEncryptedElements(String encElement) {
+
+ encryptedElements.add(encElement);
+ }
+
+ /**
+ * @return Returns the requiredElements.
+ */
+ public Vector getRequiredElements() {
+ return requiredElements;
+ }
+
+ /**
+ * @param requiredElements
+ * The Required Element (XPath) to set.
+ */
+ public void setRequiredElements(String reqElement) {
+ requiredElements.add(reqElement);
+ }
+
+ /**
+ * @return Returns the contentEncryptedElements.
+ */
+ public Vector getContentEncryptedElements() {
+ return contentEncryptedElements;
+ }
+
+ /**
+ * @param encElement
+ * The encrypted Element (XPath) to set.
+ */
+ public void setContentEncryptedElements(String encElement) {
+
+ contentEncryptedElements.add(encElement);
+ }
+
+ /**
+ * @return Returns the encryptedParts.
+ */
+ public Vector getEncryptedParts() {
+ return encryptedParts;
+ }
+
+ /**
+ * @param namespace
+ * The namespace of the part.
+ * @param element
+ * The part's element name.
+ */
+ public void setEncryptedParts(String namespace, String element) {
+ WSEncryptionPart wep = new WSEncryptionPart(element, namespace,
+ "Element");
+ encryptedParts.add(wep);
+ }
+
+ /**
+ * @param namespace
+ * The namespace of the part.
+ * @param element
+ * The part's element name.
+ * @param modifier
+ * The type of encryption
+ * Element,Content,Header
+ */
+ public void setEncryptedParts(String namespace, String element,
+ String modifier) {
+ WSEncryptionPart wep = new WSEncryptionPart(element, namespace,
+ modifier);
+ encryptedParts.add(wep);
+ }
+
+
+ /**
+ * @return Returns the encryptBody.
+ */
+ public boolean isEncryptBody() {
+ return encryptBody;
+ }
+
+ /**
+ * @param encryptBody
+ * The encryptBody to set.
+ */
+ public void setEncryptBody(boolean encryptBody) {
+ this.encryptBody = encryptBody;
+ }
+
+ /**
+ * @return Returns the signBody.
+ */
+ public boolean isSignBody() {
+ return signBody;
+ }
+
+ /**
+ * @param signBody
+ * The signBody to set.
+ */
+ public void setSignBody(boolean signBody) {
+ this.signBody = signBody;
+ }
+
+ /**
+ * @return Returns the signAttachments.
+ */
+ public boolean isSignAttachments() {
+ return signAttachments;
+ }
+
+ /**
+ * @param signAttachments
+ * The signAttachments to set.
+ */
+ public void setSignAttachments(boolean signAttachments) {
+ this.signAttachments = signAttachments;
+ }
+
+ /**
+ * @return Returns the encryptAttachments.
+ */
+ public boolean isEncryptAttachments() {
+ return encryptAttachments;
+ }
+
+ /**
+ * @param encryptAttachments
+ * The encryptAttachments to set.
+ */
+ public void setEncryptAttachments(boolean encryptAttachments) {
+ this.encryptAttachments = encryptAttachments;
+ }
+
+ /**
+ * @return Returns the signedElements.
+ */
+ public Vector getSignedElements() {
+ return signedElements;
+ }
+
+ /**
+ * @param sigElement
+ * The signed Element (XPath) to set.
+ */
+ public void setSignedElements(String sigElement) {
+
+ signedElements.add(sigElement);
+ }
+
+ /**
+ * @return Returns the signedParts.
+ */
+ public Vector getSignedParts() {
+ return signedParts;
+ }
+
+ public HashMap getDeclaredNamespaces() {
+ return declaredNamespaces;
+ }
+
+ public void addDeclaredNamespaces(HashMap namespaces) {
+ declaredNamespaces.putAll(namespaces);
+ }
+
+ /**
+ * @param namespace
+ * The namespace of the part.
+ * @param element
+ * The part's element name.
+ */
+ public void addSignedPart(String namespace, String element) {
+
+ WSEncryptionPart wep = new WSEncryptionPart(element, namespace,
+ "Content");
+ signedParts.add(wep);
+ }
+
+ public void addSignedPart(WSEncryptionPart part) {
+ signedParts.add(part);
+ }
+
+ public void setSignedParts(Vector signedParts) {
+ this.signedParts = signedParts;
+ }
+
+ public void setSupportingTokens(SupportingToken suppTokens)
+ throws WSSPolicyException {
+
+ int tokenType = suppTokens.getTokenType();
+ if (tokenType == SPConstants.SUPPORTING_TOKEN_SUPPORTING) {
+ supportingTokens.add(suppTokens);
+ } else if (tokenType == SPConstants.SUPPORTING_TOKEN_SIGNED) {
+ signedSupportingTokens = suppTokens;
+ } else if (tokenType == SPConstants.SUPPORTING_TOKEN_ENDORSING) {
+ endorsingSupportingTokens = suppTokens;
+ } else if (tokenType == SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING) {
+ signedEndorsingSupportingTokens = suppTokens;
+ } else if (tokenType == SPConstants.SUPPORTING_TOKEN_ENCRYPTED) {
+ encryptedSupportingTokens = suppTokens;
+ } else if (tokenType == SPConstants.SUPPORTING_TOKEN_SIGNED_ENCRYPTED) {
+ signedEncryptedSupportingTokens = suppTokens;
+ } else if (tokenType == SPConstants.SUPPORTING_TOKEN_ENDORSING_ENCRYPTED) {
+ endorsingEncryptedSupportingTokens = suppTokens;
+ } else if (tokenType == SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING_ENCRYPTED) {
+ signedEndorsingEncryptedSupportingTokens = suppTokens;
+ }
+ }
+
+
+
+ /**
+ * @return Returns the rampartConfig.
+ */
+ public RampartConfig getRampartConfig() {
+ return rampartConfig;
+ }
+
+ /**
+ * @return Returns the encryptionToken.
+ */
+ public Token getEncryptionToken() {
+ return encryptionToken;
+ }
+
+ /**
+ * @param encryptionToken The encryptionToken to set.
+ */
+ public void setEncryptionToken(Token encryptionToken) {
+ this.encryptionToken = encryptionToken;
+ this.extractIssuerPolicy(encryptionToken);
+ }
+
+ /**
+ * @return Returns the initiatorToken.
+ */
+ public Token getInitiatorToken() {
+ return initiatorToken;
+ }
+
+ /**
+ * @param initiatorToken The initiatorToken to set.
+ */
+ public void setInitiatorToken(Token initiatorToken) {
+ this.initiatorToken = initiatorToken;
+ }
+
+ /**
+ * @return Returns the TransportToken.
+ */
+ public Token getTransportToken() {
+ return transportToken;
+ }
+
+ /**
+ * @param transportToken The TransportToken to set.
+ */
+ public void setTransportToken(Token transportToken) {
+ this.transportToken = transportToken;
+ }
+
+ /**
+ * @return Returns the recipientToken.
+ */
+ public Token getRecipientToken() {
+ return recipientToken;
+ }
+
+ /**
+ * @param recipientToken The recipientToken to set.
+ */
+ public void setRecipientToken(Token recipientToken) {
+ this.recipientToken = recipientToken;
+ }
+
+ public void setProtectionToken(Token protectionToken) {
+ this.setEncryptionToken(protectionToken);
+ this.setSignatureToken(protectionToken);
+ this.extractIssuerPolicy(protectionToken);
+ }
+
+ /**
+ * @return Returns the signatureToken.
+ */
+ public Token getSignatureToken() {
+ return signatureToken;
+ }
+
+ /**
+ * @param signatureToken The signatureToken to set.
+ */
+ public void setSignatureToken(Token signatureToken) {
+ this.signatureToken = signatureToken;
+ this.extractIssuerPolicy(signatureToken);
+ }
+
+ /**
+ * @return Returns the signedEndorsingSupportingToken.
+ */
+ public SupportingToken getSignedEndorsingSupportingTokens() {
+ return signedEndorsingSupportingTokens;
+ }
+
+ /**
+ * @param signedEndorsingSupportingTokens The signedEndorsingSupportingToken to set.
+ */
+ public void setSignedEndorsingSupportingTokens(
+ SupportingToken signedEndorsingSupportingTokens) {
+ this.signedEndorsingSupportingTokens = signedEndorsingSupportingTokens;
+ }
+
+ /**
+ * @return Returns the signedEndorsingEncryptedSupportingToken.
+ */
+ public SupportingToken getSignedEndorsingEncryptedSupportingTokens() {
+ return signedEndorsingEncryptedSupportingTokens;
+ }
+
+ /**
+ * @param signedEndorsingEncryptedSupportingTokens The signedEndorsingEncryptedSupportingToken to set.
+ */
+ public void setSignedEndorsingEncryptedSupportingTokens(
+ SupportingToken signedEndorsingEncryptedSupportingTokens) {
+ this.signedEndorsingEncryptedSupportingTokens = signedEndorsingEncryptedSupportingTokens;
+ }
+
+ /**
+ * @return Returns the signedSupportingToken.
+ */
+ public SupportingToken getSignedSupportingTokens() {
+ return signedSupportingTokens;
+ }
+
+ /**
+ * @param signedSupportingTokens The signedSupportingToken to set.
+ */
+ public void setSignedSupportingTokens(SupportingToken signedSupportingTokens) {
+ this.signedSupportingTokens = signedSupportingTokens;
+ }
+
+ /**
+ * @return Returns the signedEncryptedSupportingToken.
+ */
+ public SupportingToken getSignedEncryptedSupportingTokens() {
+ return signedEncryptedSupportingTokens;
+ }
+
+ /**
+ * @param signedEncryptedSupportingTokens The signedEncryptedSupportingToken to set.
+ */
+ public void setSignedEncryptedSupportingTokens(SupportingToken signedEncryptedSupportingTokens) {
+ this.signedEncryptedSupportingTokens = signedEncryptedSupportingTokens;
+ }
+
+ /**
+ * @return Returns the supportingTokenList.
+ */
+ public Vector getSupportingTokensList() {
+ return supportingTokens;
+ }
+
+ public SupportingToken getSupportingTokens() {
+ if (supportingTokens.size() > 0) {
+ return (SupportingToken) supportingTokens.get(0);
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * @param encryptedSupportingTokens The encryptedSupportingToken to set.
+ */
+ public void setEncryptedSupportingTokens(SupportingToken encryptedSupportingTokens) {
+ this.encryptedSupportingTokens = encryptedSupportingTokens;
+ }
+
+ /**
+ * @return Returns the encryptedSupportingToken.
+ */
+ public SupportingToken getEncryptedSupportingTokens() {
+ return encryptedSupportingTokens;
+ }
+
+ /**
+ * @param endorsingSupportingTokens The endorsingSupportingToken to set.
+ */
+ public void setEndorsingSupportingTokens(SupportingToken endorsingSupportingTokens) {
+ this.endorsingSupportingTokens = endorsingSupportingTokens;
+ }
+
+ /**
+ * @return Returns the endorsingSupportingToken.
+ */
+ public SupportingToken getEndorsingSupportingTokens() {
+ return endorsingSupportingTokens;
+ }
+
+ /**
+ * @param endorsingEncryptedSupportingTokens The endorsingEncryptedSupportingToken to set.
+ */
+ public void setEndorsingEncryptedSupportingTokens(SupportingToken endorsingEncryptedSupportingTokens) {
+ this.endorsingEncryptedSupportingTokens = endorsingEncryptedSupportingTokens;
+ }
+
+ /**
+ * @return Returns the endorsingEncryptedSupportingToken.
+ */
+ public SupportingToken getEndorsingEncryptedSupportingTokens() {
+ return endorsingEncryptedSupportingTokens;
+ }
+
+ /**
+ * @return Returns the algorithmSuite.
+ */
+ public AlgorithmSuite getAlgorithmSuite() {
+ return algorithmSuite;
+ }
+
+ /**
+ * @param algorithmSuite The algorithmSuite to set.
+ */
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ /**
+ * @return Returns the trust10.
+ */
+ public Trust10 getTrust10() {
+ return trust10;
+ }
+
+ /**
+ * @param trust10 The trust10 to set.
+ */
+ public void setTrust10(Trust10 trust10) {
+ this.trust10 = trust10;
+ }
+
+ /**
+ * @param rampartConfig The rampartConfig to set.
+ */
+ public void setRampartConfig(RampartConfig rampartConfig) {
+ this.rampartConfig = rampartConfig;
+ }
+
+ /**
+ * @return Returns the transportBinding.
+ */
+ public boolean isTransportBinding() {
+ return transportBinding;
+ }
+
+ /**
+ * @param transportBinding The transportBinding to set.
+ */
+ public void setTransportBinding(boolean transportBinding) {
+ this.transportBinding = transportBinding;
+ }
+
+
+ /**
+ * Add the given token and id to the map.
+ * @param token
+ * @param id
+ */
+ public void setSupporttingtokenId(Token token, String id, int type) throws RampartException {
+
+ HashMap tokenMap = null;
+ switch (type) {
+ case SPConstants.SUPPORTING_TOKEN_SUPPORTING:
+ if(this.supportingTokensIdMap == null) {
+ this.supportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.supportingTokensIdMap;
+ break;
+
+ case SPConstants.SUPPORTING_TOKEN_SIGNED:
+ if(this.signedSupportingTokensIdMap == null) {
+ this.signedSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.signedSupportingTokensIdMap;
+ break;
+
+ case SPConstants.SUPPORTING_TOKEN_ENDORSING:
+ if(this.endorsingSupportingTokensIdMap == null) {
+ this.endorsingSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.endorsingSupportingTokensIdMap;
+ break;
+
+ case SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ if(this.signedEndorsingSupportingTokensIdMap == null) {
+ this.signedEndorsingSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.signedEndorsingSupportingTokensIdMap;
+ break;
+
+ default:
+ throw new RampartException("invalidSupportingVersionType",
+ new String[] { Integer.toString(type) });
+ }
+
+ tokenMap.put(token, id);
+ }
+
+ public String getSupportingTokenID(Token token, int type)
+ throws RampartException {
+ switch (type) {
+ case SPConstants.SUPPORTING_TOKEN_SUPPORTING:
+ if(this.supportingTokensIdMap != null) {
+ return (String)this.supportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case SPConstants.SUPPORTING_TOKEN_SIGNED:
+ if(this.signedSupportingTokensIdMap != null) {
+ return (String)this.signedSupportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case SPConstants.SUPPORTING_TOKEN_ENDORSING:
+ if(this.endorsingSupportingTokensIdMap != null) {
+ return (String)this.endorsingSupportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ if(this.signedEndorsingSupportingTokensIdMap == null) {
+ this.signedEndorsingSupportingTokensIdMap = new HashMap();
+ }
+ return null;
+
+ default:
+ throw new RampartException("invalidSupportingVersionType",
+ new String[] { Integer.toString(type) });
+ }
+ }
+
+ public Wss10 getWss10() {
+ return wss10;
+ }
+
+ public void setWss10(Wss10 wss10) {
+ this.wss10 = wss10;
+ }
+
+ public Wss11 getWss11() {
+ return wss11;
+ }
+
+ public void setWss11(Wss11 wss11) {
+ this.wss11 = wss11;
+ }
+
+ private void extractIssuerPolicy(Token token) {
+ if(token instanceof SecureConversationToken && this.issuerPolicy == null) {
+ this.issuerPolicy = ((SecureConversationToken)token).getBootstrapPolicy();
+ }
+ }
+
+ public Policy getIssuerPolicy() {
+ return issuerPolicy;
+ }
+
+ public void setMTOMAssertion(MTOMAssertion mtomAssertion){
+ this.mtomAssertion = mtomAssertion;
+ }
+
+ public MTOMAssertion getMTOMAssertion(){
+ return mtomAssertion;
+ }
+
+ public boolean isMTOMSerialize(){
+ if(mtomAssertion == null){
+ return false;
+ }
+ else if(mtomAssertion.isOptional()==false){
+ return true;
+ }
+ else
+ return false;
+ }
+
+ public OptimizePartsConfig getOptimizePartsConfig(){
+ return rampartConfig.getOptimizeParts();
+ }
+
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/SupportingPolicyData.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/SupportingPolicyData.java
new file mode 100644
index 0000000..6745fc4
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/SupportingPolicyData.java
@@ -0,0 +1,53 @@
+package org.apache.rampart.policy;
+
+import java.util.Iterator;
+
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.SupportingToken;
+
+public class SupportingPolicyData extends RampartPolicyData {
+
+ public void build(SupportingToken token) {
+
+ if (token.getSignedParts() != null) {
+ Iterator it = token.getSignedParts().getHeaders().iterator();
+ this.setSignBody(token.getSignedParts().isBody());
+ while (it.hasNext()) {
+ Header header = (Header) it.next();
+ this.addSignedPart(header.getNamespace(), header.getName());
+ }
+ }
+
+ if (token.getEncryptedParts() != null) {
+ Iterator it = token.getEncryptedParts().getHeaders().iterator();
+ this.setEncryptBody(token.getEncryptedParts().isBody());
+ while (it.hasNext()) {
+ Header header = (Header) it.next();
+ this.setEncryptedParts(header.getNamespace(), header.getName(),
+ "Header");
+ }
+ }
+
+ if (token.getSignedElements() != null) {
+ Iterator it = token.getSignedElements().getXPathExpressions()
+ .iterator();
+ while (it.hasNext()) {
+ this.setSignedElements((String) it.next());
+ }
+ this.addDeclaredNamespaces(token.getSignedElements()
+ .getDeclaredNamespaces());
+ }
+
+ if (token.getEncryptedElements() != null) {
+ Iterator it = token.getEncryptedElements().getXPathExpressions()
+ .iterator();
+ while (it.hasNext()) {
+ this.setEncryptedElements((String) it.next());
+ }
+ if (token.getSignedElements() == null) {
+ this.addDeclaredNamespaces(token.getEncryptedElements()
+ .getDeclaredNamespaces());
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java
new file mode 100644
index 0000000..82337d6
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy.builders;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.rampart.policy.model.CryptoConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+
+import javax.xml.namespace.QName;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+public class CryptoConfigBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ CryptoConfig cryptoCofig = new CryptoConfig();
+
+ OMAttribute attribute = element.getAttribute(new QName(CryptoConfig.PROVIDER_ATTR));
+ cryptoCofig.setProvider(attribute.getAttributeValue().trim());
+
+ OMAttribute cryptoKeyAttr = element.getAttribute(new QName(CryptoConfig.CRYPTO_KEY_ATTR));
+ if(cryptoKeyAttr != null){
+ cryptoCofig.setCryptoKey(cryptoKeyAttr.getAttributeValue().trim());
+ }
+
+ OMAttribute cacheRefreshIntAttr = element.getAttribute(new QName(CryptoConfig.CACHE_REFRESH_INTVL));
+ if(cacheRefreshIntAttr != null){
+ cryptoCofig.setCacheRefreshInterval(cacheRefreshIntAttr.getAttributeValue().trim());
+ }
+
+ Properties properties = new Properties();
+
+ OMElement childElement;
+ OMAttribute name;
+ String value;
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ /*
+ * In this senario we could have used
+ * element.getChildrenWithQName(USER); Unfortunately we can't do
+ * that due to a bug in this method. TODO Need to get it fixed
+ */
+
+ childElement = (OMElement) iterator.next();
+
+ QName prop = new QName(RampartConfig.NS, CryptoConfig.PROPERTY_LN);
+
+ if (prop.equals(childElement.getQName())) {
+ name = childElement.getAttribute(new QName(CryptoConfig.PROPERTY_NAME_ATTR));
+ value = childElement.getText();
+
+ properties.put(name.getAttributeValue(), value.trim());
+ }
+
+ }
+
+ cryptoCofig.setProp(properties);
+ return cryptoCofig;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {new QName(RampartConfig.NS, CryptoConfig.CRYPTO_LN)};
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/OptimizePartsBuilder.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/OptimizePartsBuilder.java
new file mode 100644
index 0000000..240a261
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/OptimizePartsBuilder.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.rampart.policy.model.OptimizePartsConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+
+/**
+ * OptimizePartsBuilder creates the OptimizePartsConfig
+ *
+ * This clase deserialize the following XML fragment inside the RampartConfig.
+ * Example
+<pre>
+<ramp:optimizeParts><br />
+<ramp:expressions><br />
+<ramp:expression>//ns1:data1</ramp:expression><br />
+<ramp:expression>//ns2:data2</ramp:expression><br />
+</ramp:expressions><br />
+ <ramp:namespaces><br />
+<nampespace uri="http://test1.com" prefix="ns1"/><br />
+<nampespace uri="http://test2.com" prefix="ns2"/><br />
+</ramp:namespaces><br />
+</ramp:optimizeParts>
+</pre>
+ * @see OptimizePartsConfig
+ */
+public class OptimizePartsBuilder implements AssertionBuilder{
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ OptimizePartsConfig assertion = new OptimizePartsConfig();
+ OMElement expressionsElem = element.getFirstChildWithName(new QName(RampartConfig.NS, OptimizePartsConfig.EXPRESSIONS_LN));
+
+ if(expressionsElem != null){
+ Iterator iterator = expressionsElem.getChildElements();
+ while(iterator.hasNext()){
+ OMElement elem = (OMElement)iterator.next();
+ String expression = elem.getText();
+ assertion.addExpression(expression);
+ }
+
+ }
+
+ OMElement nsElem = element.getFirstChildWithName(new QName(RampartConfig.NS, OptimizePartsConfig.NAMESPACES_LN));
+ if(nsElem != null){
+ Iterator iterator = nsElem.getChildElements();
+ while(iterator.hasNext()){
+ OMElement elem = (OMElement)iterator.next();
+ String namespace = elem.getText();
+ String prefix = elem.getAttributeValue(new QName("", OptimizePartsConfig.PREFIX_ATTR));
+ String uri = elem.getAttributeValue(new QName("", OptimizePartsConfig.URI_ATTR));
+ assertion.addNamespaces(prefix, uri);
+ }
+
+ }
+ return assertion;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {new QName(RampartConfig.NS, OptimizePartsConfig.OPTIMIZE_PARTS_LN)};
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
new file mode 100644
index 0000000..08c6947
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy.builders;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.rampart.policy.model.CryptoConfig;
+import org.apache.rampart.policy.model.OptimizePartsConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.policy.model.SSLConfig;
+
+public class RampartConfigBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ RampartConfig rampartConfig = new RampartConfig();
+
+ OMElement childElement;
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.USER_LN));
+ if (childElement != null) {
+ rampartConfig.setUser(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.USER_CERT_ALIAS_LN));
+ if (childElement != null) {
+ rampartConfig.setUserCertAlias(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.ENCRYPTION_USER_LN));
+ if (childElement != null) {
+ rampartConfig.setEncryptionUser(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.STS_ALIAS_LN));
+ if (childElement != null) {
+ rampartConfig.setStsAlias(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.PW_CB_CLASS_LN));
+ if (childElement != null) {
+ rampartConfig.setPwCbClass(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.POLICY_VALIDATOR_CB_CLASS_LN));
+ if (childElement != null) {
+ rampartConfig.setPolicyValidatorCbClass(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.RAMPART_CONFIG_CB_CLASS_LN));
+ if (childElement != null) {
+ rampartConfig.setRampartConfigCbClass(childElement.getText().trim());
+ }
+
+ // handle ssl config
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.SSL_CONFIG));
+ if (childElement != null) {
+ SSLConfig sslConfig = (SSLConfig)new SSLConfigBuilder().
+ build(childElement,
+ factory);
+ rampartConfig.setSSLConfig(sslConfig);
+
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.SIG_CRYPTO_LN));
+ if (childElement != null) {
+ rampartConfig.setSigCryptoConfig((CryptoConfig) factory
+ .build(childElement.getFirstElement()));
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.ENCR_CRYPTO_LN));
+ if (childElement != null) {
+ rampartConfig.setEncrCryptoConfig((CryptoConfig) factory
+ .build(childElement.getFirstElement()));
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.STS_CRYPTO_LN));
+ if (childElement != null) {
+ rampartConfig.setStsCryptoConfig((CryptoConfig) factory
+ .build(childElement.getFirstElement()));
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.TS_PRECISION_IN_MS_LN));
+ if (childElement != null) {
+ rampartConfig.setTimestampPrecisionInMilliseconds(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.TS_TTL_LN));
+ if (childElement != null) {
+ rampartConfig.setTimestampTTL(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.TS_MAX_SKEW_LN));
+ if (childElement != null) {
+ rampartConfig.setTimestampMaxSkew(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.OPTIMISE_PARTS));
+ if (childElement != null) {
+ OptimizePartsConfig config = (OptimizePartsConfig)new OptimizePartsBuilder().
+ build(childElement, factory);
+ rampartConfig.setOptimizeParts(config);
+ }
+
+ return rampartConfig;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {new QName(RampartConfig.NS, RampartConfig.RAMPART_CONFIG_LN)};
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/SSLConfigBuilder.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/SSLConfigBuilder.java
new file mode 100644
index 0000000..d124b7d
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/SSLConfigBuilder.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy.builders;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.policy.model.SSLConfig;
+
+import javax.xml.namespace.QName;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+public class SSLConfigBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ SSLConfig sslCofig = new SSLConfig();
+ Properties properties = new Properties();
+ OMElement childElement;
+ OMAttribute name;
+ String value;
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+
+ childElement = (OMElement) iterator.next();
+
+ QName prop = new QName(RampartConfig.NS, SSLConfig.PROPERTY_LN);
+
+ if (prop.equals(childElement.getQName())) {
+ name = childElement.getAttribute(new QName(SSLConfig.PROPERTY_NAME_ATTR));
+ value = childElement.getText();
+
+ //setting the jsse properties to the vm
+ System.setProperty(name.getAttributeValue(), value);
+
+ properties.put(name.getAttributeValue(), value.trim());
+ }
+
+ }
+ sslCofig.setProp(properties);
+
+ return sslCofig;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {new QName(RampartConfig.NS, SSLConfig.SSL_LN)};
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java
new file mode 100644
index 0000000..f40694a
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy.model;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+/**
+ * Policy model bean to capture crypto information.
+ *
+ * Example:
+<pre>
+<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="keystoreType">JKS</ramp:property>
+ <ramp:property name="keystoreFile">/path/to/file.jks</ramp:property>
+ <ramp:property name="keystorePassword">password</ramp:property>
+</ramp:crypto>
+</pre>
+ */
+public class CryptoConfig implements Assertion {
+
+ public final static String CRYPTO_LN = "crypto";
+ public final static String PROVIDER_ATTR = "provider";
+ public final static String PROPERTY_LN = "property";
+ public final static String PROPERTY_NAME_ATTR = "name";
+ public final static String CRYPTO_KEY_ATTR = "cryptoKey";
+ public final static String CACHE_REFRESH_INTVL = "cacheRefreshInterval";
+
+ private String provider;
+ private String cryptoKey;
+ private String cacheRefreshInterval;
+
+ public String getCryptoKey() {
+ return cryptoKey;
+ }
+
+ public void setCryptoKey(String cryptoKey) {
+ this.cryptoKey = cryptoKey;
+ }
+
+ public String getCacheRefreshInterval() {
+ return cacheRefreshInterval;
+ }
+
+ public void setCacheRefreshInterval(String cacheRefreshInterval) {
+ this.cacheRefreshInterval = cacheRefreshInterval;
+ }
+
+ private Properties prop;
+
+ public Properties getProp() {
+ return prop;
+ }
+ public void setProp(Properties prop) {
+ this.prop = prop;
+ }
+ public String getProvider() {
+ return provider;
+ }
+ public void setProvider(String provider) {
+ this.provider = provider;
+ }
+
+ public QName getName() {
+ return new QName(RampartConfig.NS, CRYPTO_LN);
+ }
+
+ public boolean isOptional() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public PolicyComponent normalize() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = writer.getPrefix(RampartConfig.NS);
+
+ if (prefix == null) {
+ prefix = RampartConfig.NS;
+ writer.setPrefix(prefix, RampartConfig.NS);
+ }
+
+ writer.writeStartElement(prefix, CRYPTO_LN, RampartConfig.NS);
+
+ if (getProvider() != null) {
+ writer.writeAttribute(PROVIDER_ATTR, getProvider());
+ }
+
+ if(getCryptoKey() != null){
+ writer.writeAttribute(CRYPTO_KEY_ATTR, getCryptoKey());
+ }
+
+ if(getCacheRefreshInterval() != null){
+ writer.writeAttribute(CACHE_REFRESH_INTVL, getCacheRefreshInterval());
+ }
+
+
+
+ String key;
+ String value;
+
+ for (Iterator iterator = prop.keySet().iterator(); iterator.hasNext();) {
+ key = (String) iterator.next();
+ value = prop.getProperty(key);
+ writer.writeStartElement(RampartConfig.NS, PROPERTY_LN);
+
+ writer.writeAttribute("name", key);
+
+ writer.writeCharacters(value);
+ writer.writeEndElement();
+ }
+
+ writer.writeEndElement();
+ }
+
+ public boolean equal(PolicyComponent policyComponent) {
+ throw new UnsupportedOperationException();
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
new file mode 100644
index 0000000..dd6128a
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy.model;
+
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+
+public class OptimizePartsConfig implements Assertion{
+
+ public final static String OPTIMIZE_PARTS_LN = RampartConfig.OPTIMISE_PARTS;
+ public final static String EXPRESSIONS_LN = "expressions";
+ public final static String EXPRESSION_LN = "expression";
+ public final static String NAMESPACES_LN = "namespaces";
+ public final static String NAMESPACE_LN = "namespace";
+ public final static String URI_ATTR = "uri";
+ public final static String PREFIX_ATTR = "prefix";
+
+ private Map namespaces = null;
+ private Vector expressions = null;
+
+ public OptimizePartsConfig(){
+ namespaces = new HashMap();
+ expressions = new Vector();
+ }
+
+ public void addExpression(String expression){
+ expressions.add(expression);
+ }
+
+ public void addNamespaces(String prefix, String ns){
+ namespaces.put(prefix, ns);
+ }
+
+ public Vector getExpressions() {
+ return expressions;
+ }
+
+ public Map getNamespaces() {
+ return namespaces;
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+ public QName getName() {
+ return new QName(RampartConfig.NS, OPTIMIZE_PARTS_LN);
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = writer.getPrefix(RampartConfig.NS);
+
+ if (prefix == null) {
+ prefix = RampartConfig.NS;
+ writer.setPrefix(prefix, RampartConfig.NS);
+ }
+
+ writer.writeStartElement(RampartConfig.NS, OPTIMIZE_PARTS_LN);
+
+ if((expressions != null) && (expressions.size()>0)){
+ writer.writeStartElement(RampartConfig.NS, EXPRESSIONS_LN);
+ Iterator ite = expressions.iterator();
+ while(ite.hasNext()){
+ writer.writeStartElement(RampartConfig.NS, EXPRESSION_LN);
+ String exp = (String)ite.next();
+ writer.writeCharacters(exp);
+ writer.writeEndElement();
+ }
+ writer.writeEndElement();
+ }
+
+ if((namespaces != null) && (namespaces.size()>0)){
+ writer.writeStartElement(RampartConfig.NS, NAMESPACES_LN);
+ Iterator ite = namespaces.keySet().iterator();
+ while(ite.hasNext()){
+ String strPrefix = (String)ite.next();
+ String strURI = (String) namespaces.get(strPrefix);
+ writer.writeAttribute(URI_ATTR , strURI);
+ writer.writeAttribute(PREFIX_ATTR, strPrefix);
+ writer.writeEndElement();
+ }
+ writer.writeEndElement();
+ }
+ writer.writeEndElement();
+ }
+
+ public PolicyComponent normalize() {
+ //TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public boolean isOptional() {
+ throw new UnsupportedOperationException("Not relevant");
+ }
+
+ public boolean equal(PolicyComponent arg0) {
+ throw new UnsupportedOperationException("Not relevant");
+ }
+
+
+
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
new file mode 100644
index 0000000..8526108
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
@@ -0,0 +1,430 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy.model;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * Rampart policy model bean to capture Rampart configuration assertion info.
+ *
+ * Example:
+ *
+ * <pre>
+ * <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ * <ramp:user>alice</ramp:user>
+ * <ramp:encryptionUser>bob</ramp:encryptionUser>
+ * <ramp:passwordCallbackClass>org.apache.axis2.security.PWCallback</ramp:passwordCallbackClass>
+ * <ramp:policyValidatorCbClass>org.apache.axis2.security.ramp:PolicyValidatorCallbackHandler</ramp:policyValidatorCbClass>
+ * <ramp:timestampPrecisionInMilliseconds>true</timestampPrecisionInMilliseconds>
+ * <ramp:timestampTTL>300</ramp:timestampTTL>
+ * <ramp:timestampMaxSkew>0</ramp:timestampMaxSkew>
+ * <ramp:tokenStoreClass>org.apache.rahas.StorageImpl</ramp:tokenStoreClass>
+ *
+ * <ramp:signatureCrypto>
+ * <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ * <ramp:property name="keystoreType">JKS</ramp:property>
+ * <ramp:property name="keystoreFile">/path/to/file.jks</ramp:property>
+ * <ramp:property name="keystorePassword">password</ramp:property>
+ * </ramp:crypto>
+ * </ramp:signatureCrypto>
+ *
+ * <ramp:tokenIssuerPolicy>
+ * <wsp:Policy>
+ * ....
+ * ....
+ * </wsp:Policy>
+ * </ramp:tokenIssuerPolicy>
+ * </ramp:RampartConfig>
+ *
+ * </pre>
+ *
+ */
+public class RampartConfig implements Assertion {
+
+ public static final boolean DEFAULT_TIMESTAMP_PRECISION_IN_MS = true;
+
+ public static final int DEFAULT_TIMESTAMP_TTL = 300;
+
+ public static final int DEFAULT_TIMESTAMP_MAX_SKEW = 300;
+
+ public final static String NS = "http://ws.apache.org/rampart/policy";
+
+ public final static String PREFIX = "rampart";
+
+ public final static String RAMPART_CONFIG_LN = "RampartConfig";
+
+ public final static String USER_LN = "user";
+
+ public final static String USER_CERT_ALIAS_LN = "userCertAlias";
+
+ public final static String ENCRYPTION_USER_LN = "encryptionUser";
+
+ public final static String STS_ALIAS_LN = "stsAlias";
+
+ public final static String PW_CB_CLASS_LN = "passwordCallbackClass";
+
+ public final static String POLICY_VALIDATOR_CB_CLASS_LN = "policyValidatorCbClass";
+
+ public final static String RAMPART_CONFIG_CB_CLASS_LN = "rampartConfigCallbackClass";
+
+ public final static String SIG_CRYPTO_LN = "signatureCrypto";
+
+ public final static String ENCR_CRYPTO_LN = "encryptionCrypto";
+
+ public final static String DEC_CRYPTO_LN = "decryptionCrypto";
+
+ public final static String STS_CRYPTO_LN = "stsCrypto";
+
+ public final static String TS_PRECISION_IN_MS_LN = "timestampPrecisionInMilliseconds";
+
+ public final static String TS_TTL_LN = "timestampTTL";
+
+ public final static String TS_MAX_SKEW_LN = "timestampMaxSkew";
+
+ public final static String TOKEN_STORE_CLASS_LN = "tokenStoreClass";
+
+ public final static String OPTIMISE_PARTS = "optimizeParts";
+
+ public final static String SSL_CONFIG = "sslConfig";
+
+ private String user;
+
+ private String userCertAlias;
+
+ private String encryptionUser;
+
+ private String stsAlias;
+
+ private String pwCbClass;
+
+ private String policyValidatorCbClass;
+
+ private String rampartConfigCbClass;
+
+ private CryptoConfig sigCryptoConfig;
+
+ private CryptoConfig encrCryptoConfig;
+
+ private CryptoConfig decCryptoConfig;
+
+ private CryptoConfig stsCryptoConfig;
+
+ private String timestampPrecisionInMilliseconds = Boolean.toString(DEFAULT_TIMESTAMP_PRECISION_IN_MS);
+
+ private String timestampTTL = Integer.toString(DEFAULT_TIMESTAMP_TTL);
+
+ private String timestampMaxSkew = Integer.toString(DEFAULT_TIMESTAMP_MAX_SKEW);
+
+ private OptimizePartsConfig optimizeParts;
+
+ private String tokenStoreClass;
+
+ private SSLConfig sslConfig;
+
+ public SSLConfig getSSLConfig() {
+ return sslConfig;
+ }
+
+ public void setSSLConfig(SSLConfig sslConfig) {
+ this.sslConfig = sslConfig;
+ }
+
+
+ /**
+ * @return Returns the tokenStoreClass.
+ */
+ public String getTokenStoreClass() {
+ return tokenStoreClass;
+ }
+
+ /**
+ * @param tokenStoreClass
+ * The tokenStoreClass to set.
+ */
+ public void setTokenStoreClass(String tokenStoreClass) {
+ this.tokenStoreClass = tokenStoreClass;
+ }
+
+ public CryptoConfig getDecCryptoConfig() {
+ return decCryptoConfig;
+ }
+
+ public void setDecCryptoConfig(CryptoConfig decCrypto) {
+ this.decCryptoConfig = decCrypto;
+ }
+
+ public CryptoConfig getEncrCryptoConfig() {
+ return encrCryptoConfig;
+ }
+
+ public void setEncrCryptoConfig(CryptoConfig encrCrypto) {
+ this.encrCryptoConfig = encrCrypto;
+ }
+
+ public String getEncryptionUser() {
+ return encryptionUser;
+ }
+
+ public void setEncryptionUser(String encryptionUser) {
+ this.encryptionUser = encryptionUser;
+ }
+
+ public String getPwCbClass() {
+ return pwCbClass;
+ }
+
+ public void setPwCbClass(String pwCbClass) {
+ this.pwCbClass = pwCbClass;
+ }
+
+ public String getPolicyValidatorCbClass() {
+ return this.policyValidatorCbClass;
+ }
+
+ public void setPolicyValidatorCbClass(String policyValidatorCbClass) {
+ this.policyValidatorCbClass = policyValidatorCbClass;
+ }
+
+ public String getRampartConfigCbClass() {
+ return rampartConfigCbClass;
+ }
+
+ public void setRampartConfigCbClass(String rampartConfigCbClass) {
+ this.rampartConfigCbClass = rampartConfigCbClass;
+ }
+
+ public CryptoConfig getSigCryptoConfig() {
+ return sigCryptoConfig;
+ }
+
+ public void setSigCryptoConfig(CryptoConfig sigCryptoConfig) {
+ this.sigCryptoConfig = sigCryptoConfig;
+ }
+
+ public String getUser() {
+ return user;
+ }
+
+ public void setUser(String user) {
+ this.user = user;
+ }
+
+ public String getUserCertAlias() {
+ return userCertAlias;
+ }
+
+ public void setUserCertAlias(String userCertAlias) {
+ this.userCertAlias = userCertAlias;
+ }
+
+ public QName getName() {
+ return new QName(NS, RAMPART_CONFIG_LN);
+ }
+
+ public boolean isOptional() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public PolicyComponent normalize() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = writer.getPrefix(NS);
+
+ if (prefix == null) {
+ prefix = PREFIX;
+ writer.setPrefix(PREFIX, NS);
+ }
+
+ writer.writeStartElement(PREFIX, RAMPART_CONFIG_LN, NS);
+ writer.writeNamespace(prefix, NS);
+
+ if (getUser() != null) {
+ writer.writeStartElement(NS, USER_LN);
+ writer.writeCharacters(getUser());
+ writer.writeEndElement();
+ }
+
+ if (getUserCertAlias() != null) {
+ writer.writeStartElement(NS, USER_CERT_ALIAS_LN);
+ writer.writeCharacters(getUserCertAlias());
+ writer.writeEndElement();
+ }
+
+ if (getEncryptionUser() != null) {
+ writer.writeStartElement(NS, ENCRYPTION_USER_LN);
+ writer.writeCharacters(getEncryptionUser());
+ writer.writeEndElement();
+ }
+
+ if (getStsAlias() != null ) {
+ writer.writeStartElement(NS, STS_ALIAS_LN);
+ writer.writeCharacters(getStsAlias());
+ writer.writeEndElement();
+ }
+
+ if (getPwCbClass() != null) {
+ writer.writeStartElement(NS, PW_CB_CLASS_LN);
+ writer.writeCharacters(getPwCbClass());
+ writer.writeEndElement();
+ }
+
+ if (getPolicyValidatorCbClass() != null) {
+ writer.writeStartElement(NS, POLICY_VALIDATOR_CB_CLASS_LN);
+ writer.writeCharacters(getPolicyValidatorCbClass());
+ writer.writeEndElement();
+ }
+
+ if (getRampartConfigCbClass() != null) {
+ writer.writeStartElement(NS, RAMPART_CONFIG_CB_CLASS_LN);
+ writer.writeCharacters(getRampartConfigCbClass());
+ writer.writeEndElement();
+ }
+
+ if (getTimestampPrecisionInMilliseconds() != null) {
+ writer.writeStartElement(NS, TS_PRECISION_IN_MS_LN);
+ writer.writeCharacters(getTimestampPrecisionInMilliseconds());
+ writer.writeEndElement();
+ }
+
+ if (getTimestampTTL() != null) {
+ writer.writeStartElement(NS, TS_TTL_LN);
+ writer.writeCharacters(getTimestampTTL());
+ writer.writeEndElement();
+ }
+
+ if (getTimestampMaxSkew() != null) {
+ writer.writeStartElement(NS, TS_MAX_SKEW_LN);
+ writer.writeCharacters(getTimestampMaxSkew());
+ writer.writeEndElement();
+ }
+
+ if (getTokenStoreClass() != null) {
+ writer.writeStartElement(NS, TOKEN_STORE_CLASS_LN);
+ writer.writeCharacters(getTokenStoreClass());
+ writer.writeEndElement();
+ }
+
+ if (encrCryptoConfig != null) {
+ writer.writeStartElement(NS, ENCR_CRYPTO_LN);
+ encrCryptoConfig.serialize(writer);
+ writer.writeEndElement();
+
+ }
+
+ if (decCryptoConfig != null) {
+ writer.writeStartElement(NS, DEC_CRYPTO_LN);
+ decCryptoConfig.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ if(stsCryptoConfig != null) {
+ writer.writeStartElement(NS, STS_CRYPTO_LN);
+ stsCryptoConfig.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ if (sigCryptoConfig != null) {
+ writer.writeStartElement(NS, SIG_CRYPTO_LN);
+ sigCryptoConfig.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ writer.writeEndElement();
+
+ }
+
+ public boolean equal(PolicyComponent policyComponent) {
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+ public String getTimestampPrecisionInMilliseconds() {
+ return timestampPrecisionInMilliseconds;
+ }
+
+ public void setTimestampPrecisionInMilliseconds(String timestampPrecisionInMilliseconds) {
+ this.timestampPrecisionInMilliseconds = timestampPrecisionInMilliseconds;
+ }
+
+ /**
+ * @return Returns the timestampTTL.
+ */
+ public String getTimestampTTL() {
+ return timestampTTL;
+ }
+
+ /**
+ * @param timestampTTL
+ * The timestampTTL to set.
+ */
+ public void setTimestampTTL(String timestampTTL) {
+ this.timestampTTL = timestampTTL;
+ }
+
+ /**
+ * @return Returns the timestampMaxSkew.
+ */
+ public String getTimestampMaxSkew() {
+ return timestampMaxSkew;
+ }
+
+ /**
+ * @param timestampMaxSkew
+ * The timestampMaxSkew to set.
+ */
+ public void setTimestampMaxSkew(String timestampMaxSkew) {
+ this.timestampMaxSkew = timestampMaxSkew;
+ }
+
+ public OptimizePartsConfig getOptimizeParts() {
+ return optimizeParts;
+ }
+
+ public void setOptimizeParts(OptimizePartsConfig optimizeParts) {
+ this.optimizeParts = optimizeParts;
+ }
+
+ public String getStsAlias() {
+ return stsAlias;
+ }
+
+ public void setStsAlias(String stsAlias) {
+ this.stsAlias = stsAlias;
+ }
+
+ public CryptoConfig getStsCryptoConfig() {
+ return stsCryptoConfig;
+ }
+
+ public void setStsCryptoConfig(CryptoConfig stsCryptoConfig) {
+ this.stsCryptoConfig = stsCryptoConfig;
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/SSLConfig.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/SSLConfig.java
new file mode 100644
index 0000000..c293c5c
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/SSLConfig.java
@@ -0,0 +1,75 @@
+package org.apache.rampart.policy.model;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+public class SSLConfig implements Assertion{
+ public final static String SSL_LN = RampartConfig.SSL_CONFIG;
+ public final static String PROPERTY_LN = "property";
+ public final static String PROPERTY_NAME_ATTR = "name";
+
+ private Properties prop;
+
+ public Properties getProp() {
+ return prop;
+ }
+ public void setProp(Properties prop) {
+ this.prop = prop;
+ }
+
+ public PolicyComponent normalize() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public QName getName() {
+ return new QName(RampartConfig.NS, SSL_LN);
+ }
+
+ public boolean isOptional() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = writer.getPrefix(RampartConfig.NS);
+
+ if (prefix == null) {
+ prefix = RampartConfig.NS;
+ writer.setPrefix(prefix, RampartConfig.NS);
+ }
+
+ String key;
+ String value;
+
+ for (Iterator iterator = prop.keySet().iterator(); iterator.hasNext();) {
+ key = (String) iterator.next();
+ value = prop.getProperty(key);
+ writer.writeStartElement(RampartConfig.NS, PROPERTY_LN);
+
+ writer.writeAttribute("name", key);
+
+ writer.writeCharacters(value);
+ writer.writeEndElement();
+ }
+
+ writer.writeEndElement();
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+ public boolean equal(PolicyComponent policyComponent) {
+ throw new UnsupportedOperationException();
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
new file mode 100644
index 0000000..5082f14
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
@@ -0,0 +1,296 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.util;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPFactory;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
+import org.apache.axiom.soap.impl.dom.SOAPHeaderBlockImpl;
+import org.apache.axiom.soap.impl.dom.factory.DOMSOAPFactory;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.stream.FactoryConfigurationError;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamReader;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.util.ArrayList;
+import java.util.Iterator;
+
+/**
+ * Utility class for the Axis2-WSS4J Module
+ */
+public class Axis2Util {
+
+ private static ThreadLocal doomTacker = new ThreadLocal();
+
+ public static boolean isUseDOOM() {
+ Object value = doomTacker.get();
+ return (value != null);
+ }
+
+ public static void useDOOM(boolean isDOOMRequired) {
+//TODO Enable this when we have DOOM fixed to be able to flow in and out of Axis2
+// if(isDOOMRequired) {
+// if(!isUseDOOM()) {
+// System.setProperty(OMAbstractFactory.SOAP11_FACTORY_NAME_PROPERTY, SOAP11Factory.class.getName());
+// System.setProperty(OMAbstractFactory.SOAP12_FACTORY_NAME_PROPERTY, SOAP12Factory.class.getName());
+// System.setProperty(OMAbstractFactory.OM_FACTORY_NAME_PROPERTY, OMDOMFactory.class.getName());
+// doomTacker.set(new Object());
+// }
+// } else {
+// System.getProperties().remove(OMAbstractFactory.SOAP11_FACTORY_NAME_PROPERTY);
+// System.getProperties().remove(OMAbstractFactory.SOAP12_FACTORY_NAME_PROPERTY);
+// System.getProperties().remove(OMAbstractFactory.OM_FACTORY_NAME_PROPERTY);
+// doomTacker.set(null);
+// }
+ }
+
+
+ /**
+ * Creates a DOM Document using the SOAP Envelope.
+ * @param env An org.apache.axiom.soap.SOAPEnvelope instance
+ * @return Returns the DOM Document of the given SOAP Envelope.
+ * @throws Exception
+ */
+ public static Document getDocumentFromSOAPEnvelope(SOAPEnvelope env, boolean useDoom)
+ throws WSSecurityException {
+ try {
+ if(env instanceof Element) {
+ return ((Element)env).getOwnerDocument();
+ }
+
+ if (useDoom) {
+ env.build();
+
+ // Workaround to prevent a bug in AXIOM where
+ // there can be an incomplete OMElement as the first child body
+ OMElement firstElement = env.getBody().getFirstElement();
+ if (firstElement != null) {
+ firstElement.build();
+ }
+
+ //Get processed headers
+ SOAPHeader soapHeader = env.getHeader();
+ ArrayList processedHeaderQNames = new ArrayList();
+ if(soapHeader != null) {
+ Iterator headerBlocs = soapHeader.getChildElements();
+ while (headerBlocs.hasNext()) {
+ SOAPHeaderBlock element = (SOAPHeaderBlock) headerBlocs.next();
+ if(element.isProcessed()) {
+ processedHeaderQNames.add(element.getQName());
+ }
+ }
+ }
+
+ // Check the namespace and find SOAP version and factory
+ String nsURI = null;
+ SOAPFactory factory;
+ if (env.getNamespace().getNamespaceURI().equals(
+ SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
+ nsURI = SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+ factory = DOOMAbstractFactory.getSOAP11Factory();
+ } else {
+ nsURI = SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+ factory = DOOMAbstractFactory.getSOAP12Factory();
+ }
+
+ StAXSOAPModelBuilder stAXSOAPModelBuilder = new StAXSOAPModelBuilder(
+ env.getXMLStreamReader(), factory, nsURI);
+ SOAPEnvelope envelope = (stAXSOAPModelBuilder)
+ .getSOAPEnvelope();
+ ((OMNode) envelope.getParent()).build();
+
+ //Set the processed flag of the processed headers
+ SOAPHeader header = envelope.getHeader();
+ for (Iterator iter = processedHeaderQNames.iterator(); iter
+ .hasNext();) {
+ QName name = (QName) iter.next();
+ Iterator omKids = header.getChildrenWithName(name);
+ if(omKids.hasNext()) {
+ ((SOAPHeaderBlock)omKids.next()).setProcessed();
+ }
+ }
+
+ Element envElem = (Element) envelope;
+ return envElem.getOwnerDocument();
+ } else {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ env.build();
+ env.serialize(baos);
+ ByteArrayInputStream bais = new ByteArrayInputStream(baos
+ .toByteArray());
+ DocumentBuilderFactory factory = DocumentBuilderFactory
+ .newInstance();
+ factory.setNamespaceAware(true);
+ return factory.newDocumentBuilder().parse(bais);
+ }
+ } catch (Exception e) {
+ throw new WSSecurityException(
+ "Error in converting SOAP Envelope to Document", e);
+ }
+ }
+
+
+ public static SOAPEnvelope getSOAPEnvelopeFromDOMDocument(Document doc, boolean useDoom)
+ throws WSSecurityException {
+
+ if(useDoom) {
+ try {
+ //Get processed headers
+ SOAPEnvelope env = (SOAPEnvelope)doc.getDocumentElement();
+ ArrayList processedHeaderQNames = new ArrayList();
+ SOAPHeader soapHeader = env.getHeader();
+
+ if(soapHeader != null) {
+ Iterator headerBlocs = soapHeader.getChildElements();
+ while (headerBlocs.hasNext()) {
+
+ OMElement element = (OMElement)headerBlocs.next();
+ SOAPHeaderBlock header = null;
+
+ if (element instanceof SOAPHeaderBlock) {
+ header = (SOAPHeaderBlock) element;
+
+ // If a header block is not an instance of SOAPHeaderBlock, it means that
+ // it is a header we have added in rampart eg. EncryptedHeader and should
+ // be converted to SOAPHeaderBlock for processing
+ } else {
+ header = soapHeader.addHeaderBlock(element.getLocalName(), element.getNamespace());
+ Iterator attrIter = element.getAllAttributes();
+ while (attrIter.hasNext()) {
+ OMAttribute attr = (OMAttribute)attrIter.next();
+ header.addAttribute(attr.getLocalName(), attr.getAttributeValue(), attr.getNamespace());
+ }
+ Iterator nsIter = element.getAllDeclaredNamespaces();
+ while (nsIter.hasNext()) {
+ OMNamespace ns = (OMNamespace) nsIter.next();
+ header.declareNamespace(ns);
+ }
+ Iterator children = element.getChildElements();
+ while (children.hasNext()) {
+ OMNode child = (OMNode)children.next();
+ child.detach();
+ header.addChild(child);
+ }
+
+ element.detach();
+
+ soapHeader.build();
+
+ header.setProcessed();
+
+ }
+
+ if(header.isProcessed()) {
+ processedHeaderQNames.add(element.getQName());
+ }
+ }
+
+ }
+ XMLStreamReader reader = ((OMElement) doc.getDocumentElement())
+ .getXMLStreamReader();
+ StAXSOAPModelBuilder stAXSOAPModelBuilder = new StAXSOAPModelBuilder(
+ reader, null);
+ SOAPEnvelope envelope = stAXSOAPModelBuilder.getSOAPEnvelope();
+
+ //Set the processed flag of the processed headers
+ SOAPHeader header = envelope.getHeader();
+ for (Iterator iter = processedHeaderQNames.iterator(); iter
+ .hasNext();) {
+ QName name = (QName) iter.next();
+ Iterator omKids = header.getChildrenWithName(name);
+ if(omKids.hasNext()) {
+ ((SOAPHeaderBlock)omKids.next()).setProcessed();
+ }
+ }
+
+ envelope.build();
+
+ return envelope;
+
+ } catch (FactoryConfigurationError e) {
+ throw new WSSecurityException(e.getMessage());
+ }
+ } else {
+ try {
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ XMLUtils.outputDOM(doc.getDocumentElement(), os, true);
+ ByteArrayInputStream bais = new ByteArrayInputStream(os.toByteArray());
+
+ StAXSOAPModelBuilder stAXSOAPModelBuilder = new StAXSOAPModelBuilder(XMLInputFactory.newInstance().createXMLStreamReader(bais), null);
+ return stAXSOAPModelBuilder.getSOAPEnvelope();
+ } catch (Exception e) {
+ throw new WSSecurityException(e.getMessage());
+ }
+ }
+ }
+
+
+ /**
+ * Provides the appropriate key to pickup config params from the message context.
+ * This is acutally used when the outflow handler (WSDoAllSender)
+ * is repeated n number of times.
+ * @param originalKey The default key
+ * @param inHandler Whether the handler is the inflow handler or not
+ * @param repetition The current repetition number
+ * @return Returns the key to be used internally in the security module to pick
+ * up the config params.
+ */
+ public static String getKey(String originalKey, boolean inHandler, int repetition) {
+
+ if(repetition > 0 && !inHandler &&
+ !originalKey.equals(WSSHandlerConstants.OUTFLOW_SECURITY)&&
+ !originalKey.equals(WSSHandlerConstants.SENDER_REPEAT_COUNT)) {
+
+ return originalKey + repetition;
+ }
+ return originalKey;
+ }
+
+ /**
+ * This will build a DOOM Element that is of the same <code>Document</code>
+ * @param factory
+ * @param element
+ * @return
+ */
+ public static OMElement toDOOM(OMFactory factory, OMElement element){
+ StAXOMBuilder builder = new StAXOMBuilder(factory, element.getXMLStreamReader());
+ OMElement elem = builder.getDocumentElement();
+ elem.build();
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java
new file mode 100644
index 0000000..92a8f69
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java
@@ -0,0 +1,292 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.util;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import javax.xml.namespace.QName;
+
+import java.util.Iterator;
+
+/**
+ * This is used to process the security parameters from the configuration files
+ *
+ * Example: <code>
+ <br>
+
+ </code>
+ *
+ */
+public class HandlerParameterDecoder {
+
+ /**
+ *
+ * @param msgCtx
+ * @param inflow
+ * @throws WSSecurityException
+ */
+ public static void processParameters(MessageContext msgCtx, boolean inflow)
+ throws Exception {
+ Parameter inFlowSecParam;
+ Parameter outFlowSecParam;
+
+ if(msgCtx.isServerSide()){
+ inFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.INFLOW_SECURITY_SERVER);
+ outFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.OUTFLOW_SECURITY_SERVER);
+ }else{
+ inFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.INFLOW_SECURITY_CLIENT);
+ outFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.OUTFLOW_SECURITY_CLIENT);
+ }
+
+ //TODO: check whether policy is available
+ if(inFlowSecParam == null){
+ inFlowSecParam = (Parameter)msgCtx.getProperty(WSSHandlerConstants.INFLOW_SECURITY);
+ }
+
+ if(outFlowSecParam == null){
+ outFlowSecParam = (Parameter)msgCtx.getProperty(WSSHandlerConstants.OUTFLOW_SECURITY);
+ }
+
+ //If the configs are not available in the file
+ if(inFlowSecParam == null) {
+ inFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.INFLOW_SECURITY);
+ }
+ if(outFlowSecParam == null) {
+ outFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.OUTFLOW_SECURITY);
+ }
+
+ int repetitionCount = -1;
+
+ /*
+ * Populate the inflow parameters
+ */
+ if (inFlowSecParam != null && inflow) {
+ OMElement inFlowParamElem = inFlowSecParam.getParameterElement();
+
+ OMElement actionElem = inFlowParamElem
+ .getFirstChildWithName(new QName(WSSHandlerConstants.ACTION));
+ if (actionElem == null) {
+ throw new Exception(
+ "Inflow configuration must contain an 'action' "
+ + "elements the child of 'InflowSecurity' element");
+ }
+
+ Iterator childElements = actionElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+ msgCtx.setProperty(element.getLocalName(), element.getText().trim());
+ }
+
+ }
+
+ /*
+ * Populate the outflow parameters
+ */
+ if (outFlowSecParam != null && !inflow) {
+ OMElement outFlowParamElem = outFlowSecParam.getParameterElement();
+
+ Iterator childElements = outFlowParamElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+
+ if(!element.getLocalName().equals(WSSHandlerConstants.ACTION)) {
+ throw new Exception(
+ "Alian element '"
+ + element.getLocalName()
+ + "' in the 'OutFlowSecurity' element, "
+ + "only 'action' elements can be present");
+ }
+
+ boolean signAllHeaders = false;
+ boolean signBody = false;
+ boolean encryptBody = false;
+
+ repetitionCount++;
+ Iterator paramElements = element.getChildElements();
+ while (paramElements.hasNext()) {
+ OMElement elem = (OMElement) paramElements.next();
+ String localName = elem.getLocalName();
+ String text = elem.getText().trim();
+ if(localName.equals(WSSHandlerConstants.SIGN_ALL_HEADERS)) {
+ signAllHeaders = true;
+ } else if(localName.equals(WSSHandlerConstants.SIGN_BODY)) {
+ signBody = true;
+ } else if(localName.equals(WSSHandlerConstants.ENCRYPT_BODY)) {
+ encryptBody = true;
+ } else {
+ msgCtx.setProperty(Axis2Util.getKey(localName,
+ inflow,repetitionCount), text);
+ }
+ }
+
+ if(signAllHeaders || signBody || encryptBody) {
+ handleSignEncrParts(signAllHeaders, signBody, encryptBody,
+ msgCtx, repetitionCount);
+ }
+
+
+ }
+
+ msgCtx.setProperty(WSSHandlerConstants.SENDER_REPEAT_COUNT,
+ new Integer(repetitionCount));
+ }
+ }
+
+ public static OutflowConfiguration getOutflowConfiguration(Parameter outflowConfigParam) throws AxisFault {
+ if (outflowConfigParam != null) {
+ OMElement outflowParamElem = outflowConfigParam.getParameterElement();
+
+ OMElement actionElem = outflowParamElem
+ .getFirstChildWithName(new QName(WSSHandlerConstants.ACTION));
+ if (actionElem == null) {
+ throw new AxisFault(
+ "Inflow configuration must contain an 'action' "
+ + "elements the child of 'InflowSecurity' element");
+ }
+
+ OutflowConfiguration outflowConfiguration = new OutflowConfiguration();
+
+ Iterator childElements = actionElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+
+ String localName = element.getLocalName();
+ String text = element.getText().trim();
+ if(localName.equals(WSHandlerConstants.PW_CALLBACK_CLASS)) {
+ outflowConfiguration.setPasswordCallbackClass(text);
+ } else if(localName.equals(WSHandlerConstants.SIG_PROP_FILE)) {
+ outflowConfiguration.setSignaturePropFile(text);
+ } else if(localName.equals(WSHandlerConstants.ENC_PROP_FILE)) {
+ outflowConfiguration.setEncryptionPropFile(text);
+ } else if(localName.equals(WSHandlerConstants.ENC_CALLBACK_CLASS)) {
+ outflowConfiguration.setEmbeddedKeyCallbackClass(text);
+ } else if(localName.equals(WSHandlerConstants.USER)) {
+ outflowConfiguration.setUser(text);
+ } else if(localName.equals(WSHandlerConstants.ENCRYPTION_USER)) {
+ outflowConfiguration.setEncryptionUser(text);
+ }
+ }
+ return outflowConfiguration;
+ }
+ return null;
+ }
+
+ public static InflowConfiguration getInflowConfiguration(Parameter inflowConfigParam) throws AxisFault {
+
+ if (inflowConfigParam != null) {
+ OMElement inFlowParamElem = inflowConfigParam.getParameterElement();
+
+ OMElement actionElem = inFlowParamElem
+ .getFirstChildWithName(new QName(WSSHandlerConstants.ACTION));
+ if (actionElem == null) {
+ throw new AxisFault(
+ "Inflow configuration must contain an 'action' "
+ + "elements the child of 'InflowSecurity' element");
+ }
+
+ InflowConfiguration inflowConfiguration = new InflowConfiguration();
+
+ Iterator childElements = actionElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+
+ String localName = element.getLocalName();
+ String text = element.getText().trim();
+
+ if(localName.equals(WSHandlerConstants.PW_CALLBACK_CLASS)) {
+ inflowConfiguration.setPasswordCallbackClass(text);
+ } else if(localName.equals(WSHandlerConstants.SIG_PROP_FILE)) {
+ inflowConfiguration.setSignaturePropFile(text);
+ } else if(localName.equals(WSHandlerConstants.DEC_PROP_FILE)) {
+ inflowConfiguration.setDecryptionPropFile(text);
+ } else if (WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION
+ .equals(localName)) {
+ if ("false".equals(text)
+ || "0".equals(text)) {
+ inflowConfiguration
+ .setEnableSignatureConfirmation(false);
+ }
+ }
+ }
+ return inflowConfiguration;
+ }
+ return null;
+ }
+
+ private static void handleSignEncrParts(boolean signAllHeaders,
+ boolean signBody, boolean encrBody, MessageContext msgCtx,
+ int repetition) {
+ String soapNs = msgCtx.getEnvelope().getNamespace().getNamespaceURI();
+ if(signBody) {
+ //Add body signPart
+ String sigBodySigPart = "{Element}{" + soapNs + "}Body";
+ addSigPart(sigBodySigPart, msgCtx, repetition);
+ }
+ if(encrBody) {
+ //Encrypt body content
+ String encrBodyEncrPart = "{}{" + soapNs + "}Body";
+ addEncrPart(encrBodyEncrPart, msgCtx, repetition);
+ }
+ if(signAllHeaders) {
+ Iterator children = msgCtx.getEnvelope().getHeader().getChildElements();
+ while (children.hasNext()) {
+ OMElement element = (OMElement) children.next();
+ //Sign only the qualified headers
+ //TODO check whether we can sign the unqualified header elements
+ String ns = element.getNamespace().getNamespaceURI();
+ if(ns != null && ns.length() > 0) {
+ addSigPart("{Element}{" + ns + "}" + element.getLocalName(),msgCtx, repetition);
+ }
+ }
+ }
+
+ }
+
+ private static void addSigPart(String sigPart, MessageContext msgCtx, int repetition) {
+ String key = Axis2Util.getKey(WSHandlerConstants.SIGNATURE_PARTS, false, repetition);
+ String existingSignParts = (String) msgCtx.getProperty(key);
+ if (existingSignParts != null && existingSignParts.length() > 0) {
+ // If the part is not already there as a sign part
+ if (existingSignParts.indexOf(sigPart) != -1) {
+ msgCtx.setProperty(key, existingSignParts + ";" + sigPart);
+ }
+ } else {
+ // If there are no signed parts
+ msgCtx.setProperty(key, sigPart);
+ }
+ }
+
+ private static void addEncrPart(String encrPart, MessageContext msgCtx, int repetition) {
+ String key = Axis2Util.getKey(WSHandlerConstants.ENCRYPTION_PARTS, false, repetition);
+ String existingEncrParts = (String) msgCtx.getProperty(key);
+ if (existingEncrParts != null && existingEncrParts.length() > 0) {
+ if (existingEncrParts.indexOf(encrPart) != -1) {
+ msgCtx.setProperty(key, existingEncrParts + ";" + encrPart);
+ }
+ } else {
+ msgCtx.setProperty(key, encrPart);
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
new file mode 100644
index 0000000..37e87fd
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
@@ -0,0 +1,130 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.util;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMText;
+import org.apache.axiom.om.xpath.AXIOMXPath;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.rampart.RampartException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.jaxen.JaxenException;
+import org.jaxen.SimpleNamespaceContext;
+import org.jaxen.XPath;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
+import java.util.Vector;
+
+/**
+ * Utility class to handle MTOM-Optimizing Base64 Text values
+ */
+public class MessageOptimizer {
+
+ private static final String CIPHER_ELEMENT = "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue";
+
+ public static void optimize(SOAPEnvelope env, Vector expressions, Map namespaces) throws RampartException {
+
+ SimpleNamespaceContext nsCtx = new SimpleNamespaceContext();
+ nsCtx.addNamespace(WSConstants.ENC_PREFIX,WSConstants.ENC_NS);
+ nsCtx.addNamespace(WSConstants.SIG_PREFIX,WSConstants.SIG_NS);
+ nsCtx.addNamespace(WSConstants.WSSE_PREFIX,WSConstants.WSSE_NS);
+ nsCtx.addNamespace(WSConstants.WSU_PREFIX,WSConstants.WSU_NS);
+
+ Iterator keys = namespaces.keySet().iterator();
+ while(keys.hasNext()){
+ String strPrefix = (String)keys.next();
+ String strNS = (String)namespaces.get(strPrefix);
+ nsCtx.addNamespace(strPrefix,strNS);
+ }
+
+ try {
+ for(int i=0; i<expressions.size(); i++){
+ String exp = (String)expressions.get(i);
+ XPath xp = new AXIOMXPath(exp);
+ xp.setNamespaceContext(nsCtx);
+ List list = xp.selectNodes(env);
+ Iterator elements = list.iterator();
+ while (elements.hasNext()) {
+ OMElement element = (OMElement) elements.next();
+ OMText text = (OMText)element.getFirstOMChild();
+ text.setOptimize(true);
+ }
+ }
+ } catch (JaxenException e) {
+ throw new RampartException("Error in XPath ", e);
+ }
+
+ }
+
+
+ /**
+ * Mark the requied Base64 text values as optimized
+ * @param env
+ * @param optimizeParts This is a set of xPath expressions
+ *
+ * @throws WSSecurityException
+ */
+ public static void optimize(SOAPEnvelope env, String optimizeParts) throws WSSecurityException {
+ String separater = "<>";
+ StringTokenizer tokenizer = new StringTokenizer(optimizeParts, separater);
+
+ while(tokenizer.hasMoreTokens()) {
+
+ String xpathExpr = tokenizer.nextToken();
+
+ //Find binary content
+ List list = findElements(env,xpathExpr);
+
+ Iterator cipherValueElements = list.iterator();
+
+ while (cipherValueElements.hasNext()) {
+ OMElement element = (OMElement) cipherValueElements.next();
+ OMText text = (OMText)element.getFirstOMChild();
+ text.setOptimize(true);
+ }
+ }
+ }
+
+
+ private static List findElements(OMElement elem, String expression) throws WSSecurityException {
+ try {
+ XPath xp = new AXIOMXPath(expression);
+
+ //Set namespaces
+ SimpleNamespaceContext nsCtx = new SimpleNamespaceContext();
+ nsCtx.addNamespace(WSConstants.ENC_PREFIX,WSConstants.ENC_NS);
+ nsCtx.addNamespace(WSConstants.SIG_PREFIX,WSConstants.SIG_NS);
+ nsCtx.addNamespace(WSConstants.WSSE_PREFIX,WSConstants.WSSE_NS);
+ nsCtx.addNamespace(WSConstants.WSU_PREFIX,WSConstants.WSU_NS);
+
+ xp.setNamespaceContext(nsCtx);
+
+ return xp.selectNodes(elem);
+
+ } catch (JaxenException e) {
+ throw new WSSecurityException(e.getMessage(), e);
+ }
+
+ }
+
+
+
+}
\ No newline at end of file
diff --git a/1_5/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
new file mode 100644
index 0000000..cd2bb2c
--- /dev/null
+++ b/1_5/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
@@ -0,0 +1,1725 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.util;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.xpath.AXIOMXPath;
+import org.apache.axiom.soap.*;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.dataretrieval.DRConstants;
+import org.apache.axis2.dataretrieval.client.MexClient;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.mex.MexConstants;
+import org.apache.axis2.mex.MexException;
+import org.apache.axis2.mex.om.Metadata;
+import org.apache.axis2.mex.om.MetadataReference;
+import org.apache.axis2.mex.om.MetadataSection;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.client.STSClient;
+import org.apache.rampart.PolicyBasedResultsValidator;
+import org.apache.rampart.PolicyValidatorCallbackHandler;
+import org.apache.rampart.RampartConfigCallbackHandler;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.SupportingPolicyData;
+import org.apache.rampart.policy.model.CryptoConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.*;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecBase;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.Loader;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.utils.Constants;
+import org.jaxen.JaxenException;
+import org.jaxen.XPath;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import javax.crypto.KeyGenerator;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+import javax.servlet.http.HttpServletRequest;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.*;
+
+public class RampartUtil {
+
+ private static final String CRYPTO_PROVIDER = "org.apache.ws.security.crypto.provider";
+ private static Log log = LogFactory.getLog(RampartUtil.class);
+
+ private static Map cryptoStore = new Hashtable();
+
+ private static class CachedCrypto {
+ private Crypto crypto;
+ private long creationTime;
+
+ public CachedCrypto(Crypto crypto, long creationTime) {
+ this.crypto = crypto;
+ this.creationTime = creationTime;
+ }
+ }
+
+ public static CallbackHandler getPasswordCB(RampartMessageData rmd) throws RampartException {
+
+ MessageContext msgContext = rmd.getMsgContext();
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ return getPasswordCB(msgContext, rpd);
+ }
+
+ /**
+ * @param msgContext
+ * @param rpd
+ * @return The <code>CallbackHandler</code> instance
+ * @throws RampartException
+ */
+ public static CallbackHandler getPasswordCB(MessageContext msgContext, RampartPolicyData rpd) throws RampartException {
+
+ CallbackHandler cbHandler;
+
+ if (rpd.getRampartConfig() != null && rpd.getRampartConfig().getPwCbClass() != null) {
+
+ String cbHandlerClass = rpd.getRampartConfig().getPwCbClass();
+ ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
+
+ log.debug("loading class : " + cbHandlerClass);
+
+ Class cbClass;
+ try {
+ cbClass = Loader.loadClass(classLoader, cbHandlerClass);
+ } catch (ClassNotFoundException e) {
+ throw new RampartException("cannotLoadPWCBClass",
+ new String[]{cbHandlerClass}, e);
+ }
+ try {
+ cbHandler = (CallbackHandler) cbClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new RampartException("cannotCreatePWCBInstance",
+ new String[]{cbHandlerClass}, e);
+ }
+ } else {
+ cbHandler = (CallbackHandler) msgContext.getProperty(
+ WSHandlerConstants.PW_CALLBACK_REF);
+ if(cbHandler == null) {
+ Parameter param = msgContext.getParameter(
+ WSHandlerConstants.PW_CALLBACK_REF);
+ if(param != null) {
+ cbHandler = (CallbackHandler)param.getValue();
+ }
+ }
+ }
+
+ return cbHandler;
+ }
+
+ /**
+ * Returns an instance of PolicyValidatorCallbackHandler to be used to validate ws-security results.
+ *
+ * @param msgContext {@link MessageContext}
+ * @param rpd {@link RampartPolicyData}
+ * @return {@link PolicyValidatorCallbackHandler}
+ * @throws RampartException RampartException
+ */
+ public static PolicyValidatorCallbackHandler getPolicyValidatorCB(MessageContext msgContext, RampartPolicyData rpd) throws RampartException {
+
+ PolicyValidatorCallbackHandler cbHandler;
+
+ if (rpd.getRampartConfig() != null && rpd.getRampartConfig().getPolicyValidatorCbClass() != null) {
+
+ String cbHandlerClass = rpd.getRampartConfig().getPolicyValidatorCbClass();
+ ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
+
+ log.debug("loading class : " + cbHandlerClass);
+
+ Class cbClass;
+ try {
+ cbClass = Loader.loadClass(classLoader, cbHandlerClass);
+ } catch (ClassNotFoundException e) {
+ throw new RampartException("cannotLoadPolicyValidatorCbClass",
+ new String[]{cbHandlerClass}, e);
+ }
+ try {
+ cbHandler = (PolicyValidatorCallbackHandler) cbClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new RampartException("cannotCreatePolicyValidatorCallbackInstance",
+ new String[]{cbHandlerClass}, e);
+ }
+
+ } else { // Initialise default PolicyValidatorCallbackHandler...
+ cbHandler = new PolicyBasedResultsValidator();
+ }
+
+ return cbHandler;
+ }
+
+ public static RampartConfigCallbackHandler getRampartConfigCallbackHandler(MessageContext msgContext,
+ RampartPolicyData rpd) throws RampartException {
+
+ RampartConfigCallbackHandler rampartConfigCB;
+
+ if (rpd.getRampartConfig() != null && rpd.getRampartConfig().getRampartConfigCbClass() != null) {
+
+ String cbHandlerClass = rpd.getRampartConfig().getRampartConfigCbClass();
+ ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
+
+ log.debug("loading class : " + cbHandlerClass);
+
+ Class cbClass;
+ try {
+ cbClass = Loader.loadClass(classLoader, cbHandlerClass);
+ } catch (ClassNotFoundException e) {
+ throw new RampartException("cannotLoadRampartConfigCallbackClass",
+ new String[]{cbHandlerClass}, e);
+ }
+ try {
+ rampartConfigCB = (RampartConfigCallbackHandler) cbClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new RampartException("cannotCreateRampartConfigCallbackInstance",
+ new String[]{cbHandlerClass}, e);
+ }
+
+ return rampartConfigCB;
+
+ }
+
+ return null;
+
+
+ }
+
+
+
+ /**
+ * Perform a callback to get a password.
+ * <p/>
+ * The called back function gets an indication why to provide a password:
+ * to produce a UsernameToken, Signature, or a password (key) for a given
+ * name.
+ */
+ public static WSPasswordCallback performCallback(CallbackHandler cbHandler,
+ String username,
+ int doAction)
+ throws RampartException {
+
+ WSPasswordCallback pwCb;
+ int reason = 0;
+
+ switch (doAction) {
+ case WSConstants.UT:
+ case WSConstants.UT_SIGN:
+ reason = WSPasswordCallback.USERNAME_TOKEN;
+ break;
+ case WSConstants.SIGN:
+ reason = WSPasswordCallback.SIGNATURE;
+ break;
+ case WSConstants.ENCR:
+ reason = WSPasswordCallback.KEY_NAME;
+ break;
+ }
+ pwCb = new WSPasswordCallback(username, reason);
+ Callback[] callbacks = new Callback[1];
+ callbacks[0] = pwCb;
+ /*
+ * Call back the application to get the password
+ */
+ try {
+ cbHandler.handle(callbacks);
+ } catch (Exception e) {
+ throw new RampartException("pwcbFailed", e);
+ }
+ return pwCb;
+ }
+
+ /**
+ * Create the <code>Crypto</code> instance for encryption using information
+ * from the rampart configuration assertion
+ *
+ * @param config
+ * @return The <code>Crypto</code> instance to be used for encryption
+ * @throws RampartException
+ */
+ public static Crypto getEncryptionCrypto(RampartConfig config, ClassLoader loader)
+ throws RampartException {
+ log.debug("Loading encryption crypto");
+
+ if (config != null && config.getEncrCryptoConfig() != null) {
+ CryptoConfig cryptoConfig = config.getEncrCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ log.debug("Usig provider: " + provider);
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+
+ String cryptoKey = null;
+ String interval = null;
+ if (cryptoConfig.getCryptoKey() != null) {
+ cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
+ interval = cryptoConfig.getCacheRefreshInterval();
+ }
+
+ Crypto crypto = null;
+
+ if (cryptoKey != null) {
+ // cache enabled
+ crypto = retrieveCrytpoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
+ }
+
+ if (crypto == null) {
+ // cache miss
+ crypto = CryptoFactory.getInstance(prop, loader);
+ if (cryptoKey != null) {
+ // cache enabled - let's cache
+ cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
+ }
+ }
+ return crypto;
+
+ } else {
+ log.debug("Trying the signature crypto info");
+
+ // Try using signature crypto information
+ if (config != null && config.getSigCryptoConfig() != null) {
+ CryptoConfig cryptoConfig = config.getSigCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ log.debug("Usig provider: " + provider);
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+ String cryptoKey = null;
+ String interval = null;
+ if (cryptoConfig.getCryptoKey() != null) {
+ cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
+ interval = cryptoConfig.getCacheRefreshInterval();
+ }
+
+ Crypto crypto = null;
+ if (cryptoKey != null) {
+ // cache enabled
+ crypto = retrieveCrytpoFromCache(cryptoKey.trim() + "#" + provider.trim(),
+ interval);
+ }
+
+ if (crypto == null) {
+ // cache miss
+ crypto = CryptoFactory.getInstance(prop, loader);
+ if (cryptoKey != null) {
+ // cache enabled - let's cache
+ cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
+ }
+ }
+ return crypto;
+ } else {
+ return null;
+ }
+ }
+ }
+
+ /**
+ * Create the <code>Crypto</code> instance for signature using information
+ * from the rampart configuration assertion
+ *
+ * @param config
+ * @return The <code>Crypto</code> instance to be used for signature
+ * @throws RampartException
+ */
+ public static Crypto getSignatureCrypto(RampartConfig config, ClassLoader loader)
+ throws RampartException {
+ log.debug("Loading Signature crypto");
+
+ if (config != null && config.getSigCryptoConfig() != null) {
+ CryptoConfig cryptoConfig = config.getSigCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ log.debug("Usig provider: " + provider);
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+ String cryptoKey = null;
+ String interval = null;
+ if (cryptoConfig.getCryptoKey() != null) {
+ cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
+ interval = cryptoConfig.getCacheRefreshInterval();
+ }
+
+ Crypto crypto = null;
+
+ if (cryptoKey != null) {
+ // cache enabled
+ crypto = retrieveCrytpoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
+ }
+
+ if (crypto == null) {
+ // cache miss
+ crypto = CryptoFactory.getInstance(prop, loader);
+ if (cryptoKey != null) {
+ // cache enabled - let's cache
+ cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
+ }
+ }
+
+ return crypto;
+
+ } else {
+ return null;
+ }
+ }
+
+
+ /**
+ * figureout the key identifier of a give X509Token
+ * @param token
+ * @return The key identifier of a give X509Token
+ * @throws RampartException
+ */
+ public static int getKeyIdentifier(X509Token token) throws RampartException {
+ if (token.isRequireIssuerSerialReference()) {
+ return WSConstants.ISSUER_SERIAL;
+ } else if (token.isRequireThumbprintReference()) {
+ return WSConstants.THUMBPRINT_IDENTIFIER;
+ } else if (token.isRequireEmbeddedTokenReference()) {
+ return WSConstants.BST_DIRECT_REFERENCE;
+ } else {
+ throw new RampartException(
+ "unknownKeyRefSpeficier");
+
+ }
+ }
+
+ /**
+ * Process a give issuer address element and return the address.
+ * @param issuerAddress
+ * @return The address of an issuer address element
+ * @throws RampartException If the issuer address element is malformed.
+ */
+ public static String processIssuerAddress(OMElement issuerAddress)
+ throws RampartException {
+ if(issuerAddress != null && issuerAddress.getText() != null &&
+ !"".equals(issuerAddress.getText())) {
+ return issuerAddress.getText().trim();
+ } else {
+ if(issuerAddress != null) {
+ throw new RampartException("invalidIssuerAddress",
+ new String[] { issuerAddress.toString() });
+ } else {
+ throw new RampartException("invalidIssuerAddress",
+ new String[] { "Issuer address null" });
+ }
+ }
+ }
+
+ /**
+ * Retrieve policy using metadata reference
+ * <wsa:Metadata xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ * <mex:Metadata
+ * xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"
+ * xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ * <mex:MetadataSection>
+ * <mex:MetadataReference>
+ * <wsa:Address>http://address/of/mex/service</wsa:Address>
+ * </mex:MetadataReference>
+ * </mex:MetadataSection>
+ * </mex:Metadata>
+ * </wsa:Metadata>
+ * @param mex Metadata element
+ * @return Policy from the mex service
+ */
+ public static Policy getPolicyFromMetadataRef(OMElement mex) throws RampartException {
+
+ try {
+ Metadata metadata = new Metadata();
+ metadata.fromOM(mex.getFirstElement());
+
+ MetadataSection[] metadataSections = metadata.getMetadatSections();
+ MetadataReference reference = metadataSections[0].getMetadataReference();
+
+ MexClient serviceClient = new MexClient();
+
+ Options options = serviceClient.getOptions();
+ options.setTo(reference.getEPR());
+ options.setAction(DRConstants.SPEC.Actions.GET_METADATA_REQUEST);
+
+ OMElement request = serviceClient.setupGetMetadataRequest(
+ MexConstants.SPEC.DIALECT_TYPE_POLICY,null);
+ OMElement result = serviceClient.sendReceive(request);
+
+ metadata.fromOM(result);
+ MetadataSection[] mexSecs = metadata.getMetadataSection(MexConstants.SPEC.DIALECT_TYPE_POLICY, null);
+ OMElement policyElement = (OMElement) mexSecs[0].getInlineData();
+
+ return PolicyEngine.getPolicy(policyElement);
+
+
+ } catch (MexException e) {
+ throw new RampartException("Error Retrieving the policy from mex", e);
+ } catch (AxisFault e) {
+ throw new RampartException("Error Retrieving the policy from mex", e);
+ }
+
+ }
+
+ public static Policy addRampartConfig (RampartMessageData rmd, Policy policy) {
+
+ RampartConfig servicRampConf = rmd.getPolicyData().getRampartConfig();
+ RampartConfig stsRampConf = new RampartConfig();
+
+ //TODO copy all the properties of service ramp conf to sts ramp conf
+ stsRampConf.setUser(servicRampConf.getUser());
+ stsRampConf.setSigCryptoConfig(servicRampConf.getSigCryptoConfig());
+ stsRampConf.setPwCbClass(servicRampConf.getPwCbClass());
+
+ stsRampConf.setEncryptionUser(servicRampConf.getStsAlias());
+ stsRampConf.setEncrCryptoConfig(servicRampConf.getStsCryptoConfig());
+
+ policy.addAssertion(stsRampConf);
+
+ return policy;
+
+ }
+
+
+ public static OMElement createRSTTempalteForSCT(int conversationVersion,
+ int wstVersion) throws RampartException {
+ try {
+ log.debug("Creating RSTTemplate for an SCT request");
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+
+ OMNamespace wspNs = fac.createOMNamespace(SPConstants.P_NS, "wsp");
+ OMElement rstTempl = fac.createOMElement(
+ SPConstants.REQUEST_SECURITY_TOKEN_TEMPLATE,
+ wspNs);
+
+ //Create TokenType element and set the value
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(
+ wstVersion, rstTempl);
+ String tokenType = ConversationConstants
+ .getWSCNs(conversationVersion)
+ + ConversationConstants.TOKEN_TYPE_SECURITY_CONTEXT_TOKEN;
+ tokenTypeElem.setText(tokenType);
+
+ return rstTempl;
+ } catch (TrustException e) {
+ throw new RampartException("errorCreatingRSTTemplateForSCT", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorCreatingRSTTemplateForSCT", e);
+ }
+ }
+
+
+ public static int getTimeToLive(RampartMessageData messageData) {
+
+ RampartConfig rampartConfig = messageData.getPolicyData().getRampartConfig();
+ if (rampartConfig != null) {
+ String ttl = rampartConfig.getTimestampTTL();
+ int ttl_i = 0;
+ if (ttl != null) {
+ try {
+ ttl_i = Integer.parseInt(ttl);
+ } catch (NumberFormatException e) {
+ ttl_i = messageData.getTimeToLive();
+ }
+ }
+ if (ttl_i <= 0) {
+ ttl_i = messageData.getTimeToLive();
+ }
+ return ttl_i;
+ } else {
+ return RampartConfig.DEFAULT_TIMESTAMP_TTL;
+ }
+ }
+
+ public static int getTimestampMaxSkew(RampartMessageData messageData) {
+
+ RampartConfig rampartConfig = messageData.getPolicyData().getRampartConfig();
+ if (rampartConfig != null) {
+ String maxSkew = rampartConfig.getTimestampMaxSkew();
+ int maxSkew_i = 0;
+ if (maxSkew != null) {
+ try {
+ maxSkew_i = Integer.parseInt(maxSkew);
+ } catch (NumberFormatException e) {
+ maxSkew_i = messageData.getTimestampMaxSkew();
+ }
+ }
+ if (maxSkew_i < 0) {
+ maxSkew_i = 0;
+ }
+ return maxSkew_i;
+ } else {
+ return RampartConfig.DEFAULT_TIMESTAMP_MAX_SKEW;
+ }
+ }
+
+ /**
+ * Obtain a security context token.
+ * @param rmd
+ * @param secConvTok
+ * @return Return the SecurityContextidentifier of the token
+ * @throws TrustException
+ * @throws RampartException
+ */
+ public static String getSecConvToken(RampartMessageData rmd,
+ SecureConversationToken secConvTok) throws TrustException,
+ RampartException {
+ String action = TrustUtil.getActionValue(
+ rmd.getWstVersion(),
+ RahasConstants.RST_ACTION_SCT);
+
+ // Get sts epr
+ OMElement issuerEpr = secConvTok.getIssuerEpr();
+ String issuerEprAddress = rmd.getMsgContext().getTo().getAddress();
+ if(issuerEpr != null) {
+ issuerEprAddress = RampartUtil.processIssuerAddress(issuerEpr);
+ }
+
+ //Find SC version
+ int conversationVersion = rmd.getSecConvVersion();
+
+ OMElement rstTemplate = RampartUtil.createRSTTempalteForSCT(
+ conversationVersion,
+ rmd.getWstVersion());
+
+ Policy stsPolicy = null;
+
+ //Try boot strap policy
+ Policy bsPol = secConvTok.getBootstrapPolicy();
+
+ if(bsPol != null) {
+ log.debug("BootstrapPolicy found");
+ bsPol.addAssertion(rmd.getPolicyData().getRampartConfig());
+ //copy the <wsoma:OptimizedMimeSerialization/> to BootstrapPolicy
+ if (rmd.getPolicyData().getMTOMAssertion() != null) {
+ bsPol.addAssertion(rmd.getPolicyData().getMTOMAssertion());
+ }
+ stsPolicy = bsPol;
+ } else {
+ //No bootstrap policy use issuer policy
+ log.debug("No bootstrap policy, using issuer policy");
+ stsPolicy = rmd.getPolicyData().getIssuerPolicy();
+ }
+
+ String id = getToken(rmd, rstTemplate,
+ issuerEprAddress, action, stsPolicy);
+
+ log.debug("SecureConversationToken obtained: id=" + id);
+ return id;
+ }
+
+
+ /**
+ * Obtain an issued token.
+ * @param rmd
+ * @param issuedToken
+ * @return The identifier of the issued token
+ * @throws RampartException
+ */
+ public static String getIssuedToken(RampartMessageData rmd,
+ IssuedToken issuedToken) throws RampartException {
+
+ try {
+
+ //TODO : Provide the overriding mechanism to provide a custom way of
+ //obtaining a token
+
+ String action = TrustUtil.getActionValue(rmd.getWstVersion(),
+ RahasConstants.RST_ACTION_ISSUE);
+
+ // Get sts epr
+ String issuerEprAddress = RampartUtil.processIssuerAddress(issuedToken
+ .getIssuerEpr());
+
+ OMElement rstTemplate = issuedToken.getRstTemplate();
+
+ // Get STS policy
+ Policy stsPolicy = (Policy)rmd.getMsgContext().getProperty(RampartMessageData.RAMPART_STS_POLICY);
+
+ if( stsPolicy == null && issuedToken.getIssuerMex() != null) {
+ stsPolicy = RampartUtil.getPolicyFromMetadataRef(issuedToken.getIssuerMex());
+ RampartUtil.addRampartConfig(rmd, stsPolicy);
+ }
+
+ String id = getToken(rmd, rstTemplate, issuerEprAddress, action,
+ stsPolicy);
+
+ log.debug("Issued token obtained: id=" + id);
+ return id;
+ } catch (TrustException e) {
+ throw new RampartException("errorInObtainingToken", e);
+ }
+ }
+
+ /**
+ * Request a token.
+ * @param rmd
+ * @param rstTemplate
+ * @param issuerEpr
+ * @param action
+ * @param issuerPolicy
+ * @return Return the identifier of the obtained token
+ * @throws RampartException
+ */
+ public static String getToken(RampartMessageData rmd, OMElement rstTemplate,
+ String issuerEpr, String action, Policy issuerPolicy) throws RampartException {
+
+ try {
+ //First check whether the user has provided the token
+ MessageContext msgContext = rmd.getMsgContext();
+ String customTokeId = (String) msgContext
+ .getProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN);
+ if(customTokeId != null) {
+ return customTokeId;
+ } else {
+
+ Axis2Util.useDOOM(false);
+
+ STSClient client = new STSClient(rmd.getMsgContext()
+ .getConfigurationContext());
+ // Set request action
+ client.setAction(action);
+
+ client.setVersion(rmd.getWstVersion());
+
+ client.setRstTemplate(rstTemplate);
+
+ // Set crypto information
+ Crypto crypto = RampartUtil.getSignatureCrypto(rmd.getPolicyData().getRampartConfig(),
+ rmd.getMsgContext().getAxisService().getClassLoader());
+ CallbackHandler cbh = RampartUtil.getPasswordCB(rmd);
+ client.setCryptoInfo(crypto, cbh);
+
+ // Get service policy
+ Policy servicePolicy = rmd.getServicePolicy();
+
+ // Get service epr
+ String servceEprAddress = rmd.getMsgContext()
+ .getOptions().getTo().getAddress();
+
+ //If addressing version can be found set it
+ Object addrVersionNs = msgContext.getProperty(AddressingConstants.WS_ADDRESSING_VERSION);
+ if(addrVersionNs != null) {
+ client.setAddressingNs((String)addrVersionNs);
+ }
+
+ Options options = new Options();
+
+ options.setUserName(rmd.getMsgContext().getOptions().getUserName());
+ options.setPassword(rmd.getMsgContext().getOptions().getPassword());
+
+ if (msgContext.getProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER) != null) {
+ Protocol protocolHandler =
+ (Protocol)msgContext.getProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER);;
+ options.setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER, protocolHandler);
+ }
+
+ if (msgContext.getParameter(WSHandlerConstants.PW_CALLBACK_REF) != null ) {
+ Parameter pwCallback = msgContext.getParameter(WSHandlerConstants.PW_CALLBACK_REF);
+ client.addParameter(pwCallback);
+ }
+
+ client.setOptions(options);
+
+ //Set soap version
+ if (msgContext.isSOAP11()) {
+ client.setSoapVersion(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI);
+ } else {
+ client.setSoapVersion(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI);
+ }
+
+
+ //Make the request
+ org.apache.rahas.Token rst =
+ client.requestSecurityToken(servicePolicy,
+ issuerEpr,
+ issuerPolicy,
+ servceEprAddress);
+
+ //Add the token to token storage
+ rst.setState(Token.ISSUED);
+ rmd.getTokenStorage().add(rst);
+ Axis2Util.useDOOM(true);
+ return rst.getId();
+ }
+ } catch (Exception e) {
+ throw new RampartException("errorInObtainingToken", e);
+ }
+ }
+
+ public static String getSoapBodyId(SOAPEnvelope env) {
+ return addWsuIdToElement(env.getBody());
+ }
+
+ public static String addWsuIdToElement(OMElement elem) {
+ String id;
+
+ //first try to get the Id attr
+ OMAttribute idAttr = elem.getAttribute(new QName("Id"));
+ if(idAttr == null) {
+ //then try the wsu:Id value
+ idAttr = elem.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+ }
+
+ if(idAttr != null) {
+ id = idAttr.getAttributeValue();
+ } else {
+ //Add an id
+ OMNamespace ns = elem.getOMFactory().createOMNamespace(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ id = "Id-" + elem.hashCode();
+ idAttr = elem.getOMFactory().createOMAttribute("Id", ns, id);
+ elem.addAttribute(idAttr);
+ }
+
+ return id;
+ }
+
+ public static Element appendChildToSecHeader(RampartMessageData rmd,
+ OMElement elem) {
+ return appendChildToSecHeader(rmd, (Element)elem);
+ }
+
+ public static Element appendChildToSecHeader(RampartMessageData rmd,
+ Element elem) {
+ Element secHeaderElem = rmd.getSecHeader().getSecurityHeader();
+ Node node = secHeaderElem.getOwnerDocument().importNode(
+ elem, true);
+ return (Element)secHeaderElem.appendChild(node);
+ }
+
+ public static Element insertSiblingAfter(RampartMessageData rmd,
+ Element child, Element sibling) {
+ if (child == null) {
+ return appendChildToSecHeader(rmd, sibling);
+ } else {
+ if (child.getOwnerDocument().equals(sibling.getOwnerDocument())) {
+
+ if (child.getParentNode() == null
+ && !child.getLocalName().equals("UsernameToken")) {
+ rmd.getSecHeader().getSecurityHeader().appendChild(child);
+ }
+ ((OMElement) child).insertSiblingAfter((OMElement) sibling);
+ return sibling;
+ } else {
+ Element newSib = (Element) child.getOwnerDocument().importNode(
+ sibling, true);
+ ((OMElement) child).insertSiblingAfter((OMElement) newSib);
+ return newSib;
+ }
+ }
+ }
+
+ public static Element insertSiblingBefore(RampartMessageData rmd, Element child, Element sibling) {
+ if(child == null) {
+ return appendChildToSecHeader(rmd, sibling);
+ } else {
+ if(child.getOwnerDocument().equals(sibling.getOwnerDocument())) {
+ ((OMElement)child).insertSiblingBefore((OMElement)sibling);
+ return sibling;
+ } else {
+ Element newSib = (Element)child.getOwnerDocument().importNode(sibling, true);
+ ((OMElement)child).insertSiblingBefore((OMElement)newSib);
+ return newSib;
+ }
+ }
+
+ }
+
+ public static Vector getEncryptedParts(RampartMessageData rmd) {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+ Vector encryptedPartsElements = getPartsAndElements(false, envelope, rpd.isEncryptBody(), rpd.getEncryptedParts(), rpd.getEncryptedElements(),rpd.getDeclaredNamespaces());
+ return getContentEncryptedElements(encryptedPartsElements, envelope, rpd.getContentEncryptedElements(), rpd.getDeclaredNamespaces());
+ }
+
+ public static Vector getSignedParts(RampartMessageData rmd) {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+ return getPartsAndElements(true, envelope, rpd.isSignBody(), rpd.getSignedParts(), rpd.getSignedElements(), rpd.getDeclaredNamespaces());
+ }
+
+ public static Vector getSupportingEncryptedParts(RampartMessageData rmd,
+ SupportingPolicyData rpd) {
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+ return getPartsAndElements(false, envelope, rpd.isEncryptBody(), rpd.getEncryptedParts(),
+ rpd.getEncryptedElements(), rpd.getDeclaredNamespaces());
+ }
+
+ public static Vector getSupportingSignedParts(RampartMessageData rmd, SupportingPolicyData rpd) {
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+ return getPartsAndElements(true, envelope, rpd.isSignBody(), rpd.getSignedParts(), rpd
+ .getSignedElements(), rpd.getDeclaredNamespaces());
+ }
+
+ public static Set findAllPrefixNamespaces(OMElement currentElement, HashMap decNamespacess)
+ {
+ Set results = new HashSet();
+
+ //Find declared namespaces
+ findPrefixNamespaces(currentElement,results);
+
+ //Get all default namespaces
+ List defaultNamespaces = getDefaultPrefixNamespaces(currentElement.getOMFactory());
+ for (Iterator iterator = defaultNamespaces.iterator(); iterator
+ .hasNext();) {
+ OMNamespace ns = (OMNamespace) iterator.next();
+ results.add(ns);
+ }
+
+ for ( Iterator iterator = decNamespacess.keySet().iterator(); iterator.hasNext();) {
+ String prefix = (String) iterator.next();
+ String ns = (String) decNamespacess.get(prefix);
+ OMFactory omFactory = currentElement.getOMFactory();
+ OMNamespace namespace = omFactory.createOMNamespace(ns, prefix);
+ results.add(namespace);
+
+ }
+
+ return results;
+ }
+
+ private static void findPrefixNamespaces(OMElement e, Set results)
+ {
+
+ Iterator iter = e.getAllDeclaredNamespaces();
+
+ if (iter!=null)
+ {
+ while (iter.hasNext())
+ results.add(iter.next());
+ }
+
+ Iterator children = e.getChildElements();
+
+ while (children.hasNext())
+ {
+ findPrefixNamespaces((OMElement)children.next(), results);
+ }
+ }
+
+ private static List getDefaultPrefixNamespaces(OMFactory factory)
+ {
+ List namespaces = new ArrayList();
+
+ // put default namespaces here (sp, soapenv, wsu, etc...)
+ namespaces.add(factory.createOMNamespace(WSConstants.ENC_NS, WSConstants.ENC_PREFIX));
+ namespaces.add(factory.createOMNamespace(WSConstants.SIG_NS, WSConstants.SIG_PREFIX));
+ namespaces.add(factory.createOMNamespace(WSConstants.WSSE_NS, WSConstants.WSSE_PREFIX));
+ namespaces.add(factory.createOMNamespace(WSConstants.WSU_NS, WSConstants.WSU_PREFIX));
+
+ return namespaces;
+
+ }
+
+ public static Vector getContentEncryptedElements (Vector encryptedPartsElements, SOAPEnvelope envelope,Vector elements, HashMap decNamespaces ) {
+
+ Set namespaces = findAllPrefixNamespaces(envelope, decNamespaces);
+
+ Iterator elementsIter = elements.iterator();
+ while (elementsIter.hasNext())
+ {
+ String expression = (String)elementsIter.next();
+ try {
+ XPath xp = new AXIOMXPath(expression);
+ Iterator nsIter = namespaces.iterator();
+
+ while (nsIter.hasNext())
+ {
+ OMNamespace tmpNs = (OMNamespace)nsIter.next();
+ xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
+ }
+
+ List selectedNodes = xp.selectNodes(envelope);
+
+ Iterator nodesIter = selectedNodes.iterator();
+
+ while (nodesIter.hasNext())
+ {
+ OMElement e = (OMElement)nodesIter.next();
+
+ String localName = e.getLocalName();
+ String namespace = e.getNamespace() != null ? e.getNamespace().getNamespaceURI() : null;
+
+ WSEncryptionPart encryptedElem = new WSEncryptionPart(localName, namespace,
+ "Content", WSConstants.PART_TYPE_ELEMENT);
+
+ encryptedElem.setXpath(expression);
+ OMAttribute wsuId = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+
+ if ( wsuId != null ) {
+ encryptedElem.setEncId(wsuId.getAttributeValue());
+ }
+
+ encryptedPartsElements.add(encryptedElem);
+
+ }
+
+ } catch (JaxenException e) {
+ // This has to be changed to propagate an instance of a RampartException up
+ throw new RuntimeException(e);
+ }
+ }
+
+
+ return encryptedPartsElements;
+
+ }
+
+ public static Vector getPartsAndElements(boolean sign, SOAPEnvelope envelope, boolean includeBody, Vector parts, Vector elements, HashMap decNamespaces) {
+
+ Vector found = new Vector();
+ Vector result = new Vector();
+
+ // check body
+ if(includeBody) {
+ if( sign ) {
+ result.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody()),null,WSConstants.PART_TYPE_BODY));
+ } else {
+ result.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody()), "Content", WSConstants.PART_TYPE_BODY));
+ }
+ found.add( envelope.getBody() );
+ }
+
+ // Search envelope header for 'parts' from Policy (SignedParts/EncryptedParts)
+
+ SOAPHeader header = envelope.getHeader();
+
+ for(int i=0; i<parts.size(); i++) {
+ WSEncryptionPart wsep = (WSEncryptionPart) parts.get( i );
+ if( wsep.getName() == null ) {
+ // NO name - search by namespace
+ ArrayList headerList = header.getHeaderBlocksWithNSURI( wsep.getNamespace() );
+
+ for(int j=0; j<headerList.size(); j++) {
+ SOAPHeaderBlock shb = (SOAPHeaderBlock) headerList.get( j );
+
+ // find reference in envelope
+ OMElement e = header.getFirstChildWithName( shb.getQName() );
+
+ if( ! found.contains( e ) ) {
+ // found new
+ found.add( e );
+
+ if( sign ) {
+ result.add(new WSEncryptionPart(e.getLocalName(), wsep.getNamespace(), "Content", WSConstants.PART_TYPE_HEADER));
+ } else {
+
+ WSEncryptionPart encryptedHeader = new WSEncryptionPart(e.getLocalName(), wsep.getNamespace(), "Element", WSConstants.PART_TYPE_HEADER);
+ OMAttribute wsuId = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+
+ if ( wsuId != null ) {
+ encryptedHeader.setEncId(wsuId.getAttributeValue());
+ }
+
+ result.add(encryptedHeader);
+ }
+ }
+ }
+ } else {
+ // try to find
+ OMElement e = header.getFirstChildWithName( new QName(wsep.getNamespace(), wsep.getName()) );
+ if( e != null ) {
+ if( ! found.contains( e ) ) {
+ // found new (reuse wsep)
+ found.add( e );
+ wsep.setType(WSConstants.PART_TYPE_HEADER);
+ OMAttribute wsuId = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+
+ if ( wsuId != null ) {
+ wsep.setEncId(wsuId.getAttributeValue());
+ }
+
+ result.add( wsep );
+ }
+ }
+ }
+ }
+
+ // ?? Search for 'Elements' here
+
+ // decide what exactly is going to be used - only the default namespaces, or the list of all declared namespaces in the message !
+ Set namespaces = findAllPrefixNamespaces(envelope, decNamespaces);
+
+ Iterator elementsIter = elements.iterator();
+ while (elementsIter.hasNext())
+ {
+ String expression = (String)elementsIter.next();
+ try {
+ XPath xp = new AXIOMXPath(expression);
+ Iterator nsIter = namespaces.iterator();
+
+ while (nsIter.hasNext())
+ {
+ OMNamespace tmpNs = (OMNamespace)nsIter.next();
+ xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
+ }
+
+ List selectedNodes = xp.selectNodes(envelope);
+
+ Iterator nodesIter = selectedNodes.iterator();
+ while (nodesIter.hasNext())
+ {
+ OMElement e = (OMElement)nodesIter.next();
+ String localName = e.getLocalName();
+ String namespace = e.getNamespace() != null ? e.getNamespace().getNamespaceURI() : null;
+
+ if (sign) {
+ WSEncryptionPart encryptedElem = new WSEncryptionPart(localName,namespace, "Content", WSConstants.PART_TYPE_ELEMENT);
+ encryptedElem.setXpath(expression);
+ result.add(encryptedElem);
+
+ } else {
+
+ WSEncryptionPart encryptedElem = new WSEncryptionPart(localName,namespace, "Element", WSConstants.PART_TYPE_ELEMENT);
+ encryptedElem.setXpath(expression);
+
+ OMAttribute wsuId = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+
+ if ( wsuId != null ) {
+ encryptedElem.setEncId(wsuId.getAttributeValue());
+ }
+
+ result.add(encryptedElem);
+ }
+ }
+
+ } catch (JaxenException e) {
+ // This has to be changed to propagate an instance of a RampartException up
+ throw new RuntimeException(e);
+ }
+ }
+
+ return result;
+ }
+
+ /**
+ * Get a element for SOAP
+ * @param envelope SOAP Envelope of which we should check required elements
+ * @param decNamespaces Declared namespaces in RequiredElements assertion
+ * @param expression XPATH expression of required elements
+ * @return
+ */
+ public static boolean checkRequiredElements(SOAPEnvelope envelope, HashMap decNamespaces, String expression ) {
+
+
+ Set namespaces = findAllPrefixNamespaces(envelope, decNamespaces);
+
+ try {
+ XPath xp = new AXIOMXPath(expression);
+ Iterator nsIter = namespaces.iterator();
+
+ while (nsIter.hasNext())
+ {
+ OMNamespace tmpNs = (OMNamespace)nsIter.next();
+ xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
+ }
+
+ List selectedNodes = xp.selectNodes(envelope);
+
+ if (selectedNodes.size() == 0 ) {
+ return false;
+ }
+
+ } catch (JaxenException e) {
+ // This has to be changed to propagate an instance of a RampartException up
+ throw new RuntimeException(e);
+ }
+
+ return true;
+ }
+
+
+ public static KeyGenerator getEncryptionKeyGenerator(String symEncrAlgo) throws WSSecurityException {
+ KeyGenerator keyGen;
+ try {
+ /*
+ * Assume AES as default, so initialize it
+ */
+ keyGen = KeyGenerator.getInstance("AES");
+ if (symEncrAlgo.equalsIgnoreCase(WSConstants.TRIPLE_DES)) {
+ keyGen = KeyGenerator.getInstance("DESede");
+ } else if (symEncrAlgo.equalsIgnoreCase(WSConstants.AES_128)) {
+ keyGen.init(128);
+ } else if (symEncrAlgo.equalsIgnoreCase(WSConstants.AES_192)) {
+ keyGen.init(192);
+ } else if (symEncrAlgo.equalsIgnoreCase(WSConstants.AES_256)) {
+ keyGen.init(256);
+ } else {
+ return null;
+ }
+ } catch (NoSuchAlgorithmException e) {
+ throw new WSSecurityException(
+ WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e);
+ }
+ return keyGen;
+ }
+
+ /**
+ * Creates the unique (reproducible) id for to hold the context identifier
+ * of the message exchange.
+ * @return Id to hold the context identifier in the message context
+ */
+ public static String getContextIdentifierKey(MessageContext msgContext) {
+ return msgContext.getAxisService().getName();
+ }
+
+
+ /**
+ * Returns the map of security context token identifiers
+ * @return the map of security context token identifiers
+ */
+ public static Hashtable getContextMap(MessageContext msgContext) {
+ //Fist check whether its there
+ Object map = msgContext.getConfigurationContext().getProperty(
+ ConversationConstants.KEY_CONTEXT_MAP);
+
+ if(map == null) {
+ //If not create a new one
+ map = new Hashtable();
+ //Set the map globally
+ msgContext.getConfigurationContext().setProperty(
+ ConversationConstants.KEY_CONTEXT_MAP, map);
+ }
+
+ return (Hashtable)map;
+ }
+
+ public static boolean isTokenValid(RampartMessageData rmd, String id) throws RampartException {
+ try {
+ org.apache.rahas.Token token = rmd.getTokenStorage().getToken(id);
+ return token!= null && token.getState() == org.apache.rahas.Token.ISSUED;
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken");
+ }
+ }
+
+ public static void setEncryptionUser(RampartMessageData rmd, WSSecEncryptedKey encrKeyBuilder)
+ throws RampartException {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ String encrUser = rpd.getRampartConfig().getEncryptionUser();
+ setEncryptionUser(rmd, encrKeyBuilder, encrUser);
+ }
+
+ public static void setEncryptionUser(RampartMessageData rmd, WSSecEncryptedKey encrKeyBuilder,
+ String encrUser) throws RampartException {
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if (encrUser == null) {
+ encrUser = rpd.getRampartConfig().getEncryptionUser();
+ }
+
+ if (encrUser == null || "".equals(encrUser)) {
+ throw new RampartException("missingEncryptionUser");
+ }
+ if(encrUser.equals(WSHandlerConstants.USE_REQ_SIG_CERT)) {
+ Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ if(resultsObj != null) {
+ encrKeyBuilder.setUseThisCert(getReqSigCert((Vector)resultsObj));
+
+ //TODO This is a hack, this should not come under USE_REQ_SIG_CERT
+ if(encrKeyBuilder.isCertSet()) {
+ encrKeyBuilder.setUserInfo(getUsername((Vector)resultsObj));
+ }
+
+
+ } else {
+ throw new RampartException("noSecurityResults");
+ }
+ } else {
+ encrKeyBuilder.setUserInfo(encrUser);
+ }
+ }
+
+ /**
+ * Sets the keyIdentifierType of <code>WSSecSignature</code> or <code>WSSecEncryptedKey</code>
+ * according to the given <code>Token</code> and <code>RampartPolicyData</code>
+ * First check the requirements specified under Token Assertion and if not found check
+ * the WSS11 and WSS10 assertions
+ */
+
+ public static void setKeyIdentifierType(RampartPolicyData rpd, WSSecBase secBase,org.apache.ws.secpolicy.model.Token token) {
+
+ if (token.getInclusion() == SPConstants.INCLUDE_TOKEN_NEVER) {
+
+ boolean tokenTypeSet = false;
+
+ if(token instanceof X509Token) {
+ X509Token x509Token = (X509Token)token;
+
+ if(x509Token.isRequireIssuerSerialReference()) {
+ secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+ tokenTypeSet = true;
+ } else if (x509Token.isRequireKeyIdentifierReference()) {
+ secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ tokenTypeSet = true;
+ } else if (x509Token.isRequireThumbprintReference()) {
+ secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ tokenTypeSet = true;
+ }
+ }
+
+ if (!tokenTypeSet) {
+ Wss10 wss = rpd.getWss11();
+ if (wss == null) {
+ wss = rpd.getWss10();
+ }
+
+ if (wss.isMustSupportRefKeyIdentifier()) {
+ secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ } else if (wss.isMustSupportRefIssuerSerial()) {
+ secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+ } else if (wss instanceof Wss11
+ && ((Wss11) wss).isMustSupportRefThumbprint()) {
+ secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ }
+ }
+
+ } else {
+ secBase.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ }
+ }
+
+ private static X509Certificate getReqSigCert(Vector results) {
+ /*
+ * Scan the results for a matching actor. Use results only if the
+ * receiving Actor and the sending Actor match.
+ */
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+
+ Vector wsSecEngineResults = rResult.getResults();
+ /*
+ * Scan the results for the first Signature action. Use the
+ * certificate of this Signature to set the certificate for the
+ * encryption action :-).
+ */
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (actInt.intValue() == WSConstants.SIGN) {
+ return (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ }
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Scan through <code>WSHandlerResult<code> vector for a Username token and return
+ * the username if a Username Token found
+ * @param results
+ * @return
+ */
+
+ public static String getUsername(Vector results) {
+ /*
+ * Scan the results for a matching actor. Use results only if the
+ * receiving Actor and the sending Actor match.
+ */
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+
+ Vector wsSecEngineResults = rResult.getResults();
+ /*
+ * Scan the results for a username token. Use the username
+ * of this token to set the alias for the encryption user
+ */
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (actInt.intValue() == WSConstants.UT) {
+ WSUsernameTokenPrincipal principal = (WSUsernameTokenPrincipal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+ return principal.getName();
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public static String getRequestEncryptedKeyId(Vector results) {
+
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+
+ Vector wsSecEngineResults = rResult.getResults();
+ /*
+ * Scan the results for the first Signature action. Use the
+ * certificate of this Signature to set the certificate for the
+ * encryption action :-).
+ */
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ String encrKeyId = (String)wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID);
+ if (actInt.intValue() == WSConstants.ENCR &&
+ encrKeyId != null) {
+ return encrKeyId;
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public static byte[] getRequestEncryptedKeyValue(Vector results) {
+
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+
+ Vector wsSecEngineResults = rResult.getResults();
+ /*
+ * Scan the results for the first Signature action. Use the
+ * certificate of this Signature to set the certificate for the
+ * encryption action :-).
+ */
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ byte[] decryptedKey = (byte[])wser.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
+ if (actInt.intValue() == WSConstants.ENCR &&
+ decryptedKey != null) {
+ return decryptedKey;
+ }
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * If the child is present insert the element as a sibling after him.
+ *
+ * If the child is null, then prepend the element.
+ *
+ * @param rmd
+ * @param child
+ * @param elem - element mentioned above
+ * @return
+ */
+ public static Element insertSiblingAfterOrPrepend(RampartMessageData rmd, Element child, Element elem) {
+ Element retElem = null;
+ if(child != null){ // child is not null so insert sibling after
+ retElem = RampartUtil.insertSiblingAfter(rmd, child, elem);
+ }else{ //Prepend
+ retElem = prependSecHeader(rmd, elem);
+ }
+
+ return retElem;
+ }
+
+ public static Element insertSiblingBeforeOrPrepend(RampartMessageData rmd, Element child, Element elem) {
+ Element retElem = null;
+ if(child != null && child.getPreviousSibling() != null){
+ retElem = RampartUtil.insertSiblingBefore(rmd, child, elem);
+ }else{ //Prepend
+ retElem = prependSecHeader(rmd, elem);
+ }
+
+ return retElem;
+ }
+
+ private static Element prependSecHeader(RampartMessageData rmd, Element elem){
+ Element retElem = null;
+
+ Element secHeaderElem = rmd.getSecHeader().getSecurityHeader();
+ Node node = secHeaderElem.getOwnerDocument().importNode(
+ elem, true);
+ Element firstElem = (Element)secHeaderElem.getFirstChild();
+
+ if(firstElem == null){
+ retElem = (Element)secHeaderElem.appendChild(node);
+ }else{
+ if(firstElem.getOwnerDocument().equals(elem.getOwnerDocument())) {
+ ((OMElement)firstElem).insertSiblingBefore((OMElement)elem);
+ retElem = elem;
+ } else {
+ Element newSib = (Element)firstElem.getOwnerDocument().importNode(elem, true);
+ ((OMElement)firstElem).insertSiblingBefore((OMElement)newSib);
+ retElem = newSib;
+ }
+ }
+
+ return retElem;
+ }
+
+ /**
+ * Method to check whether security header is required in incoming message
+ * @param rpd
+ * @return true if a security header is required in the incoming message
+ */
+ public static boolean isSecHeaderRequired(RampartPolicyData rpd, boolean initiator,
+ boolean inflow ) {
+
+ // Checking for time stamp
+ if ( rpd.isIncludeTimestamp() ) {
+ return true;
+ }
+
+ // Checking for signed parts and elements
+ if (rpd.isSignBody() || rpd.getSignedParts().size() != 0 ||
+ rpd.getSignedElements().size() != 0) {
+ return true;
+ }
+
+ // Checking for encrypted parts and elements
+ if (rpd.isEncryptBody() || rpd.getEncryptedParts().size() != 0 ||
+ rpd.getEncryptedElements().size() != 0 ) {
+ return true;
+ }
+
+ // Checking for supporting tokens
+ SupportingToken supportingTokens;
+
+ if (!initiator && inflow || initiator && !inflow ) {
+
+ Vector supportingToks = rpd.getSupportingTokensList();
+ for (int i = 0; i < supportingToks.size(); i++) {
+ supportingTokens = (SupportingToken) supportingToks.get(i);
+ if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ return true;
+ }
+ }
+
+ supportingTokens = rpd.getSignedSupportingTokens();
+ if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ return true;
+ }
+
+ supportingTokens = rpd.getEndorsingSupportingTokens();
+ if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ return true;
+ }
+
+ supportingTokens = rpd.getSignedEndorsingSupportingTokens();
+ if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ return true;
+ }
+
+ }
+
+ return false;
+
+ }
+
+ public static void handleEncryptedSignedHeaders(Vector encryptedParts, Vector signedParts, Document doc) {
+
+ //TODO Is there a more efficient way to do this ? better search algorithm
+ for (int i = 0 ; i < signedParts.size() ; i++) {
+ WSEncryptionPart signedPart = (WSEncryptionPart)signedParts.get(i);
+
+ //This signed part is not a header
+ if (signedPart.getNamespace() == null || signedPart.getName() == null) {
+ continue;
+ }
+
+ for (int j = 0 ; j < encryptedParts.size() ; j ++) {
+ WSEncryptionPart encryptedPart = (WSEncryptionPart) encryptedParts.get(j);
+
+ if (encryptedPart.getNamespace() == null || encryptedPart.getName() == null ) {
+ continue;
+ }
+
+ if (signedPart.getName().equals(encryptedPart.getName()) &&
+ signedPart.getNamespace().equals(encryptedPart.getNamespace())) {
+
+ String encDataID = encryptedPart.getEncId();
+ Element encDataElem = WSSecurityUtil.findElementById(doc.getDocumentElement(), encDataID, null);
+
+ if (encDataElem != null) {
+ Element encHeader = (Element)encDataElem.getParentNode();
+ String encHeaderId = encHeader.getAttributeNS(WSConstants.WSU_NS, "Id");
+
+ //For some reason the id might not be available
+ // so the part/element with empty/null id won't be recognized afterwards.
+ if (encHeaderId != null && !"".equals(encHeaderId.trim())) {
+ signedParts.remove(signedPart);
+ WSEncryptionPart encHeaderToSign = new WSEncryptionPart(encHeaderId);
+ signedParts.add(encHeaderToSign);
+ }
+
+ }
+ }
+ }
+
+
+ }
+
+ }
+
+ public static String getSigElementId(RampartMessageData rmd) {
+
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+
+ SOAPHeader header = envelope.getHeader();
+
+ if (header == null ) {
+ return null;
+ }
+
+ ArrayList secHeaders = header.getHeaderBlocksWithNSURI(WSConstants.WSSE_NS);
+
+ if (secHeaders != null && secHeaders.size() > 0) {
+ QName sigQName = new QName(Constants.SignatureSpecNS,Constants._TAG_SIGNATURE);
+ QName wsuIdQName = new QName(WSConstants.WSU_NS,"Id");
+ OMElement sigElem = ((SOAPHeaderBlock)secHeaders.get(0)).getFirstChildWithName(sigQName);
+ OMAttribute wsuId = sigElem.getAttribute(wsuIdQName);
+
+ if (wsuId != null) {
+ return wsuId.getAttributeValue();
+ }
+
+ wsuId = sigElem.getAttribute(new QName("Id"));
+
+ if (wsuId != null) {
+ return wsuId.getAttributeValue();
+ }
+
+
+ }
+
+ return null;
+ }
+
+ /**
+ * We use this method to prevent the singleton behavior of WSSConfig
+ * @return WSSConfig object with the latest settings.
+ */
+
+ public static WSSConfig getWSSConfigInstance() {
+
+ WSSConfig defaultWssConfig = WSSConfig.getDefaultWSConfig();
+ WSSConfig wssConfig = WSSConfig.getNewInstance();
+
+ wssConfig.setEnableSignatureConfirmation(defaultWssConfig.isEnableSignatureConfirmation());
+ wssConfig.setTimeStampStrict(defaultWssConfig.isTimeStampStrict());
+ wssConfig.setWsiBSPCompliant(defaultWssConfig.isWsiBSPCompliant());
+ wssConfig.setPrecisionInMilliSeconds(defaultWssConfig.isPrecisionInMilliSeconds());
+
+ return wssConfig;
+
+ }
+
+ public static void validateTransport(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if (rpd == null) {
+ return;
+ }
+
+ if (rpd.isTransportBinding() && !rmd.isInitiator()) {
+ if (rpd.getTransportToken() instanceof HttpsToken) {
+ String incomingTransport = rmd.getMsgContext().getIncomingTransportName();
+ if (!incomingTransport.equals(org.apache.axis2.Constants.TRANSPORT_HTTPS)) {
+ throw new RampartException("invalidTransport",
+ new String[]{incomingTransport});
+ }
+ if (((HttpsToken) rpd.getTransportToken()).isRequireClientCertificate()) {
+
+ MessageContext messageContext = rmd.getMsgContext();
+ HttpServletRequest request = ((HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST));
+ if (request == null || request.getAttribute("javax.servlet.request.X509Certificate") == null) {
+ throw new RampartException("clientAuthRequired");
+ }
+ }
+
+ }
+ }
+ }
+
+ private static Crypto retrieveCrytpoFromCache(String cryptoKey, String refreshInterval) {
+ // cache hit
+ if (cryptoStore.containsKey(cryptoKey)) {
+ CachedCrypto cachedCrypto = (CachedCrypto) cryptoStore.get(cryptoKey);
+ if (refreshInterval != null) {
+ if (cachedCrypto.creationTime + new Long(refreshInterval).longValue() > Calendar
+ .getInstance().getTimeInMillis()) {
+ if (log.isDebugEnabled()) {
+ log.info("Cache Hit : Crypto Object was found in cache.");
+ }
+ return cachedCrypto.crypto;
+ } else {
+ if (log.isDebugEnabled()) {
+ log.info("Cache Miss : Crypto Object found in cache is expired.");
+ }
+ return null;
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.info("Cache Hit : Crypto Object was found in cache.");
+ }
+ return cachedCrypto.crypto;
+ }
+ }
+ // cache miss
+ else {
+ if (log.isDebugEnabled()) {
+ log.info("Cache Miss : Crypto Object was not found in cache.");
+ }
+ return null;
+ }
+ }
+
+ private static void cacheCrypto(String cryptoKey, Crypto crypto) {
+ cryptoStore.put(cryptoKey, new CachedCrypto(crypto, Calendar.getInstance()
+ .getTimeInMillis()));
+ if (log.isDebugEnabled()) {
+ log.info("Crypto object is inserted into the Cache.");
+ }
+
+ }
+
+
+}
\ No newline at end of file
diff --git a/1_5/modules/rampart-extensions/jpam-callback-handler/src/main/java/org/apache/rampart/extensions/jpam/JPAMCallbackHandler.java b/1_5/modules/rampart-extensions/jpam-callback-handler/src/main/java/org/apache/rampart/extensions/jpam/JPAMCallbackHandler.java
new file mode 100644
index 0000000..f42ca7b
--- /dev/null
+++ b/1_5/modules/rampart-extensions/jpam-callback-handler/src/main/java/org/apache/rampart/extensions/jpam/JPAMCallbackHandler.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+import net.sf.jpam.Pam;
+import net.sf.jpam.PamReturnValue;
+
+public class JPAMCallbackHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ // When the server side need to authenticate the user
+ WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
+ if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ Pam pam = new Pam();
+ PamReturnValue ret = pam.authenticate(pwcb.getIdentifer(), pwcb
+ .getPassword());
+ if (ret.equals(PamReturnValue.PAM_SUCCESS)) {
+ return;
+ } else {
+ throw new IOException("check failed");
+ }
+
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/pom.xml b/1_5/modules/rampart-integration/pom.xml
new file mode 100644
index 0000000..f974112
--- /dev/null
+++ b/1_5/modules/rampart-integration/pom.xml
@@ -0,0 +1,812 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.5</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-integration</artifactId>
+ <packaging>jar</packaging>
+ <version>1.5</version>
+ <name>Rampart - Integration</name>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>copy-mars</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>copy</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart</artifactId>
+ <version>${rampart.mar.version}</version>
+ <type>mar</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/artifacts</outputDirectory>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rahas</artifactId>
+ <version>${rahas.mar.version}</version>
+ <type>mar</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/artifacts</outputDirectory>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>addressing</artifactId>
+ <version>${addressing.mar.version}</version>
+ <type>mar</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/artifacts</outputDirectory>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <version>1.1</version>
+ <executions>
+ <execution>
+ <id>generate-source</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ <configuration>
+ <tasks>
+ <java classname="org.apache.axis2.wsdl.WSDL2Java" fork="true">
+ <arg line="-uri src/main/resources/ping/ping.wsdl -ss -o target/generated-code -p org.apache.axis2.oasis.ping -d xmlbeans -g"/>
+ <classpath refid="maven.dependency.classpath"/>
+ <classpath refid="maven.compile.classpath"/>
+ <classpath refid="maven.runtime.classpath"/>
+ </java>
+ <!-- copy the service impl -->
+ <copy file="src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java"
+ tofile="target/generated-code/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java"
+ overwrite="yes"/>
+ <!-- Password callback class for the interop service -->
+ <copy file="src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java"
+ tofile="target/generated-code/src/org/apache/axis2/security/PWCallback.java"
+ overwrite="yes"/>
+ <!-- Interop client -->
+ <copy file="src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java"
+ tofile="target/generated-code/src/org/apache/axis2/security/InteropScenarioClient.java"
+ overwrite="yes"/>
+
+ <copy todir="target/test-classes">
+ <fileset dir="target/generated-code/resources">
+ <include name="**/*"/>
+ </fileset>
+ </copy>
+
+
+ <javac srcdir="target/generated-code" destdir="target/classes" fork="true">
+ <classpath refid="maven.dependency.classpath"/>
+ <classpath refid="maven.compile.classpath"/>
+ <classpath refid="maven.runtime.classpath"/>
+ </javac>
+
+ </tasks>
+ </configuration>
+ </execution>
+ <execution>
+ <id>create-test-resources</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <property name="addressing.mar" value="addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-classes/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-classes/modules/rampart-${rampart.mar.version}.mar"/>
+
+ <mkdir dir="target/temp-ramp"/>
+ <mkdir dir="target/temp-ramp/META-INF"/>
+
+ <copy overwrite="yes"
+ file="target/classes/org/apache/rampart/Service.class"
+ tofile="target/temp-ramp/org/apache/rampart/Service.class"/>
+ <copy overwrite="yes"
+ file="target/classes/org/apache/rampart/PWCallback.class"
+ tofile="target/temp-ramp/org/apache/rampart/PWCallback.class"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/store.jks"
+ tofile="target/temp-ramp/store.jks"/>
+ <!--path id="ramp.client.props" location="test-resources/rampart"/-->
+ <!--maven:addPath id="maven.dependency.classpath" refid="ramp.client.props" -->
+ <mkdir dir="target/test-resources/rampart_client_repo"/>
+ <mkdir dir="target/test-resources/rampart_client_repo/conf"/>
+ <mkdir dir="target/test-resources/rampart_client_repo/modules"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/rampart_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
+ tofile="target/test-resources/rampart_client_repo/modules/rahas-${rahas.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/rampart_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <mkdir dir="target/test-resources/rampart_service_repo"/>
+ <mkdir dir="target/test-resources/rampart_service_repo/conf"/>
+ <mkdir dir="target/test-resources/rampart_service_repo/services"/>
+ <mkdir dir="target/test-resources/rampart_service_repo/modules"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/rampart_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
+ tofile="target/test-resources/rampart_service_repo/modules/rahas-${rahas.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/rampart_service_repo/modules/addressing-${addressing.mar.version}.mar"/>
+
+ <!-- Service 1 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-1.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService1.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 2 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-2.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService2.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 3 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-3.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService3.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 4 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-4.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService4.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 5 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-5.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService5.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 6 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-6.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService6.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 7 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-7.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService7.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 8 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-8.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService8.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 9 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-9.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService9.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 10 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-10.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService10.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 11 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-11.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService11.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 12 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-12.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService12.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 13 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-13.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService13.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 14 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-14.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService14.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 15 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-15.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService15.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 16 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-16.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService16.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 17 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-17.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService17.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 18 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-18.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService18.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 19 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-19.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService19.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 20 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-20.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService20.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 21 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-21.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService21.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 22 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-22.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService22.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 23 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-23.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService23.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 24 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-24.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService24.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 25 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-25.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService25.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 26 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-26.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService26.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 27 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-27.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService27.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 28 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-28.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService28.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 29 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-29.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService29.aar"
+ basedir="target/temp-ramp"/>
+
+
+ <!-- Service SC-1 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/issuer.properties"
+ tofile="target/temp-ramp/issuer.properties"/>
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-sc-1.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC1.aar"
+ basedir="target/temp-ramp"/>
+
+ <!-- Service SC-2 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/issuer.properties"
+ tofile="target/temp-ramp/issuer.properties"/>
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-sc-2.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC2.aar"
+ basedir="target/temp-ramp"/>
+
+ <!-- Service SC-3 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/issuer.properties"
+ tofile="target/temp-ramp/issuer.properties"/>
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-sc-3.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC3.aar"
+ basedir="target/temp-ramp"/>
+
+ <!--
+ Set up the infra for rahas tests and the rahas client repo
+ -->
+ <mkdir dir="target/temp-rahas"/>
+ <mkdir dir="target/temp-rahas/META-INF"/>
+ <copy overwrite="yes"
+ file="target/classes/org/apache/rahas/Service.class"
+ tofile="target/temp-rahas/org/apache/rahas/Service.class"/>
+ <copy overwrite="yes"
+ file="target/classes/org/apache/rahas/PWCallback.class"
+ tofile="target/temp-rahas/org/apache/rahas/PWCallback.class"/>
+ <copy overwrite="yes" todir="target/temp-rahas">
+ <fileset dir="src/test/resources/rahas">
+ <include name="issuer.properties"/>
+ <include name="rahas-sts.jks"/>
+ </fileset>
+ </copy>
+ <!--path id="rahas.client.props" location="test-resources/rahas" -->
+ <!--addPath id="maven.dependency.classpath" refid="rahas.client.props"-->
+ <mkdir dir="target/test-resources/rahas_client_repo"/>
+ <mkdir dir="target/test-resources/rahas_client_repo/conf"/>
+ <mkdir dir="target/test-resources/rahas_client_repo/modules"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/rahas_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/rahas_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <!-- Rahas Test1: SAML Token test -->
+ <mkdir dir="target/test-resources/rahas_service_repo_1"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_1/conf"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_1/services"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_1/modules"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_1/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_1/modules/rahas-${rahas.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_1/modules/addressing-${addressing.mar.version}.mar"/>
+ <!-- copy the services.xml and create the aar -->
+ <copy overwrite="yes"
+ file="src/test/resources/rahas/s1-services.xml"
+ tofile="target/temp-rahas/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rahas_service_repo_1/services/SecureService.aar"
+ basedir="target/temp-rahas"/>
+ <!-- Rahas Test1: SAML Token test : END -->
+ <!--
+ Rahas Test 3 & 4: RahasSAMLTokenUTForHoKTest and RahasSAMLTokenUTForHoKV1205Test
+ -->
+ <mkdir dir="target/test-resources/rahas_service_repo_3"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_3/conf"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_3/services"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_3/modules"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_3/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_3/modules/rahas-${rahas.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_3/modules/addressing-${addressing.mar.version}.mar"/>
+ <!-- copy the services.xml and create the aar -->
+ <copy overwrite="yes"
+ file="src/test/resources/rahas/s3-services.xml"
+ tofile="target/temp-rahas/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rahas_service_repo_3/services/SecureService.aar"
+ basedir="target/temp-rahas"/>
+ <!--
+ Rahas Test 3 & 4: RahasSAMLTokenUTForHoKTest and RahasSAMLTokenUTForHoKV1205Test : END
+ -->
+ <mkdir dir="target/test-resources/default_security_client_repo"/>
+ <mkdir dir="target/test-resources/default_security_client_repo/conf"/>
+ <mkdir dir="target/test-resources/default_security_client_repo/modules"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/default_security_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/default_security_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="src/test/resources/conf/axis2.xml"
+ tofile="target/test-resources/default_security_client_repo/conf/axis2.xml"/>
+ <!--
+ RahasSAMLTokenAttributeTest
+ -->
+ <mkdir dir="target/test-resources/rahas_service_repo_5"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_5/conf"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_5/services"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_5/modules"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_5/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_5/modules/rahas-${rahas.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_5/modules/addressing-${addressing.mar.version}.mar"/>
+ <!-- copy the services.xml and create the aar -->
+ <copy overwrite="yes"
+ file="src/test/resources/rahas/s5-services.xml"
+ tofile="target/temp-rahas/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rahas_service_repo_5/services/SecureService.aar"
+ basedir="target/temp-rahas"/>
+
+ <!--RahasAttributeTest END-->
+ <!-- Scenario 1 -->
+ <mkdir dir="target/test-resources/scenario1_client_repo"/>
+ <mkdir dir="target/test-resources/scenario1_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario1_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario1_client_repo/services"/>
+ <mkdir dir="target/test-resources/scenario1_service_repo"/>
+ <mkdir dir="target/test-resources/scenario1_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario1_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario1_service_repo/modules"/>
+ <!-- setup scenario 1 client repository-->
+ <copy file="src/test/resources/security/s1.client.axis2.xml"
+ tofile="target/test-resources/scenario1_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario1_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <!-- setup scenario 1 service repository-->
+ <copy file="src/test/resources/security/s1.service.axis2.xml"
+ tofile="target/test-resources/scenario1_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario1_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+
+ <mkdir dir="target/temp-interop/META-INF"/>
+
+ <!-- Create the .aar file -->
+ <copy file="src/test/resources/security/s1.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario1_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+ <!-- Scenario 2 - Setup the client and service repos -->
+ <mkdir dir="target/test-resources/scenario2_client_repo"/>
+ <mkdir dir="target/test-resources/scenario2_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario2_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario2_service_repo"/>
+ <mkdir dir="target/test-resources/scenario2_service_repo/ conf"/>
+ <mkdir dir="target/test-resources/scenario2_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario2_service_repo/modules"/>
+ <copy file="src/test/resources/security/s2.client.axis2.xml"
+ tofile="target/test-resources/scenario2_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario2_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s2.service.axis2.xml"
+ tofile="target/test-resources/scenario2_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario2_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s2.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario2_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 2a - set up repos -->
+ <mkdir dir="target/test-resources/scenario2a_client_repo"/>
+ <mkdir dir="target/test-resources/scenario2a_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario2a_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario2a_service_repo"/>
+ <mkdir dir="target/test-resources/scenario2a_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario2a_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario2a_service_repo/modules"/>
+ <copy file="src/test/resources/security/s2a.client.axis2.xml"
+ tofile="target/test-resources/scenario2a_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario2a_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s2a.service.axis2.xml"
+ tofile="target/test-resources/scenario2a_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario2a_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s2a.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario2a_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+ <!-- Scenario 3 -->
+ <mkdir dir="target/test-resources/scenario3_client_repo"/>
+ <mkdir dir="target/test-resources/scenario3_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario3_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario3_service_repo"/>
+ <mkdir dir="target/test-resources/scenario3_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario3_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario3_service_repo/modules"/>
+ <copy file="src/test/resources/security/s3.client.axis2.xml"
+ tofile="target/test-resources/scenario3_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario3_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s3.service.axis2.xml"
+ tofile="target/test-resources/scenario3_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario3_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s3.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario3_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 4 -->
+ <mkdir dir="target/test-resources/scenario4_client_repo"/>
+ <mkdir dir="target/test-resources/scenario4_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario4_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario4_service_repo"/>
+ <mkdir dir="target/test-resources/scenario4_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario4_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario4_service_repo/modules"/>
+ <copy file="src/test/resources/security/s4.client.axis2.xml"
+ tofile="target/test-resources/scenario4_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario4_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s4.service.axis2.xml"
+ tofile="target/test-resources/scenario4_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario4_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s4.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario4_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 5 -->
+ <mkdir dir="target/test-resources/scenario5_client_repo"/>
+ <mkdir dir="target/test-resources/scenario5_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario5_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario5_service_repo"/>
+ <mkdir dir="target/test-resources/scenario5_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario5_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario5_service_repo/modules"/>
+ <copy file="src/test/resources/security/s5.client.axis2.xml"
+ tofile="target/test-resources/scenario5_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario5_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s5.service.axis2.xml"
+ tofile="target/test-resources/scenario5_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario5_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s5.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario5_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 6 -->
+ <mkdir dir="target/test-resources/scenario6_client_repo"/>
+ <mkdir dir="target/test-resources/scenario6_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario6_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario6_service_repo"/>
+ <mkdir dir="target/test-resources/scenario6_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario6_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario6_service_repo/modules"/>
+ <copy file="src/test/resources/security/s6.client.axis2.xml"
+ tofile="target/test-resources/scenario6_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario6_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s6.service.axis2.xml"
+ tofile="target/test-resources/scenario6_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario6_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s6.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario6_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 7 -->
+ <mkdir dir="target/test-resources/scenario7_client_repo"/>
+ <mkdir dir="target/test-resources/scenario7_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario7_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario7_service_repo"/>
+ <mkdir dir="target/test-resources/scenario7_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario7_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario7_service_repo/modules"/>
+ <copy file="src/test/resources/security/s7.client.axis2.xml"
+ tofile="target/test-resources/scenario7_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario7_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s7.service.axis2.xml"
+ tofile="target/test-resources/scenario7_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario7_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s7.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario7_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario ST1 -->
+ <mkdir dir="target/test-resources/scenarioST1_client_repo"/>
+ <mkdir dir="target/test-resources/scenarioST1_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenarioST1_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenarioST1_service_repo"/>
+ <mkdir dir="target/test-resources/scenarioST1_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenarioST1_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenarioST1_service_repo/modules"/>
+ <copy file="src/test/resources/security/sST1.client.axis2.xml"
+ tofile="target/test-resources/scenarioST1_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenarioST1_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/sST1.service.axis2.xml"
+ tofile="target/test-resources/scenarioST1_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenarioST1_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/sST1.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenarioST1_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- MTOM Optimized Security Test -->
+ <mkdir dir="target/test-resources/mtom_sec_client_repo"/>
+ <mkdir dir="target/test-resources/mtom_sec_client_repo/conf"/>
+ <mkdir dir="target/test-resources/mtom_sec_client_repo/modules"/>
+ <mkdir dir="target/test-resources/mtom_sec_service_repo"/>
+ <mkdir dir="target/test-resources/mtom_sec_service_repo/conf"/>
+ <mkdir dir="target/test-resources/mtom_sec_service_repo/services"/>
+ <mkdir dir="target/test-resources/mtom_sec_service_repo/modules"/>
+ <copy file="src/test/resources/security/secMtom.client.axis2.xml"
+ tofile="target/test-resources/mtom_sec_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/mtom_sec_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/secMtom.service.axis2.xml"
+ tofile="target/test-resources/mtom_sec_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/mtom_sec_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/secMtom.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/mtom_sec_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Test with addressing and MTOM -->
+ <mkdir dir="target/test-resources/complete_client_repo"/>
+ <mkdir dir="target/test-resources/complete_client_repo/conf"/>
+ <mkdir dir="target/test-resources/complete_client_repo/modules"/>
+ <mkdir dir="target/test-resources/complete_service_repo"/>
+ <mkdir dir="target/test-resources/complete_service_repo/conf"/>
+ <mkdir dir="target/test-resources/complete_service_repo/services"/>
+ <mkdir dir="target/test-resources/complete_service_repo/modules"/>
+ <!-- Test with addressing and MTOM client repository-->
+ <copy file="src/test/resources/security/complete.client.axis2.xml"
+ tofile="target/test-resources/complete_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/complete_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/complete_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <!-- Test with addressing and MTOMservice repository-->
+ <copy file="src/test/resources/security/complete.service.axis2.xml"
+ tofile="target/test-resources/complete_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/complete_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/complete_service_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="src/test/resources/security/complete.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <!-- Create the .aar file -->
+ <jar jarfile="target/test-resources/complete_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <!--plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>add-test-source</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>add-test-source</goal>
+ </goals>
+ <configuration>
+ <sources>
+ <source>target/generated-code/resources</source>
+ </sources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin-->
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-core</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-transport-http</artifactId>
+ <version>${axis2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-transport-tcp</artifactId>
+ <version>${axis2.transport.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-transport-local</artifactId>
+ <version>${axis2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-codegen</artifactId>
+ <version>${axis2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-xmlbeans</artifactId>
+ <version>${axis2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-adb-codegen</artifactId>
+ <version>${axis2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent"/>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
diff --git a/1_5/modules/rampart-integration/src/main/java/org/apache/axis2/integration/TestingUtils.java b/1_5/modules/rampart-integration/src/main/java/org/apache/axis2/integration/TestingUtils.java
new file mode 100644
index 0000000..31732ac
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/java/org/apache/axis2/integration/TestingUtils.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.integration;
+
+import junit.framework.TestCase;
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+
+public class TestingUtils {
+ public static OMElement createDummyOMElement() {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMNamespace omNs = fac.createOMNamespace("http://org.apache.axis2/xsd", "ns1");
+ OMElement method = fac.createOMElement("echoOM", omNs);
+ OMElement value = fac.createOMElement("myValue", omNs);
+ value.addChild(
+ fac.createOMText(value, "Isaac Asimov, The Foundation Trilogy"));
+ method.addChild(value);
+ return method;
+ }
+
+ public static OMElement createDummyOMElement(String nameSpace) {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMNamespace omNs = fac.createOMNamespace(nameSpace, "ns1");
+ OMElement method = fac.createOMElement("echoOM", omNs);
+ OMElement value = fac.createOMElement("myValue", omNs);
+ value.addChild(
+ fac.createOMText(value, "Isaac Asimov, The Foundation Trilogy"));
+ method.addChild(value);
+ return method;
+ }
+
+
+ public static void campareWithCreatedOMElement(OMElement element) {
+ OMElement firstChild = element.getFirstElement();
+ TestCase.assertNotNull(firstChild);
+ String textValue = firstChild.getText();
+ TestCase.assertEquals(textValue, "Isaac Asimov, The Foundation Trilogy");
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServer.java b/1_5/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServer.java
new file mode 100644
index 0000000..40fbe74
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServer.java
@@ -0,0 +1,244 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.integration;
+
+import junit.framework.TestCase;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.context.ServiceContext;
+import org.apache.axis2.context.ServiceGroupContext;
+import org.apache.axis2.deployment.DeploymentEngine;
+import org.apache.axis2.description.AxisModule;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.AxisServiceGroup;
+import org.apache.axis2.description.TransportInDescription;
+import org.apache.axis2.engine.ListenerManager;
+import org.apache.axis2.transport.http.SimpleHTTPServer;
+
+import javax.xml.namespace.QName;
+import java.io.File;
+import java.io.FilenameFilter;
+
+public class UtilServer {
+ private static int count = 0;
+
+ private static SimpleHTTPServer receiver;
+
+ public static final int TESTING_PORT = 5555;
+
+ public static final String FAILURE_MESSAGE = "Intentional Failure";
+
+
+ public static synchronized void deployService(AxisService service)
+ throws AxisFault {
+ receiver.getConfigurationContext().getAxisConfiguration().addService(
+ service);
+ }
+
+ public static synchronized void unDeployService(QName service)
+ throws AxisFault {
+ receiver.getConfigurationContext().getAxisConfiguration()
+ .removeService(service.getLocalPart());
+ }
+
+ public static synchronized void unDeployClientService() throws AxisFault {
+ if (receiver.getConfigurationContext().getAxisConfiguration() != null) {
+ receiver.getConfigurationContext().getAxisConfiguration()
+ .removeService("AnonymousService");
+ }
+ }
+
+ public static synchronized void start() throws Exception {
+ start(org.apache.axis2.Constants.TESTING_REPOSITORY);
+ }
+
+ public static synchronized void start(String repository) throws Exception {
+ if (count == 0) {
+ ConfigurationContext er = getNewConfigurationContext(repository);
+
+ receiver = new SimpleHTTPServer(er, TESTING_PORT);
+
+ try {
+ receiver.start();
+ ListenerManager listenerManager = er.getListenerManager();
+ TransportInDescription trsIn = new TransportInDescription(
+ Constants.TRANSPORT_HTTP);
+ trsIn.setReceiver(receiver);
+ if (listenerManager == null) {
+ listenerManager = new ListenerManager();
+ listenerManager.init(er);
+ }
+ listenerManager.addListener(trsIn, true);
+ System.out.print("Server started on port "
+ + TESTING_PORT + ".....");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ try {
+ Thread.sleep(2000);
+ } catch (InterruptedException e1) {
+ throw new AxisFault("Thread interuptted", e1);
+ }
+
+
+ count++;
+ }
+
+ public static synchronized void start(String repository, String axis2xml) throws Exception {
+ if (count == 0) {
+ ConfigurationContext er = getNewConfigurationContext(repository, axis2xml);
+
+ receiver = new SimpleHTTPServer(er, TESTING_PORT);
+
+ try {
+ receiver.start();
+ System.out.print("Server started on port "
+ + TESTING_PORT + ".....");
+ } catch (Exception e) {
+ throw new AxisFault(e.getMessage(), e);
+ }
+
+ try {
+ Thread.sleep(2000);
+ } catch (InterruptedException e1) {
+ throw new AxisFault("Thread interuptted", e1);
+ }
+
+ }
+ count++;
+ }
+
+ public static ConfigurationContext getNewConfigurationContext(
+ String repository) throws Exception {
+ File file = new File(repository);
+ if (!file.exists()) {
+ throw new Exception("repository directory "
+ + file.getAbsolutePath() + " does not exists");
+ }
+ return ConfigurationContextFactory.createConfigurationContextFromFileSystem(file.getAbsolutePath(),
+ file.getAbsolutePath() + "/conf/axis2.xml");
+ }
+
+ public static ConfigurationContext getNewConfigurationContext(
+ String repository, String axis2xml) throws Exception {
+ File file = new File(repository);
+ if (!file.exists()) {
+ throw new Exception("repository directory "
+ + file.getAbsolutePath() + " does not exists");
+ }
+ return ConfigurationContextFactory.createConfigurationContextFromFileSystem(file.getAbsolutePath(),
+ axis2xml);
+ }
+
+ public static synchronized void stop() throws AxisFault {
+ if (count == 1) {
+ receiver.stop();
+ while (receiver.isRunning()) {
+ try {
+ Thread.sleep(1000);
+ } catch (InterruptedException e1) {
+ //nothing to do here
+ }
+ }
+ count = 0;
+// tp.doStop();
+ System.out.print("Server stopped .....");
+ } else {
+ count--;
+ }
+ receiver.getConfigurationContext().terminate();
+ }
+
+ public static ConfigurationContext getConfigurationContext() {
+ return receiver.getConfigurationContext();
+ }
+
+ public static ServiceContext createAdressedEnabledClientSide(
+ AxisService service) throws AxisFault {
+ File file = getAddressingMARFile();
+ TestCase.assertTrue(file.exists());
+ ConfigurationContext configContext = ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(
+ "target/test-resources/integrationRepo", null);
+ AxisModule axisModule = DeploymentEngine.buildModule(file,
+ configContext.getAxisConfiguration());
+ configContext.getAxisConfiguration().addModule(axisModule);
+
+ configContext.getAxisConfiguration().addService(service);
+
+ return new ServiceGroupContext(configContext, (AxisServiceGroup) service.getParent())
+ .getServiceContext(service);
+ }
+
+ static class AddressingFilter implements FilenameFilter {
+ public boolean accept(File dir, String name) {
+ return name.startsWith("addressing") && name.endsWith(".mar");
+ }
+ }
+
+ private static File getAddressingMARFile() {
+ File dir = new File(org.apache.axis2.Constants.TESTING_REPOSITORY + "/modules");
+ File[] files = dir.listFiles(new AddressingFilter());
+ TestCase.assertTrue(files.length == 1);
+ File file = files[0];
+ TestCase.assertTrue(file.exists());
+ return file;
+ }
+
+ public static ConfigurationContext createClientConfigurationContext() throws AxisFault {
+ File file = getAddressingMARFile();
+ TestCase.assertTrue(file.exists());
+
+ ConfigurationContext configContext = ConfigurationContextFactory .createConfigurationContextFromFileSystem(
+ "target/test-resources/integrationRepo",
+ "target/test-resources/integrationRepo/conf/axis2.xml");
+ AxisModule axisModule = DeploymentEngine.buildModule(file,
+ configContext.getAxisConfiguration());
+ configContext.getAxisConfiguration().addModule(axisModule);
+ return configContext;
+ }
+
+ public static ConfigurationContext createClientConfigurationContext(String repo) throws AxisFault {
+ return ConfigurationContextFactory .createConfigurationContextFromFileSystem(
+ repo,
+ repo + "/conf/axis2.xml");
+ }
+
+ public static ServiceContext createAdressedEnabledClientSide(
+ AxisService service, String clientHome) throws AxisFault {
+ File file = getAddressingMARFile();
+ TestCase.assertTrue(file.exists());
+
+ ConfigurationContext configContext = ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(clientHome, null);
+ AxisModule axisModule = DeploymentEngine.buildModule(file,
+ configContext.getAxisConfiguration());
+
+ configContext.getAxisConfiguration().addModule(axisModule);
+// sysContext.getAxisConfiguration().engageModule(moduleDesc.getName());
+
+ configContext.getAxisConfiguration().addService(service);
+
+ return new ServiceGroupContext(configContext, (AxisServiceGroup) service.getParent())
+ .getServiceContext(service);
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServerBasedTestCase.java b/1_5/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServerBasedTestCase.java
new file mode 100644
index 0000000..248ec07
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServerBasedTestCase.java
@@ -0,0 +1,68 @@
+/*
+* Copyright 2004-2006 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package org.apache.axis2.integration;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestCase;
+
+public class UtilServerBasedTestCase extends TestCase {
+
+ public UtilServerBasedTestCase() {
+ super(UtilServerBasedTestCase.class.getName());
+ }
+
+ public UtilServerBasedTestCase(java.lang.String string) {
+ super(string);
+ }
+
+ protected static Test getTestSetup(Test test) {
+ return new TestSetup(test) {
+ public void setUp() throws Exception {
+ UtilServer.start();
+ }
+
+ public void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+ };
+ }
+
+ protected static Test getTestSetup2(Test test, final String param) {
+ return new TestSetup(test) {
+ public void setUp() throws Exception {
+ UtilServer.start(param);
+ }
+
+ public void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+ };
+ }
+
+ protected static Test getTestSetup3(Test test, final String param1, final String param2) {
+ return new TestSetup(test) {
+ public void setUp() throws Exception {
+ UtilServer.start(param1, param2);
+ }
+
+ public void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+ };
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java b/1_5/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java
new file mode 100644
index 0000000..3b70d20
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.integration;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.context.ServiceGroupContext;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.AxisServiceGroup;
+import org.apache.axis2.engine.ListenerManager;
+import org.apache.axis2.transport.tcp.TCPServer;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import javax.xml.namespace.QName;
+import java.io.File;
+
+public class UtilsTCPServer {
+ private static int count = 0;
+
+ private static TCPServer receiver;
+
+ public static final int TESTING_PORT = 5555;
+
+ public static final String FAILURE_MESSAGE = "Intentional Failure";
+
+ private static final Log log = LogFactory.getLog(UtilsTCPServer.class);
+
+ public static synchronized void deployService(AxisService service)
+ throws AxisFault {
+
+ receiver.getConfigurationContext().getAxisConfiguration().addService(service);
+ ServiceGroupContext serviceGroupContext = new ServiceGroupContext(
+ receiver.getConfigurationContext(), (AxisServiceGroup) service.getParent());
+ }
+
+ public static synchronized void unDeployService(QName service)
+ throws AxisFault {
+ receiver.getConfigurationContext().getAxisConfiguration().removeService(
+ service.getLocalPart());
+ }
+
+ public static synchronized void start() throws Exception {
+ if (count == 0) {
+
+ // start tcp server
+
+ File file = new File(org.apache.axis2.Constants.TESTING_REPOSITORY);
+ System.out.println(file.getAbsoluteFile());
+ if (!file.exists()) {
+ throw new Exception("Repository directory does not exist");
+ }
+
+ ConfigurationContext er = ConfigurationContextFactory.createConfigurationContextFromFileSystem(file
+ .getAbsolutePath(), file
+ .getAbsolutePath() + "/conf/axis2.xml");
+ try {
+ Thread.sleep(1000);
+ } catch (InterruptedException e1) {
+ throw new AxisFault("Thread interuptted", e1);
+ }
+ receiver = new TCPServer(UtilServer.TESTING_PORT, er);
+ receiver.start();
+
+ }
+ count++;
+ }
+
+ public static synchronized void stop() throws AxisFault {
+ try {
+ if (count == 1) {
+ receiver.stop();
+ count = 0;
+ System.out.print("Server stopped .....");
+ } else {
+ count--;
+ }
+ } catch (AxisFault e) {
+ log.error(e.getMessage(), e);
+ }
+ receiver.getConfigurationContext().terminate();
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/main/java/org/apache/rahas/PWCallback.java b/1_5/modules/rampart-integration/src/main/java/org/apache/rahas/PWCallback.java
new file mode 100755
index 0000000..6ec7792
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/java/org/apache/rahas/PWCallback.java
@@ -0,0 +1,195 @@
+package org.apache.rahas;
+/*
+* Copyright 2004,2005 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+
+
+/**
+
+ * Class PWCallback
+
+ */
+
+public class PWCallback implements CallbackHandler {
+
+
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if(pc.getIdentifer().equals("joe") && pc.getPassword().equals("eoj")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else if(pc.getIdentifer().equals("joe")) {
+
+ pc.setPassword("eoj");
+
+ } else if(pc.getIdentifer().equals("ip")) {
+
+ pc.setPassword("password");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/main/java/org/apache/rahas/Service.java b/1_5/modules/rampart-integration/src/main/java/org/apache/rahas/Service.java
new file mode 100644
index 0000000..bce2f98
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/java/org/apache/rahas/Service.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+import org.apache.axiom.om.OMElement;
+
+public class Service {
+
+ public OMElement echo(OMElement elem) {
+ elem.build();
+ elem.detach();
+ System.out.println("Service invoked");
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java b/1_5/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java
new file mode 100644
index 0000000..3fdb63c
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java
@@ -0,0 +1,186 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.integration.UtilServer;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import javax.xml.namespace.QName;
+
+import junit.framework.TestCase;
+
+public abstract class TestClient extends TestCase {
+
+ protected int port = UtilServer.TESTING_PORT;
+
+ public TestClient(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ UtilServer.start(Constants.TESTING_PATH + getServiceRepo(), null);
+ }
+
+ protected void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+
+ /**
+ */
+ public void testRequest() {
+ try {
+
+ // Get the repository location from the args
+ String repo = Constants.TESTING_PATH + "rahas_client_repo";
+
+ ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
+ null);
+ ServiceClient serviceClient = new ServiceClient(configContext, null);
+ Options options = new Options();
+
+ System.setProperty("javax.net.ssl.keyStorePassword", "password");
+ System.setProperty("javax.net.ssl.keyStoreType", "JKS");
+ System.setProperty("javax.net.ssl.trustStore", "/home/ruchith/Desktop/interop/certs/interop2.jks");
+ System.setProperty("javax.net.ssl.trustStorePassword", "password");
+ System.setProperty("javax.net.ssl.trustStoreType","JKS");
+
+ options.setTo(new EndpointReference("http://127.0.0.1:" + port + "/axis2/services/SecureService"));
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/axis2/services/UTSAMLHoK"));
+// options.setTo(new EndpointReference("https://www-lk.wso2.com:8443/axis2/services/UTSAMLHoK"));
+// options.setTo(new EndpointReference("https://192.18.49.133:2343/jaxws-s1-sts/sts"));
+// options.setTo(new EndpointReference("https://207.200.37.116/SxSts/Scenario_1_IssuedTokenOverTransport_UsernameOverTransport"));
+// options.setTo(new EndpointReference("http://localhost:9090/SxSts/Scenario_4_IssuedToken_MutualCertificate10"));
+
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/axis2/services/MutualCertsSAMLHoK"));
+// options.setTo(new EndpointReference("http://www-lk.wso2.com:8888/axis2/services/MutualCertsSAMLHoK"));
+// options.setTo(new EndpointReference("https://131.107.72.15/trust/Addressing2004/UserName"));
+// options.setTo(new EndpointReference("https://131.107.72.15/trust/UserName"));
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/trust/X509WSS10"));
+// options.setTo(new EndpointReference("https://131.107.72.15/trust/UserName"));
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/jaxws-s4-sts/sts"));
+// options.setTo(new EndpointReference("http://127.0.0.1:9090/jaxws-s4/simple"));
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/axis2/services/UTSAMLBearer"));
+
+ options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
+ options.setAction(this.getRequestAction());
+// options.setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.getWSANamespace());
+
+ options.setTimeOutInMilliSeconds(200 * 1000);
+ OutflowConfiguration clientOutflowConfiguration = getClientOutflowConfiguration();
+ if (clientOutflowConfiguration != null) {
+ configContext.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, clientOutflowConfiguration.getProperty());
+ }
+ InflowConfiguration clientInflowConfiguration = getClientInflowConfiguration();
+ if (clientInflowConfiguration != null) {
+ configContext.setProperty(WSSHandlerConstants.INFLOW_SECURITY, clientInflowConfiguration.getProperty());
+ }
+
+ serviceClient.engageModule(new QName("addressing"));
+ serviceClient.engageModule(new QName("rampart"));
+
+ serviceClient.setOptions(options);
+
+ //Blocking invocation
+
+ OMElement result = serviceClient.sendReceive(getRequest());
+
+ this.validateRsponse(result);
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ protected String getWSANamespace() {
+ return AddressingConstants.Submission.WSA_NAMESPACE;
+ }
+
+ public abstract OMElement getRequest();
+
+ public abstract OutflowConfiguration getClientOutflowConfiguration();
+
+ public abstract InflowConfiguration getClientInflowConfiguration();
+
+ public abstract String getServiceRepo();
+
+ public abstract String getRequestAction() throws TrustException;
+
+ public abstract void validateRsponse(OMElement resp);
+
+//
+// /**
+// * This test will use WS-SecPolicy
+// */
+// public void testWithStsClient() {
+//
+// // Get the repository location from the args
+// String repo = Constants.TESTING_PATH + "rahas_client_repo";
+//
+// try {
+// ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
+// null);
+//
+// STSClient client = new STSClient(configContext);
+//
+// client.setAction(this.getRequestAction());
+//
+// client.setRstTemplate(this.getRSTTemplate());
+// client.setVersion(this.getTrstVersion());
+//
+// Token tok =
+// client.requestSecurityToken(this.getServicePolicy(),
+// "http://127.0.0.1:" + port + "/axis2/services/SecureService",
+// this.getSTSPolicy(),
+// "http://localhost:5555/axis2/services/SecureService");
+//
+// assertNotNull("Response token missing", tok);
+//
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+//
+// }
+
+ public abstract int getTrstVersion();
+
+ public abstract Policy getServicePolicy() throws Exception;
+
+ public abstract Policy getSTSPolicy() throws Exception;
+
+ public abstract OMElement getRSTTemplate() throws TrustException;
+
+ protected Policy getPolicy(String filePath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(filePath);
+ OMElement elem = builder.getDocumentElement();
+ return PolicyEngine.getPolicy(elem);
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/main/java/org/apache/rampart/PWCallback.java b/1_5/modules/rampart-integration/src/main/java/org/apache/rampart/PWCallback.java
new file mode 100644
index 0000000..7b82942
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/java/org/apache/rampart/PWCallback.java
@@ -0,0 +1,193 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCallback implements CallbackHandler {
+
+
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if(pc.getIdentifer().equals("joe") && pc.getPassword().equals("eoj")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ if(pc.getIdentifer().equals("alice") && pc.getPassword().equals("password")) {
+ return;
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else if(pc.getIdentifer().equals("joe")) {
+
+ pc.setPassword("eoj");
+
+ } else if(pc.getIdentifer().equals("ip")) {
+
+ pc.setPassword("password");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
\ No newline at end of file
diff --git a/1_5/modules/rampart-integration/src/main/java/org/apache/rampart/RampartConfigUpdater.java b/1_5/modules/rampart-integration/src/main/java/org/apache/rampart/RampartConfigUpdater.java
new file mode 100644
index 0000000..dcc8819
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/java/org/apache/rampart/RampartConfigUpdater.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.rampart.policy.model.RampartConfig;
+
+public class RampartConfigUpdater implements RampartConfigCallbackHandler{
+
+ public void update(RampartConfig rampartConfig) {
+ rampartConfig.setUser("alice");
+
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/main/java/org/apache/rampart/Service.java b/1_5/modules/rampart-integration/src/main/java/org/apache/rampart/Service.java
new file mode 100644
index 0000000..3ae24fb
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/java/org/apache/rampart/Service.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+import org.apache.axiom.om.OMElement;
+
+public class Service {
+
+ public OMElement echo(OMElement elem) {
+ elem.build();
+ elem.detach();
+ return elem;
+ }
+
+ /**
+ * New service method for testing negative scenario where service throws an exception
+ * @param element
+ * @return
+ * @throws Exception
+ */
+ public OMElement returnError(OMElement element) throws Exception {
+ throw new Exception("Testing negative scenarios with Apache Rampart. Intentional Exception");
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/main/resources/ping/ping.wsdl b/1_5/modules/rampart-integration/src/main/resources/ping/ping.wsdl
new file mode 100644
index 0000000..788518d
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/resources/ping/ping.wsdl
@@ -0,0 +1,68 @@
+<definitions xmlns:s1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:s="http://www.w3.org/2001/XMLSchema"
+ xmlns:tns="http://xmlsoap.org/Ping"
+ xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
+ xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/"
+ xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
+ targetNamespace="http://xmlsoap.org/Ping"
+ xmlns="http://schemas.xmlsoap.org/wsdl/">
+ <types>
+ <s:schema elementFormDefault="qualified" targetNamespace="http://xmlsoap.org/Ping">
+ <s:import namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/>
+ <s:element name="Ping" nillable="true" type="tns:ping"/>
+ <s:complexType name="ping">
+ <s:sequence>
+ <s:element minOccurs="0" maxOccurs="1" name="ticket" type="tns:ticketType"/>
+ <s:element minOccurs="1" maxOccurs="1" name="text" nillable="true" type="s:string"/>
+ </s:sequence>
+ </s:complexType>
+ <s:complexType name="ticketType">
+ <s:simpleContent>
+ <s:extension base="s:string">
+ <s:attribute ref="s1:Id"/>
+ </s:extension>
+ </s:simpleContent>
+ </s:complexType>
+ <s:element name="PingResponse" nillable="true" type="tns:pingResponse"/>
+ <s:complexType name="pingResponse">
+ <s:sequence>
+ <s:element minOccurs="1" maxOccurs="1" name="text" nillable="true" type="s:string"/>
+ </s:sequence>
+ </s:complexType>
+ </s:schema>
+ <s:schema elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+ <s:attribute name="Id" type="s:string"/>
+ </s:schema>
+ </types>
+ <message name="PingRequest">
+ <part name="ping" element="tns:Ping"/>
+ </message>
+ <message name="PingResponse">
+ <part name="pingResponse" element="tns:PingResponse"/>
+ </message>
+ <portType name="PingPort">
+ <operation name="Ping" >
+ <input message="tns:PingRequest"/>
+ <output message="tns:PingResponse"/>
+ </operation>
+ </portType>
+ <binding name="PingBinding" type="tns:PingPort">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="Ping">
+ <soap:operation soapAction="urn:Ping" style="document"/>
+ <input>
+ <soap:body use="literal"/>
+ </input>
+ <output>
+ <soap:body use="literal"/>
+ </output>
+ </operation>
+ </binding>
+ <service name="PingPort">
+ <port name="Ping1" binding="tns:PingBinding">
+ <soap:address location="http://localhost:9080/pingservice/Ping1"/>
+ </port>
+ </service>
+</definitions>
diff --git a/1_5/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java b/1_5/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java
new file mode 100644
index 0000000..87762dc
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java
@@ -0,0 +1,74 @@
+/*
+* Copyright 2004,2005 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package org.apache.axis2.oasis.ping;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.xmlsoap.ping.PingDocument;
+import org.xmlsoap.ping.PingResponse;
+import org.xmlsoap.ping.PingResponseDocument;
+
+import java.util.Vector;
+
+/**
+ * Auto generated java skeleton for the service by the Axis code generator
+ */
+public class PingPortSkeleton{
+ /**
+ * Auto generated method signature
+ *
+ * @param param0
+ */
+ public PingResponseDocument ping
+ (PingDocument param0) {
+ Vector results = null;
+ MessageContext msgCtx = MessageContext.getCurrentMessageContext();
+ if ((results =
+ (Vector) msgCtx.getProperty(WSHandlerConstants.RECV_RESULTS))
+ == null) {
+ System.out.println("No security results!!");
+ throw new RuntimeException("No security results!!");
+ } else {
+ System.out.println("Number of results: " + results.size());
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ if (wser.getAction() != WSConstants.ENCR && wser.getPrincipal() != null) {
+ System.out.println(wser.getPrincipal().getName());
+ }
+ }
+ }
+ PingResponseDocument response = PingResponseDocument.Factory.newInstance();
+ PingResponse pingRes = response.addNewPingResponse();
+ pingRes.setText("Response: " + param0.getPing().getText());
+ return response;
+ }
+ }
+
+}
+
\ No newline at end of file
diff --git a/1_5/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java b/1_5/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java
new file mode 100644
index 0000000..35c8b17
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java
@@ -0,0 +1,180 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axis2.Constants;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.oasis.ping.PingPortStub;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.xmlsoap.ping.Ping;
+import org.xmlsoap.ping.PingDocument;
+import org.xmlsoap.ping.PingResponse;
+import org.xmlsoap.ping.PingResponseDocument;
+import org.xmlsoap.ping.TicketType;
+
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+/**
+ * Client for the interop service This MUST be used with the codegen'ed classes
+ */
+public class InteropScenarioClient {
+
+ String soapNsURI = SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+
+ public InteropScenarioClient(boolean useSOAP12InStaticConfigTest) {
+ if (useSOAP12InStaticConfigTest) {
+ soapNsURI = SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+ }
+ }
+
+ public void invokeWithStaticConfig(String clientRepo, String url)
+ throws Exception {
+ TicketType ticket = TicketType.Factory.newInstance();
+ ticket.setId("My ticket Id");
+
+ Ping ping = Ping.Factory.newInstance();
+ ping.setText("Testing rampart");
+ ping.setTicket(ticket);
+
+ PingDocument pingDoc = PingDocument.Factory.newInstance();
+ pingDoc.setPing(ping);
+
+ ConfigurationContext configCtx = ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(clientRepo,
+ clientRepo + "/conf/axis2.xml");
+ PingPortStub stub = new PingPortStub(configCtx, url);
+
+ // Enable MTOM to those scenarios where they are configured using:
+ // <optimizeParts>xpathExpression</optimizeParts>
+ stub._getServiceClient().getOptions().setProperty(
+ Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
+ stub._getServiceClient().getOptions().setSoapVersionURI(soapNsURI);
+ stub._getServiceClient().engageModule(
+ new javax.xml.namespace.QName("rampart"));
+
+
+ PingResponseDocument pingResDoc = stub.ping(pingDoc);
+
+ PingResponse pingRes = pingResDoc.getPingResponse();
+
+ System.out.println(pingRes.getText());
+ }
+
+ public void invokeWithGivenConfig(String clientRepo, String url,
+ OutflowConfiguration outflowConfig, InflowConfiguration inflowConfig)
+ throws Exception {
+ TicketType ticket = TicketType.Factory.newInstance();
+ ticket.setId("My ticket Id");
+
+ Ping ping = Ping.Factory.newInstance();
+ ping.setText("Testing rampart");
+ ping.setTicket(ticket);
+
+ PingDocument pingDoc = PingDocument.Factory.newInstance();
+ pingDoc.setPing(ping);
+
+ PingPortStub stub = new PingPortStub(ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(clientRepo,
+ clientRepo + "/conf/axis2.xml"), url);
+
+ // Enable MTOM to those scenarios where they are configured using:
+ // <optimizeParts>xpathExpression</optimizeParts>
+ stub._getServiceClient().getOptions().setProperty(
+ Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
+ // Engage the security module
+ stub._getServiceClient().engageModule(
+ new javax.xml.namespace.QName("rampart"));
+
+ if (outflowConfig != null) {
+ stub._getServiceClient().getServiceContext().setProperty(
+ WSSHandlerConstants.OUTFLOW_SECURITY,
+ outflowConfig.getProperty());
+ }
+ if (inflowConfig != null) {
+ stub._getServiceClient().getServiceContext().setProperty(
+ WSSHandlerConstants.INFLOW_SECURITY,
+ inflowConfig.getProperty());
+ }
+ PingResponseDocument pingResDoc = stub.ping(pingDoc);
+
+ PingResponse pingRes = pingResDoc.getPingResponse();
+
+ System.out.println(pingRes.getText());
+ stub = null;
+ }
+
+ public void invokeWithGivenConfigWithProRefs(String clientRepo, String url,
+ OutflowConfiguration outflowConfig, InflowConfiguration inflowConfig,
+ Hashtable propRefs)
+ throws Exception {
+ TicketType ticket = TicketType.Factory.newInstance();
+ ticket.setId("My ticket Id");
+
+ Ping ping = Ping.Factory.newInstance();
+ ping.setText("Testing rampart");
+ ping.setTicket(ticket);
+
+ PingDocument pingDoc = PingDocument.Factory.newInstance();
+ pingDoc.setPing(ping);
+
+ PingPortStub stub = new PingPortStub(ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(clientRepo,
+ clientRepo + "/conf/axis2.xml"), url);
+
+ // Enable MTOM to those scenarios where they are configured using:
+ // <optimizeParts>xpathExpression</optimizeParts>
+ stub._getServiceClient().getOptions().setProperty(
+ Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
+ // Engage the security module
+ stub._getServiceClient().engageModule(
+ new javax.xml.namespace.QName("rampart"));
+
+ if (outflowConfig != null) {
+ stub._getServiceClient().getServiceContext().setProperty(
+ WSSHandlerConstants.OUTFLOW_SECURITY,
+ outflowConfig.getProperty());
+ }
+ if (inflowConfig != null) {
+ stub._getServiceClient().getServiceContext().setProperty(
+ WSSHandlerConstants.INFLOW_SECURITY,
+ inflowConfig.getProperty());
+ }
+
+ if(propRefs != null) {
+ Enumeration keysEnum = propRefs.keys();
+ while (keysEnum.hasMoreElements()) {
+ String refKey = (String) keysEnum.nextElement();
+
+ stub._getServiceClient().getServiceContext().setProperty(refKey,
+ propRefs.get(refKey));
+ }
+ }
+
+ PingResponseDocument pingResDoc = stub.ping(pingDoc);
+
+ PingResponse pingRes = pingResDoc.getPingResponse();
+
+ System.out.println(pingRes.getText());
+ stub = null;
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java b/1_5/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java
new file mode 100644
index 0000000..df9d4de
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+
+
+/**
+
+ * Class PWCallback
+
+ */
+
+public class PWCallback implements CallbackHandler {
+
+
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
+
+
diff --git a/1_5/modules/rampart-integration/src/test/java/commons-logging.properties b/1_5/modules/rampart-integration/src/test/java/commons-logging.properties
new file mode 100755
index 0000000..1e570d6
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/commons-logging.properties
@@ -0,0 +1,30 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# This is the logging properties that goes to the war, there are two logging conf kept at the
+# svn, one for developement (one at src/test-resources) and other for producation
+
+# Uncomment the next line to disable all logging.
+#org.apache.commons.logging.Log=org.apache.commons.logging.impl.NoOpLog
+
+# Uncomment the next line to enable the simple log based logging
+#org.apache.commons.logging.Log=org.apache.commons.logging.impl.SimpleLog
+
+# Uncomment the next line to enable log4j based logging
+org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/AddressingMTOMSecurityTest.java b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/AddressingMTOMSecurityTest.java
new file mode 100644
index 0000000..a5690e6
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/AddressingMTOMSecurityTest.java
@@ -0,0 +1,125 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.axis2.Constants;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+
+public class AddressingMTOMSecurityTest extends InteropTestBase {
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Timestamp Signature Encrypt");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureParts("{Element}{" + ADDR_NS + "}To;" +
+ "{Element}{" + ADDR_NS + "}MessageID;" +
+ "{Element}{" + WSU_NS + "}Timestamp");
+ ofc.setOptimizeParts(
+ "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp Signature Encrypt");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return COMPLETE_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return COMPLETE_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Timestamp Signature Encrypt");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureParts("{Element}{" + ADDR_NS + "}To;" +
+ "{Element}{" + ADDR_NS + "}MessageID;" +
+ "{Element}{" + WSU_NS + "}Timestamp");
+ ofc.setOptimizeParts(
+ "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp Signature Encrypt");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/InteropTestBase.java b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/InteropTestBase.java
new file mode 100644
index 0000000..407a71e
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/InteropTestBase.java
@@ -0,0 +1,239 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.integration.UtilServer;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
+import java.util.Hashtable;
+
+import junit.framework.TestCase;
+
+public abstract class InteropTestBase extends TestCase {
+
+ protected static final String SCENARIO1_SERVICE_REPOSITORY =
+ "scenario1_service_repo";
+
+ protected static final String SCENARIO1_CLIENT_REPOSITORY =
+ "scenario1_client_repo";
+
+ protected static final String SCENARIO2_SERVICE_REPOSITORY =
+ "scenario2_service_repo";
+
+ protected static final String SCENARIO2_CLIENT_REPOSITORY =
+ "scenario2_client_repo";
+
+ protected static final String SCENARIO2a_SERVICE_REPOSITORY =
+ "scenario2a_service_repo";
+
+ protected static final String SCENARIO2a_CLIENT_REPOSITORY =
+ "scenario2a_client_repo";
+
+ protected static final String SCENARIO3_SERVICE_REPOSITORY =
+ "scenario3_service_repo";
+
+ protected static final String SCENARIO3_CLIENT_REPOSITORY =
+ "scenario3_client_repo";
+
+ protected static final String SCENARIO4_SERVICE_REPOSITORY =
+ "scenario4_service_repo";
+
+ protected static final String SCENARIO4_CLIENT_REPOSITORY =
+ "scenario4_client_repo";
+
+ protected static final String SCENARIO5_SERVICE_REPOSITORY =
+ "scenario5_service_repo";
+
+ protected static final String SCENARIO5_CLIENT_REPOSITORY =
+ "scenario5_client_repo";
+
+ protected static final String SCENARIO6_SERVICE_REPOSITORY =
+ "scenario6_service_repo";
+
+ protected static final String SCENARIO6_CLIENT_REPOSITORY =
+ "scenario6_client_repo";
+
+ protected static final String SCENARIO7_SERVICE_REPOSITORY =
+ "scenario7_service_repo";
+
+ protected static final String SCENARIO7_CLIENT_REPOSITORY =
+ "scenario7_client_repo";
+
+ protected static final String SCENARIO_ST1_SERVICE_REPOSITORY =
+ "scenarioST1_service_repo";
+
+ protected static final String SCENARIO_ST1_CLIENT_REPOSITORY =
+ "scenarioST1_client_repo";
+
+ protected static final String SCENARIO_ST3_SERVICE_REPOSITORY =
+ "scenarioST3_service_repo";
+
+ protected static final String SCENARIO_ST3_CLIENT_REPOSITORY =
+ "scenarioST3_client_repo";
+
+ protected static final String SCENARIO_ST4_SERVICE_REPOSITORY =
+ "scenarioST4_service_repo";
+
+ protected static final String SCENARIO_ST4_CLIENT_REPOSITORY =
+ "scenarioST4_client_repo";
+
+ protected static final String MTOM_SEC_SERVICE_REPOSITORY =
+ "mtom_sec_service_repo";
+
+ protected static final String MTOM_SEC_CLIENT_REPOSITORY =
+ "mtom_sec_client_repo";
+
+ protected static final String COMPLETE_SERVICE_REPOSITORY =
+ "complete_service_repo";
+
+ protected static final String COMPLETE_CLIENT_REPOSITORY =
+ "complete_client_repo";
+
+ protected static final String DEFAULT_CLIENT_REPOSITORY =
+ "default_security_client_repo";
+
+ protected static final String WSSE_NS = WSConstants.WSSE_NS;
+
+ protected static final String WSU_NS = WSConstants.WSU_NS;
+
+ protected static final String ADDR_NS =
+ AddressingConstants.Final.WSA_NAMESPACE;
+
+ private String targetEpr = "http://127.0.0.1:" +
+// 5556 +
+ UtilServer.TESTING_PORT +
+ "/axis2/services/PingPort";
+
+ public InteropTestBase() {
+ super();
+ }
+
+ public InteropTestBase(String arg0) {
+ super(arg0);
+ }
+
+ public void setUp() throws Exception {
+ UtilServer.start(Constants.TESTING_PATH + getServiceRepo());
+ }
+
+ public void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+ /**
+ * Do test
+ */
+ public void testInteropWithConfigFiles() {
+ try {
+
+ Class interopScenarioClientClass = Class
+ .forName("org.apache.axis2.security.InteropScenarioClient");
+
+ Constructor c = interopScenarioClientClass
+ .getConstructor(new Class[]{boolean.class});
+ Object clientObj = c.newInstance(new Object[]{this
+ .isUseSOAP12InStaticConfigTest() ? Boolean.TRUE
+ : Boolean.FALSE});
+ Method m = interopScenarioClientClass.getMethod(
+ "invokeWithStaticConfig", new Class[]{String.class,
+ String.class});
+ m.invoke(clientObj, new Object[]{
+ Constants.TESTING_PATH + getClientRepo(), targetEpr});
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail("Error in introperating with " + targetEpr
+ + ", client configuration: " + getClientRepo());
+ }
+ }
+
+ public void testInteropWithDynamicConfig() {
+ try {
+ Class interopScenarioClientClass = Class
+ .forName("org.apache.axis2.security.InteropScenarioClient");
+ Constructor c = interopScenarioClientClass
+ .getConstructor(new Class[]{boolean.class});
+ Object clientObj = c.newInstance(new Object[]{this
+ .isUseSOAP12InStaticConfigTest() ? Boolean.TRUE
+ : Boolean.FALSE});
+ Method m = interopScenarioClientClass.getMethod(
+ "invokeWithGivenConfig", new Class[]{String.class,
+ String.class, OutflowConfiguration.class,
+ InflowConfiguration.class});
+ m.invoke(clientObj, new Object[]{
+ Constants.TESTING_PATH + DEFAULT_CLIENT_REPOSITORY,
+ targetEpr, getOutflowConfiguration(),
+ getInflowConfiguration()});
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail("Error in introperating with " + targetEpr
+ + ", client configuration: " + getClientRepo());
+ }
+
+ }
+
+ public void testInteropWithDynamicConfigWithProfRefs() {
+ if(getPropertyRefs() != null) {
+ try {
+
+ Class interopScenarioClientClass = Class
+ .forName("org.apache.axis2.security.InteropScenarioClient");
+ Constructor c = interopScenarioClientClass
+ .getConstructor(new Class[]{boolean.class});
+ Object clientObj = c.newInstance(new Object[]{this
+ .isUseSOAP12InStaticConfigTest() ? Boolean.TRUE
+ : Boolean.FALSE});
+ Method m = interopScenarioClientClass.getMethod(
+ "invokeWithGivenConfigWithProRefs", new Class[]{
+ String.class,
+ String.class, OutflowConfiguration.class,
+ InflowConfiguration.class, Hashtable.class});
+ m.invoke(clientObj, new Object[]{
+ Constants.TESTING_PATH + DEFAULT_CLIENT_REPOSITORY,
+ targetEpr, getOutflowConfigurationWithRefs(),
+ getInflowConfigurationWithRefs(),
+ getPropertyRefs()});
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail("Error in introperating with " + targetEpr
+ + ", client configuration: " + getClientRepo());
+ }
+ }
+ }
+
+ protected abstract OutflowConfiguration getOutflowConfiguration();
+
+ protected abstract InflowConfiguration getInflowConfiguration();
+
+ protected abstract OutflowConfiguration getOutflowConfigurationWithRefs();
+
+ protected abstract InflowConfiguration getInflowConfigurationWithRefs();
+
+ protected abstract Hashtable getPropertyRefs();
+
+ protected abstract String getClientRepo();
+
+ protected abstract String getServiceRepo();
+
+ protected abstract boolean isUseSOAP12InStaticConfigTest();
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/MTOMOptimizedSecurityTest.java b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/MTOMOptimizedSecurityTest.java
new file mode 100644
index 0000000..e96599e
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/MTOMOptimizedSecurityTest.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+
+/**
+ * Testing optimizing the base 64 elements with
+ * <code><parameter name="optimizeParts" locked="false">//xenc:Encrypted
+ * Data/xenc:CipherData/xenc:CipherValue</parameter></code>
+ */
+public class MTOMOptimizedSecurityTest extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setOptimizeParts("//xenc:EncryptedData/xenc:CipherData/" +
+ "xenc:CipherValue");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return MTOM_SEC_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return MTOM_SEC_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setOptimizeParts("//xenc:EncryptedData/xenc:CipherData/" +
+ "xenc:CipherValue");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario1Test.java b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario1Test.java
new file mode 100644
index 0000000..505b507
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario1Test.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import java.util.Hashtable;
+
+
+/**
+ * WS-Security interop scenario 1
+ */
+public class Scenario1Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+ ofc.setActionItems("UsernameToken");
+ ofc.setUser("Chris");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setPasswordType("PasswordText");
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ return null;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO1_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO1_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ return null;
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2Test.java b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2Test.java
new file mode 100644
index 0000000..2e626b7
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2Test.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security inteorp scenario 2
+ */
+public class Scenario2Test extends InteropTestBase {
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Encrypt");
+ ofc.setUser("Chris");
+ ofc.setAddUTElements("Nonce Created");
+ ofc.setEncryptionParts("{Element}{" + WSSE_NS + "}UsernameToken");
+ ofc.setEncryptionUser("bob");
+ ofc.setEncryptionPropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setPasswordType(WSConstants.PW_TEXT);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ return null;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO2_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO2_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.security.InteropTestBase#getOutflowConfigurationWithRefs()
+ */
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Encrypt");
+ ofc.setUser("Chris");
+ ofc.setAddUTElements("Nonce Created");
+ ofc.setEncryptionParts("{Element}{" + WSSE_NS + "}UsernameToken");
+ ofc.setEncryptionUser("bob");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setPasswordType(WSConstants.PW_TEXT);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+
+ ofc.setEncryptionPropRefId("key1");
+
+ return ofc;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.security.InteropTestBase#getInflowConfigurationWithRefs()
+ */
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+
+ return table;
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2aTest.java b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2aTest.java
new file mode 100644
index 0000000..2cbf860
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2aTest.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+
+/**
+ * WS-Security interop scenario 2a
+ */
+public class Scenario2aTest extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameTokenSignature Encrypt Timestamp");
+ ofc.setUser("Chris");
+ ofc.setEncryptionParts("{Element}{" + WSSE_NS + "}UsernameToken");
+ ofc.setEncryptionUser("bob");
+ ofc.setEncryptionPropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ return null;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO2a_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO2a_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameTokenSignature Encrypt Timestamp");
+ ofc.setUser("Chris");
+ ofc.setEncryptionParts("{Element}{" + WSSE_NS + "}UsernameToken");
+ ofc.setEncryptionUser("bob");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+
+ ofc.setEncryptionPropRefId("key1");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected Hashtable getPropertyRefs() {
+
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+
+ return table;
+
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario3Test.java b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario3Test.java
new file mode 100644
index 0000000..679cdce
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario3Test.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 3
+ */
+public class Scenario3Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEnableSignatureConfirmation(false);
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+ ifc.setEnableSignatureConfirmation(false);
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO3_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO3_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEnableSignatureConfirmation(false);
+
+ ofc.setSignaturePropRefId("key1");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setEnableSignatureConfirmation(false);
+
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+
+
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java
new file mode 100644
index 0000000..99c2d0e
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 4
+ */
+public class Scenario4Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.EMBEDDED_KEYNAME);
+ ofc.setEmbeddedKeyName("SessionKey");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEmbeddedKeyCallbackClass("org.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO4_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO4_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.EMBEDDED_KEYNAME);
+ ofc.setEmbeddedKeyName("SessionKey");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEmbeddedKeyCallbackClass("org.apache.axis2.security.PWCallback");
+
+ ofc.setSignaturePropRefId("key1");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java
new file mode 100644
index 0000000..d9ee697
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 5
+ */
+public class Scenario5Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration(2);
+
+ ofc.setActionItems("Signature NoSerialization");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setSignatureParts("{}{http://xmlsoap.org/Ping}ticket");
+
+ ofc.nextAction();
+
+ ofc.setActionItems("Signature Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ return null;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO5_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO5_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration(2);
+
+ ofc.setActionItems("Signature NoSerialization");
+ ofc.setUser("alice");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setSignatureParts("{}{http://xmlsoap.org/Ping}ticket");
+
+ ofc.nextAction();
+
+ ofc.setActionItems("Signature Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropRefId("key2");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+
+ //IMPORTANT: Note that the key of the first repetition has "1" appended to it
+ table.put("key21", prop2);
+
+ return table;
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario6Test.java b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario6Test.java
new file mode 100644
index 0000000..3a5033d
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario6Test.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 6
+ */
+public class Scenario6Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Encrypt Signature Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEmbeddedKeyCallbackClass("rg.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Encrypt Signature Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO6_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO6_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Encrypt Signature Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEmbeddedKeyCallbackClass("rg.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Encrypt Signature Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario7Test.java b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario7Test.java
new file mode 100644
index 0000000..af3e63f
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario7Test.java
@@ -0,0 +1,141 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 7
+ */
+public class Scenario7Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setEncryptionPropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEmbeddedKeyCallbackClass("rg.apache.axis2.security.PWCallback");
+ ofc.setSignatureParts("{}{" +
+ SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI +
+ "}Body;STRTransform");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+ ifc.setDecryptionPropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO7_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO7_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return false;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setEncryptionPropRefId("key2");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEmbeddedKeyCallbackClass("rg.apache.axis2.security.PWCallback");
+ ofc.setSignatureParts("{}{" +
+ SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI +
+ "}Body;STRTransform");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropRefId("key3");
+ ifc.setDecryptionPropRefKey("key4");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop3 = new Properties();
+ prop3.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop3.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop3.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop3.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop4 = new Properties();
+ prop4.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop4.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop4.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop4.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+ table.put("key3", prop3);
+ table.put("key4", prop4);
+
+ return table;
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java
new file mode 100644
index 0000000..a6478e2
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java
@@ -0,0 +1,131 @@
+package org.apache.rahas;
+
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.neethi.Policy;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+public class RahasSAML2TokenCertForHoKTest extends TestClient{
+ public RahasSAML2TokenCertForHoKTest(String name) {
+ super(name);
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("ip");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem =
+ TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02,
+ rstElem,
+ RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem =
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02,
+ rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_20);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_PUBLIC_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void validateRsponse(OMElement resp) {
+ System.out.println("Running SAML2 Test with Public Key as the KeyType in RST.");
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName("urn:oasis:names:tc:SAML:2.0:assertion", "Assertion"));
+ assertNotNull("Missing SAML2 Assertion", elem);
+ }
+
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java
new file mode 100644
index 0000000..8bd0334
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.neethi.Policy;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+public class RahasSAML2TokenTest extends TestClient{
+ /**
+ * @param name
+ */
+ public RahasSAML2TokenTest(String name) {
+ super(name);
+ }
+
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_20);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void validateRsponse(OMElement resp) {
+ System.out.println(" Running SAML2 Test with Symmetric Key As the KeyType in RST. ");
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName("urn:oasis:names:tc:SAML:2.0:assertion", "Assertion"));
+ assertNotNull("Missing SAML2 Assertion", elem);
+ }
+
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_20);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java
new file mode 100644
index 0000000..6e87267
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java
@@ -0,0 +1,104 @@
+package org.apache.rahas;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.opensaml.XML;
+
+public class RahasSAMLTokenAttributeTest extends TestClient{
+
+ public RahasSAMLTokenAttributeTest(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_5";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_BEARER);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java
new file mode 100644
index 0000000..5fed698
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.rahas.PWCallback;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+
+public class RahasSAMLTokenCertForHoKTest extends TestClient {
+
+ public RahasSAMLTokenCertForHoKTest(String name) {
+ super(name);
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("ip");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem =
+ TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02,
+ rstElem,
+ RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem =
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02,
+ rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem,
+// "http://207.200.37.116/Ping/Scenario4", this.getWSANamespace());
+"http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_PUBLIC_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+
+
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java
new file mode 100644
index 0000000..d5b2596
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.xml.security.encryption.XMLCipher;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class RahasSAMLTokenCertForHoKV1205Test extends TestClient {
+
+
+ public RahasSAMLTokenCertForHoKV1205Test(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem =
+ TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_12);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_12,
+ rstElem,
+ RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem =
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12,
+ rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem,
+// "http://207.200.37.116/Ping/Scenario4", this.getWSANamespace());
+"http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
+ rstElem, RahasConstants.KEY_TYPE_PUBLIC_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
+
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+// ofc.setActionItems("Timestamp Signature Encrypt");
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("ip");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEncryptionKeyTransportAlgorithm(XMLCipher.RSA_OAEP);
+// ofc.setEncryptionSymAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ ofc.setEnableSignatureConfirmation(false);
+// ofc.setSignatureParts("{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;" +
+// "{Element}{" + RahasConstants.WSA_NS + "}To;" +
+// "{Element}{" + RahasConstants.WSA_NS + "}ReplyTo;" +
+// "{Element}{" + RahasConstants.WSA_NS + "}MessageID;" +
+// "{Element}{" + RahasConstants.WSA_NS + "}Action;" +
+// "{Element}{" + WSConstants.WSU_NS + "}Timestamp");
+
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ifc.setEnableSignatureConfirmation(false);
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rstr =
+ resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE));
+ assertNotNull("RequestedSecurityToken missing", rstr);
+ OMElement rst =
+ rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem =
+ factory.createOMElement(SP12Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, elem).
+ setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12, elem,
+ RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_12;
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java
new file mode 100644
index 0000000..9d20d41
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.rahas.PWCallback;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class RahasSAMLTokenTest extends TestClient {
+
+
+ /**
+ * @param name
+ */
+ public RahasSAMLTokenTest(String name) {
+ super(name);
+ }
+
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
new file mode 100644
index 0000000..e9b9bcc
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+/**
+ *
+ * @author Ruchith Fernando (ruchith.fernando@gmail.com)
+ */
+public class RahasSAMLTokenUTForBearerTest extends TestClient {
+
+ public RahasSAMLTokenUTForBearerTest(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_BEARER);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_3";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_BEARER);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java
new file mode 100644
index 0000000..68aa800
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class RahasSAMLTokenUTForBearerV1205Test extends TestClient {
+
+ /**
+ * @param name
+ */
+ public RahasSAMLTokenUTForBearerV1205Test(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_12);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_12, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
+ rstElem, RahasConstants.KEY_TYPE_BEARER);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_3";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rstr = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE));
+ assertNotNull("RequestedSecurityToken missing", rstr);
+ OMElement rst = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(SP12Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12, elem, RahasConstants.KEY_TYPE_BEARER);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_12;
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java
new file mode 100644
index 0000000..e3fa9cc
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class RahasSAMLTokenUTForHoKTest extends TestClient {
+
+ public RahasSAMLTokenUTForHoKTest(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_3";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
new file mode 100644
index 0000000..5decbeb
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
@@ -0,0 +1,254 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.util.Base64;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.opensaml.XML;
+
+public class RahasSAMLTokenUTForHoKV1205Test extends TestClient {
+
+ byte[] clientEntr;
+
+ /**
+ * @param name
+ */
+ public RahasSAMLTokenUTForHoKV1205Test(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_12);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_12, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem,
+// "https://207.200.37.116/Ping/Scenario1", this.getWSANamespace());
+ "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
+
+ byte[] nonce = WSSecurityUtil.generateNonce(16);
+ clientEntr = nonce;
+ OMElement entrElem = TrustUtil.createEntropyElement(RahasConstants.VERSION_05_12, rstElem);
+ TrustUtil.createBinarySecretElement(RahasConstants.VERSION_05_12, entrElem, RahasConstants.BIN_SEC_TYPE_NONCE).setText(Base64.encode(nonce));
+ TrustUtil.createComputedKeyAlgorithm(RahasConstants.VERSION_05_12,rstElem, RahasConstants.COMPUTED_KEY_PSHA1);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordType(WSConstants.PW_TEXT);
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_3";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_12, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rstr = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE));
+ assertNotNull("RequestedSecurityTokenResponse missing", rstr);
+ OMElement rst = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+
+ //Uncomment for inteorp - START
+// String respEntrB64 = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12, RahasConstants.ENTROPY_LN)).getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12, RahasConstants.BINARY_SECRET_LN)).getText().trim();
+//
+//
+//
+// OMElement attrStmtElem = elem.getFirstChildWithName(new QName(XML.SAML_NS, "AttributeStatement"));
+// OMElement kiElem = attrStmtElem.getFirstChildWithName(new QName(XML.SAML_NS,"Subject")).getFirstChildWithName(new QName(XML.SAML_NS,"SubjectConfirmation")).getFirstChildWithName(new QName("http://www.w3.org/2000/09/xmldsig#", "KeyInfo"));
+// OMElement encrKey = kiElem.getFirstChildWithName(new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey"));
+//
+//
+// String cipherValue = encrKey.getFirstChildWithName(new QName("http://www.w3.org/2001/04/xmlenc#", "CipherData")).getFirstChildWithName(new QName("http://www.w3.org/2001/04/xmlenc#", "CipherValue")).getText();
+//
+// byte[] serviceEntr = Base64.decode(respEntrB64);
+
+// try {
+// this.requestService(elem, clientEntr, serviceEntr);
+// } catch (Exception e) {
+// e.printStackTrace();
+// }
+
+ //Uncomment for inteorp - END
+
+
+
+ }
+
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(SP12Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_12;
+ }
+
+// private void requestService(OMElement assertion, byte[] reqEnt, byte[] respEnt) throws Exception {
+//
+// StAXOMBuilder builder = new StAXOMBuilder(new OMDOMFactory(), assertion.getXMLStreamReader());
+// Element domAssertionElem = (Element)builder.getDocumentElement();
+//
+// DocumentBuilderFactoryImpl.setDOOMRequired(true);
+// Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+//
+// SOAPFactory fac = new SOAP11Factory((DocumentImpl)doc);
+// SOAPEnvelope envelope = fac.getDefaultEnvelope();
+// this.addPayload(envelope);
+//
+// WSSecHeader secHeader = new WSSecHeader();
+// secHeader.insertSecurityHeader(doc);
+//
+// WSSecTimestamp ts = new WSSecTimestamp();
+// ts.prepare(doc);
+// ts.prependToHeader(secHeader);
+//
+// WSSecDKSign sig = new WSSecDKSign();
+// sig.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+// P_SHA1 p_sha1 = new P_SHA1();
+// SecurityTokenReference ref = new SecurityTokenReference(doc);
+// ref.setSAMLKeyIdentifier(assertion.getAttributeValue(new QName("AssertionID")));
+//
+// System.out.println("\nRequest Entropy: " + Base64.encode(reqEnt));
+// System.out.println("Response Entropy: " + Base64.encode(respEnt));
+//
+// byte[] ephmeralKey = p_sha1.createKey(reqEnt, respEnt, 0, 32);
+//
+// System.out.println( ephmeralKey.length * 8 + " bit Key: " + Base64.encode(ephmeralKey));
+//
+// sig.setExternalKey(ephmeralKey, ref.getElement());
+//
+// WSEncryptionPart part = new WSEncryptionPart(WSConstants.TIMESTAMP_TOKEN_LN, WSConstants.WSU_NS, "Element");
+// Vector partsVector = new Vector();
+// partsVector.add(part);
+// sig.setParts(partsVector);
+//
+// sig.prepare(doc, secHeader);
+// sig.addReferencesToSign(partsVector, secHeader);
+// sig.computeSignature();
+//
+// Element importedAssertionElement = (Element) doc.importNode(domAssertionElem, true);
+// WSSecurityUtil.appendChildElement(doc, secHeader.getSecurityHeader(), importedAssertionElement);
+// sig.appendDKElementToHeader(secHeader);
+// sig.appendSigToHeader(secHeader);
+//
+//
+// System.out.println(envelope);
+//
+//
+// //Create a service client and send the request
+// AxisService service = new AxisService("ping");
+// AxisOperation op = new OutInAxisOperation(new QName("Ping"));
+// service.addChild(op);
+//
+// ServiceClient client = new ServiceClient(ConfigurationContextFactory.createConfigurationContextFromFileSystem(Constants.TESTING_PATH + "rahas_client_repo", null), service);
+//
+//
+// OperationClient opClient = client.createClient(new QName("Ping"));
+// MessageContext mc = new MessageContext();
+// mc.setEnvelope(envelope);
+//
+// client.engageModule(new QName("addressing"));
+// client.engageModule(new QName("rampart"));
+//
+// opClient.addMessageContext(mc);
+//// opClient.getOptions().setTo(new EndpointReference("https://131.107.72.15/PingService/OasisScenario1"));
+// opClient.getOptions().setTo(new EndpointReference("https://207.200.37.116/Ping/Scenario1"));
+//
+// opClient.getOptions().setAction("http://example.org/Ping");
+//// opClient.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, AddressingConstants.Submission.WSA_NAMESPACE);
+//
+// opClient.execute(true);
+// MessageContext response = opClient.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE);
+// System.out.println("------------------------------RESPONSE------------------------------\n" + response.getEnvelope());
+//
+// }
+//
+// private void addPayload(SOAPEnvelope env) {
+// //<Ping xmlns="http://example.org/Ping">Ping</Ping>
+// OMNamespace ns = env.getOMFactory().createOMNamespace("http://example.org/Ping", "");
+// OMElement elem = env.getOMFactory().createOMElement("Ping", ns);
+// elem.setText("Ping");
+//
+// env.getBody().addChild(elem);
+// }
+
+
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java
new file mode 100644
index 0000000..4c704d3
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rahas.PWCallback;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+/**
+ * RahasSAMLTokenTest with the WS-SX namespaces
+ */
+public class RahasSAMLTokenV1205Test extends TestClient {
+
+ /**
+ * @param name
+ */
+ public RahasSAMLTokenV1205Test(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_12);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_12, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rstr = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE));
+ assertNotNull("RequestedSecurityToken missing", rstr);
+ OMElement rst = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_12, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(SP12Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_12;
+ }
+
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java
new file mode 100644
index 0000000..afedce4
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java
@@ -0,0 +1,31 @@
+package org.apache.rahas;
+
+import java.util.Arrays;
+
+import org.apache.rahas.impl.util.SAMLAttributeCallback;
+import org.apache.rahas.impl.util.SAMLCallback;
+import org.apache.rahas.impl.util.SAMLCallbackHandler;
+import org.apache.rahas.impl.util.SAMLNameIdentifierCallback;
+import org.opensaml.SAMLAttribute;
+import org.opensaml.SAMLException;
+import org.opensaml.SAMLNameIdentifier;
+
+public class SAMLDataProvider implements SAMLCallbackHandler{
+
+ public void handle(SAMLCallback callback) throws SAMLException{
+
+ if(callback.getCallbackType() == SAMLCallback.ATTR_CALLBACK){
+ SAMLAttributeCallback cb = (SAMLAttributeCallback)callback;
+ SAMLAttribute attribute = new SAMLAttribute("Name",
+ "https://rahas.apache.org/saml/attrns", null, -1, Arrays
+ .asList(new String[] { "Custom/Rahas" }));
+ cb.addAttributes(attribute);
+ }else if(callback.getCallbackType() == SAMLCallback.NAME_IDENTIFIER_CALLBACK){
+ SAMLNameIdentifierCallback cb = (SAMLNameIdentifierCallback)callback;
+ SAMLNameIdentifier nameId = new SAMLNameIdentifier(
+ "David", null, SAMLNameIdentifier.FORMAT_EMAIL);
+ cb.setNameId(nameId);
+ }
+
+ }
+}
diff --git a/1_5/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java b/1_5/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
new file mode 100644
index 0000000..9771fe9
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
@@ -0,0 +1,230 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import junit.framework.TestCase;
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.context.ServiceContext;
+import org.apache.axis2.integration.UtilServer;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.commons.logging.LogFactory;
+import org.apache.commons.logging.Log;
+
+import java.net.URL;
+import java.net.URLClassLoader;
+
+
+public class RampartTest extends TestCase {
+ private Log log = LogFactory.getLog(RampartTest.class);
+
+ public final static int PORT = UtilServer.TESTING_PORT;
+
+ ServiceClient serviceClient;
+
+ public RampartTest(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ Class.forName("org.apache.commons.logging.impl.Log4JLogger");
+ URL foo = ((URLClassLoader)Thread.currentThread().getContextClassLoader()).findResource("commons-logging.properties");
+ System.out.println(foo.toString());
+ log.info("setting up");
+ String repo = Constants.TESTING_PATH + "rampart_service_repo";
+ UtilServer.start(repo, null);
+
+ repo = Constants.TESTING_PATH + "rampart_client_repo";
+ ConfigurationContext configContext = ConfigurationContextFactory.
+ createConfigurationContextFromFileSystem(repo, null);
+ serviceClient = new ServiceClient(configContext, null);
+ serviceClient.engageModule("addressing");
+ serviceClient.engageModule("rampart");
+ }
+
+
+ protected void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+
+ public void testWithPolicy() throws Exception {
+ //TODO : figure this out !!
+ boolean basic256Supported = true;
+
+ if (basic256Supported) {
+ System.out.println("\nWARNING: We are using key sizes from JCE " +
+ "Unlimited Strength Jurisdiction Policy !!!");
+ }
+
+ for (int i = 1; i <= 29; i++) { //<-The number of tests we have
+ if (!basic256Supported && (i == 3 || i == 4 || i == 5)) {
+ //Skip the Basic256 tests
+ continue;
+ }
+
+ if (i == 25) {
+ // Testcase - 25 is failing, for the moment skipping it.
+ continue;
+ }
+ Options options = new Options();
+
+ if (i == 13) {
+ continue; // Can't test Transport binding with Simple HTTP Server
+ //Username token created with user/pass from options
+ //options.setUserName("alice");
+ //options.setPassword("password");
+ }
+
+ System.out.println("Testing WS-Sec: custom scenario " + i);
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference("http://127.0.0.1:" +
+ PORT +
+ "/axis2/services/SecureService" + i));
+
+ ServiceContext context = serviceClient.getServiceContext();
+ context.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
+ loadPolicy("/rampart/policy/" + i + ".xml"));
+ serviceClient.setOptions(options);
+
+ // Invoking the serive in the TestCase-28 should fail. So handling it differently..
+ if (i == 28) {
+ try {
+ //Blocking invocation
+ serviceClient.sendReceive(getOMElement());
+ fail("Service Should throw an error..");
+
+ } catch (AxisFault axisFault) {
+ assertEquals("Expected encrypted part missing", axisFault.getMessage());
+ }
+ } else {
+ //Blocking invocation
+ serviceClient.sendReceive(getEchoElement());
+ }
+ }
+
+ System.out.println("--------------Testing negative scenarios----------------------------");
+
+ for (int i = 1; i <= 22; i++) {
+ if (!basic256Supported && (i == 3 || i == 4 || i == 5)) {
+ //Skip the Basic256 tests
+ continue;
+ }
+ Options options = new Options();
+
+ if (i == 13) {
+ continue;
+ }
+
+ System.out.println("Testing WS-Sec: negative scenario " + i);
+ options.setAction("urn:returnError");
+ options.setTo(new EndpointReference("http://127.0.0.1:" +
+ PORT +
+ "/axis2/services/SecureService" + i));
+
+ ServiceContext context = serviceClient.getServiceContext();
+ context.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
+ loadPolicy("/rampart/policy/" + i + ".xml"));
+ serviceClient.setOptions(options);
+
+ try {
+ //Blocking invocation
+ serviceClient.sendReceive(getOMElement());
+ fail("Service Should throw an error..");
+
+ } catch (AxisFault axisFault) {
+ assertEquals(
+ "Testing negative scenarios with Apache Rampart. Intentional Exception",
+ axisFault.getMessage());
+ }
+ }
+ }
+
+ public void testSecureConversation() throws Exception {
+ for (int i = 1; i <= 3; i++) { //<-The number of tests we have
+
+ if (i == 2 || i == 3) {
+ continue; // Can't test Transport binding scenarios with Simple HTTP Server
+ }
+
+ Options options = new Options();
+ System.out.println("Testing WS-SecConv: custom scenario " + i);
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(
+ "http://127.0.0.1:" + PORT + "/axis2/services/SecureServiceSC" + i));
+ serviceClient.getServiceContext().setProperty(RampartMessageData.KEY_RAMPART_POLICY,
+ loadPolicy("/rampart/policy/sc-" + i +
+ ".xml"));
+ serviceClient.setOptions(options);
+
+ //Blocking invocation
+ serviceClient.sendReceive(getEchoElement());
+ serviceClient.sendReceive(getEchoElement());
+
+ //Cancel the token
+ options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_TRUE);
+ serviceClient.sendReceive(getEchoElement());
+
+ options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_FALSE);
+ serviceClient.sendReceive(getEchoElement());
+
+ options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_TRUE);
+ serviceClient.sendReceive(getEchoElement());
+ }
+ }
+
+ private OMElement getEchoElement() {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMNamespace omNs = fac.createOMNamespace(
+ "http://example1.org/example1", "example1");
+ OMElement method = fac.createOMElement("echo", omNs);
+ OMElement value = fac.createOMElement("Text", omNs);
+ value.addChild(fac.createOMText(value, "Testing Rampart with WS-SecPolicy"));
+ method.addChild(value);
+
+ return method;
+ }
+
+ private OMElement getOMElement() {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMNamespace omNs = fac.createOMNamespace(
+ "http://example1.org/example1", "example1");
+ OMElement method = fac.createOMElement("returnError", omNs);
+ OMElement value = fac.createOMElement("Text", omNs);
+ value.addChild(fac.createOMText(value, "Testing Rampart with WS-SecPolicy"));
+ method.addChild(value);
+
+ return method;
+ }
+
+ private Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(RampartTest.class.getResourceAsStream(xmlPath));
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+
+}
diff --git a/1_5/modules/rampart-integration/src/test/resources/commons-logging.properties b/1_5/modules/rampart-integration/src/test/resources/commons-logging.properties
new file mode 100755
index 0000000..5f4f515
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/commons-logging.properties
@@ -0,0 +1,30 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# This is the logging properties that goes to the war, there are two logging conf kept at the
+# svn, one for developement (one at src/test-resources) and other for producation
+
+# Uncomment the next line to disable all logging.
+#org.apache.commons.logging.Log=org.apache.commons.logging.impl.NoOpLog
+
+# Uncomment the next line to enable the simple log based logging
+org.apache.commons.logging.Log=org.apache.commons.logging.impl.SimpleLog
+
+# Uncomment the next line to enable log4j based logging
+#org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger
diff --git a/1_5/modules/rampart-integration/src/test/resources/conf/axis2.xml b/1_5/modules/rampart-integration/src/test/resources/conf/axis2.xml
new file mode 100755
index 0000000..b6a2885
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/conf/axis2.xml
@@ -0,0 +1,280 @@
+<axisconfig name="AxisJava2.0">
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+ <parameter name="enableSwA" locked="false">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments" locked="false">true</parameter>
+ <parameter name="attachmentDIR" locked="false"></parameter>
+ <parameter name="sizeThreshold" locked="false">4000</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in seconds-->
+ <parameter name="ConfigContextTimeoutInterval" locked="false">30</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the expcetion-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distingiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+
+ <!--Set the flag to true if you want to enable transport level session mangment-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">false</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+ <!-- If you have a frontend host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl" locked="false">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL" locked="false">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Deafult Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovride this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills us (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname" locked="false">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer" locked="false">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout" locked="false">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay" locked="false">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize" locked="false">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize" locked="false">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime" locked="false">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit" locked="false">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory" locked="false">
+ <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory" locked="false">
+ <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default" locked="false">
+ <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have SMTP transport support-->
+ <!--<transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">-->
+ <!--<parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>-->
+ <!--<parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>-->
+ <!--<parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>-->
+ <!--<parameter name="transport.mail.pop3.port" locked="false">110</parameter>-->
+ <!--<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>-->
+ <!--</transportReceiver>-->
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncommet following paramter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <!-- <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/> -->
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <moduleConfig name="addressing">
+ <parameter name="includeOptionalHeaders" locked="false">true</parameter>
+ </moduleConfig>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+<phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/interop.properties b/1_5/modules/rampart-integration/src/test/resources/interop.properties
new file mode 100644
index 0000000..0d6de68
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/interop.properties
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=interop2.jks
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/interop2.jks b/1_5/modules/rampart-integration/src/test/resources/interop2.jks
new file mode 100644
index 0000000..a7d1a3f
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/interop2.jks
Binary files differ
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/issuer.properties b/1_5/modules/rampart-integration/src/test/resources/rahas/issuer.properties
new file mode 100755
index 0000000..40abfa2
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/issuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=rahas-sts.jks
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml
new file mode 100644
index 0000000..0366947
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml
@@ -0,0 +1,70 @@
+<wsp:Policy wsu:Id="4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml
new file mode 100644
index 0000000..451b415
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml
@@ -0,0 +1,70 @@
+<wsp:Policy wsu:Id="4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml
new file mode 100644
index 0000000..ff9595d
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml
@@ -0,0 +1,70 @@
+<wsp:Policy wsu:Id="4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml
new file mode 100644
index 0000000..275cbec
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml
@@ -0,0 +1,73 @@
+<wsp:Policy wsu:Id="5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/policy/store.jks b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/store.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/store.jks
Binary files differ
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml
new file mode 100644
index 0000000..7827334
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml
@@ -0,0 +1,66 @@
+<wsp:Policy wsu:Id="1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml
new file mode 100644
index 0000000..a539223
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml
@@ -0,0 +1,73 @@
+<wsp:Policy wsu:Id="3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml
new file mode 100644
index 0000000..357b1ec
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml
@@ -0,0 +1,63 @@
+<wsp:Policy wsu:Id="2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/rahas-sec.properties b/1_5/modules/rampart-integration/src/test/resources/rahas/rahas-sec.properties
new file mode 100755
index 0000000..9a97673
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/rahas-sec.properties
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=rahas/rahas-sts.jks
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/rahas-sts.jks b/1_5/modules/rampart-integration/src/test/resources/rahas/rahas-sts.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/rahas-sts.jks
Binary files differ
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/s1-services.xml b/1_5/modules/rampart-integration/src/test/resources/rahas/s1-services.xml
new file mode 100644
index 0000000..1bc8b06
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/s1-services.xml
@@ -0,0 +1,74 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rahas.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>Test_STS</issuerName>
+ <issuerKeyAlias>ip</issuerKeyAlias>
+ <issuerKeyPassword>password</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ <trusted-services>
+ <service alias="bob">http://localhost:5555/axis2/services/SecureService</service>
+ <service alias="bob1">http://localhost:5555/axis2/services/SecureService1</service>
+ <service alias="bob2">http://localhost:5555/axis2/services/SecureService2</service>
+ <service alias="bob3">http://localhost:5555/axis2/services/SecureService3</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <signaturePropFile>issuer.properties</signaturePropFile>
+ <decryptionPropFile>issuer.properties</decryptionPropFile>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>ip</user>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signaturePropFile xmlns="">issuer.properties</signaturePropFile>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/s3-services.xml b/1_5/modules/rampart-integration/src/test/resources/rahas/s3-services.xml
new file mode 100644
index 0000000..5d81ffd
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/s3-services.xml
@@ -0,0 +1,70 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rahas.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>Test_STS</issuerName>
+ <issuerKeyAlias>ip</issuerKeyAlias>
+ <issuerKeyPassword>password</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ <trusted-services>
+ <service alias="bob">http://localhost:5555/axis2/services/SecureService</service>
+ <service alias="bob1">http://localhost:5555/axis2/services/SecureService1</service>
+ <service alias="bob2">http://localhost:5555/axis2/services/SecureService2</service>
+ <service alias="bob3">http://localhost:5555/axis2/services/SecureService3</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken Timestamp</items>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp</items>
+ <user>ip</user>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/s5-services.xml b/1_5/modules/rampart-integration/src/test/resources/rahas/s5-services.xml
new file mode 100644
index 0000000..406eccf
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/s5-services.xml
@@ -0,0 +1,70 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rahas.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>Test_STS</issuerName>
+ <issuerKeyAlias>ip</issuerKeyAlias>
+ <issuerKeyPassword>password</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+ <dataCallbackHandlerClass>org.apache.rahas.SAMLDataProvider</dataCallbackHandlerClass>
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ <trusted-services>
+ <service alias="bob">http://localhost:5555/axis2/services/SecureService</service>
+ <service alias="bob1">http://localhost:5555/axis2/services/SecureService1</service>
+ <service alias="bob2">http://localhost:5555/axis2/services/SecureService2</service>
+ <service alias="bob3">http://localhost:5555/axis2/services/SecureService3</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken Timestamp</items>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp</items>
+ <user>ip</user>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/saml.s1.properties b/1_5/modules/rampart-integration/src/test/resources/rahas/saml.s1.properties
new file mode 100644
index 0000000..90487b1
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/saml.s1.properties
@@ -0,0 +1,9 @@
+org.apache.ws.security.saml.issuerClass=org.apache.ws.security.saml.SAMLIssuerImpl
+org.apache.ws.security.saml.issuer.cryptoProp.file=sctIssuer.properties
+org.apache.ws.security.saml.issuer.key.name=bob
+org.apache.ws.security.saml.issuer.key.password=security
+org.apache.ws.security.saml.issuer=www.example.com
+org.apache.ws.security.saml.subjectNameId.name=uid=joe,ou=people,ou=saml-demo,o=example.com
+org.apache.ws.security.saml.subjectNameId.qualifier=www.example.com
+org.apache.ws.security.saml.authenticationMethod=password
+#org.apache.ws.security.saml.confirmationMethod=senderVouches
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/samlIssuer.properties b/1_5/modules/rampart-integration/src/test/resources/rahas/samlIssuer.properties
new file mode 100755
index 0000000..c126c57
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/samlIssuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sts.jks
diff --git a/1_5/modules/rampart-integration/src/test/resources/rahas/sec.jks b/1_5/modules/rampart-integration/src/test/resources/rahas/sec.jks
new file mode 100755
index 0000000..02d7c4e
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rahas/sec.jks
Binary files differ
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/issuer.properties b/1_5/modules/rampart-integration/src/test/resources/rampart/issuer.properties
new file mode 100755
index 0000000..51d7b00
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/issuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=rampart/store.jks
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/1.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/1.xml
new file mode 100644
index 0000000..692f0e4
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/1.xml
@@ -0,0 +1,52 @@
+<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <!-- <sp:HttpsToken RequireClientCertificate="false"/> -->
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/10.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/10.xml
new file mode 100644
index 0000000..ddd0585
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/10.xml
@@ -0,0 +1,69 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <!--No timestamp test-->
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/11.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/11.xml
new file mode 100644
index 0000000..cb17bc4
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/11.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="SigEncrXPath" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath xmlns:S="http://example1.org/example1">//S:example1</sp:XPath>
+ </sp:EncryptedElements>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/12.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/12.xml
new file mode 100644
index 0000000..394b616
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/12.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<wsp:Policy wsu:Id="policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireKeyIdentifierReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireKeyIdentifierReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/13.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/13.xml
new file mode 100644
index 0000000..37c6c47
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/13.xml
@@ -0,0 +1,31 @@
+<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/14.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/14.xml
new file mode 100644
index 0000000..9a9cc84
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/14.xml
@@ -0,0 +1,92 @@
+<wsp:Policy wsu:Id="MutualCertificate11Sign_IPingService_policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ </sp:SignedParts>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/15.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/15.xml
new file mode 100644
index 0000000..617b7f2
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/15.xml
@@ -0,0 +1,58 @@
+<wsp:Policy wsu:Id="EncrOnlySymm"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body />
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/16.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/16.xml
new file mode 100644
index 0000000..4e1a484
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/16.xml
@@ -0,0 +1,76 @@
+ <wsp:Policy wsu:Id="User defined" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </sp:Policy>
+ </sp:Wss10>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy/>
+ </sp:SignedSupportingTokens>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/17.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/17.xml
new file mode 100644
index 0000000..ca24bae
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/17.xml
@@ -0,0 +1,68 @@
+<wsp:Policy wsu:Id="EncrSupTokens"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body />
+ </sp:SignedParts>
+ <sp:EncryptedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/>
+ </wsp:Policy>
+ </sp:EncryptedSupportingTokens>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/18.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/18.xml
new file mode 100644
index 0000000..15ce2bf
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/18.xml
@@ -0,0 +1,69 @@
+<wsp:Policy wsu:Id="SignedEncrSupTokens"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body />
+ </sp:SignedParts>
+ <sp:SignedEncryptedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/>
+ </wsp:Policy>
+ </sp:SignedEncryptedSupportingTokens>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/19.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/19.xml
new file mode 100644
index 0000000..de7ce86
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/19.xml
@@ -0,0 +1,72 @@
+<wsp:Policy wsu:Id="EndorsingEncrSupTokens"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body />
+ </sp:SignedParts>
+ <sp:EndorsingEncryptedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingEncryptedSupportingTokens>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/2.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
new file mode 100644
index 0000000..a3bf1bb
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
@@ -0,0 +1,69 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/20.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/20.xml
new file mode 100644
index 0000000..817fcff
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/20.xml
@@ -0,0 +1,72 @@
+<wsp:Policy wsu:Id="SignedEndorsingEncrSupTokens"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body />
+ </sp:SignedParts>
+ <sp:SignedEndorsingEncryptedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:SignedEndorsingEncryptedSupportingTokens>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/21.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/21.xml
new file mode 100644
index 0000000..f952cf7
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/21.xml
@@ -0,0 +1,70 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>not-used</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:rampartConfigCallbackClass>org.apache.rampart.RampartConfigUpdater</ramp:rampartConfigCallbackClass>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/22.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/22.xml
new file mode 100644
index 0000000..70b4255
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/22.xml
@@ -0,0 +1,64 @@
+<wsp:Policy wsu:Id="SignedElements"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:SignedElements>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/23.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/23.xml
new file mode 100644
index 0000000..e4f7759
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/23.xml
@@ -0,0 +1,64 @@
+<wsp:Policy wsu:Id="EncryptedElements"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:EncryptedElements>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/24.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/24.xml
new file mode 100644
index 0000000..f0624d0
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/24.xml
@@ -0,0 +1,67 @@
+<wsp:Policy wsu:Id="SignedEncryptedElements"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:SignedElements>
+ <sp:EncryptedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:EncryptedElements>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/25.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/25.xml
new file mode 100644
index 0000000..ca69e05
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/25.xml
@@ -0,0 +1,68 @@
+<wsp:Policy wsu:Id="SignedEncryptedElementsEncryptBeforeSigning"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:EncryptBeforeSigning/>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:SignedElements>
+ <sp:EncryptedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:EncryptedElements>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/26.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/26.xml
new file mode 100644
index 0000000..f42dcb3
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/26.xml
@@ -0,0 +1,70 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <!--No timestamp test-->
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/27.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/27.xml
new file mode 100644
index 0000000..4acdc5e
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/27.xml
@@ -0,0 +1,72 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <!--No timestamp test-->
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/28.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
new file mode 100644
index 0000000..a5fd12b
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
@@ -0,0 +1,76 @@
+<wsp:Policy wsu:Id="SigOnly"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <!--No timestamp test-->
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/29.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/29.xml
new file mode 100644
index 0000000..652838c
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/29.xml
@@ -0,0 +1,76 @@
+<wsp:Policy wsu:Id="29"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:MustSupportRefThumbprint/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10>
+ <wsp:Policy>
+ <sp:MustSupportRefThumbprint/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:SignedSupportingTokens>
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/3.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
new file mode 100644
index 0000000..651188d
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
@@ -0,0 +1,73 @@
+<wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/4.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/4.xml
new file mode 100644
index 0000000..4ad5d3b
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/4.xml
@@ -0,0 +1,74 @@
+<wsp:Policy wsu:Id="EncrSig" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/5.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/5.xml
new file mode 100644
index 0000000..368d94e
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/5.xml
@@ -0,0 +1,75 @@
+<wsp:Policy wsu:Id="SigEncrDK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/6.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/6.xml
new file mode 100644
index 0000000..5a0092f
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/6.xml
@@ -0,0 +1,72 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/7.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/7.xml
new file mode 100644
index 0000000..e1a4548
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/7.xml
@@ -0,0 +1,74 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/8.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/8.xml
new file mode 100644
index 0000000..fb2a6b0
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/8.xml
@@ -0,0 +1,74 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/9.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/9.xml
new file mode 100644
index 0000000..7c1a9e3
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/9.xml
@@ -0,0 +1,73 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature />
+ <sp:EncryptBeforeSigning />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml
new file mode 100644
index 0000000..9739b9b
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml
@@ -0,0 +1,123 @@
+<wsp:Policy wsu:Id="SecConvPolicy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/sc-2.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/sc-2.xml
new file mode 100644
index 0000000..f3311cf
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/sc-2.xml
@@ -0,0 +1,131 @@
+<wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/policy/sc-3.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/sc-3.xml
new file mode 100644
index 0000000..34e4a04
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/policy/sc-3.xml
@@ -0,0 +1,98 @@
+<wsp:Policy wsu:Id="SecConvPolicy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-1.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-1.xml
new file mode 100644
index 0000000..202210e
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-1.xml
@@ -0,0 +1,55 @@
+<service name="SecureService1">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <!-- <sp:HttpsToken RequireClientCertificate="false"/> -->
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-10.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-10.xml
new file mode 100644
index 0000000..c47a7d4
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-10.xml
@@ -0,0 +1,81 @@
+<service name="SecureService10">
+ <!--No timestamp test-->
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <!--sp:IncludeTimestamp/-->
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-11.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-11.xml
new file mode 100644
index 0000000..83ce057
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-11.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<service name="SecureService11">
+ <!--No timestamp test-->
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrXPath" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath xmlns:S="http://example1.org/example1">//S:example1</sp:XPath>
+ </sp:EncryptedElements>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
\ No newline at end of file
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-12.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-12.xml
new file mode 100644
index 0000000..c1919ac
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-12.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<service name="SecureService12">
+ <!--No timestamp test-->
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+<wsp:Policy wsu:Id="policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireKeyIdentifierReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireKeyIdentifierReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+</service>
\ No newline at end of file
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-13.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-13.xml
new file mode 100644
index 0000000..501dffe
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-13.xml
@@ -0,0 +1,55 @@
+<service name="SecureService13">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-14.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-14.xml
new file mode 100644
index 0000000..da8cd05
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-14.xml
@@ -0,0 +1,110 @@
+<service name="SecureService14">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="MutualCertificate11Sign_IPingService_policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ </sp:SignedParts>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-15.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-15.xml
new file mode 100644
index 0000000..4b88584
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-15.xml
@@ -0,0 +1,77 @@
+<service name="SecureService15">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="EncrOnlySymm"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body />
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-16.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-16.xml
new file mode 100644
index 0000000..a245fa1
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-16.xml
@@ -0,0 +1,95 @@
+<service name="SecureService16">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="User defined" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </sp:Policy>
+ </sp:Wss10>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy/>
+ </sp:SignedSupportingTokens>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-17.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-17.xml
new file mode 100644
index 0000000..a786dea
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-17.xml
@@ -0,0 +1,87 @@
+<service name="SecureService17">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="EncrSupTokens"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body />
+ </sp:SignedParts>
+ <sp:EncryptedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/>
+ </wsp:Policy>
+ </sp:EncryptedSupportingTokens>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-18.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-18.xml
new file mode 100644
index 0000000..3b5c1a5
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-18.xml
@@ -0,0 +1,88 @@
+<service name="SecureService18">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="EncrSupTokens"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body />
+ </sp:SignedParts>
+ <sp:SignedEncryptedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/>
+ </wsp:Policy>
+ </sp:SignedEncryptedSupportingTokens>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-19.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-19.xml
new file mode 100644
index 0000000..39a31cb
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-19.xml
@@ -0,0 +1,90 @@
+<service name="SecureService19">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="EndorsingEncrSupTokens"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body />
+ </sp:SignedParts>
+ <sp:EndorsingEncryptedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingEncryptedSupportingTokens>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-2.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-2.xml
new file mode 100644
index 0000000..d6c6192
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-2.xml
@@ -0,0 +1,87 @@
+<service name="SecureService2">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-20.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-20.xml
new file mode 100644
index 0000000..4913a3a
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-20.xml
@@ -0,0 +1,90 @@
+<service name="SecureService20">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SignedEndorsingEncrSupTokens"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body />
+ </sp:SignedParts>
+ <sp:SignedEndorsingEncryptedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:SignedEndorsingEncryptedSupportingTokens>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-21.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-21.xml
new file mode 100644
index 0000000..95eb250
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-21.xml
@@ -0,0 +1,81 @@
+<service name="SecureService21">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-22.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-22.xml
new file mode 100644
index 0000000..85c5589
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-22.xml
@@ -0,0 +1,82 @@
+<service name="SecureService22">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SignedElements"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:SignedElements>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
\ No newline at end of file
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-23.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-23.xml
new file mode 100644
index 0000000..cbe5b3d
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-23.xml
@@ -0,0 +1,77 @@
+<service name="SecureService23">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="EncryptedElements"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:EncryptedElements>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
\ No newline at end of file
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-24.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-24.xml
new file mode 100644
index 0000000..6f2782c
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-24.xml
@@ -0,0 +1,80 @@
+<service name="SecureService24">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SignedEncryptedElements"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:SignedElements>
+ <sp:EncryptedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:EncryptedElements>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
\ No newline at end of file
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-25.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-25.xml
new file mode 100644
index 0000000..4ef7556
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-25.xml
@@ -0,0 +1,81 @@
+<service name="SecureService25">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SignedEncryptedElementsEncryptBeforeSigning"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:EncryptBeforeSigning/>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:SignedElements>
+ <sp:EncryptedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:EncryptedElements>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
\ No newline at end of file
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-26.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-26.xml
new file mode 100644
index 0000000..34dd784
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-26.xml
@@ -0,0 +1,84 @@
+<service name="SecureService26">
+ <!--No timestamp test-->
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <!--sp:IncludeTimestamp/-->
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-27.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-27.xml
new file mode 100644
index 0000000..5224d6e
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-27.xml
@@ -0,0 +1,82 @@
+<service name="SecureService27">
+ <!--No timestamp test-->
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <!--sp:IncludeTimestamp/-->
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-28.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-28.xml
new file mode 100644
index 0000000..8ebd645
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-28.xml
@@ -0,0 +1,82 @@
+<service name="SecureService28">
+ <!--No timestamp test-->
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <!--sp:IncludeTimestamp/-->
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-29.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-29.xml
new file mode 100644
index 0000000..48da3f4
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-29.xml
@@ -0,0 +1,87 @@
+<service name="SecureService29">
+ <!--No timestamp test-->
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:MustSupportRefThumbprint/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10>
+ <wsp:Policy>
+ <sp:MustSupportRefThumbprint/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:SignedSupportingTokens>
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-3.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-3.xml
new file mode 100644
index 0000000..7fc78a7
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-3.xml
@@ -0,0 +1,93 @@
+<service name="SecureService3">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-4.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-4.xml
new file mode 100644
index 0000000..52a2845
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-4.xml
@@ -0,0 +1,94 @@
+<service name="SecureService4">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+<wsp:Policy wsu:Id="EncrSig" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-5.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-5.xml
new file mode 100644
index 0000000..0a6602c
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-5.xml
@@ -0,0 +1,94 @@
+<service name="SecureService5">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrDK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-6.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-6.xml
new file mode 100644
index 0000000..441ce9d
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-6.xml
@@ -0,0 +1,91 @@
+<service name="SecureService6">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-7.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-7.xml
new file mode 100644
index 0000000..ae9fa91
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-7.xml
@@ -0,0 +1,94 @@
+<service name="SecureService7">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-8.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-8.xml
new file mode 100644
index 0000000..99ec146
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-8.xml
@@ -0,0 +1,94 @@
+<service name="SecureService8">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>useReqSigCert</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-9.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-9.xml
new file mode 100644
index 0000000..111d37b
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-9.xml
@@ -0,0 +1,92 @@
+<service name="SecureService9">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature />
+ <sp:EncryptBeforeSigning />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml
new file mode 100644
index 0000000..e3e029c
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml
@@ -0,0 +1,176 @@
+<service name="SecureServiceSC1">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rampart/sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-sc-2.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-sc-2.xml
new file mode 100644
index 0000000..b6207cf
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-sc-2.xml
@@ -0,0 +1,186 @@
+<service name="SecureServiceSC2">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rampart/sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/services-sc-3.xml b/1_5/modules/rampart-integration/src/test/resources/rampart/services-sc-3.xml
new file mode 100644
index 0000000..24ea65d
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/services-sc-3.xml
@@ -0,0 +1,154 @@
+<service name="SecureServiceSC3">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rampart/sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/store.jks b/1_5/modules/rampart-integration/src/test/resources/rampart/store.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/store.jks
Binary files differ
diff --git a/1_5/modules/rampart-integration/src/test/resources/rampart/sts.jks b/1_5/modules/rampart-integration/src/test/resources/rampart/sts.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/rampart/sts.jks
Binary files differ
diff --git a/1_5/modules/rampart-integration/src/test/resources/sctIssuer.properties b/1_5/modules/rampart-integration/src/test/resources/sctIssuer.properties
new file mode 100755
index 0000000..c126c57
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/sctIssuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sts.jks
diff --git a/1_5/modules/rampart-integration/src/test/resources/sec.jks b/1_5/modules/rampart-integration/src/test/resources/sec.jks
new file mode 100755
index 0000000..7af24b2
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/sec.jks
Binary files differ
diff --git a/1_5/modules/rampart-integration/src/test/resources/sec.properties b/1_5/modules/rampart-integration/src/test/resources/sec.properties
new file mode 100755
index 0000000..3c3298d
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/sec.properties
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sec.jks
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/complete.client.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/complete.client.axis2.xml
new file mode 100644
index 0000000..bc53d78
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/complete.client.axis2.xml
@@ -0,0 +1,133 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <moduleConfig name="addressing">
+ <parameter name="includeOptionalHeaders" locked="false">true</parameter>
+ </moduleConfig>
+
+ <!-- Test with addressing and MTOM: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>bob</encryptionUser>
+ <signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{http://www.w3.org/2005/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- Test with addressing and MTOM: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml
new file mode 100644
index 0000000..d120cca
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml
@@ -0,0 +1,147 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+ <parameter name="enableMTOM" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the addressing module -->
+ <module ref="addressing"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <moduleConfig name="addressing">
+ <parameter name="includeOptionalHeaders" locked="false">true</parameter>
+ </moduleConfig>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/complete.service.xml b/1_5/modules/rampart-integration/src/test/resources/security/complete.service.xml
new file mode 100644
index 0000000..7988cb1
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/complete.service.xml
@@ -0,0 +1,31 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>alice</encryptionUser>
+ <signatureParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s1.client.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s1.client.axis2.xml
new file mode 100644
index 0000000..e1752e1
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s1.client.axis2.xml
@@ -0,0 +1,109 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 1: Client's Configuration:START-->
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameToken</items>
+ <user>Chris</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <passwordType>PasswordText</passwordType>
+ </action>
+ </parameter>
+ <!-- Scenario 1: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml
new file mode 100644
index 0000000..8cdf406
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml
@@ -0,0 +1,139 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s1.service.xml b/1_5/modules/rampart-integration/src/test/resources/security/s1.service.xml
new file mode 100644
index 0000000..d6afa98
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s1.service.xml
@@ -0,0 +1,15 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s2.client.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s2.client.axis2.xml
new file mode 100644
index 0000000..324c581
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s2.client.axis2.xml
@@ -0,0 +1,118 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 2: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameToken Encrypt</items>
+ <user>Chris</user>
+ <addUTElements>Nonce Created</addUTElements>
+ <encryptionParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</encryptionParts>
+ <encryptionUser>bob</encryptionUser>
+ <encryptionPropFile>interop.properties</encryptionPropFile>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <passwordType>PasswordText</passwordType>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ </action>
+ </parameter>
+
+ <!-- Scenario 2: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml
new file mode 100644
index 0000000..4c1bcc5
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml
@@ -0,0 +1,139 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s2.service.xml b/1_5/modules/rampart-integration/src/test/resources/security/s2.service.xml
new file mode 100644
index 0000000..77c8eac
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s2.service.xml
@@ -0,0 +1,16 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken Encrypt</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <decryptionPropFile>interop.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s2a.client.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s2a.client.axis2.xml
new file mode 100644
index 0000000..ceddbd8
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s2a.client.axis2.xml
@@ -0,0 +1,116 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 2: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameTokenSignature Encrypt Timestamp</items>
+ <user>Chris</user>
+ <encryptionParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</encryptionParts>
+ <encryptionUser>bob</encryptionUser>
+ <encryptionPropFile>interop.properties</encryptionPropFile>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ </action>
+ </parameter>
+
+ <!-- Scenario 2: Client's Configuration:END-->
+
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+<phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml
new file mode 100644
index 0000000..1efb1e7
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml
@@ -0,0 +1,138 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s2a.service.xml b/1_5/modules/rampart-integration/src/test/resources/security/s2a.service.xml
new file mode 100644
index 0000000..d2e7727
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s2a.service.xml
@@ -0,0 +1,16 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameTokenSignature UsernameToken Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <decryptionPropFile>interop.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s3.client.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s3.client.axis2.xml
new file mode 100644
index 0000000..3af5539
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s3.client.axis2.xml
@@ -0,0 +1,127 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 3: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>bob</encryptionUser>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+ <!-- Scenario 3: Client's Configuration:END-->
+
+
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml
new file mode 100644
index 0000000..1bae128
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml
@@ -0,0 +1,138 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+<phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s3.service.xml b/1_5/modules/rampart-integration/src/test/resources/security/s3.service.xml
new file mode 100644
index 0000000..12cf1c7
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s3.service.xml
@@ -0,0 +1,31 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>alice</encryptionUser>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml
new file mode 100644
index 0000000..27eb190
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml
@@ -0,0 +1,124 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 4: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <EmbeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</EmbeddedKeyCallbackClass>
+ <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario 4: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml
new file mode 100644
index 0000000..3ef5bc8
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml
@@ -0,0 +1,139 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s4.service.xml b/1_5/modules/rampart-integration/src/test/resources/security/s4.service.xml
new file mode 100644
index 0000000..7f422a9
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s4.service.xml
@@ -0,0 +1,30 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <EmbeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</EmbeddedKeyCallbackClass>
+ <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml
new file mode 100644
index 0000000..865f56f
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml
@@ -0,0 +1,122 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 5: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+
+ <action>
+ <items>Signature NoSerialization</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signatureParts>{}{http://xmlsoap.org/Ping}ticket</signatureParts>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+
+ <action>
+ <items>Signature Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+
+ </parameter>
+
+ <!-- Scenario 5: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml
new file mode 100644
index 0000000..6021a79
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml
@@ -0,0 +1,140 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s5.service.xml b/1_5/modules/rampart-integration/src/test/resources/security/s5.service.xml
new file mode 100644
index 0000000..6c9089d
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s5.service.xml
@@ -0,0 +1,16 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Signature Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s6.client.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s6.client.axis2.xml
new file mode 100644
index 0000000..c6d8cc5
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s6.client.axis2.xml
@@ -0,0 +1,125 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 6: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt Signature Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>bob</encryptionUser>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt Signature Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario 6: Client's Configuration:END-->
+
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml
new file mode 100644
index 0000000..262036a
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml
@@ -0,0 +1,140 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s6.service.xml b/1_5/modules/rampart-integration/src/test/resources/security/s6.service.xml
new file mode 100644
index 0000000..c67c3d8
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s6.service.xml
@@ -0,0 +1,29 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt Signature Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt Signature Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>DirectReference</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>alice</encryptionUser>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s7.client.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s7.client.axis2.xml
new file mode 100644
index 0000000..7cb7bab
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s7.client.axis2.xml
@@ -0,0 +1,125 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 7: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>bob</encryptionUser>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <encryptionPropFile>interop.properties</encryptionPropFile>
+ <signatureParts>{}{http://schemas.xmlsoap.org/soap/envelope/}Body;STRTransform</signatureParts>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <decryptionPropFile>interop.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario 7: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml
new file mode 100644
index 0000000..950dfdd
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml
@@ -0,0 +1,141 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/s7.service.xml b/1_5/modules/rampart-integration/src/test/resources/security/s7.service.xml
new file mode 100644
index 0000000..f8111e7
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/s7.service.xml
@@ -0,0 +1,31 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <decryptionPropFile>interop.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>DirectReference</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>alice</encryptionUser>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <encryptionPropFile>interop.properties</encryptionPropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/sST1.client.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/sST1.client.axis2.xml
new file mode 100644
index 0000000..489ae1d
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/sST1.client.axis2.xml
@@ -0,0 +1,109 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario ST1: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp SAMLTokenUnsigned</items>
+ <samlPropFile>axis2.saml.properties</samlPropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario ST1: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml
new file mode 100644
index 0000000..369de66
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml
@@ -0,0 +1,140 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/sST1.service.xml b/1_5/modules/rampart-integration/src/test/resources/security/sST1.service.xml
new file mode 100644
index 0000000..1bb5dc7
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/sST1.service.xml
@@ -0,0 +1,14 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp SAMLTokenUnsigned</items>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/sc/s1-services.xml b/1_5/modules/rampart-integration/src/test/resources/security/sc/s1-services.xml
new file mode 100644
index 0000000..1d92054
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/sc/s1-services.xml
@@ -0,0 +1,84 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.security.sc.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <!-- <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <proofToken>EncryptedKey</proofToken>
+ <cryptoProperties>sctIssuer.properties</cryptoProperties>
+ <addRequestedAttachedRef />
+ </sct-issuer-config>
+ </parameter>-->
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <addRequestedAttachedRef/>
+ <addRequestedUnattachedRef/>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>EncryptedKey</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+ <parameter xmlns="" name="sc-configuration">
+ <sc-configuration xmlns="">
+ <scope xmlns="">service</scope>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ <cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
+ </sc-configuration>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ <user>sts</user>
+ <signaturePropFile xmlns="">sctIssuer.properties</signaturePropFile>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/sc/s2-services.xml b/1_5/modules/rampart-integration/src/test/resources/security/sc/s2-services.xml
new file mode 100644
index 0000000..8c942a6
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/sc/s2-services.xml
@@ -0,0 +1,64 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.security.sc.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter xmlns="" name="sc-configuration">
+ <sc-configuration xmlns="">
+ <scope xmlns="">service</scope>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ <cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
+ </sc-configuration>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp</items>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/sc/s3-services.xml b/1_5/modules/rampart-integration/src/test/resources/security/sc/s3-services.xml
new file mode 100644
index 0000000..754a0ca
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/sc/s3-services.xml
@@ -0,0 +1,66 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.security.sc.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter xmlns="" name="sc-configuration">
+ <sc-configuration xmlns="">
+ <scope xmlns="">service</scope>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ <cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
+ </sc-configuration>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ <user>sts</user>
+ <signaturePropFile xmlns="">sctIssuer.properties</signaturePropFile>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/sc/s4-services.xml b/1_5/modules/rampart-integration/src/test/resources/security/sc/s4-services.xml
new file mode 100644
index 0000000..50b850a
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/sc/s4-services.xml
@@ -0,0 +1,67 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.security.sc.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter xmlns="" name="sc-configuration">
+ <sc-configuration xmlns="">
+ <scope xmlns="">service</scope>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ <cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
+ </sc-configuration>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ <user>sts</user>
+ <signaturePropFile xmlns="">sctIssuer.properties</signaturePropFile>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/sc/sctIssuer.properties b/1_5/modules/rampart-integration/src/test/resources/security/sc/sctIssuer.properties
new file mode 100755
index 0000000..c126c57
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/sc/sctIssuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sts.jks
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/sc/sec.jks b/1_5/modules/rampart-integration/src/test/resources/security/sc/sec.jks
new file mode 100755
index 0000000..7af24b2
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/sc/sec.jks
Binary files differ
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/sc/sec.properties b/1_5/modules/rampart-integration/src/test/resources/security/sc/sec.properties
new file mode 100755
index 0000000..3c3298d
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/sc/sec.properties
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sec.jks
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/sc/sts.jks b/1_5/modules/rampart-integration/src/test/resources/security/sc/sts.jks
new file mode 100644
index 0000000..2db0a7c
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/sc/sts.jks
Binary files differ
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/secMtom.client.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/secMtom.client.axis2.xml
new file mode 100644
index 0000000..873cd8c
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/secMtom.client.axis2.xml
@@ -0,0 +1,126 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 3 with MTOM: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>bob</encryptionUser>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario 3 with MTOM: Client's Configuration:END-->
+
+
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml b/1_5/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml
new file mode 100644
index 0000000..6e782d6
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml
@@ -0,0 +1,141 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+ <parameter name="enableMTOM" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-integration/src/test/resources/security/secMtom.service.xml b/1_5/modules/rampart-integration/src/test/resources/security/secMtom.service.xml
new file mode 100644
index 0000000..45f7a1f
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/security/secMtom.service.xml
@@ -0,0 +1,31 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>alice</encryptionUser>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-integration/src/test/resources/sts.jks b/1_5/modules/rampart-integration/src/test/resources/sts.jks
new file mode 100644
index 0000000..2db0a7c
--- /dev/null
+++ b/1_5/modules/rampart-integration/src/test/resources/sts.jks
Binary files differ
diff --git a/1_5/modules/rampart-mar/module.xml b/1_5/modules/rampart-mar/module.xml
new file mode 100644
index 0000000..59ec0e7
--- /dev/null
+++ b/1_5/modules/rampart-mar/module.xml
@@ -0,0 +1,46 @@
+<module name="rampart" class="org.apache.rampart.Rampart">
+
+ <Description>This module provides the WS-Security and WS-SecureConversation
+ functionalities for Axis2, based on Apache WSS4J, Apache XML-Security
+ and Apache Rahas implementations.
+ </Description>
+
+ <InFlow>
+ <handler name="PolicyBasedSecurityInHandler" class="org.apache.rampart.handler.RampartReceiver">
+ <order phase="Security" phaseFirst="true"/>
+ </handler>
+ <handler name="SecurityInHandler" class="org.apache.rampart.handler.WSDoAllReceiver">
+ <order phase="Security"/>
+ </handler>
+ <handler name="PostDispatchVerificationHandler" class="org.apache.rampart.handler.PostDispatchVerificationHandler">
+ <order phase="Dispatch" phaseLast="true"/>
+ </handler>
+
+ </InFlow>
+
+ <OutFlow>
+ <handler name="SecurityOutHandler" class="org.apache.rampart.handler.WSDoAllSender">
+ <order phase="Security"/>
+ </handler>
+ <handler name="PolicyBasedSecurityOutHandler" class="org.apache.rampart.handler.RampartSender">
+ <order phase="Security" phaseLast="true"/>
+ </handler>
+ </OutFlow>
+
+ <OutFaultFlow>
+ <handler name="PolicyBasedSecurityOutHandler" class="org.apache.rampart.handler.RampartSender">
+ <order phase="Security" phaseLast="true"/>
+ </handler>
+ </OutFaultFlow>
+
+ <InFaultFlow>
+ <handler name="PolicyBasedSecurityInHandler" class="org.apache.rampart.handler.RampartReceiver">
+ <order phase="Security" phaseFirst="true"/>
+ </handler>
+ </InFaultFlow>
+
+ <supported-policy-namespaces namespaces="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ <local-policy-assertions>
+ <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy" />
+ </local-policy-assertions>
+</module>
diff --git a/1_5/modules/rampart-mar/pom.xml b/1_5/modules/rampart-mar/pom.xml
new file mode 100644
index 0000000..5651e7a
--- /dev/null
+++ b/1_5/modules/rampart-mar/pom.xml
@@ -0,0 +1,134 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.5</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart</artifactId>
+ <packaging>mar</packaging>
+ <version>${rampart.mar.version}</version>
+ <!-- TODO need to remove this-->
+ <name>Rampart - Mar</name>
+
+ <scm>
+ <connection>scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java
+ </developerConnection>
+ <url>https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</url>
+ </scm>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-mar-maven-plugin</artifactId>
+ <version>1.2</version>
+ <extensions>true</extensions>
+ <configuration>
+ <includeDependencies>false</includeDependencies>
+ <moduleXmlFile>module.xml</moduleXmlFile>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <version>1.0</version>
+ <executions>
+ <execution>
+ <id>aar</id>
+ <phase>package</phase>
+ <goals>
+ <goal>attach-artifact</goal>
+ </goals>
+ <configuration>
+ <artifacts>
+ <artifact>
+ <file>target/${pom.artifactId}-${pom.version}.mar</file>
+ <type>jar</type>
+ </artifact>
+ </artifacts>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>1.5</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>1.5</version>
+ </dependency>
+ </dependencies>
+
+ <pluginRepositories>
+ <pluginRepository>
+ <id>apache-m2</id>
+ <name>Apache M2 Repository</name>
+ <url>http://people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ <layout>default</layout>
+ <snapshots>
+ <enabled>false</enabled>
+ <updatePolicy>daily</updatePolicy>
+ <checksumPolicy>ignore</checksumPolicy>
+ </snapshots>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ </pluginRepository>
+ <pluginRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Snapshots Repository</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+ <layout>default</layout>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>daily</updatePolicy>
+ <checksumPolicy>ignore</checksumPolicy>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+ </pluginRepositories>
+ <distributionManagement>
+ <repository>
+ <id>apache-repo</id>
+ <name>Maven Central Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ </repository>
+ <snapshotRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Development Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-snapshot-repository</url>
+ <uniqueVersion>false</uniqueVersion>
+ </snapshotRepository>
+ </distributionManagement>
+</project>
diff --git a/1_5/modules/rampart-policy/pom.xml b/1_5/modules/rampart-policy/pom.xml
new file mode 100644
index 0000000..1223286
--- /dev/null
+++ b/1_5/modules/rampart-policy/pom.xml
@@ -0,0 +1,52 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.5</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-policy</artifactId>
+ <packaging>jar</packaging>
+ <name>Rampart - Policy</name>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ <excludes>
+ <exclude>**/*.java</exclude>
+ </excludes>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent"/>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
diff --git a/1_5/modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder b/1_5/modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
new file mode 100644
index 0000000..aecbee6
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
@@ -0,0 +1,47 @@
+org.apache.ws.secpolicy11.builders.AlgorithmSuiteBuilder
+org.apache.ws.secpolicy11.builders.AsymmetricBindingBuilder
+org.apache.ws.secpolicy11.builders.EncryptedElementsBuilder
+org.apache.ws.secpolicy11.builders.EncryptedPartsBuilder
+org.apache.ws.secpolicy11.builders.InitiatorTokenBuilder
+org.apache.ws.secpolicy11.builders.LayoutBuilder
+org.apache.ws.secpolicy11.builders.ProtectionTokenBuilder
+org.apache.ws.secpolicy11.builders.RecipientTokenBuilder
+org.apache.ws.secpolicy11.builders.SignedElementsBuilder
+org.apache.ws.secpolicy11.builders.SignedPartsBuilder
+org.apache.ws.secpolicy11.builders.SupportingTokensBuilder
+org.apache.ws.secpolicy11.builders.TransportBindingBuilder
+org.apache.ws.secpolicy11.builders.TransportTokenBuilder
+org.apache.ws.secpolicy11.builders.UsernameTokenBuilder
+org.apache.ws.secpolicy11.builders.WSS10Builder
+org.apache.ws.secpolicy11.builders.WSS11Builder
+org.apache.ws.secpolicy11.builders.X509TokenBuilder
+org.apache.ws.secpolicy11.builders.Trust10Builder
+org.apache.ws.secpolicy11.builders.SecurityContextTokenBuilder
+org.apache.ws.secpolicy11.builders.SecureConversationTokenBuilder
+org.apache.ws.secpolicy11.builders.SymmetricBindingBuilder
+org.apache.ws.secpolicy11.builders.IssuedTokenBuilder
+org.apache.ws.secpolicy11.builders.RequiredElementsBuilder
+org.apache.ws.secpolicy12.builders.AlgorithmSuiteBuilder
+org.apache.ws.secpolicy12.builders.AsymmetricBindingBuilder
+org.apache.ws.secpolicy12.builders.EncryptedElementsBuilder
+org.apache.ws.secpolicy12.builders.EncryptedPartsBuilder
+org.apache.ws.secpolicy12.builders.InitiatorTokenBuilder
+org.apache.ws.secpolicy12.builders.LayoutBuilder
+org.apache.ws.secpolicy12.builders.ProtectionTokenBuilder
+org.apache.ws.secpolicy12.builders.RecipientTokenBuilder
+org.apache.ws.secpolicy12.builders.SignedElementsBuilder
+org.apache.ws.secpolicy12.builders.SignedPartsBuilder
+org.apache.ws.secpolicy12.builders.SupportingTokensBuilder
+org.apache.ws.secpolicy12.builders.TransportBindingBuilder
+org.apache.ws.secpolicy12.builders.TransportTokenBuilder
+org.apache.ws.secpolicy12.builders.UsernameTokenBuilder
+org.apache.ws.secpolicy12.builders.WSS10Builder
+org.apache.ws.secpolicy12.builders.WSS11Builder
+org.apache.ws.secpolicy12.builders.X509TokenBuilder
+org.apache.ws.secpolicy12.builders.Trust13Builder
+org.apache.ws.secpolicy12.builders.SecurityContextTokenBuilder
+org.apache.ws.secpolicy12.builders.SecureConversationTokenBuilder
+org.apache.ws.secpolicy12.builders.SymmetricBindingBuilder
+org.apache.ws.secpolicy12.builders.IssuedTokenBuilder
+org.apache.ws.secpolicy12.builders.RequiredElementsBuilder
+org.apache.ws.secpolicy12.builders.ContentEncryptedElementsBuilder
\ No newline at end of file
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
new file mode 100644
index 0000000..60f28f8
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
@@ -0,0 +1,435 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy;
+
+import javax.xml.namespace.QName;
+
+public class Constants {
+
+ public static final String P_NS = "http://schemas.xmlsoap.org/ws/2004/09/policy";
+
+ public static final String P_PREFIX = "wsp";
+
+ public static final QName POLICY = new QName(P_NS, "Policy", P_PREFIX);
+
+ public final static String SP_NS = "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
+
+ public final static String SP_PREFIX = "sp";
+
+ public final static String ATTR_INCLUDE_TOKEN = "IncludeToken";
+
+ public final static String INCLUDE_NEVER = Constants.SP_NS
+ + "/IncludeToken/Never";
+
+ public final static String INCLUDE_ONCE = Constants.SP_NS
+ + "/IncludeToken/Once";
+
+ public final static String INCLUDE_ALWAYS_TO_RECIPIENT = Constants.SP_NS
+ + "/IncludeToken/AlwaysToRecipient";
+
+ public final static String INCLUDE_ALWAYS = Constants.SP_NS
+ + "/IncludeToken/Always";
+
+ public final static int SUPPORTING_TOKEN_SUPPORTING = 1;
+
+ public final static int SUPPORTING_TOKEN_ENDORSING = 2;
+
+ public final static int SUPPORTING_TOKEN_SIGNED = 3;
+
+ public final static int SUPPORTING_TOKEN_SIGNED_ENDORSING = 4;
+
+ /**
+ * Security Header Layout : Strict
+ */
+ public final static String LAYOUT_STRICT = "Strict";
+
+ /**
+ * Security Header Layout : Lax
+ */
+ public final static String LAYOUT_LAX = "Lax";
+
+ /**
+ * Security Header Layout : LaxTimestampFirst
+ */
+ public final static String LAYOUT_LAX_TIMESTAMP_FIRST = "LaxTimestampFirst";
+
+ /**
+ * Security Header Layout : LaxTimestampLast
+ */
+ public final static String LAYOUT_LAX_TIMESTAMP_LAST = "LaxTimestampLast";
+
+ /**
+ * Protection Order : EncryptBeforeSigning
+ */
+ public final static String ENCRYPT_BEFORE_SIGNING = "EncryptBeforeSigning";
+
+ /**
+ * Protection Order : SignBeforeEncrypting
+ */
+ public final static String SIGN_BEFORE_ENCRYPTING = "SignBeforeEncrypting";
+
+ public final static String ONLY_SIGN_ENTIRE_HEADERS_AND_BODY = "OnlySignEntireHeadersAndBody";
+
+ public final static String WSS_X509_V1_TOKEN10 = "WssX509V1Token10";
+
+ public final static String WSS_X509_V3_TOKEN10 = "WssX509V3Token10";
+
+ public final static String WSS_X509_PKCS7_TOKEN10 = "WssX509Pkcs7Token10";
+
+ public final static String WSS_X509_PKI_PATH_V1_TOKEN10 = "WssX509PkiPathV1Token10";
+
+ public final static String WSS_X509_V1_TOKEN11 = "WssX509V1Token11";
+
+ public final static String WSS_X509_V3_TOKEN11 = "WssX509V3Token11";
+
+ public final static String WSS_X509_PKCS7_TOKEN11 = "WssX509Pkcs7Token11";
+
+ public final static String WSS_X509_PKI_PATH_V1_TOKEN11 = "WssX509PkiPathV1Token11";
+
+ // /
+ // /Algorithm Suites
+ // /
+ public final static String ALGO_SUITE_BASIC256 = "Basic256";
+
+ public final static String ALGO_SUITE_BASIC192 = "Basic192";
+
+ public final static String ALGO_SUITE_BASIC128 = "Basic128";
+
+ public final static String ALGO_SUITE_TRIPLE_DES = "TripleDes";
+
+ public final static String ALGO_SUITE_BASIC256_RSA15 = "Basic256Rsa15";
+
+ public final static String ALGO_SUITE_BASIC192_RSA15 = "Basic192Rsa15";
+
+ public final static String ALGO_SUITE_BASIC128_RSA15 = "Basic128Rsa15";
+
+ public final static String ALGO_SUITE_TRIPLE_DES_RSA15 = "TripleDesRsa15";
+
+ public final static String ALGO_SUITE_BASIC256_SHA256 = "Basic256Sha256";
+
+ public final static String ALGO_SUITE_BASIC192_SHA256 = "Basic192Sha256";
+
+ public final static String ALGO_SUITE_BASIC128_SHA256 = "Basic128Sha256";
+
+ public final static String ALGO_SUITE_TRIPLE_DES_SHA256 = "TripleDesSha256";
+
+ public final static String ALGO_SUITE_BASIC256_SHA256_RSA15 = "Basic256Sha256Rsa15";
+
+ public final static String ALGO_SUITE_BASIC192_SHA256_RSA15 = "Basic192Sha256Rsa15";
+
+ public final static String ALGO_SUITE_BASIC128_SHA256_RSA15 = "Basic128Sha256Rsa15";
+
+ public final static String ALGO_SUITE_TRIPLE_DES_SHA256_RSA15 = "TripleDesSha256Rsa15";
+
+ // /
+ // /Algorithms
+ // /
+ public final static String HMAC_SHA1 = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
+
+ public final static String RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+
+ public final static String SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
+
+ public final static String SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256";
+
+ public final static String SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512";
+
+ public final static String AES128 = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
+
+ public final static String AES192 = "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
+
+ public final static String AES256 = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
+
+ public final static String TRIPLE_DES = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
+
+ public final static String KW_AES128 = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
+
+ public final static String KW_AES192 = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
+
+ public final static String KW_AES256 = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
+
+ public final static String KW_TRIPLE_DES = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
+
+ public final static String KW_RSA_OAEP = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
+
+ public final static String KW_RSA15 = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
+
+ public final static String P_SHA1 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String P_SHA1_L128 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String P_SHA1_L192 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String P_SHA1_L256 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String XPATH = "http://www.w3.org/TR/1999/REC-xpath-19991116";
+
+ public final static String XPATH20 = "http://www.w3.org/2002/06/xmldsig-filter2";
+
+ public final static String C14N = "http://www.w3.org/2001/10/xml-c14n#";
+
+ public final static String EX_C14N = "http://www.w3.org/2001/10/xml-exc-c14n#";
+
+ public final static String SNT = "http://www.w3.org/TR/soap12-n11n";
+
+ public final static String STRT10 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform";
+
+ // //////////////////////////////////////////////////////////////////////
+
+ public static final String INCLUSIVE_C14N = "InclusiveC14N";
+
+ public static final String SOAP_NORMALIZATION_10 = "SoapNormalization10";
+
+ public static final String STR_TRANSFORM_10 = "STRTransform10";
+
+ public static final String XPATH10 = "XPath10";
+
+ public static final String XPATH_FILTER20 = "XPathFilter20";
+
+ // /////////////////////////////////////////////////////////////////////
+
+ public static final QName ATTR_XPATH_VERSION = new QName(SP_NS, "XPathVersion", Constants.SP_PREFIX);
+
+ ////////////////////////////////////////////////////////////////////////
+ public static final QName INCLUDE_TOKEN = new QName(SP_NS, "IncludeToken",
+ Constants.SP_PREFIX);
+
+ public static final QName TRANSPORT_BINDING = new QName(SP_NS,
+ "TransportBinding", Constants.SP_PREFIX);
+
+ public static final QName ALGORITHM_SUITE = new QName(SP_NS,
+ "AlgorithmSuite", Constants.SP_PREFIX);
+
+ public static final QName LAYOUT = new QName(SP_NS, "Layout", SP_PREFIX);
+
+ // ///////////////////
+
+ public static final QName STRICT = new QName(Constants.SP_NS, "Strict",
+ Constants.SP_PREFIX);
+
+ public static final QName LAX = new QName(Constants.SP_NS, "Lax",
+ Constants.SP_PREFIX);
+
+ public static final QName LAXTSFIRST = new QName(Constants.SP_NS,
+ "LaxTsFirst", Constants.SP_PREFIX);
+
+ public static final QName LAXTSLAST = new QName(Constants.SP_NS,
+ "LaxTsLast", Constants.SP_PREFIX);
+
+ // ////////////////
+
+ public static final QName INCLUDE_TIMESTAMP = new QName(SP_NS,
+ "IncludeTimestamp", Constants.SP_PREFIX);
+
+ public static final QName TRANSPORT_TOKEN = new QName(SP_NS,
+ "TransportToken", Constants.SP_PREFIX);
+
+ public static final QName HTTPS_TOKEN = new QName(Constants.SP_NS,
+ "HttpsToken", Constants.SP_PREFIX);
+
+ public static final QName SECURITY_CONTEXT_TOKEN = new QName(
+ Constants.SP_NS, "SecurityContextToken", Constants.SP_PREFIX);
+
+ public static final QName SECURE_CONVERSATION_TOKEN = new QName(
+ Constants.SP_NS, "SecureConversationToken", Constants.SP_PREFIX);
+
+ public static final QName SIGNATURE_TOKEN = new QName(Constants.SP_NS,
+ "SignatureToken", Constants.SP_PREFIX);
+
+ public static final QName SIGNED_PARTS = new QName(Constants.SP_NS,
+ "SignedParts", Constants.SP_PREFIX);
+
+ public static final QName USERNAME_TOKEN = new QName(Constants.SP_NS,
+ "UsernameToken", Constants.SP_PREFIX);
+
+ public static final QName WSS_USERNAME_TOKEN10 = new QName(Constants.SP_NS,
+ "WssUsernameToken10", Constants.SP_PREFIX);
+
+ public static final QName WSS_USERNAME_TOKEN11 = new QName(Constants.SP_NS,
+ "WssUsernameToken11", Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTED_PARTS = new QName(Constants.SP_NS,
+ "EncryptedParts", Constants.SP_PREFIX);
+
+ public static final QName SIGNED_ELEMENTS = new QName(Constants.SP_NS,
+ "SignedElements", Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTED_ELEMENTS = new QName(Constants.SP_NS,
+ "EncryptedElements", Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTION_TOKEN = new QName(Constants.SP_NS,
+ "EncryptionToken", Constants.SP_PREFIX);
+
+ public static final QName X509_TOKEN = new QName(Constants.SP_NS,
+ "X509Token", Constants.SP_PREFIX);
+
+ public static final QName ISSUED_TOKEN = new QName(Constants.SP_NS,
+ "IssuedToken", Constants.SP_PREFIX);
+
+ public static final QName SUPPORIING_TOKENS = new QName(Constants.SP_NS,
+ "SupportingTokens", Constants.SP_PREFIX);
+
+ public static final QName SIGNED_SUPPORTING_TOKENS = new QName(
+ Constants.SP_NS, "SignedSupportingTokens", Constants.SP_PREFIX);
+
+ public static final QName ENDORSING_SUPPORTING_TOKENS = new QName(
+ Constants.SP_NS, "EndorsingSupportingTokens", Constants.SP_PREFIX);
+
+ public static final QName SIGNED_ENDORSING_SUPPORTING_TOKENS = new QName(
+ Constants.SP_NS, "SignedEndorsingSupportingTokens",
+ Constants.SP_PREFIX);
+
+ public static final QName PROTECTION_TOKEN = new QName(Constants.SP_NS,
+ "ProtectionToken", Constants.SP_PREFIX);
+
+ public static final QName ASYMMETRIC_BINDING = new QName(Constants.SP_NS,
+ "AsymmetricBinding", Constants.SP_PREFIX);
+
+ public static final QName SYMMETRIC_BINDING = new QName(Constants.SP_NS,
+ "SymmetricBinding", Constants.SP_PREFIX);
+
+ public static final QName INITIATOR_TOKEN = new QName(Constants.SP_NS,
+ "InitiatorToken", Constants.SP_PREFIX);
+
+ public static final QName RECIPIENT_TOKEN = new QName(Constants.SP_NS,
+ "RecipientToken", Constants.SP_PREFIX);
+
+ public static final QName ENCRYPT_SIGNATURE = new QName(Constants.SP_NS,
+ "EncryptSignature", Constants.SP_PREFIX);
+
+ public static final QName PROTECT_TOKENS = new QName(Constants.SP_NS,
+ "ProtectTokens", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_KEY_IDENTIFIRE_REFERENCE = new QName(
+ Constants.SP_NS, "RequireKeyIdentifireReference",
+ Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_ISSUER_SERIAL_REFERENCE = new QName(
+ Constants.SP_NS, "RequireIssuerSerialReference",
+ Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EMBEDDED_TOKEN_REFERENCE = new QName(
+ Constants.SP_NS, "RequireEmbeddedTokenReference",
+ Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_THUMBPRINT_REFERENCE = new QName(
+ Constants.SP_NS, "RequireThumbprintReference", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V1_TOKEN_10 = new QName(Constants.SP_NS,
+ "WssX509V1Token10", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V3_TOKEN_10 = new QName(Constants.SP_NS,
+ "WssX509V3Token10", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKCS7_TOKEN_10 = new QName(
+ Constants.SP_NS, "WssX509Pkcs7Token10", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKI_PATH_V1_TOKEN_10 = new QName(
+ Constants.SP_NS, "WssX509PkiPathV1Token10", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V1_TOKEN_11 = new QName(Constants.SP_NS,
+ "WssX509V1Token11", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V3_TOKEN_11 = new QName(Constants.SP_NS,
+ "WssX509V3Token11", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKCS7_TOKEN_11 = new QName(
+ Constants.SP_NS, "WssX509Pkcs7Token11", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKI_PATH_V1_TOKEN_11 = new QName(
+ Constants.SP_NS, "WssX509PkiPathV1Token11", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_KEY_IDENTIFIER = new QName(
+ Constants.SP_NS, "MustSupportRefKeyIdentifier", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_ISSUER_SERIAL = new QName(
+ Constants.SP_NS, "MustSupportRefIssuerSerial", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_EXTERNAL_URI = new QName(
+ Constants.SP_NS, "MustSupportRefExternalURI", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_EMBEDDED_TOKEN = new QName(
+ Constants.SP_NS, "MustSupportRefEmbeddedToken", Constants.SP_PREFIX);
+
+ public static final QName WSS10 = new QName(Constants.SP_NS, "Wss10",
+ Constants.SP_PREFIX);
+
+ public static final QName WSS11 = new QName(Constants.SP_NS, "Wss11",
+ Constants.SP_PREFIX);
+
+ public static final QName TRUST_10 = new QName(Constants.SP_NS, "Trust10",
+ Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_THUMBPRINT = new QName(
+ Constants.SP_NS, "MustSupportRefThumbprint", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_ENCRYPTED_KEY = new QName(
+ Constants.SP_NS, "MustSupportRefEncryptedkey", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_SIGNATURE_CONFIRMATION = new QName(
+ Constants.SP_NS, "RequireSignatureConfirmation",
+ Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_CLIENT_CHALLENGE = new QName(
+ Constants.SP_NS, "MustSupportClientChanllenge", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_SERVER_CHALLENGE = new QName(
+ Constants.SP_NS, "MustSupportServerChanllenge", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_CLIENT_ENTROPY = new QName(
+ Constants.SP_NS, "RequireClientEntropy", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_SERVER_ENTROPY = new QName(
+ Constants.SP_NS, "RequireServerEntropy", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_ISSUED_TOKENS = new QName(
+ Constants.SP_NS, "MustSupportIssuedTokens", Constants.SP_PREFIX);
+
+ public static final QName ISSUER = new QName(Constants.SP_NS, "Issuer",
+ Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_DERIVED_KEYS = new QName(Constants.SP_NS,
+ "RequireDerivedKeys", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EXTERNAL_URI_REFERNCE = new QName(
+ Constants.SP_NS, "RequireExternalUriReference", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EXTERNAL_REFERNCE = new QName(
+ Constants.SP_NS, "RequireExternalReference", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_INTERNAL_REFERNCE = new QName(
+ Constants.SP_NS, "RequireInternalReference", Constants.SP_PREFIX);
+
+ public static final QName REQUEST_SECURITY_TOKEN_TEMPLATE = new QName(
+ Constants.SP_NS, "RequestSecurityTokenTemplate",
+ Constants.SP_PREFIX);
+
+ public static final QName SC10_SECURITY_CONTEXT_TOKEN = new QName(
+ Constants.SP_NS, "SC10SecurityContextToken", Constants.SP_PREFIX);
+
+ public static final QName BOOTSTRAP_POLICY = new QName(Constants.SP_NS,
+ "BootstrapPolicy", Constants.SP_PREFIX);
+
+ public static final QName RST_TEMPLATE = new QName(Constants.SP_NS,
+ "RequestSecurityTokenTemplate", Constants.SP_PREFIX);
+
+ public final static QName REQUIRE_CLIENT_CERTIFICATE = new QName(
+ "RequireClientCertificate");
+
+ public final static QName XPATH_ = new QName(Constants.SP_NS, "XPath",
+ Constants.SP_PREFIX);
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java
new file mode 100644
index 0000000..24bc380
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java
@@ -0,0 +1,293 @@
+package org.apache.ws.secpolicy;
+
+import javax.xml.namespace.QName;
+
+public class SP11Constants {
+
+ public final static String SP_NS = "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
+
+ public final static String SP_PREFIX = "sp";
+
+
+ public static final QName INCLUDE_TOKEN = new QName(SP_NS, SPConstants.ATTR_INCLUDE_TOKEN,
+ SP11Constants.SP_PREFIX);
+
+ public final static String INCLUDE_NEVER = SP11Constants.SP_NS +
+ SPConstants.INCLUDE_TOKEN_NEVER_SUFFIX;
+
+ public final static String INCLUDE_ONCE = SP11Constants.SP_NS +
+ SPConstants.INCLUDE_TOKEN_ONCE_SUFFIX;
+
+ public final static String INCLUDE_ALWAYS_TO_RECIPIENT = SP11Constants.SP_NS
+ + SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT_SUFFIX;
+
+ public final static String INCLUDE_ALWAYS = SP11Constants.SP_NS
+ + SPConstants.INCLUDE_TOEKN_ALWAYS_SUFFIX;
+
+ // /////////////////////////////////////////////////////////////////////
+
+ public static final QName ATTR_XPATH_VERSION = new QName(SP_NS, SPConstants.XPATH_VERSION, SP11Constants.SP_PREFIX);
+
+ ////////////////////////////////////////////////////////////////////////
+
+
+ public static final QName TRANSPORT_BINDING = new QName(SP_NS,
+ SPConstants.TRANSPORT_BINDING , SP11Constants.SP_PREFIX);
+
+ public static final QName ALGORITHM_SUITE = new QName(SP_NS,
+ SPConstants.ALGO_SUITE , SP11Constants.SP_PREFIX);
+
+ public static final QName LAYOUT = new QName(SP_NS, SPConstants.LAYOUT, SP_PREFIX);
+
+
+ public static final QName STRICT = new QName(SP11Constants.SP_NS, SPConstants.LAYOUT_STRICT,
+ SP11Constants.SP_PREFIX);
+
+ public static final QName LAX = new QName(SP11Constants.SP_NS, SPConstants.LAYOUT_LAX ,
+ SP11Constants.SP_PREFIX);
+
+ public static final QName LAXTSFIRST = new QName(SP11Constants.SP_NS,
+ SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST, SP11Constants.SP_PREFIX);
+
+ public static final QName LAXTSLAST = new QName(SP11Constants.SP_NS,
+ SPConstants.LAYOUT_LAX_TIMESTAMP_LAST, SP11Constants.SP_PREFIX);
+
+ // ////////////////
+
+ public static final QName INCLUDE_TIMESTAMP = new QName(SP_NS,
+ SPConstants.INCLUDE_TIMESTAMP, SP11Constants.SP_PREFIX);
+
+ public static final QName TRANSPORT_TOKEN = new QName(SP_NS,
+ SPConstants.TRANSPORT_TOKEN, SP11Constants.SP_PREFIX);
+
+ public static final QName HTTPS_TOKEN = new QName(SP11Constants.SP_NS,
+ SPConstants.HTTPS_TOKEN, SP11Constants.SP_PREFIX);
+
+ public static final QName SECURITY_CONTEXT_TOKEN = new QName(
+ SP11Constants.SP_NS, SPConstants.SECURITY_CONTEXT_TOKEN, SP11Constants.SP_PREFIX);
+
+ public static final QName SECURE_CONVERSATION_TOKEN = new QName(
+ SP11Constants.SP_NS, SPConstants.SECURE_CONVERSATION_TOKEN , SP11Constants.SP_PREFIX);
+
+ public static final QName SIGNATURE_TOKEN = new QName(SP11Constants.SP_NS,
+ SPConstants.SIGNATURE_TOKEN , SP11Constants.SP_PREFIX);
+
+ public static final QName SIGNED_PARTS = new QName(SP11Constants.SP_NS,
+ SPConstants.SIGNED_PARTS , SP11Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTED_PARTS = new QName(SP11Constants.SP_NS,
+ SPConstants.ENCRYPTED_PARTS , SP11Constants.SP_PREFIX);
+
+ public static final QName SIGNED_ELEMENTS = new QName(SP11Constants.SP_NS,
+ SPConstants.SIGNED_ELEMENTS , SP11Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTED_ELEMENTS = new QName(SP11Constants.SP_NS,
+ SPConstants.ENCRYPTED_ELEMENTS, SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRED_ELEMENTS = new QName(SP11Constants.SP_NS,
+ SPConstants.REQUIRED_ELEMENTS, SP11Constants.SP_PREFIX);
+
+ public static final QName USERNAME_TOKEN = new QName(SP11Constants.SP_NS,
+ SPConstants.USERNAME_TOKEN , SP11Constants.SP_PREFIX);
+
+ public static final QName WSS_USERNAME_TOKEN10 = new QName(SP11Constants.SP_NS,
+ SPConstants.USERNAME_TOKEN10 , SP11Constants.SP_PREFIX);
+
+ public static final QName WSS_USERNAME_TOKEN11 = new QName(SP11Constants.SP_NS,
+ SPConstants.USERNAME_TOKEN11 , SP11Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTION_TOKEN = new QName(SP11Constants.SP_NS,
+ SPConstants.ENCRYPTION_TOKEN, SP11Constants.SP_PREFIX);
+
+ public static final QName X509_TOKEN = new QName(SP11Constants.SP_NS,
+ SPConstants.X509_TOKEN , SP11Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V1_TOKEN_10 = new QName(SP11Constants.SP_NS,
+ SPConstants.WSS_X509_V1_TOKEN10 , SP11Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V3_TOKEN_10 = new QName(SP11Constants.SP_NS,
+ SPConstants.WSS_X509_V3_TOKEN10 , SP11Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKCS7_TOKEN_10 = new QName(
+ SP11Constants.SP_NS, SPConstants.WSS_X509_PKCS7_TOKEN10 , SP11Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKI_PATH_V1_TOKEN_10 = new QName(
+ SP11Constants.SP_NS, SPConstants.WSS_X509_PKI_PATH_V1_TOKEN10 , SP11Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V1_TOKEN_11 = new QName(SP11Constants.SP_NS,
+ SPConstants.WSS_X509_V1_TOKEN11, SP11Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V3_TOKEN_11 = new QName(SP11Constants.SP_NS,
+ SPConstants.WSS_X509_V3_TOKEN11 , SP11Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKCS7_TOKEN_11 = new QName(
+ SP11Constants.SP_NS, SPConstants.WSS_X509_PKCS7_TOKEN11, SP11Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKI_PATH_V1_TOKEN_11 = new QName(
+ SP11Constants.SP_NS, SPConstants.WSS_X509_PKI_PATH_V1_TOKEN11, SP11Constants.SP_PREFIX);
+
+ public static final QName ISSUED_TOKEN = new QName(SP11Constants.SP_NS,
+ SPConstants.ISSUED_TOKEN , SP11Constants.SP_PREFIX);
+
+ public static final QName SUPPORTING_TOKENS = new QName(SP11Constants.SP_NS,
+ SPConstants.SUPPORTING_TOKENS , SP11Constants.SP_PREFIX);
+
+ public static final QName SIGNED_SUPPORTING_TOKENS = new QName(
+ SP11Constants.SP_NS, SPConstants.SIGNED_SUPPORTING_TOKENS , SP11Constants.SP_PREFIX);
+
+ public static final QName ENDORSING_SUPPORTING_TOKENS = new QName(
+ SP11Constants.SP_NS, SPConstants.ENDORSING_SUPPORTING_TOKENS , SP11Constants.SP_PREFIX);
+
+ public static final QName SIGNED_ENDORSING_SUPPORTING_TOKENS = new QName(
+ SP11Constants.SP_NS, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS,
+ SP11Constants.SP_PREFIX);
+
+ public static final QName PROTECTION_TOKEN = new QName(SP11Constants.SP_NS,
+ SPConstants.PROTECTION_TOKEN, SP11Constants.SP_PREFIX);
+
+ public static final QName ASYMMETRIC_BINDING = new QName(SP11Constants.SP_NS,
+ SPConstants.ASYMMETRIC_BINDING, SP11Constants.SP_PREFIX);
+
+ public static final QName SYMMETRIC_BINDING = new QName(SP11Constants.SP_NS,
+ SPConstants.SYMMETRIC_BINDING, SP11Constants.SP_PREFIX);
+
+ public static final QName INITIATOR_TOKEN = new QName(SP11Constants.SP_NS,
+ SPConstants.INITIATOR_TOKEN , SP11Constants.SP_PREFIX);
+
+ public static final QName RECIPIENT_TOKEN = new QName(SP11Constants.SP_NS,
+ SPConstants.RECIPIENT_TOKEN , SP11Constants.SP_PREFIX);
+
+ public static final QName ENCRYPT_SIGNATURE = new QName(SP11Constants.SP_NS,
+ SPConstants.ENCRYPT_SIGNATURE , SP11Constants.SP_PREFIX);
+
+ public static final QName PROTECT_TOKENS = new QName(SP11Constants.SP_NS,
+ SPConstants.PROTECT_TOKENS, SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_KEY_IDENTIFIRE_REFERENCE = new QName(
+ SP11Constants.SP_NS, SPConstants.REQUIRE_KEY_IDENTIFIRE_REFERENCE ,
+ SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_ISSUER_SERIAL_REFERENCE = new QName(
+ SP11Constants.SP_NS, SPConstants.REQUIRE_ISSUER_SERIAL_REFERENCE,
+ SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EMBEDDED_TOKEN_REFERENCE = new QName(
+ SP11Constants.SP_NS,SPConstants.REQUIRE_EMBEDDED_TOKEN_REFERENCE,
+ SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_THUMBPRINT_REFERENCE = new QName(
+ SP11Constants.SP_NS, SPConstants.REQUIRE_THUMBPRINT_REFERENCE , SP11Constants.SP_PREFIX);
+
+
+ public static final QName MUST_SUPPORT_REF_KEY_IDENTIFIER = new QName(
+ SP11Constants.SP_NS, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER , SP11Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_ISSUER_SERIAL = new QName(
+ SP11Constants.SP_NS,SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL, SP11Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_EXTERNAL_URI = new QName(
+ SP11Constants.SP_NS, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI , SP11Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_EMBEDDED_TOKEN = new QName(
+ SP11Constants.SP_NS, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN, SP11Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_THUMBPRINT = new QName(
+ SP11Constants.SP_NS, SPConstants.MUST_SUPPORT_REF_THUMBPRINT, SP11Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_ENCRYPTED_KEY = new QName(
+ SP11Constants.SP_NS, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY, SP11Constants.SP_PREFIX);
+
+ public static final QName WSS10 = new QName(SP11Constants.SP_NS, SPConstants.WSS10 ,
+ SP11Constants.SP_PREFIX);
+
+ public static final QName WSS11 = new QName(SP11Constants.SP_NS, SPConstants.WSS11,
+ SP11Constants.SP_PREFIX);
+
+ public static final QName TRUST_10 = new QName(SP11Constants.SP_NS, SPConstants.TRUST_10,
+ SP11Constants.SP_PREFIX);
+
+
+ public static final QName REQUIRE_SIGNATURE_CONFIRMATION = new QName(
+ SP11Constants.SP_NS, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION ,
+ SP11Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_CLIENT_CHALLENGE = new QName(
+ SP11Constants.SP_NS, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE, SP11Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_SERVER_CHALLENGE = new QName(
+ SP11Constants.SP_NS,SPConstants.MUST_SUPPORT_SERVER_CHALLENGE , SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_CLIENT_ENTROPY = new QName(
+ SP11Constants.SP_NS, SPConstants.REQUIRE_CLIENT_ENTROPY, SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_SERVER_ENTROPY = new QName(
+ SP11Constants.SP_NS, SPConstants.REQUIRE_SERVER_ENTROPY, SP11Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_ISSUED_TOKENS = new QName(
+ SP11Constants.SP_NS, SPConstants.MUST_SUPPORT_ISSUED_TOKENS , SP11Constants.SP_PREFIX);
+
+ public static final QName ISSUER = new QName(SP11Constants.SP_NS, SPConstants.ISSUER ,
+ SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_DERIVED_KEYS = new QName(SP11Constants.SP_NS,
+ SPConstants.REQUIRE_DERIVED_KEYS, SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EXTERNAL_URI_REFERNCE = new QName(
+ SP11Constants.SP_NS,SPConstants.REQUIRE_EXTERNAL_URI_REFERNCE, SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EXTERNAL_REFERNCE = new QName(
+ SP11Constants.SP_NS, SPConstants.REQUIRE_EXTERNAL_REFERNCE , SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_INTERNAL_REFERNCE = new QName(
+ SP11Constants.SP_NS, SPConstants.REQUIRE_INTERNAL_REFERNCE , SP11Constants.SP_PREFIX);
+
+ public static final QName REQUEST_SECURITY_TOKEN_TEMPLATE = new QName(
+ SP11Constants.SP_NS, SPConstants.REQUEST_SECURITY_TOKEN_TEMPLATE,
+ SP11Constants.SP_PREFIX);
+
+ public static final QName SC10_SECURITY_CONTEXT_TOKEN = new QName(
+ SP11Constants.SP_NS, SPConstants.SC10_SECURITY_CONTEXT_TOKEN , SP11Constants.SP_PREFIX);
+
+ public static final QName BOOTSTRAP_POLICY = new QName(SP11Constants.SP_NS,
+ SPConstants.BOOTSTRAP_POLICY , SP11Constants.SP_PREFIX);
+
+ public final static QName XPATH = new QName(SP11Constants.SP_NS, SPConstants.XPATH_EXPR,
+ SP11Constants.SP_PREFIX);
+
+ public static final QName HEADER = new QName(SP11Constants.SP_NS, "Header");
+
+ public static final QName BODY = new QName(SP11Constants.SP_NS, "Body");
+
+ public static int getInclusionFromAttributeValue(String value ) {
+
+ if (INCLUDE_ALWAYS.equals(value)) {
+ return SPConstants.INCLUDE_TOEKN_ALWAYS;
+ } else if (INCLUDE_ALWAYS_TO_RECIPIENT.equals(value)) {
+ return SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT;
+ } else if (INCLUDE_NEVER.equals(value)) {
+ return SPConstants.INCLUDE_TOKEN_NEVER;
+ } else if (INCLUDE_ONCE.equals(value)) {
+ return SPConstants.INCLUDE_TOKEN_ONCE;
+ } else {
+ return -1;
+ }
+ }
+
+ public static String getAttributeValueFromInclusion(int value) {
+
+ switch(value) {
+ case SPConstants.INCLUDE_TOEKN_ALWAYS:
+ return SP11Constants.INCLUDE_ALWAYS;
+ case SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT:
+ return SP11Constants.INCLUDE_ALWAYS_TO_RECIPIENT;
+ case SPConstants.INCLUDE_TOKEN_NEVER:
+ return SP11Constants.INCLUDE_NEVER;
+ case SPConstants.INCLUDE_TOKEN_ONCE:
+ return SP11Constants.INCLUDE_ONCE;
+ default :
+ return null;
+ }
+
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java
new file mode 100644
index 0000000..9cc040d
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java
@@ -0,0 +1,356 @@
+package org.apache.ws.secpolicy;
+
+import javax.xml.namespace.QName;
+
+public class SP12Constants {
+
+ public final static String SP_NS = "http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";
+
+ public final static String SP_PREFIX = "sp";
+
+ public static final QName INCLUDE_TOKEN = new QName(SP_NS, SPConstants.ATTR_INCLUDE_TOKEN,
+ SP12Constants.SP_PREFIX);
+
+ public final static String INCLUDE_NEVER = SP12Constants.SP_NS +
+ SPConstants.INCLUDE_TOKEN_NEVER_SUFFIX;
+
+ public final static String INCLUDE_ONCE = SP12Constants.SP_NS +
+ SPConstants.INCLUDE_TOKEN_ONCE_SUFFIX;
+
+ public final static String INCLUDE_ALWAYS_TO_RECIPIENT = SP12Constants.SP_NS
+ + SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT_SUFFIX;
+
+ public final static String INCLUDE_ALWAYS_TO_INITIATOR = SP12Constants.SP_NS
+ + SPConstants.INCLUDE_TOEKN_ALWAYS_TO_INITIATOR_SUFFIX;
+
+ public final static String INCLUDE_ALWAYS = SP12Constants.SP_NS
+ + SPConstants.INCLUDE_TOEKN_ALWAYS_SUFFIX;
+
+ public static final QName TRUST_13 = new QName(SP12Constants.SP_NS, SPConstants.TRUST_13,
+ SP12Constants.SP_PREFIX);
+
+ public final static QName REQUIRE_CLIENT_CERTIFICATE = new QName(SP12Constants.SP_NS, "RequireClientCertificate", SP12Constants.SP_PREFIX);
+
+ public final static QName HTTP_BASIC_AUTHENTICATION = new QName(SP12Constants.SP_NS, "HttpBasicAuthentication", SP12Constants.SP_PREFIX);
+
+ public final static QName HTTP_DIGEST_AUTHENTICATION = new QName(SP12Constants.SP_NS, "HttpDigestAuthentication", SP12Constants.SP_PREFIX);
+
+ // /////////////////////////////////////////////////////////////////////
+
+ public static final QName ATTR_XPATH_VERSION = new QName(SP_NS, SPConstants.XPATH_VERSION, SP12Constants.SP_PREFIX);
+
+ ////////////////////////////////////////////////////////////////////////
+
+
+ public static final QName TRANSPORT_BINDING = new QName(SP_NS,
+ SPConstants.TRANSPORT_BINDING , SP12Constants.SP_PREFIX);
+
+ public static final QName ALGORITHM_SUITE = new QName(SP_NS,
+ SPConstants.ALGO_SUITE , SP12Constants.SP_PREFIX);
+
+ public static final QName LAYOUT = new QName(SP_NS, SPConstants.LAYOUT, SP_PREFIX);
+
+
+ public static final QName STRICT = new QName(SP12Constants.SP_NS, SPConstants.LAYOUT_STRICT,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName LAX = new QName(SP12Constants.SP_NS, SPConstants.LAYOUT_LAX ,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName LAXTSFIRST = new QName(SP12Constants.SP_NS,
+ SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST, SP12Constants.SP_PREFIX);
+
+ public static final QName LAXTSLAST = new QName(SP12Constants.SP_NS,
+ SPConstants.LAYOUT_LAX_TIMESTAMP_LAST, SP12Constants.SP_PREFIX);
+
+ // ////////////////
+
+ public static final QName INCLUDE_TIMESTAMP = new QName(SP12Constants.SP_NS,
+ SPConstants.INCLUDE_TIMESTAMP, SP12Constants.SP_PREFIX);
+
+ public static final QName ENCRYPT_BEFORE_SIGNING = new QName(SP12Constants.SP_NS,
+ SPConstants.ENCRYPT_BEFORE_SIGNING, SP12Constants.SP_PREFIX);
+
+ public static final QName SIGN_BEFORE_ENCRYPTING = new QName(SP12Constants.SP_NS,
+ SPConstants.SIGN_BEFORE_ENCRYPTING, SP12Constants.SP_PREFIX);
+
+ public static final QName ONLY_SIGN_ENTIRE_HEADERS_AND_BODY = new QName(SP12Constants.SP_NS,
+ SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY,SP12Constants.SP_PREFIX);
+
+ public static final QName TRANSPORT_TOKEN = new QName(SP_NS,
+ SPConstants.TRANSPORT_TOKEN, SP12Constants.SP_PREFIX);
+
+ public static final QName HTTPS_TOKEN = new QName(SP12Constants.SP_NS,
+ SPConstants.HTTPS_TOKEN, SP12Constants.SP_PREFIX);
+
+ public static final QName SECURITY_CONTEXT_TOKEN = new QName(
+ SP12Constants.SP_NS, SPConstants.SECURITY_CONTEXT_TOKEN, SP12Constants.SP_PREFIX);
+
+ public static final QName SECURE_CONVERSATION_TOKEN = new QName(
+ SP12Constants.SP_NS, SPConstants.SECURE_CONVERSATION_TOKEN , SP12Constants.SP_PREFIX);
+
+ public static final QName SIGNATURE_TOKEN = new QName(SP12Constants.SP_NS,
+ SPConstants.SIGNATURE_TOKEN , SP12Constants.SP_PREFIX);
+
+ public static final QName SIGNED_PARTS = new QName(SP12Constants.SP_NS,
+ SPConstants.SIGNED_PARTS , SP12Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTED_PARTS = new QName(SP12Constants.SP_NS,
+ SPConstants.ENCRYPTED_PARTS , SP12Constants.SP_PREFIX);
+
+ public static final QName SIGNED_ELEMENTS = new QName(SP12Constants.SP_NS,
+ SPConstants.SIGNED_ELEMENTS , SP12Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTED_ELEMENTS = new QName(SP12Constants.SP_NS,
+ SPConstants.ENCRYPTED_ELEMENTS, SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRED_ELEMENTS = new QName(SP12Constants.SP_NS,
+ SPConstants.REQUIRED_ELEMENTS, SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRED_PARTS = new QName(SP12Constants.SP_NS,
+ SPConstants.REQUIRED_PARTS, SP12Constants.SP_PREFIX);
+
+ public static final QName CONTENT_ENCRYPTED_ELEMENTS = new QName(SP12Constants.SP_NS,
+ SPConstants.CONTENT_ENCRYPTED_ELEMENTS, SP12Constants.SP_PREFIX);
+
+ public static final QName USERNAME_TOKEN = new QName(SP12Constants.SP_NS,
+ SPConstants.USERNAME_TOKEN , SP12Constants.SP_PREFIX);
+
+ public static final QName WSS_USERNAME_TOKEN10 = new QName(SP12Constants.SP_NS,
+ SPConstants.USERNAME_TOKEN10 , SP12Constants.SP_PREFIX);
+
+ public static final QName WSS_USERNAME_TOKEN11 = new QName(SP12Constants.SP_NS,
+ SPConstants.USERNAME_TOKEN11 , SP12Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTION_TOKEN = new QName(SP12Constants.SP_NS,
+ SPConstants.ENCRYPTION_TOKEN, SP12Constants.SP_PREFIX);
+
+ public static final QName X509_TOKEN = new QName(SP12Constants.SP_NS,
+ SPConstants.X509_TOKEN , SP12Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V1_TOKEN_10 = new QName(SP12Constants.SP_NS,
+ SPConstants.WSS_X509_V1_TOKEN10 , SP12Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V3_TOKEN_10 = new QName(SP12Constants.SP_NS,
+ SPConstants.WSS_X509_V3_TOKEN10 , SP12Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKCS7_TOKEN_10 = new QName(
+ SP12Constants.SP_NS, SPConstants.WSS_X509_PKCS7_TOKEN10 , SP12Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKI_PATH_V1_TOKEN_10 = new QName(
+ SP12Constants.SP_NS, SPConstants.WSS_X509_PKI_PATH_V1_TOKEN10 , SP12Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V1_TOKEN_11 = new QName(SP12Constants.SP_NS,
+ SPConstants.WSS_X509_V1_TOKEN11, SP12Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V3_TOKEN_11 = new QName(SP12Constants.SP_NS,
+ SPConstants.WSS_X509_V3_TOKEN11 , SP12Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKCS7_TOKEN_11 = new QName(
+ SP12Constants.SP_NS, SPConstants.WSS_X509_PKCS7_TOKEN11, SP12Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKI_PATH_V1_TOKEN_11 = new QName(
+ SP12Constants.SP_NS, SPConstants.WSS_X509_PKI_PATH_V1_TOKEN11, SP12Constants.SP_PREFIX);
+
+ public static final QName ISSUED_TOKEN = new QName(SP12Constants.SP_NS,
+ SPConstants.ISSUED_TOKEN , SP12Constants.SP_PREFIX);
+
+ public static final QName SUPPORTING_TOKENS = new QName(SP12Constants.SP_NS,
+ SPConstants.SUPPORTING_TOKENS , SP12Constants.SP_PREFIX);
+
+ public static final QName SIGNED_SUPPORTING_TOKENS = new QName(
+ SP12Constants.SP_NS, SPConstants.SIGNED_SUPPORTING_TOKENS , SP12Constants.SP_PREFIX);
+
+ public static final QName ENDORSING_SUPPORTING_TOKENS = new QName(
+ SP12Constants.SP_NS, SPConstants.ENDORSING_SUPPORTING_TOKENS , SP12Constants.SP_PREFIX);
+
+ public static final QName SIGNED_ENDORSING_SUPPORTING_TOKENS = new QName(
+ SP12Constants.SP_NS, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTED_SUPPORTING_TOKENS = new QName(SP12Constants.SP_NS,
+ SPConstants.ENCRYPTED_SUPPORTING_TOKENS , SP12Constants.SP_PREFIX);
+
+ public static final QName SIGNED_ENCRYPTED_SUPPORTING_TOKENS = new QName(
+ SP12Constants.SP_NS, SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS , SP12Constants.SP_PREFIX);
+
+ public static final QName ENDORSING_ENCRYPTED_SUPPORTING_TOKENS = new QName(
+ SP12Constants.SP_NS, SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS , SP12Constants.SP_PREFIX);
+
+ public static final QName SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS = new QName(
+ SP12Constants.SP_NS, SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName PROTECTION_TOKEN = new QName(SP12Constants.SP_NS,
+ SPConstants.PROTECTION_TOKEN, SP12Constants.SP_PREFIX);
+
+ public static final QName ASYMMETRIC_BINDING = new QName(SP12Constants.SP_NS,
+ SPConstants.ASYMMETRIC_BINDING, SP12Constants.SP_PREFIX);
+
+ public static final QName SYMMETRIC_BINDING = new QName(SP12Constants.SP_NS,
+ SPConstants.SYMMETRIC_BINDING, SP12Constants.SP_PREFIX);
+
+ public static final QName INITIATOR_TOKEN = new QName(SP12Constants.SP_NS,
+ SPConstants.INITIATOR_TOKEN , SP12Constants.SP_PREFIX);
+
+ public static final QName RECIPIENT_TOKEN = new QName(SP12Constants.SP_NS,
+ SPConstants.RECIPIENT_TOKEN , SP12Constants.SP_PREFIX);
+
+ public static final QName ENCRYPT_SIGNATURE = new QName(SP12Constants.SP_NS,
+ SPConstants.ENCRYPT_SIGNATURE , SP12Constants.SP_PREFIX);
+
+ public static final QName PROTECT_TOKENS = new QName(SP12Constants.SP_NS,
+ SPConstants.PROTECT_TOKENS, SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_KEY_IDENTIFIRE_REFERENCE = new QName(
+ SP12Constants.SP_NS, SPConstants.REQUIRE_KEY_IDENTIFIRE_REFERENCE ,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_ISSUER_SERIAL_REFERENCE = new QName(
+ SP12Constants.SP_NS, SPConstants.REQUIRE_ISSUER_SERIAL_REFERENCE,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EMBEDDED_TOKEN_REFERENCE = new QName(
+ SP12Constants.SP_NS,SPConstants.REQUIRE_EMBEDDED_TOKEN_REFERENCE,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_THUMBPRINT_REFERENCE = new QName(
+ SP12Constants.SP_NS, SPConstants.REQUIRE_THUMBPRINT_REFERENCE , SP12Constants.SP_PREFIX);
+
+
+ public static final QName MUST_SUPPORT_REF_KEY_IDENTIFIER = new QName(
+ SP12Constants.SP_NS, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER , SP12Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_ISSUER_SERIAL = new QName(
+ SP12Constants.SP_NS,SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL, SP12Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_EXTERNAL_URI = new QName(
+ SP12Constants.SP_NS, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI , SP12Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_EMBEDDED_TOKEN = new QName(
+ SP12Constants.SP_NS, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN, SP12Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_THUMBPRINT = new QName(
+ SP12Constants.SP_NS, SPConstants.MUST_SUPPORT_REF_THUMBPRINT, SP12Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_ENCRYPTED_KEY = new QName(
+ SP12Constants.SP_NS, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY, SP12Constants.SP_PREFIX);
+
+ public static final QName WSS10 = new QName(SP12Constants.SP_NS, SPConstants.WSS10 ,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName WSS11 = new QName(SP12Constants.SP_NS, SPConstants.WSS11,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_SIGNATURE_CONFIRMATION = new QName(
+ SP12Constants.SP_NS, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION ,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_CLIENT_CHALLENGE = new QName(
+ SP12Constants.SP_NS, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE, SP12Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_SERVER_CHALLENGE = new QName(
+ SP12Constants.SP_NS,SPConstants.MUST_SUPPORT_SERVER_CHALLENGE , SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_CLIENT_ENTROPY = new QName(
+ SP12Constants.SP_NS, SPConstants.REQUIRE_CLIENT_ENTROPY, SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_SERVER_ENTROPY = new QName(
+ SP12Constants.SP_NS, SPConstants.REQUIRE_SERVER_ENTROPY, SP12Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_ISSUED_TOKENS = new QName(
+ SP12Constants.SP_NS, SPConstants.MUST_SUPPORT_ISSUED_TOKENS , SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION = new QName(
+ SP12Constants.SP_NS, SPConstants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION , SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_APPLIES_TO = new QName(
+ SP12Constants.SP_NS, SPConstants.REQUIRE_APPLIES_TO, SP12Constants.SP_PREFIX);
+
+ public static final QName ISSUER = new QName(SP12Constants.SP_NS, SPConstants.ISSUER ,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_DERIVED_KEYS = new QName(SP12Constants.SP_NS,
+ SPConstants.REQUIRE_DERIVED_KEYS, SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_IMPLIED_DERIVED_KEYS = new QName(SP12Constants.SP_NS,
+ SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS, SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EXPLICIT_DERIVED_KEYS = new QName(SP12Constants.SP_NS,
+ SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS, SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EXTERNAL_URI_REFERNCE = new QName(
+ SP12Constants.SP_NS,SPConstants.REQUIRE_EXTERNAL_URI_REFERNCE, SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EXTERNAL_REFERNCE = new QName(
+ SP12Constants.SP_NS, SPConstants.REQUIRE_EXTERNAL_REFERNCE , SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_INTERNAL_REFERNCE = new QName(
+ SP12Constants.SP_NS, SPConstants.REQUIRE_INTERNAL_REFERNCE , SP12Constants.SP_PREFIX);
+
+ public static final QName REQUEST_SECURITY_TOKEN_TEMPLATE = new QName(
+ SP12Constants.SP_NS, SPConstants.REQUEST_SECURITY_TOKEN_TEMPLATE,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName SC10_SECURITY_CONTEXT_TOKEN = new QName(
+ SP12Constants.SP_NS, SPConstants.SC10_SECURITY_CONTEXT_TOKEN , SP12Constants.SP_PREFIX);
+
+ public static final QName BOOTSTRAP_POLICY = new QName(SP12Constants.SP_NS,
+ SPConstants.BOOTSTRAP_POLICY , SP12Constants.SP_PREFIX);
+
+ public final static QName XPATH = new QName(SP12Constants.SP_NS, SPConstants.XPATH_EXPR,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName NO_PASSWORD = new QName(SP12Constants.SP_NS, SPConstants.NO_PASSWORD,
+ SP12Constants.SP_PREFIX);
+
+ public static final QName HASH_PASSWORD = new QName(SP12Constants.SP_NS, SPConstants.HASH_PASSWORD,
+ SP12Constants.SP_PREFIX);
+
+ // /////////////////////////////////////////////////////////////////////////////////////////////
+
+ public static final QName HEADER = new QName(SP12Constants.SP_NS, SPConstants.HEADER);
+
+ public static final QName BODY = new QName(SP12Constants.SP_NS, SPConstants.BODY);
+
+ public static final QName ATTACHMENTS = new QName(SP12Constants.SP_NS, SPConstants.ATTACHMENTS);
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public static int getInclusionFromAttributeValue(String value ) {
+
+ if (INCLUDE_ALWAYS.equals(value)) {
+ return SPConstants.INCLUDE_TOEKN_ALWAYS;
+ } else if (INCLUDE_ALWAYS_TO_RECIPIENT.equals(value)) {
+ return SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT;
+ } else if (INCLUDE_ALWAYS_TO_INITIATOR.equals(value)) {
+ return SPConstants.INCLUDE_TOEKN_ALWAYS_TO_INITIATOR;
+ } else if (INCLUDE_NEVER.equals(value)) {
+ return SPConstants.INCLUDE_TOKEN_NEVER;
+ } else if (INCLUDE_ONCE.equals(value)) {
+ return SPConstants.INCLUDE_TOKEN_ONCE;
+ } else {
+ return -1;
+ }
+ }
+
+ public static String getAttributeValueFromInclusion(int value) {
+
+ switch(value) {
+ case SPConstants.INCLUDE_TOEKN_ALWAYS:
+ return SP12Constants.INCLUDE_ALWAYS;
+ case SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT:
+ return SP12Constants.INCLUDE_ALWAYS_TO_RECIPIENT;
+ case SPConstants.INCLUDE_TOEKN_ALWAYS_TO_INITIATOR:
+ return SP12Constants.INCLUDE_ALWAYS_TO_INITIATOR;
+ case SPConstants.INCLUDE_TOKEN_NEVER:
+ return SP12Constants.INCLUDE_NEVER;
+ case SPConstants.INCLUDE_TOKEN_ONCE:
+ return SP12Constants.INCLUDE_ONCE;
+ default :
+ return null;
+ }
+
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
new file mode 100755
index 0000000..27c780d
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
@@ -0,0 +1,429 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy;
+
+import javax.xml.namespace.QName;
+
+public class SPConstants {
+
+ public static final String P_NS = "http://schemas.xmlsoap.org/ws/2004/09/policy";
+
+ public static final String P_PREFIX = "wsp";
+
+ public static final QName POLICY = new QName(P_NS, "Policy", P_PREFIX);
+
+ public static final int SP_V11 = 1;
+
+ public static final int SP_V12 = 2;
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public final static String LAYOUT = "Layout";
+
+ /**
+ * Security Header Layout : Strict
+ */
+ public final static String LAYOUT_STRICT = "Strict";
+
+ /**
+ * Security Header Layout : Lax
+ */
+ public final static String LAYOUT_LAX = "Lax";
+
+ /**
+ * Security Header Layout : LaxTimestampFirst
+ */
+ public final static String LAYOUT_LAX_TIMESTAMP_FIRST = "LaxTimestampFirst";
+
+ /**
+ * Security Header Layout : LaxTimestampLast
+ */
+ public final static String LAYOUT_LAX_TIMESTAMP_LAST = "LaxTimestampLast";
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ /**
+ * Protection Order : EncryptBeforeSigning
+ */
+ public final static String ENCRYPT_BEFORE_SIGNING = "EncryptBeforeSigning";
+
+ /**
+ * Protection Order : SignBeforeEncrypting
+ */
+ public final static String SIGN_BEFORE_ENCRYPTING = "SignBeforeEncrypting";
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public final static String ENCRYPT_SIGNATURE = "EncryptSignature";
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public final static String PROTECT_TOKENS = "ProtectTokens";
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public final static String ONLY_SIGN_ENTIRE_HEADERS_AND_BODY = "OnlySignEntireHeadersAndBody";
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public final static String INCLUDE_TIMESTAMP = "IncludeTimestamp";
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public final static String SIGNED_PARTS = "SignedParts";
+
+ public final static String ENCRYPTED_PARTS = "EncryptedParts";
+
+ public final static String SIGNED_ELEMENTS = "SignedElements";
+
+ public final static String ENCRYPTED_ELEMENTS = "EncryptedElements";
+
+ public final static String REQUIRED_ELEMENTS = "RequiredElements";
+
+ public final static String CONTENT_ENCRYPTED_ELEMENTS = "ContentEncryptedElements";
+
+ public final static String REQUIRED_PARTS = "RequiredParts";
+
+ public final static String XPATH_VERSION = "XPathVersion";
+
+ public final static String XPATH_EXPR = "XPath";
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ // X509 Token types
+
+ public final static String X509_TOKEN = "X509Token";
+
+ public final static String WSS_X509_V1_TOKEN10 = "WssX509V1Token10";
+
+ public final static String WSS_X509_V3_TOKEN10 = "WssX509V3Token10";
+
+ public final static String WSS_X509_PKCS7_TOKEN10 = "WssX509Pkcs7Token10";
+
+ public final static String WSS_X509_PKI_PATH_V1_TOKEN10 = "WssX509PkiPathV1Token10";
+
+ public final static String WSS_X509_V1_TOKEN11 = "WssX509V1Token11";
+
+ public final static String WSS_X509_V3_TOKEN11 = "WssX509V3Token11";
+
+ public final static String WSS_X509_PKCS7_TOKEN11 = "WssX509Pkcs7Token11";
+
+ public final static String WSS_X509_PKI_PATH_V1_TOKEN11 = "WssX509PkiPathV1Token11";
+
+
+ public final static String USERNAME_TOKEN = "UsernameToken";
+
+ public final static String USERNAME_TOKEN10 = "WssUsernameToken10";
+
+ public final static String USERNAME_TOKEN11 = "WssUsernameToken11";
+
+
+ public final static String TRANSPORT_TOKEN = "TransportToken";
+
+ public final static String HTTPS_TOKEN = "HttpsToken";
+
+ public final static QName REQUIRE_CLIENT_CERTIFICATE = new QName("RequireClientCertificate");
+
+ public final static QName HTTP_BASIC_AUTHENTICATION = new QName("HttpBasicAuthentication");
+
+ public final static QName HTTP_DIGEST_AUTHENTICATION = new QName("HttpDigestAuthentication");
+
+ public final static String SECURITY_CONTEXT_TOKEN = "SecurityContextToken";
+
+ public final static String SECURE_CONVERSATION_TOKEN = "SecureConversationToken";
+
+ public final static String ISSUED_TOKEN = "IssuedToken";
+
+
+ public final static String SIGNATURE_TOKEN = "SignatureToken";
+
+ public final static String ENCRYPTION_TOKEN = "EncryptionToken";
+
+ public final static String PROTECTION_TOKEN = "ProtectionToken";
+
+ public final static String INITIATOR_TOKEN = "InitiatorToken";
+
+ public final static String RECIPIENT_TOKEN = "RecipientToken";
+
+
+
+ public final static String SUPPORTING_TOKENS = "SupportingTokens";
+
+ public final static String SIGNED_SUPPORTING_TOKENS = "SignedSupportingTokens";
+
+ public final static String ENDORSING_SUPPORTING_TOKENS = "EndorsingSupportingTokens";
+
+ public final static String SIGNED_ENDORSING_SUPPORTING_TOKENS = "SignedEndorsingSupportingTokens";
+
+ public final static String ENCRYPTED_SUPPORTING_TOKENS = "EncryptedSupportingTokens";
+
+ public final static String SIGNED_ENCRYPTED_SUPPORTING_TOKENS = "SignedEncryptedSupportingTokens";
+
+ public final static String ENDORSING_ENCRYPTED_SUPPORTING_TOKENS = "EndorsingEncryptedSupportingTokens";
+
+ public final static String SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS = "SignedEndorsingEncryptedSupportingTokens";
+
+ public final static int SUPPORTING_TOKEN_SUPPORTING = 1;
+
+ public final static int SUPPORTING_TOKEN_ENDORSING = 2;
+
+ public final static int SUPPORTING_TOKEN_SIGNED = 3;
+
+ public final static int SUPPORTING_TOKEN_SIGNED_ENDORSING = 4;
+
+ public final static int SUPPORTING_TOKEN_SIGNED_ENCRYPTED = 5;
+
+ public final static int SUPPORTING_TOKEN_ENCRYPTED = 6;
+
+ public final static int SUPPORTING_TOKEN_ENDORSING_ENCRYPTED = 7;
+
+ public final static int SUPPORTING_TOKEN_SIGNED_ENDORSING_ENCRYPTED = 8;
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+
+ public final static String ALGO_SUITE = "AlgorithmSuite";
+
+
+ // /
+ // /Algorithm Suites
+ // /
+ public final static String ALGO_SUITE_BASIC256 = "Basic256";
+
+ public final static String ALGO_SUITE_BASIC192 = "Basic192";
+
+ public final static String ALGO_SUITE_BASIC128 = "Basic128";
+
+ public final static String ALGO_SUITE_TRIPLE_DES = "TripleDes";
+
+ public final static String ALGO_SUITE_BASIC256_RSA15 = "Basic256Rsa15";
+
+ public final static String ALGO_SUITE_BASIC192_RSA15 = "Basic192Rsa15";
+
+ public final static String ALGO_SUITE_BASIC128_RSA15 = "Basic128Rsa15";
+
+ public final static String ALGO_SUITE_TRIPLE_DES_RSA15 = "TripleDesRsa15";
+
+ public final static String ALGO_SUITE_BASIC256_SHA256 = "Basic256Sha256";
+
+ public final static String ALGO_SUITE_BASIC192_SHA256 = "Basic192Sha256";
+
+ public final static String ALGO_SUITE_BASIC128_SHA256 = "Basic128Sha256";
+
+ public final static String ALGO_SUITE_TRIPLE_DES_SHA256 = "TripleDesSha256";
+
+ public final static String ALGO_SUITE_BASIC256_SHA256_RSA15 = "Basic256Sha256Rsa15";
+
+ public final static String ALGO_SUITE_BASIC192_SHA256_RSA15 = "Basic192Sha256Rsa15";
+
+ public final static String ALGO_SUITE_BASIC128_SHA256_RSA15 = "Basic128Sha256Rsa15";
+
+ public final static String ALGO_SUITE_TRIPLE_DES_SHA256_RSA15 = "TripleDesSha256Rsa15";
+
+ // /
+ // /Algorithms
+ // /
+ public final static String HMAC_SHA1 = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
+
+ public final static String RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+
+ public final static String SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
+
+ public final static String SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256";
+
+ public final static String SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512";
+
+ public final static String AES128 = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
+
+ public final static String AES192 = "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
+
+ public final static String AES256 = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
+
+ public final static String TRIPLE_DES = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
+
+ public final static String KW_AES128 = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
+
+ public final static String KW_AES192 = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
+
+ public final static String KW_AES256 = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
+
+ public final static String KW_TRIPLE_DES = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
+
+ public final static String KW_RSA_OAEP = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
+
+ public final static String KW_RSA15 = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
+
+ public final static String P_SHA1 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String P_SHA1_L128 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String P_SHA1_L192 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String P_SHA1_L256 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String XPATH = "http://www.w3.org/TR/1999/REC-xpath-19991116";
+
+ public final static String XPATH20 = "http://www.w3.org/2002/06/xmldsig-filter2";
+
+ public final static String C14N = "http://www.w3.org/2001/10/xml-c14n#";
+
+ public final static String EX_C14N = "http://www.w3.org/2001/10/xml-exc-c14n#";
+
+ public final static String SNT = "http://www.w3.org/TR/soap12-n11n";
+
+ public final static String STRT10 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform";
+
+ // /////////////////////////////////////////////////////////////////////////////////////////////
+
+ public static final String INCLUSIVE_C14N = "InclusiveC14N";
+
+ public static final String SOAP_NORMALIZATION_10 = "SoapNormalization10";
+
+ public static final String STR_TRANSFORM_10 = "STRTransform10";
+
+ public static final String XPATH10 = "XPath10";
+
+ public static final String XPATH_FILTER20 = "XPathFilter20";
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public final static String ATTR_INCLUDE_TOKEN = "IncludeToken";
+
+ public static final String INCLUDE_TOKEN_NEVER_SUFFIX = "/IncludeToken/Never";
+
+ public static final String INCLUDE_TOKEN_ONCE_SUFFIX = "/IncludeToken/Once";
+
+ public static final String INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT_SUFFIX = "/IncludeToken/AlwaysToRecipient";
+
+ public static final String INCLUDE_TOEKN_ALWAYS_TO_INITIATOR_SUFFIX = "/IncludeToken/AlwaysToInitiator";
+
+ public static final String INCLUDE_TOEKN_ALWAYS_SUFFIX = "/IncludeToken/Always";
+
+ public static final int INCLUDE_TOKEN_NEVER = 1;
+
+ public static final int INCLUDE_TOKEN_ONCE = 2;
+
+ public static final int INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT = 3;
+
+ public static final int INCLUDE_TOEKN_ALWAYS_TO_INITIATOR = 4;
+
+ public static final int INCLUDE_TOEKN_ALWAYS = 5;
+
+
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public static final String TRANSPORT_BINDING = "TransportBinding";
+
+ public static final String ASYMMETRIC_BINDING = "AsymmetricBinding";
+
+ public static final String SYMMETRIC_BINDING = "SymmetricBinding";
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public static final String REQUIRE_KEY_IDENTIFIRE_REFERENCE = "RequireKeyIdentifierReference";
+
+ public static final String REQUIRE_ISSUER_SERIAL_REFERENCE = "RequireIssuerSerialReference";
+
+ public static final String REQUIRE_EMBEDDED_TOKEN_REFERENCE = "RequireEmbeddedTokenReference";
+
+ public static final String REQUIRE_THUMBPRINT_REFERENCE = "RequireThumbprintReference";
+
+ public static final String REQUIRE_SIGNATURE_CONFIRMATION = "RequireSignatureConfirmation";
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public static final String MUST_SUPPORT_REF_KEY_IDENTIFIER = "MustSupportRefKeyIdentifier";
+
+ public static final String MUST_SUPPORT_REF_ISSUER_SERIAL = "MustSupportRefIssuerSerial";
+
+ public static final String MUST_SUPPORT_REF_EXTERNAL_URI = "MustSupportRefExternalURI";
+
+ public static final String MUST_SUPPORT_REF_EMBEDDED_TOKEN = "MustSupportRefEmbeddedToken";
+
+ public static final String MUST_SUPPORT_REF_THUMBPRINT = "MustSupportRefThumbprint";
+
+ public static final String MUST_SUPPORT_REF_ENCRYPTED_KEY = "MustSupportRefEncryptedkey";
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public static final String WSS10 = "Wss10";
+
+ public static final String WSS11 = "Wss11";
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public static final String TRUST_10 = "Trust10";
+
+ public static final String TRUST_13 = "Trust13";
+
+ public static final String MUST_SUPPORT_CLIENT_CHALLENGE = "MustSupportClientChanllenge";
+
+ public static final String MUST_SUPPORT_SERVER_CHALLENGE = "MustSupportServerChanllenge";
+
+ public static final String REQUIRE_CLIENT_ENTROPY = "RequireClientEntropy";
+
+ public static final String REQUIRE_SERVER_ENTROPY = "RequireServerEntropy";
+
+ public static final String MUST_SUPPORT_ISSUED_TOKENS = "MustSupportIssuedTokens";
+
+ public static final String REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION = "RequireRequestSecurityTokenCollection";
+
+ public static final String REQUIRE_APPLIES_TO = "RequireAppliesTo";
+
+ public static final String ISSUER = "Issuer";
+
+ public static final String REQUIRE_DERIVED_KEYS = "RequireDerivedKeys";
+
+ public static final String REQUIRE_IMPLIED_DERIVED_KEYS = "RequireImpliedDerivedKeys";
+
+ public static final String REQUIRE_EXPLICIT_DERIVED_KEYS = "RequireExplicitDerivedKeys";
+
+ public static final String REQUIRE_EXTERNAL_URI_REFERNCE = "RequireExternalUriReference";
+
+ public static final String REQUIRE_EXTERNAL_REFERNCE = "RequireExternalReference";
+
+ public static final String REQUIRE_INTERNAL_REFERNCE = "RequireInternalReference";
+
+ public static final String REQUEST_SECURITY_TOKEN_TEMPLATE = "RequestSecurityTokenTemplate";
+
+ public static final String SC10_SECURITY_CONTEXT_TOKEN = "SC10SecurityContextToken";
+
+ public static final String BOOTSTRAP_POLICY = "BootstrapPolicy";
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public static final String HEADER = "Header";
+
+ public static final String BODY = "Body" ;
+
+ public static final String ATTACHMENTS = "Attachments";
+
+ public static final QName NAME = new QName("Name");
+
+ public static final QName NAMESPACE = new QName("Namespace");
+
+ ////////////////////////////////////////////////////////////////////////////////////////////////
+
+ public static final String NO_PASSWORD = "NoPassword";
+
+ public static final String HASH_PASSWORD = "HashPassword";
+
+
+
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/WSSPolicyException.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/WSSPolicyException.java
new file mode 100644
index 0000000..12720db
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/WSSPolicyException.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy;
+
+public class WSSPolicyException extends Exception {
+
+ private static final long serialVersionUID = 5904800255533588133L;
+
+ public WSSPolicyException(String message, Throwable e) {
+ super(message, e);
+ }
+
+ public WSSPolicyException(String message) {
+ super(message);
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractConfigurableSecurityAssertion.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractConfigurableSecurityAssertion.java
new file mode 100644
index 0000000..f790c73
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractConfigurableSecurityAssertion.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.neethi.Assertion;
+
+public abstract class AbstractConfigurableSecurityAssertion extends AbstractSecurityAssertion {
+
+ protected ArrayList configurations = null;
+
+ public void addConfiguration(Assertion assertion) {
+ if (configurations == null) {
+ configurations = new ArrayList();
+ }
+ configurations.add(assertion);
+ }
+
+ public List getConfigurations() {
+ return configurations;
+ }
+
+ public Assertion getDefaultAssertion() {
+ if (configurations != null) {
+ return (Assertion) configurations.get(0);
+ }
+ return null;
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
new file mode 100644
index 0000000..5c302f2
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.model;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+
+public abstract class AbstractSecurityAssertion implements Assertion {
+
+ private boolean isOptional;
+
+ private boolean normalized = false;
+
+ protected int version;
+
+ public boolean isOptional() {
+ return isOptional;
+ }
+
+ public void setOptional(boolean isOptional) {
+ this.isOptional = isOptional;
+ }
+
+ public short getType() {
+ return org.apache.neethi.Constants.TYPE_ASSERTION;
+ }
+
+ public boolean equal(PolicyComponent policyComponent) {
+ throw new UnsupportedOperationException();
+ }
+
+ public void setNormalized(boolean normalized) {
+ this.normalized = normalized;
+ }
+
+ public boolean isNormalized() {
+ return true;
+ }
+
+ public PolicyComponent normalize() {
+
+ /*
+ * TODO: Handling the isOptional:TRUE case
+ */
+ return this;
+ }
+
+ public void setVersion(int version) {
+ this.version = version;
+ }
+
+ public int getVersion() {
+ return version;
+ }
+
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
new file mode 100644
index 0000000..6eacac8
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
@@ -0,0 +1,522 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.WSSPolicyException;
+
+public class AlgorithmSuite extends AbstractConfigurableSecurityAssertion {
+
+ private String algoSuiteString;
+
+ private String symmetricSignature = SPConstants.HMAC_SHA1;
+
+ private String asymmetricSignature = SPConstants.RSA_SHA1;
+
+ private String computedKey = SPConstants.P_SHA1;
+
+ private int maximumSymmetricKeyLength = 256;
+
+ private int minimumAsymmetricKeyLength = 1024;
+
+ private int maximumAsymmetricKeyLength = 4096;
+
+ private String digest;
+
+ private String encryption;
+
+ private String symmetricKeyWrap;
+
+ private String asymmetricKeyWrap;
+
+ private String encryptionKeyDerivation;
+
+ private int encryptionDerivedKeyLength;
+
+ private String signatureKeyDerivation;
+
+ private int signatureDerivedKeyLength;
+
+ private int minimumSymmetricKeyLength;
+
+ private String c14n = SPConstants.EX_C14N;
+
+ private String soapNormalization;
+
+ private String strTransform;
+
+ private String xPath;
+
+ public AlgorithmSuite (int version) {
+ setVersion(version);
+ }
+
+ /**
+ * Set the algorithm suite
+ *
+ * @param algoSuite
+ * @throws WSSPolicyException
+ * @see SPConstants#ALGO_SUITE_BASIC128
+ * @see SPConstants#ALGO_SUITE_BASIC128_RSA15
+ * @see SPConstants#ALGO_SUITE_BASIC128_SHA256
+ * @see SPConstants#ALGO_SUITE_BASIC128_SHA256_RSA15
+ * @see SPConstants#ALGO_SUITE_BASIC192
+ * @see SPConstants#ALGO_SUITE_BASIC192_RSA15
+ * @see SPConstants#ALGO_SUITE_BASIC192_SHA256
+ * @see SPConstants#ALGO_SUITE_BASIC192_SHA256_RSA15
+ * @see SPConstants#ALGO_SUITE_BASIC256
+ * @see SPConstants#ALGO_SUITE_BASIC256_RSA15
+ * @see SPConstants#ALGO_SUITE_BASIC256_SHA256
+ * @see SPConstants#ALGO_SUITE_BASIC256_SHA256_RSA15
+ * @see SPConstants#ALGO_SUITE_TRIPLE_DES
+ * @see SPConstants#ALGO_SUITE_TRIPLE_DES_RSA15
+ * @see SPConstants#ALGO_SUITE_TRIPLE_DES_SHA256
+ * @see SPConstants#ALGO_SUITE_TRIPLE_DES_SHA256_RSA15
+ */
+ public void setAlgorithmSuite(String algoSuite) throws WSSPolicyException {
+ setAlgoSuiteString(algoSuite);
+ this.algoSuiteString = algoSuite;
+
+ // TODO: Optimize this :-)
+ if (SPConstants.ALGO_SUITE_BASIC256.equals(algoSuite)) {
+ this.digest = SPConstants.SHA1;
+ this.encryption = SPConstants.AES256;
+ this.symmetricKeyWrap = SPConstants.KW_AES256;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L256;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 256;
+ this.signatureDerivedKeyLength = 192;
+ this.minimumSymmetricKeyLength = 256;
+ this.encryptionDerivedKeyLength = 256;
+ } else if (SPConstants.ALGO_SUITE_BASIC192.equals(algoSuite)) {
+ this.digest = SPConstants.SHA1;
+ this.encryption = SPConstants.AES192;
+ this.symmetricKeyWrap = SPConstants.KW_AES192;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L192;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
+ this.minimumSymmetricKeyLength = 192;
+ this.maximumSymmetricKeyLength = 192;
+ } else if (SPConstants.ALGO_SUITE_BASIC128.equals(algoSuite)) {
+ this.digest = SPConstants.SHA1;
+ this.encryption = SPConstants.AES128;
+ this.symmetricKeyWrap = SPConstants.KW_AES128;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L128;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L128;
+ this.encryptionDerivedKeyLength = 128;
+ this.signatureDerivedKeyLength = 128;
+ this.minimumSymmetricKeyLength = 128;
+ this.maximumSymmetricKeyLength = 128;
+ } else if (SPConstants.ALGO_SUITE_TRIPLE_DES.equals(algoSuite)) {
+ this.digest = SPConstants.SHA1;
+ this.encryption = SPConstants.TRIPLE_DES;
+ this.symmetricKeyWrap = SPConstants.KW_TRIPLE_DES;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L192;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
+ this.minimumSymmetricKeyLength = 192;
+ this.maximumSymmetricKeyLength = 192; //due to use of 3des
+ } else if (SPConstants.ALGO_SUITE_BASIC256_RSA15.equals(algoSuite)) {
+ this.digest = SPConstants.SHA1;
+ this.encryption = SPConstants.AES256;
+ this.symmetricKeyWrap = SPConstants.KW_AES256;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA15;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L256;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 256;
+ this.signatureDerivedKeyLength = 192;
+ this.minimumSymmetricKeyLength = 256;
+ } else if (SPConstants.ALGO_SUITE_BASIC192_RSA15.equals(algoSuite)) {
+ this.digest = SPConstants.SHA1;
+ this.encryption = SPConstants.AES192;
+ this.symmetricKeyWrap = SPConstants.KW_AES192;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA15;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L192;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
+ this.minimumSymmetricKeyLength = 192;
+ this.maximumSymmetricKeyLength = 192;
+ } else if (SPConstants.ALGO_SUITE_BASIC128_RSA15.equals(algoSuite)) {
+ this.digest = SPConstants.SHA1;
+ this.encryption = SPConstants.AES128;
+ this.symmetricKeyWrap = SPConstants.KW_AES128;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA15;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L128;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L128;
+ this.encryptionDerivedKeyLength = 128;
+ this.signatureDerivedKeyLength = 128;
+ this.minimumSymmetricKeyLength = 128;
+ this.maximumSymmetricKeyLength = 128;
+ } else if (SPConstants.ALGO_SUITE_TRIPLE_DES_RSA15.equals(algoSuite)) {
+ this.digest = SPConstants.SHA1;
+ this.encryption = SPConstants.TRIPLE_DES;
+ this.symmetricKeyWrap = SPConstants.KW_TRIPLE_DES;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA15;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L192;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
+ this.minimumSymmetricKeyLength = 192;
+ this.maximumSymmetricKeyLength = 192; //due to use of 3des
+ } else if (SPConstants.ALGO_SUITE_BASIC256_SHA256.equals(algoSuite)) {
+ this.digest = SPConstants.SHA256;
+ this.encryption = SPConstants.AES256;
+ this.symmetricKeyWrap = SPConstants.KW_AES256;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L256;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 256;
+ this.signatureDerivedKeyLength = 256;
+ this.minimumSymmetricKeyLength = 256;
+ } else if (SPConstants.ALGO_SUITE_BASIC192_SHA256.equals(algoSuite)) {
+ this.digest = SPConstants.SHA256;
+ this.encryption = SPConstants.AES192;
+ this.symmetricKeyWrap = SPConstants.KW_AES192;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L192;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
+ this.minimumSymmetricKeyLength = 192;
+ this.maximumSymmetricKeyLength = 192;
+ } else if (SPConstants.ALGO_SUITE_BASIC128_SHA256.equals(algoSuite)) {
+ this.digest = SPConstants.SHA256;
+ this.encryption = SPConstants.AES128;
+ this.symmetricKeyWrap = SPConstants.KW_AES128;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L128;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L128;
+ this.encryptionDerivedKeyLength = 128;
+ this.signatureDerivedKeyLength = 128;
+ this.minimumSymmetricKeyLength = 128;
+ this.maximumSymmetricKeyLength = 128;
+ } else if (SPConstants.ALGO_SUITE_TRIPLE_DES_SHA256.equals(algoSuite)) {
+ this.digest = SPConstants.SHA256;
+ this.encryption = SPConstants.TRIPLE_DES;
+ this.symmetricKeyWrap = SPConstants.KW_TRIPLE_DES;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L192;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
+ this.minimumSymmetricKeyLength = 192;
+ this.maximumSymmetricKeyLength = 192; //due to use of 3des
+ } else if (SPConstants.ALGO_SUITE_BASIC256_SHA256_RSA15.equals(algoSuite)) {
+ this.digest = SPConstants.SHA256;
+ this.encryption = SPConstants.AES256;
+ this.symmetricKeyWrap = SPConstants.KW_AES256;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA15;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L256;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 256;
+ this.signatureDerivedKeyLength = 192;
+ this.minimumSymmetricKeyLength = 256;
+ } else if (SPConstants.ALGO_SUITE_BASIC192_SHA256_RSA15.equals(algoSuite)) {
+ this.digest = SPConstants.SHA256;
+ this.encryption = SPConstants.AES192;
+ this.symmetricKeyWrap = SPConstants.KW_AES192;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA15;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L192;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
+ this.minimumSymmetricKeyLength = 192;
+ this.maximumSymmetricKeyLength = 192;
+ } else if (SPConstants.ALGO_SUITE_BASIC128_SHA256_RSA15.equals(algoSuite)) {
+ this.digest = SPConstants.SHA256;
+ this.encryption = SPConstants.AES128;
+ this.symmetricKeyWrap = SPConstants.KW_AES128;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA15;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L128;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L128;
+ this.encryptionDerivedKeyLength = 128;
+ this.signatureDerivedKeyLength = 128;
+ this.minimumSymmetricKeyLength = 128;
+ this.maximumSymmetricKeyLength = 192;
+ } else if (SPConstants.ALGO_SUITE_TRIPLE_DES_SHA256_RSA15
+ .equals(algoSuite)) {
+ this.digest = SPConstants.SHA256;
+ this.encryption = SPConstants.TRIPLE_DES;
+ this.symmetricKeyWrap = SPConstants.KW_TRIPLE_DES;
+ this.asymmetricKeyWrap = SPConstants.KW_RSA15;
+ this.encryptionKeyDerivation = SPConstants.P_SHA1_L192;
+ this.signatureKeyDerivation = SPConstants.P_SHA1_L192;
+ this.encryptionDerivedKeyLength = 192;
+ this.signatureDerivedKeyLength = 192;
+ this.minimumSymmetricKeyLength = 192;
+ this.maximumSymmetricKeyLength = 192; //due to use of 3des
+ } else {
+ throw new WSSPolicyException("Invalid algorithm suite : " +
+ algoSuite);
+ }
+ }
+
+ /**
+ * @return Returns the asymmetricKeyWrap.
+ */
+ public String getAsymmetricKeyWrap() {
+ return asymmetricKeyWrap;
+ }
+
+ /**
+ * @return Returns the asymmetricSignature.
+ */
+ public String getAsymmetricSignature() {
+ return asymmetricSignature;
+ }
+
+ /**
+ * @return Returns the computedKey.
+ */
+ public String getComputedKey() {
+ return computedKey;
+ }
+
+ /**
+ * @return Returns the digest.
+ */
+ public String getDigest() {
+ return digest;
+ }
+
+ /**
+ * @return Returns the encryption.
+ */
+ public String getEncryption() {
+ return encryption;
+ }
+
+ /**
+ * @return Returns the encryptionKeyDerivation.
+ */
+ public String getEncryptionKeyDerivation() {
+ return encryptionKeyDerivation;
+ }
+
+ /**
+ * @return Returns the maximumAsymmetricKeyLength.
+ */
+ public int getMaximumAsymmetricKeyLength() {
+ return maximumAsymmetricKeyLength;
+ }
+
+ /**
+ * @return Returns the maximumSymmetricKeyLength.
+ */
+ public int getMaximumSymmetricKeyLength() {
+ return maximumSymmetricKeyLength;
+ }
+
+ /**
+ * @return Returns the minimumAsymmetricKeyLength.
+ */
+ public int getMinimumAsymmetricKeyLength() {
+ return minimumAsymmetricKeyLength;
+ }
+
+ /**
+ * @return Returns the minimumSymmetricKeyLength.
+ */
+ public int getMinimumSymmetricKeyLength() {
+ return minimumSymmetricKeyLength;
+ }
+
+ /**
+ * @return Returns the signatureKeyDerivation.
+ */
+ public String getSignatureKeyDerivation() {
+ return signatureKeyDerivation;
+ }
+
+ /**
+ * @return Returns the symmetricKeyWrap.
+ */
+ public String getSymmetricKeyWrap() {
+ return symmetricKeyWrap;
+ }
+
+ /**
+ * @return Returns the symmetricSignature.
+ */
+ public String getSymmetricSignature() {
+ return symmetricSignature;
+ }
+
+ /**
+ * @return Returns the c14n.
+ */
+ public String getInclusiveC14n() {
+ return c14n;
+ }
+
+ /**
+ * @param c14n
+ * The c14n to set.
+ */
+ public void setC14n(String c14n) {
+ this.c14n = c14n;
+ }
+
+ /**
+ * @return Returns the soapNormalization.
+ */
+ public String getSoapNormalization() {
+ return soapNormalization;
+ }
+
+ /**
+ * @param soapNormalization
+ * The soapNormalization to set.
+ */
+ public void setSoapNormalization(String soapNormalization) {
+ this.soapNormalization = soapNormalization;
+ }
+
+ /**
+ * @return Returns the strTransform.
+ */
+ public String getStrTransform() {
+ return strTransform;
+ }
+
+ /**
+ * @param strTransform
+ * The strTransform to set.
+ */
+ public void setStrTransform(String strTransform) {
+ this.strTransform = strTransform;
+ }
+
+ /**
+ * @return Returns the xPath.
+ */
+ public String getXPath() {
+ return xPath;
+ }
+
+ /**
+ * @param path
+ * The xPath to set.
+ */
+ public void setXPath(String path) {
+ xPath = path;
+ }
+
+ private void setAlgoSuiteString(String algoSuiteString) {
+ this.algoSuiteString = algoSuiteString;
+ }
+
+ private String getAlgoSuiteString() {
+ return algoSuiteString;
+ }
+
+ public QName getName() {
+ if (version == SPConstants.SP_V12) {
+ return SP12Constants.ALGORITHM_SUITE;
+ } else {
+ return SP11Constants.ALGORITHM_SUITE;
+ }
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException(
+ "AlgorithmSuite.normalize() is not supported");
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ writer.writeStartElement(prefix, localName, namespaceURI);
+ writer.writeNamespace(prefix, namespaceURI);
+
+ // <wsp:Policy>
+ writer.writeStartElement(SPConstants.POLICY.getPrefix(), SPConstants.POLICY
+ .getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+
+ //
+ writer.writeStartElement(prefix, getAlgoSuiteString(), namespaceURI);
+ writer.writeEndElement();
+
+ if (SPConstants.C14N.equals(getInclusiveC14n())) {
+ writer.writeStartElement(prefix, SPConstants.INCLUSIVE_C14N, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (SPConstants.SNT.equals(getSoapNormalization())) {
+ writer.writeStartElement(prefix, SPConstants.SOAP_NORMALIZATION_10,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (SPConstants.STRT10.equals(getStrTransform())) {
+ writer.writeStartElement(prefix, SPConstants.STR_TRANSFORM_10,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (SPConstants.XPATH.equals(getXPath())) {
+ writer.writeStartElement(prefix, SPConstants.XPATH10, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (SPConstants.XPATH20.equals(getXPath())) {
+ writer.writeStartElement(prefix, SPConstants.XPATH_FILTER20,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:AlgorithmSuite>
+ writer.writeEndElement();
+ }
+
+ public int getEncryptionDerivedKeyLength() {
+ return encryptionDerivedKeyLength;
+ }
+
+ public int getSignatureDerivedKeyLength() {
+ return signatureDerivedKeyLength;
+ }
+
+ public void setAsymmetricKeyWrap(String asymmetricKeyWrap) {
+ this.asymmetricKeyWrap = asymmetricKeyWrap;
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmWrapper.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmWrapper.java
new file mode 100644
index 0000000..d0c8c6c
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmWrapper.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+public interface AlgorithmWrapper {
+
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite);
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java
new file mode 100644
index 0000000..78c8dbc
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java
@@ -0,0 +1,225 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class AsymmetricBinding extends SymmetricAsymmetricBindingBase {
+
+ private InitiatorToken initiatorToken;
+
+ private RecipientToken recipientToken;
+
+ public AsymmetricBinding(int version) {
+ super(version);
+ }
+
+ /**
+ * @return Returns the initiatorToken.
+ */
+ public InitiatorToken getInitiatorToken() {
+ return initiatorToken;
+ }
+
+ /**
+ * @param initiatorToken
+ * The initiatorToken to set.
+ */
+ public void setInitiatorToken(InitiatorToken initiatorToken) {
+ this.initiatorToken = initiatorToken;
+ }
+
+ /**
+ * @return Returns the recipientToken.
+ */
+ public RecipientToken getRecipientToken() {
+ return recipientToken;
+ }
+
+ /**
+ * @param recipientToken
+ * The recipientToken to set.
+ */
+ public void setRecipientToken(RecipientToken recipientToken) {
+ this.recipientToken = recipientToken;
+ }
+
+ public QName getName() {
+ if (version == SPConstants.SP_V12) {
+ return SP12Constants.ASYMMETRIC_BINDING;
+ } else {
+ return SP11Constants.ASYMMETRIC_BINDING;
+ }
+ }
+
+ public PolicyComponent normalize() {
+
+ if (isNormalized()) {
+ return this;
+ }
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ List configs = algorithmSuite.getConfigurations();
+
+ Policy policy = new Policy();
+ ExactlyOne exactlyOne = new ExactlyOne();
+
+ policy.addPolicyComponent(exactlyOne);
+
+ All wrapper;
+ AsymmetricBinding asymmetricBinding;
+
+ for (Iterator iterator = configs.iterator(); iterator.hasNext();) {
+ wrapper = new All();
+ asymmetricBinding = new AsymmetricBinding(this.version);
+
+ asymmetricBinding.setAlgorithmSuite((AlgorithmSuite) iterator
+ .next());
+ asymmetricBinding
+ .setEntireHeadersAndBodySignatures(isEntireHeadersAndBodySignatures());
+ asymmetricBinding.setIncludeTimestamp(isIncludeTimestamp());
+ asymmetricBinding.setInitiatorToken(getInitiatorToken());
+ asymmetricBinding.setLayout(getLayout());
+ asymmetricBinding.setProtectionOrder(getProtectionOrder());
+ asymmetricBinding.setRecipientToken(getRecipientToken());
+ asymmetricBinding.setSignatureProtection(isSignatureProtection());
+ asymmetricBinding
+ .setSignedEndorsingSupportingTokens(getSignedEndorsingSupportingTokens());
+ asymmetricBinding.setTokenProtection(isTokenProtection());
+
+ asymmetricBinding.setNormalized(true);
+ wrapper.addPolicyComponent(wrapper);
+ }
+
+ return policy;
+
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:AsymmetricBinding>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(),
+ SPConstants.POLICY.getNamespaceURI());
+
+ if (initiatorToken == null) {
+ throw new RuntimeException("InitiatorToken is not set");
+ }
+
+ // <sp:InitiatorToken>
+ initiatorToken.serialize(writer);
+ // </sp:InitiatorToken>
+
+ if (recipientToken == null) {
+ throw new RuntimeException("RecipientToken is not set");
+ }
+
+ // <sp:RecipientToken>
+ recipientToken.serialize(writer);
+ // </sp:RecipientToken>
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ if (algorithmSuite == null) {
+ throw new RuntimeException("AlgorithmSuite is not set");
+ }
+
+ // <sp:AlgorithmSuite>
+ algorithmSuite.serialize(writer);
+ // </sp:AlgorithmSuite>
+
+ Layout layout = getLayout();
+ if (layout != null) {
+ // <sp:Layout>
+ layout.serialize(writer);
+ // </sp:Layout>
+ }
+
+ if (isIncludeTimestamp()) {
+ // <sp:IncludeTimestamp>
+ writer.writeStartElement(prefix, SPConstants.INCLUDE_TIMESTAMP,
+ namespaceURI);
+ writer.writeEndElement();
+ // </sp:IncludeTimestamp>
+ }
+
+ if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(getProtectionOrder())) {
+ // <sp:EncryptBeforeSign />
+ writer.writeStartElement(prefix, SPConstants.ENCRYPT_BEFORE_SIGNING,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isSignatureProtection()) {
+ // <sp:EncryptSignature />
+ // FIXME move the String constants to a QName
+ writer.writeStartElement(prefix, SPConstants.ENCRYPT_SIGNATURE,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isTokenProtection()) {
+ // <sp:ProtectTokens />
+ writer.writeStartElement(prefix, SPConstants.PROTECT_TOKENS,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isEntireHeadersAndBodySignatures()) {
+ // <sp:OnlySignEntireHeaderAndBody />
+ writer.writeStartElement(prefix,
+ SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:AsymmetircBinding>
+ writer.writeEndElement();
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java
new file mode 100644
index 0000000..2e8fdfa
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+public abstract class Binding extends AbstractSecurityAssertion implements AlgorithmWrapper {
+
+ private AlgorithmSuite algorithmSuite;
+ private boolean includeTimestamp;
+ private Layout layout;
+ private SupportingToken signedSupportingToken;
+ private SupportingToken signedEndorsingSupportingTokens;
+
+ public Binding (int version) {
+ setVersion(version);
+ layout = new Layout(version);
+ }
+
+ /**
+ * @return Returns the algorithmSuite.
+ */
+ public AlgorithmSuite getAlgorithmSuite() {
+ return algorithmSuite;
+ }
+
+ /**
+ * @param algorithmSuite The algorithmSuite to set.
+ */
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ /**
+ * @return Returns the includeTimestamp.
+ */
+ public boolean isIncludeTimestamp() {
+ return includeTimestamp;
+ }
+
+ /**
+ * @param includeTimestamp The includeTimestamp to set.
+ */
+ public void setIncludeTimestamp(boolean includeTimestamp) {
+ this.includeTimestamp = includeTimestamp;
+ }
+
+ /**
+ * @return Returns the layout.
+ */
+ public Layout getLayout() {
+ return layout;
+ }
+
+ /**
+ * @param layout The layout to set.
+ */
+ public void setLayout(Layout layout) {
+ this.layout = layout;
+ }
+
+ public SupportingToken getSignedEndorsingSupportingTokens() {
+ return signedEndorsingSupportingTokens;
+ }
+
+ public void setSignedEndorsingSupportingTokens(
+ SupportingToken signedEndorsingSupportingTokens) {
+ this.signedEndorsingSupportingTokens = signedEndorsingSupportingTokens;
+ }
+
+ public SupportingToken getSignedSupportingToken() {
+ return signedSupportingToken;
+ }
+
+ public void setSignedSupportingToken(SupportingToken signedSupportingToken) {
+ this.signedSupportingToken = signedSupportingToken;
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ContentEncryptedElements.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ContentEncryptedElements.java
new file mode 100644
index 0000000..def1b53
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ContentEncryptedElements.java
@@ -0,0 +1,130 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.HashMap;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class ContentEncryptedElements extends AbstractSecurityAssertion {
+
+ private ArrayList xPathExpressions = new ArrayList();
+
+ private HashMap declaredNamespaces = new HashMap();
+
+ private String xPathVersion;
+
+ public ContentEncryptedElements(int version) {
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the xPathExpressions.
+ */
+ public ArrayList getXPathExpressions() {
+ return xPathExpressions;
+ }
+
+ public void addXPathExpression(String expr) {
+ this.xPathExpressions.add(expr);
+ }
+
+ /**
+ * @return Returns the xPathVersion.
+ */
+ public String getXPathVersion() {
+ return xPathVersion;
+ }
+
+ /**
+ * @param pathVersion
+ * The xPathVersion to set.
+ */
+ public void setXPathVersion(String pathVersion) {
+ xPathVersion = pathVersion;
+ }
+
+ public HashMap getDeclaredNamespaces () {
+ return declaredNamespaces;
+ }
+
+ public void addDeclaredNamespaces(String uri, String prefix ) {
+ declaredNamespaces.put(prefix, uri);
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix;
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:ContentEncryptedElements>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+ if (xPathVersion != null) {
+ writer.writeAttribute(prefix, namespaceURI, SPConstants.XPATH_VERSION, xPathVersion);
+ }
+
+ String xpathExpression;
+
+ for (Iterator iterator = xPathExpressions.iterator(); iterator
+ .hasNext();) {
+ xpathExpression = (String) iterator.next();
+ // <sp:XPath ..>
+ writer.writeStartElement(prefix, SPConstants.XPATH_EXPR, namespaceURI);
+ writer.writeCharacters(xpathExpression);
+ writer.writeEndElement();
+ }
+
+ //</sp:ContentEncryptedElements>
+ writer.writeEndElement();
+ }
+
+ public QName getName() {
+ return SP12Constants.CONTENT_ENCRYPTED_ELEMENTS;
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java
new file mode 100644
index 0000000..bd55bd0
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class EncryptionToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token encryptionToken;
+
+ public EncryptionToken(int version) {
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the encryptionToken.
+ */
+ public Token getEncryptionToken() {
+ return encryptionToken;
+ }
+
+ /**
+ * @param encryptionToken The encryptionToken to set.
+ */
+ public void setEncryptionToken(Token encryptionToken) {
+ this.encryptionToken = encryptionToken;
+ }
+
+ public void setToken(Token tok) {
+ this.setEncryptionToken(tok);
+ }
+
+ public QName getName() {
+ if (version == SPConstants.SP_V12) {
+ return SP12Constants.ENCRYPTION_TOKEN;
+ } else {
+ return SP11Constants.ENCRYPTION_TOKEN;
+ }
+
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+ String prefix;
+
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:EncryptionToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+
+ String wspNamespaceURI = SPConstants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, wspNamespaceURI);
+
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, SPConstants.POLICY.getLocalPart(), wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, wspNamespaceURI);
+ }
+
+ if (encryptionToken == null) {
+ throw new RuntimeException("EncryptionToken is not set");
+ }
+
+ encryptionToken.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:EncryptionToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Header.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Header.java
new file mode 100644
index 0000000..8e95a29
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Header.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+public class Header {
+
+ private String name;
+ private String namespace;
+
+ /**
+ * @return Returns the name.
+ */
+ public String getName() {
+ return name;
+ }
+ /**
+ * @param name The name to set.
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+ /**
+ * @return Returns the namespace.
+ */
+ public String getNamespace() {
+ return namespace;
+ }
+ /**
+ * @param namespace The namespace to set.
+ */
+ public void setNamespace(String namespace) {
+ this.namespace = namespace;
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
new file mode 100644
index 0000000..feb987d
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+
+/**
+ *
+ * @author Ruchith Fernando (ruchith.fernando@gmail.com)
+ */
+public class HttpsToken extends Token {
+
+ public HttpsToken(int version){
+ setVersion(version);
+ }
+
+ private boolean requireClientCertificate = false;
+ private boolean httpBasicAuthentication = false;
+ private boolean httpDigestAuthentication = false;
+
+ public boolean isRequireClientCertificate() {
+ return requireClientCertificate;
+ }
+
+ public void setRequireClientCertificate(boolean requireClientCertificate) {
+ this.requireClientCertificate = requireClientCertificate;
+ }
+
+ /**
+ * @return the httpBasicAuthentication
+ */
+ public boolean isHttpBasicAuthentication()
+ {
+ return httpBasicAuthentication;
+ }
+
+ /**
+ * @param httpBasicAuthentication the httpBasicAuthentication to set
+ */
+ public void setHttpBasicAuthentication(boolean httpBasicAuthentication)
+ {
+ this.httpBasicAuthentication = httpBasicAuthentication;
+ }
+
+ /**
+ * @return the httpDigestAuthentication
+ */
+ public boolean isHttpDigestAuthentication()
+ {
+ return httpDigestAuthentication;
+ }
+
+ /**
+ * @param httpDigestAuthentication the httpDigestAuthentication to set
+ */
+ public void setHttpDigestAuthentication(boolean httpDigestAuthentication)
+ {
+ this.httpDigestAuthentication = httpDigestAuthentication;
+ }
+
+ public QName getName() {
+ if (version == SPConstants.SP_V12) {
+ return SP12Constants.HTTPS_TOKEN;
+ } else {
+ return SP11Constants.HTTPS_TOKEN;
+ }
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:HttpsToken
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+
+ if (version == SPConstants.SP_V12) {
+
+ if (isRequireClientCertificate() ||
+ isHttpBasicAuthentication() ||
+ isHttpDigestAuthentication()) {
+ // <wsp:Policy>
+ writer.writeStartElement(SPConstants.POLICY.getPrefix(), SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+
+ /*
+ * The ws policy 1.2 specification states that only one of those should be present, although
+ * a web server (say tomcat) could be normally configured to require both a client certificate and
+ * a http user/pwd authentication. Nevertheless stick to the specification.
+ */
+ if(isHttpBasicAuthentication()) {
+ writer.writeStartElement(prefix, SPConstants.HTTP_BASIC_AUTHENTICATION.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ } else if(isHttpDigestAuthentication()) {
+ writer.writeStartElement(prefix, SPConstants.HTTP_DIGEST_AUTHENTICATION.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ } else if(isRequireClientCertificate()) {
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_CLIENT_CERTIFICATE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+ // </wsp:Policy>
+ writer.writeEndElement();
+ }
+ } else {
+ // RequireClientCertificate=".."
+ writer.writeAttribute(SPConstants.REQUIRE_CLIENT_CERTIFICATE.getLocalPart(), Boolean
+ .toString(isRequireClientCertificate()));
+ }
+
+ writer.writeEndElement();
+ // </sp:HttpsToken>
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java
new file mode 100644
index 0000000..0b91962
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+
+public class InitiatorToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token initiatorToken;
+
+ public InitiatorToken(int version) {
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the initiatorToken.
+ */
+ public Token getInitiatorToken() {
+ return initiatorToken;
+ }
+
+ /**
+ * @param initiatorToken The initiatorToken to set.
+ */
+ public void setInitiatorToken(Token initiatorToken) {
+ this.initiatorToken = initiatorToken;
+ }
+
+ public void setToken(Token tok) {
+ this.setInitiatorToken(tok);
+ }
+
+ public QName getName() {
+ if (version == SPConstants.SP_V12) {
+ return SP12Constants.INITIATOR_TOKEN;
+ } else {
+ return SP11Constants.INITIATOR_TOKEN;
+ }
+
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:InitiatorToken>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+
+ Token token = getInitiatorToken();
+ if (token == null) {
+ throw new RuntimeException("InitiatorToken doesn't contain any token assertions");
+ }
+ token.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:InitiatorToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java
new file mode 100644
index 0000000..46674d6
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java
@@ -0,0 +1,223 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * Model bean for the IssuedToken assertion.
+ */
+public class IssuedToken extends Token {
+
+ private OMElement issuerEpr;
+
+ private OMElement issuerMex;
+
+ private OMElement rstTemplate;
+
+ boolean requireExternalReference;
+
+ boolean requireInternalReference;
+
+ public IssuedToken(int version) {
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the issuerEpr.
+ */
+ public OMElement getIssuerEpr() {
+ return issuerEpr;
+ }
+
+ /**
+ * @param issuerEpr
+ * The issuerEpr to set.
+ */
+ public void setIssuerEpr(OMElement issuerEpr) {
+ this.issuerEpr = issuerEpr;
+ }
+
+ /**
+ * @return Returns the requireExternalReference.
+ */
+ public boolean isRequireExternalReference() {
+ return requireExternalReference;
+ }
+
+ /**
+ * @param requireExternalReference
+ * The requireExternalReference to set.
+ */
+ public void setRequireExternalReference(boolean requireExternalReference) {
+ this.requireExternalReference = requireExternalReference;
+ }
+
+ /**
+ * @return Returns the requireInternalReference.
+ */
+ public boolean isRequireInternalReference() {
+ return requireInternalReference;
+ }
+
+ /**
+ * @param requireInternalReference
+ * The requireInternalReference to set.
+ */
+ public void setRequireInternalReference(boolean requireInternalReference) {
+ this.requireInternalReference = requireInternalReference;
+ }
+
+ /**
+ * @return Returns the rstTemplate.
+ */
+ public OMElement getRstTemplate() {
+ return rstTemplate;
+ }
+
+ /**
+ * @param rstTemplate
+ * The rstTemplate to set.
+ */
+ public void setRstTemplate(OMElement rstTemplate) {
+ this.rstTemplate = rstTemplate;
+ }
+
+ public QName getName() {
+ if (version == SPConstants.SP_V12) {
+ return SP12Constants.ISSUED_TOKEN;
+ } else {
+ return SP11Constants.ISSUED_TOKEN;
+ }
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix;
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:IssuedToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+ String inclusion;
+
+ if (version == SPConstants.SP_V12) {
+ inclusion = SP12Constants.getAttributeValueFromInclusion(getInclusion());
+ } else {
+ inclusion = SP11Constants.getAttributeValueFromInclusion(getInclusion());
+ }
+
+ if (inclusion != null) {
+ writer.writeAttribute(prefix, namespaceURI,
+ SPConstants.ATTR_INCLUDE_TOKEN, inclusion);
+ }
+
+ if (issuerEpr != null) {
+ writer.writeStartElement(prefix, SPConstants.ISSUER,
+ namespaceURI);
+ issuerEpr.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ if (rstTemplate != null) {
+ // <sp:RequestSecurityTokenTemplate>
+ rstTemplate.serialize(writer);
+
+ }
+
+ String policyLocalName = SPConstants.POLICY.getLocalPart();
+ String policyNamespaceURI = SPConstants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(policyNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, policyNamespaceURI);
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ if (isRequireExternalReference() || isRequireInternalReference() ||
+ this.isDerivedKeys()) {
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, policyLocalName,
+ policyNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, policyNamespaceURI);
+ }
+
+ if (isRequireExternalReference()) {
+ // <sp:RequireExternalReference />
+ writer.writeEmptyElement(prefix, SPConstants.REQUIRE_EXTERNAL_REFERNCE,
+ namespaceURI);
+ }
+
+ if (isRequireInternalReference()) {
+ // <sp:RequireInternalReference />
+ writer.writeEmptyElement(prefix, SPConstants.REQUIRE_INTERNAL_REFERNCE,
+ namespaceURI);
+ }
+
+ if (this.isDerivedKeys()) {
+ // <sp:RequireDerivedKeys />
+ writer.writeEmptyElement(prefix, SPConstants.REQUIRE_DERIVED_KEYS,
+ namespaceURI);
+ }
+
+ // <wsp:Policy>
+ writer.writeEndElement();
+ }
+
+ // </sp:IssuedToken>
+ writer.writeEndElement();
+ }
+
+ public OMElement getIssuerMex() {
+ return issuerMex;
+ }
+
+ public void setIssuerMex(OMElement issuerMex) {
+ this.issuerMex = issuerMex;
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java
new file mode 100644
index 0000000..a1ff7f8
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class Layout extends AbstractSecurityAssertion {
+
+ private String value = SPConstants.LAYOUT_LAX;
+
+ public Layout(int version) {
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the value.
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * @param value
+ * The value to set.
+ */
+ public void setValue(String value) {
+ if (SPConstants.LAYOUT_LAX.equals(value)
+ || SPConstants.LAYOUT_STRICT.equals(value)
+ || SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST.equals(value)
+ || SPConstants.LAYOUT_LAX_TIMESTAMP_LAST.equals(value)) {
+ this.value = value;
+ } else {
+ // throw new WSSPolicyException("Incorrect layout value : " +
+ // value);
+ }
+ }
+
+ public QName getName() {
+ if ( version == SPConstants.SP_V12 ) {
+ return SP12Constants.LAYOUT;
+ } else {
+ return SP11Constants.LAYOUT;
+ }
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:Layout>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ // <wsp:Policy>
+ writer.writeStartElement(SPConstants.POLICY.getPrefix(), SPConstants.POLICY
+ .getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+
+ // .. <sp:Strict /> | <sp:Lax /> | <sp:LaxTsFirst /> | <sp:LaxTsLast /> ..
+ if (SPConstants.LAYOUT_STRICT.equals(value)) {
+ writer.writeStartElement(prefix, SPConstants.LAYOUT_STRICT, namespaceURI);
+
+ } else if (SPConstants.LAYOUT_LAX.equals(value)) {
+ writer.writeStartElement(prefix, SPConstants.LAYOUT_LAX, namespaceURI);
+
+ } else if (SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST.equals(value)) {
+ writer.writeStartElement(prefix, SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST, namespaceURI);
+
+ } else if (SPConstants.LAYOUT_LAX_TIMESTAMP_LAST.equals(value)) {
+ writer.writeStartElement(prefix, SPConstants.LAYOUT_LAX_TIMESTAMP_LAST, namespaceURI);
+ }
+
+ writer.writeEndElement();
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:Layout>
+ writer.writeEndElement();
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java
new file mode 100644
index 0000000..4e64d08
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class ProtectionToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token protectionToken;
+
+ public ProtectionToken(int version) {
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the protectionToken.
+ */
+ public Token getProtectionToken() {
+ return protectionToken;
+ }
+
+ /**
+ * @param protectionToken The protectionToken to set.
+ */
+ public void setProtectionToken(Token protectionToken) {
+ this.protectionToken = protectionToken;
+ }
+
+ public void setToken(Token tok) {
+ this.setProtectionToken(tok);
+ }
+
+ public QName getName() {
+ if ( version == SPConstants.SP_V12) {
+ return SP12Constants.PROTECTION_TOKEN;
+ } else {
+ return SP11Constants.PROTECTION_TOKEN;
+ }
+ }
+
+ public PolicyComponent normalize() {
+ /*
+ * ProtectionToken can not contain multiple values. Hence we consider it
+ * to always be in the normalized format.
+ */
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix;
+
+ String writerPrefix = writer.getPrefix(namespaceURI);
+ if (writerPrefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:ProtectionToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+ String policyLocalName = SPConstants.POLICY.getLocalPart();
+ String policyNamespaceURI = SPConstants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(policyNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, policyNamespaceURI);
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, policyLocalName, policyNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, policyNamespaceURI);
+ }
+
+ if (protectionToken == null) {
+ throw new RuntimeException("ProtectionToken is not set");
+ }
+
+ protectionToken.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:ProtectionToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java
new file mode 100644
index 0000000..2e0cc2d
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class RecipientToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token receipientToken;
+
+ public RecipientToken(int version) {
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the receipientToken.
+ */
+ public Token getReceipientToken() {
+ return receipientToken;
+ }
+
+ /**
+ * @param receipientToken The receipientToken to set.
+ */
+ public void setReceipientToken(Token receipientToken) {
+ this.receipientToken = receipientToken;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.ws.security.policy.TokenWrapper#setToken(org.apache.ws.security.policy.Token)
+ */
+ public void setToken(Token tok) {
+ this.setReceipientToken(tok);
+ }
+
+ public QName getName() {
+ if ( version == SPConstants.SP_V12) {
+ return SP12Constants.RECIPIENT_TOKEN;
+ } else {
+ return SP11Constants.RECIPIENT_TOKEN;
+ }
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:RecipientToken>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+
+ Token token = getReceipientToken();
+ if (token == null) {
+ throw new RuntimeException("RecipientToken doesn't contain any token assertions");
+ }
+ token.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:RecipientToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredElements.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredElements.java
new file mode 100644
index 0000000..e2d5666
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredElements.java
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.HashMap;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class RequiredElements extends AbstractSecurityAssertion {
+
+ private ArrayList xPathExpressions = new ArrayList();
+
+ private HashMap declaredNamespaces = new HashMap();
+
+ private String xPathVersion;
+
+ public RequiredElements(int version) {
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the xPathExpressions.
+ */
+ public ArrayList getXPathExpressions() {
+ return xPathExpressions;
+ }
+
+ public void addXPathExpression(String expr) {
+ this.xPathExpressions.add(expr);
+ }
+
+ /**
+ * @return Returns the xPathVersion.
+ */
+ public String getXPathVersion() {
+ return xPathVersion;
+ }
+
+ /**
+ * @param pathVersion
+ * The xPathVersion to set.
+ */
+ public void setXPathVersion(String pathVersion) {
+ xPathVersion = pathVersion;
+ }
+
+ public HashMap getDeclaredNamespaces () {
+ return declaredNamespaces;
+ }
+
+ public void addDeclaredNamespaces(String uri, String prefix ) {
+ declaredNamespaces.put(prefix, uri);
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix;
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:RequiredElements>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+ if (xPathVersion != null) {
+ writer.writeAttribute(prefix, namespaceURI, SPConstants.XPATH_VERSION, xPathVersion);
+ }
+
+ String xpathExpression;
+
+ for (Iterator iterator = xPathExpressions.iterator(); iterator
+ .hasNext();) {
+ xpathExpression = (String) iterator.next();
+ // <sp:XPath ..>
+ writer.writeStartElement(prefix, SPConstants.XPATH_EXPR, namespaceURI);
+ writer.writeCharacters(xpathExpression);
+ writer.writeEndElement();
+ }
+
+ //</sp:RequiredElements>
+ writer.writeEndElement();
+ }
+
+ public QName getName() {
+ if (version == SPConstants.SP_V12) {
+ return SP12Constants.REQUIRED_ELEMENTS;
+ } else {
+ return SP11Constants.REQUIRED_ELEMENTS;
+ }
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredParts.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredParts.java
new file mode 100644
index 0000000..3542bb4
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredParts.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class RequiredParts extends AbstractSecurityAssertion {
+
+ private ArrayList headers = new ArrayList();
+
+ public RequiredParts(int version) {
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the headers.
+ */
+ public ArrayList getHeaders() {
+ return this.headers;
+ }
+
+ /**
+ * @param headers The headers to set.
+ */
+ public void addHeader(Header header) {
+ this.headers.add(header);
+ }
+
+
+ public QName getName() {
+ return SP12Constants.REQUIRED_PARTS;
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:RequiredParts>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ Header header;
+ for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
+ header = (Header) iterator.next();
+ // <sp:Header Name=".." Namespace=".." />
+ writer.writeStartElement(prefix, SPConstants.HEADER, namespaceURI);
+ // Name attribute is optional
+ if (header.getName() != null) {
+ writer.writeAttribute("Name", header.getName());
+ }
+ writer.writeAttribute("Namespace", header.getNamespace());
+
+ writer.writeEndElement();
+ }
+
+ // </sp:RequiredParts>
+ writer.writeEndElement();
+ }
+
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java
new file mode 100644
index 0000000..54f1b24
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Policy;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * Model class of SecureConversationToken assertion
+ */
+public class SecureConversationToken extends SecurityContextToken {
+
+ private Policy bootstrapPolicy;
+
+ private OMElement issuerEpr;
+
+ public SecureConversationToken(int version) {
+ super(version);
+ }
+
+ /**
+ * @return Returns the bootstrapPolicy.
+ */
+ public Policy getBootstrapPolicy() {
+ return bootstrapPolicy;
+ }
+
+ /**
+ * @param bootstrapPolicy
+ * The bootstrapPolicy to set.
+ */
+ public void setBootstrapPolicy(Policy bootstrapPolicy) {
+ this.bootstrapPolicy = bootstrapPolicy;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.neethi.Assertion#getName()
+ */
+ public QName getName() {
+ if ( version == SPConstants.SP_V12) {
+ return SP12Constants.SECURE_CONVERSATION_TOKEN;
+ } else {
+ return SP11Constants.SECURE_CONVERSATION_TOKEN;
+ }
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+ String prefix;
+
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:SecureConversationToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+ String inclusion;
+
+ if (version == SPConstants.SP_V12) {
+ inclusion = SP12Constants.getAttributeValueFromInclusion(getInclusion());
+ } else {
+ inclusion = SP11Constants.getAttributeValueFromInclusion(getInclusion());
+ }
+
+ if (inclusion != null) {
+ writer.writeAttribute(prefix, namespaceURI, SPConstants.ATTR_INCLUDE_TOKEN, inclusion);
+ }
+
+ if (issuerEpr != null) {
+ // <sp:Issuer>
+ writer.writeStartElement(prefix, SPConstants.ISSUER , namespaceURI);
+
+ issuerEpr.serialize(writer);
+
+ writer.writeEndElement();
+ }
+
+ if (isDerivedKeys() || isRequireExternalUriRef()
+ || isSc10SecurityContextToken() || (bootstrapPolicy != null)) {
+
+ String wspNamespaceURI = SPConstants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, wspNamespaceURI);
+
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix,
+ SPConstants.POLICY.getLocalPart(), wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, wspNamespaceURI);
+ }
+
+ if (isDerivedKeys()) {
+ // <sp:RequireDerivedKeys />
+ writer.writeEmptyElement(prefix, SPConstants.REQUIRE_DERIVED_KEYS, namespaceURI);
+ }
+
+ if (isRequireExternalUriRef()) {
+ // <sp:RequireExternalUriReference />
+ writer.writeEmptyElement(prefix, SPConstants.REQUIRE_EXTERNAL_URI_REFERNCE, namespaceURI);
+ }
+
+ if (isSc10SecurityContextToken()) {
+ // <sp:SC10SecurityContextToken />
+ writer.writeEmptyElement(prefix, SPConstants.SC10_SECURITY_CONTEXT_TOKEN, namespaceURI);
+ }
+
+ if (bootstrapPolicy != null) {
+ // <sp:BootstrapPolicy ..>
+ writer.writeStartElement(prefix, SPConstants.BOOTSTRAP_POLICY, namespaceURI);
+ bootstrapPolicy.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+ }
+
+ // </sp:SecureConversationToken>
+ writer.writeEndElement();
+ }
+
+ /**
+ * @return Returns the issuerEpr.
+ */
+ public OMElement getIssuerEpr() {
+ return issuerEpr;
+ }
+
+ /**
+ * @param issuerEpr
+ * The issuerEpr to set.
+ */
+ public void setIssuerEpr(OMElement issuerEpr) {
+ this.issuerEpr = issuerEpr;
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecurityContextToken.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecurityContextToken.java
new file mode 100644
index 0000000..f30f837
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecurityContextToken.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * Model class of SecurityContextToken assertion
+ */
+public class SecurityContextToken extends Token {
+
+ boolean requireExternalUriRef;
+
+ boolean sc10SecurityContextToken;
+
+ public SecurityContextToken(int version) {
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the requireExternalUriRef.
+ */
+ public boolean isRequireExternalUriRef() {
+ return requireExternalUriRef;
+ }
+
+ /**
+ * @param requireExternalUriRef The requireExternalUriRef to set.
+ */
+ public void setRequireExternalUriRef(boolean requireExternalUriRef) {
+ this.requireExternalUriRef = requireExternalUriRef;
+ }
+
+ /**
+ * @return Returns the sc10SecurityContextToken.
+ */
+ public boolean isSc10SecurityContextToken() {
+ return sc10SecurityContextToken;
+ }
+
+ /**
+ * @param sc10SecurityContextToken The sc10SecurityContextToken to set.
+ */
+ public void setSc10SecurityContextToken(boolean sc10SecurityContextToken) {
+ this.sc10SecurityContextToken = sc10SecurityContextToken;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#getName()
+ */
+ public QName getName() {
+ if ( version == SPConstants.SP_V12) {
+ return SP12Constants.SECURITY_CONTEXT_TOKEN;
+ } else {
+ return SP11Constants.SECURITY_CONTEXT_TOKEN;
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#normalize()
+ */
+ public PolicyComponent normalize() {
+ // TODO TODO Sanka
+ throw new UnsupportedOperationException("TODO Sanka");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.PolicyComponent#serialize(javax.xml.stream.XMLStreamWriter)
+ */
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ // TODO TODO Sanka
+ throw new UnsupportedOperationException("TODO Sanka");
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java
new file mode 100644
index 0000000..eff9548
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class SignatureToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token signatureToken;
+
+ public SignatureToken(int version){
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the signatureToken.
+ */
+ public Token getSignatureToken() {
+ return signatureToken;
+ }
+
+ /**
+ * @param signatureToken The signatureToken to set.
+ */
+ public void setSignatureToken(Token signatureToken) {
+ this.signatureToken = signatureToken;
+ }
+
+ public void setToken(Token tok) {
+ this.setSignatureToken(tok);
+ }
+
+ public QName getName() {
+ if ( version == SPConstants.SP_V12 ) {
+ return SP12Constants.SIGNATURE_TOKEN;
+ } else {
+ return SP11Constants.SIGNATURE_TOKEN;
+ }
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix;
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:SignatureToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+
+ String wspNamespaceURI = SPConstants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, wspNamespaceURI);
+
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, SPConstants.POLICY.getLocalPart(), wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, wspNamespaceURI);
+ }
+
+ if (signatureToken == null) {
+ throw new RuntimeException("EncryptionToken is not set");
+ }
+
+ signatureToken.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:SignatureToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
new file mode 100644
index 0000000..6daeb76
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
@@ -0,0 +1,158 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.HashMap;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class SignedEncryptedElements extends AbstractSecurityAssertion {
+
+ private ArrayList xPathExpressions = new ArrayList();
+
+ private HashMap declaredNamespaces = new HashMap();
+
+ private String xPathVersion;
+
+ /**
+ * Just a flag to identify whether this holds sign element info or encr
+ * elements info
+ */
+ private boolean signedElemets;
+
+ public SignedEncryptedElements(boolean signedElements, int version) {
+ this.signedElemets = signedElements;
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the xPathExpressions.
+ */
+ public ArrayList getXPathExpressions() {
+ return xPathExpressions;
+ }
+
+ public void addXPathExpression(String expr) {
+ this.xPathExpressions.add(expr);
+ }
+
+ /**
+ * @return Returns the xPathVersion.
+ */
+ public String getXPathVersion() {
+ return xPathVersion;
+ }
+
+ /**
+ * @param pathVersion
+ * The xPathVersion to set.
+ */
+ public void setXPathVersion(String pathVersion) {
+ xPathVersion = pathVersion;
+ }
+
+ /**
+ * @return Returns the signedElemets.
+ */
+ public boolean isSignedElemets() {
+ return signedElemets;
+ }
+
+ public HashMap getDeclaredNamespaces () {
+ return declaredNamespaces;
+ }
+
+ public void addDeclaredNamespaces(String uri, String prefix ) {
+ declaredNamespaces.put(prefix, uri);
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:SignedElements> | <sp:EncryptedElements>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ if (xPathVersion != null) {
+ writer.writeAttribute(prefix, namespaceURI, SPConstants.XPATH_VERSION, xPathVersion);
+ }
+
+ String xpathExpression;
+
+ for (Iterator iterator = xPathExpressions.iterator(); iterator
+ .hasNext();) {
+ xpathExpression = (String) iterator.next();
+ // <sp:XPath ..>
+ writer.writeStartElement(prefix, SPConstants.XPATH_EXPR, namespaceURI);
+
+ Iterator<String> namespaces = declaredNamespaces.keySet().iterator();
+
+ while(namespaces.hasNext()) {
+ prefix = (String) namespaces.next();
+ namespaceURI = (String) declaredNamespaces.get(prefix);
+ writer.writeNamespace(prefix,namespaceURI);
+ }
+
+ writer.writeCharacters(xpathExpression);
+ writer.writeEndElement();
+ }
+
+ // </sp:SignedElements> | </sp:EncryptedElements>
+ writer.writeEndElement();
+ }
+
+ public QName getName() {
+ if (signedElemets) {
+ if (version == SPConstants.SP_V12) {
+ return SP12Constants.SIGNED_ELEMENTS;
+ } else {
+ return SP11Constants.SIGNED_ELEMENTS;
+ }
+
+ }
+
+ if (version == SPConstants.SP_V12) {
+ return SP12Constants.ENCRYPTED_ELEMENTS;
+ } else {
+ return SP11Constants.ENCRYPTED_ELEMENTS;
+ }
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
new file mode 100644
index 0000000..671bd3c
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class SignedEncryptedParts extends AbstractSecurityAssertion {
+
+ private boolean body;
+
+ private boolean attachments;
+
+ private ArrayList headers = new ArrayList();
+
+ private boolean signedParts;
+
+ public SignedEncryptedParts(boolean signedParts, int version) {
+ this.signedParts = signedParts;
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the body.
+ */
+ public boolean isBody() {
+ return body;
+ }
+
+ /**
+ * @param body The body to set.
+ */
+ public void setBody(boolean body) {
+ this.body = body;
+ }
+
+ /**
+ * @return Returns the attachments.
+ */
+ public boolean isAttachments() {
+ return attachments;
+ }
+
+ /**
+ * @param attachments The attachments to set.
+ */
+ public void setAttachments(boolean attachments) {
+ this.attachments = attachments;
+ }
+
+ /**
+ * @return Returns the headers.
+ */
+ public ArrayList getHeaders() {
+ return this.headers;
+ }
+
+ /**
+ * @param headers The headers to set.
+ */
+ public void addHeader(Header header) {
+ this.headers.add(header);
+ }
+
+ /**
+ * @return Returns the signedParts.
+ */
+ public boolean isSignedParts() {
+ return signedParts;
+ }
+
+ public QName getName() {
+ if (signedParts) {
+ if ( version == SPConstants.SP_V12) {
+ return SP12Constants.SIGNED_PARTS;
+ } else {
+ return SP11Constants.SIGNED_PARTS;
+ }
+ }
+
+ if ( version == SPConstants.SP_V12) {
+ return SP12Constants.ENCRYPTED_PARTS;
+ } else {
+ return SP11Constants.ENCRYPTED_PARTS;
+ }
+
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:SignedParts> | <sp:EncryptedParts>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ if (isBody()) {
+ // <sp:Body />
+ writer.writeStartElement(prefix, SPConstants.BODY, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ Header header;
+ for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
+ header = (Header) iterator.next();
+ // <sp:Header Name=".." Namespace=".." />
+ writer.writeStartElement(prefix, SPConstants.HEADER, namespaceURI);
+ // Name attribute is optional
+ if (header.getName() != null) {
+ writer.writeAttribute("Name", header.getName());
+ }
+ writer.writeAttribute("Namespace", header.getNamespace());
+
+ writer.writeEndElement();
+ }
+
+ if (isAttachments() && version == SPConstants.SP_V12) {
+ // <sp:Attachments />
+ writer.writeStartElement(prefix, SPConstants.ATTACHMENTS, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </sp:SignedParts> | </sp:EncryptedParts>
+ writer.writeEndElement();
+ }
+
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java
new file mode 100644
index 0000000..b982614
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java
@@ -0,0 +1,296 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class SupportingToken extends AbstractSecurityAssertion implements
+ AlgorithmWrapper, TokenWrapper {
+
+ /**
+ * Type of SupportingToken
+ *
+ * @see SupportingToken#SUPPORTING
+ * @see SupportingToken#ENDORSING
+ * @see SupportingToken#SIGNED
+ * @see SupportingToken#SIGNED_ENDORSING
+ */
+ private int type;
+
+ private AlgorithmSuite algorithmSuite;
+
+ private ArrayList tokens = new ArrayList();
+
+ private SignedEncryptedElements signedElements;
+
+ private SignedEncryptedElements encryptedElements;
+
+ private SignedEncryptedParts signedParts;
+
+ private SignedEncryptedParts encryptedParts;
+
+ public SupportingToken(int type, int version ) {
+ this.type = type;
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the algorithmSuite.
+ */
+ public AlgorithmSuite getAlgorithmSuite() {
+ return algorithmSuite;
+ }
+
+ /**
+ * @param algorithmSuite
+ * The algorithmSuite to set.
+ */
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ /**
+ * @return Returns the token.
+ */
+ public ArrayList getTokens() {
+ return tokens;
+ }
+
+ /**
+ * @param token
+ * The token to set.
+ */
+ public void addToken(Token token) {
+ this.tokens.add(token);
+ }
+
+ /**
+ * @return Returns the type.
+ */
+ public int getTokenType() {
+ return type;
+ }
+
+ /**
+ * @param type
+ * The type to set.
+ */
+ public void setTokenType(int type) {
+ this.type = type;
+ }
+
+ /**
+ * @return Returns the encryptedElements.
+ */
+ public SignedEncryptedElements getEncryptedElements() {
+ return encryptedElements;
+ }
+
+ /**
+ * @param encryptedElements
+ * The encryptedElements to set.
+ */
+ public void setEncryptedElements(SignedEncryptedElements encryptedElements) {
+ this.encryptedElements = encryptedElements;
+ }
+
+ /**
+ * @return Returns the encryptedParts.
+ */
+ public SignedEncryptedParts getEncryptedParts() {
+ return encryptedParts;
+ }
+
+ /**
+ * @param encryptedParts
+ * The encryptedParts to set.
+ */
+ public void setEncryptedParts(SignedEncryptedParts encryptedParts) {
+ this.encryptedParts = encryptedParts;
+ }
+
+ /**
+ * @return Returns the signedElements.
+ */
+ public SignedEncryptedElements getSignedElements() {
+ return signedElements;
+ }
+
+ /**
+ * @param signedElements
+ * The signedElements to set.
+ */
+ public void setSignedElements(SignedEncryptedElements signedElements) {
+ this.signedElements = signedElements;
+ }
+
+ /**
+ * @return Returns the signedParts.
+ */
+ public SignedEncryptedParts getSignedParts() {
+ return signedParts;
+ }
+
+ /**
+ * @param signedParts
+ * The signedParts to set.
+ */
+ public void setSignedParts(SignedEncryptedParts signedParts) {
+ this.signedParts = signedParts;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.ws.security.policy.TokenWrapper#setToken(org.apache.ws.security.policy.Token)
+ */
+ public void setToken(Token tok) {
+ this.addToken(tok);
+ }
+
+ public QName getName() {
+ //TODO Should we refactor this class ?? with a SuppotingTokenBase and sub classes
+ switch (type) {
+ case SPConstants.SUPPORTING_TOKEN_SUPPORTING:
+ return version == SPConstants.SP_V12 ? SP12Constants.SUPPORTING_TOKENS :
+ SP11Constants.SUPPORTING_TOKENS;
+ case SPConstants.SUPPORTING_TOKEN_SIGNED:
+ return version == SPConstants.SP_V12 ? SP12Constants.SIGNED_SUPPORTING_TOKENS :
+ SP11Constants.SIGNED_SUPPORTING_TOKENS;
+ case SPConstants.SUPPORTING_TOKEN_ENDORSING:
+ return version == SPConstants.SP_V12 ? SP12Constants.ENDORSING_SUPPORTING_TOKENS :
+ SP11Constants.ENDORSING_SUPPORTING_TOKENS;
+ case SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ return version == SPConstants.SP_V12 ? SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS:
+ SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS;
+ case SPConstants.SUPPORTING_TOKEN_ENCRYPTED:
+ return SP12Constants.ENCRYPTED_SUPPORTING_TOKENS;
+
+ case SPConstants.SUPPORTING_TOKEN_SIGNED_ENCRYPTED:
+ return SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS;
+
+ case SPConstants.SUPPORTING_TOKEN_ENDORSING_ENCRYPTED:
+ return SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS;
+
+ case SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING_ENCRYPTED:
+ return SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS;
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * @return true if the supporting token should be encrypted
+ */
+
+ public boolean isEncryptedToken() {
+
+ switch (type) {
+ case SPConstants.SUPPORTING_TOKEN_SUPPORTING:
+ return false;
+ case SPConstants.SUPPORTING_TOKEN_SIGNED:
+ return false;
+ case SPConstants.SUPPORTING_TOKEN_ENDORSING:
+ return false;
+ case SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ return false;
+ case SPConstants.SUPPORTING_TOKEN_ENCRYPTED:
+ return true;
+ case SPConstants.SUPPORTING_TOKEN_SIGNED_ENCRYPTED:
+ return true;
+ case SPConstants.SUPPORTING_TOKEN_ENDORSING_ENCRYPTED:
+ return true;
+ case SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING_ENCRYPTED:
+ return true;
+ default:
+ return false;
+ }
+
+
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public short getType() {
+ return org.apache.neethi.Constants.TYPE_ASSERTION;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ String localname = getName().getLocalPart();
+
+ // <sp:SupportingToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
+ }
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(),
+ SPConstants.POLICY.getNamespaceURI());
+
+ Token token;
+ for (Iterator iterator = getTokens().iterator(); iterator.hasNext();) {
+ // [Token Assertion] +
+ token = (Token) iterator.next();
+ token.serialize(writer);
+ }
+
+
+ if (signedParts != null) {
+ signedParts.serialize(writer);
+
+ } else if (signedElements != null) {
+ signedElements.serialize(writer);
+
+ } else if (encryptedParts != null) {
+ encryptedParts.serialize(writer);
+
+ } else if (encryptedElements != null) {
+ encryptedElements.serialize(writer);
+ }
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ writer.writeEndElement();
+ // </sp:SupportingToken>
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java
new file mode 100644
index 0000000..5b9046e
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.ws.secpolicy.SPConstants;
+
+public abstract class SymmetricAsymmetricBindingBase extends Binding {
+
+ private String protectionOrder = SPConstants.SIGN_BEFORE_ENCRYPTING;
+
+ private boolean signatureProtection;
+
+ private boolean tokenProtection;
+
+ private boolean entireHeadersAndBodySignatures;
+
+ public SymmetricAsymmetricBindingBase(int version) {
+ super(version);
+ }
+
+ /**
+ * @return Returns the entireHeaderAndBodySignatures.
+ */
+ public boolean isEntireHeadersAndBodySignatures() {
+ return entireHeadersAndBodySignatures;
+ }
+
+ /**
+ * @param entireHeaderAndBodySignatures The entireHeaderAndBodySignatures to set.
+ */
+ public void setEntireHeadersAndBodySignatures(
+ boolean entireHeaderAndBodySignatures) {
+ this.entireHeadersAndBodySignatures = entireHeaderAndBodySignatures;
+ }
+
+ /**
+ * @return Returns the protectionOrder.
+ */
+ public String getProtectionOrder() {
+ return protectionOrder;
+ }
+
+ /**
+ * @param protectionOrder The protectionOrder to set.
+ */
+ public void setProtectionOrder(String protectionOrder) {
+ if(SPConstants.ENCRYPT_BEFORE_SIGNING.equals(protectionOrder) ||
+ SPConstants.SIGN_BEFORE_ENCRYPTING.equals(protectionOrder)) {
+ this.protectionOrder = protectionOrder;
+ } else {
+// throw new WSSPolicyException("Incorrect protection order value : "
+// + protectionOrder);
+ }
+ }
+
+ /**
+ * @return Returns the signatureProtection.
+ */
+ public boolean isSignatureProtection() {
+ return signatureProtection;
+ }
+
+ /**
+ * @param signatureProtection The signatureProtection to set.
+ */
+ public void setSignatureProtection(boolean signatureProtection) {
+ this.signatureProtection = signatureProtection;
+ }
+
+ /**
+ * @return Returns the tokenProtection.
+ */
+ public boolean isTokenProtection() {
+ return tokenProtection;
+ }
+
+ /**
+ * @param tokenProtection The tokenProtection to set.
+ */
+ public void setTokenProtection(boolean tokenProtection) {
+ this.tokenProtection = tokenProtection;
+ }
+
+
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java
new file mode 100644
index 0000000..bc068e7
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java
@@ -0,0 +1,241 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class SymmetricBinding extends SymmetricAsymmetricBindingBase {
+
+ private EncryptionToken encryptionToken;
+
+ private SignatureToken signatureToken;
+
+ private ProtectionToken protectionToken;
+
+ public SymmetricBinding(int version) {
+ super(version);
+ }
+
+ /**
+ * @return Returns the encryptionToken.
+ */
+ public EncryptionToken getEncryptionToken() {
+ return encryptionToken;
+ }
+
+ /**
+ * @param encryptionToken The encryptionToken to set.
+ */
+ public void setEncryptionToken(EncryptionToken encryptionToken) {
+ if(this.protectionToken != null) {
+// throw new WSSPolicyException("Cannot use an EncryptionToken in a " +
+// "SymmetricBinding when there is a ProtectionToken");
+ }
+ this.encryptionToken = encryptionToken;
+ }
+
+ /**
+ * @return Returns the protectionToken.
+ */
+ public ProtectionToken getProtectionToken() {
+ return protectionToken;
+ }
+
+ /**
+ * @param protectionToken The protectionToken to set.
+ */
+ public void setProtectionToken(ProtectionToken protectionToken) {
+ if(this.encryptionToken != null || this.signatureToken != null) {
+// throw new WSSPolicyException("Cannot use a ProtectionToken in a " +
+// "SymmetricBinding when there is a SignatureToken or an" +
+// "EncryptionToken");
+ }
+ this.protectionToken = protectionToken;
+ }
+
+ /**
+ * @return Returns the signatureToken.
+ */
+ public SignatureToken getSignatureToken() {
+ return signatureToken;
+ }
+
+ /**
+ * @param signatureToken The signatureToken to set.
+ */
+ public void setSignatureToken(SignatureToken signatureToken) {
+ if(this.protectionToken != null) {
+// throw new WSSPolicyException("Cannot use a SignatureToken in a " +
+// "SymmetricBinding when there is a ProtectionToken");
+ }
+ this.signatureToken = signatureToken;
+ }
+
+ public QName getName() {
+ if ( version == SPConstants.SP_V12) {
+ return SP12Constants.SYMMETRIC_BINDING;
+ } else {
+ return SP11Constants.SYMMETRIC_BINDING;
+ }
+
+ }
+
+ public PolicyComponent normalize() {
+ if (isNormalized()) {
+ return this;
+ }
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ List configurations = algorithmSuite.getConfigurations();
+
+ Policy policy = new Policy();
+ ExactlyOne exactlyOne = new ExactlyOne();
+
+ All wrapper;
+ SymmetricBinding symmetricBinding;
+
+ for (Iterator iterator = configurations.iterator(); iterator.hasNext();) {
+ wrapper = new All();
+ symmetricBinding = new SymmetricBinding(this.version);
+
+ algorithmSuite = (AlgorithmSuite) iterator.next();
+ symmetricBinding.setAlgorithmSuite(algorithmSuite);
+
+ symmetricBinding.setEncryptionToken(getEncryptionToken());
+ symmetricBinding.setEntireHeadersAndBodySignatures(isEntireHeadersAndBodySignatures());
+ symmetricBinding.setIncludeTimestamp(isIncludeTimestamp());
+ symmetricBinding.setLayout(getLayout());
+ symmetricBinding.setProtectionOrder(getProtectionOrder());
+ symmetricBinding.setProtectionToken(getProtectionToken());
+ symmetricBinding.setSignatureProtection(isSignatureProtection());
+ symmetricBinding.setSignatureToken(getSignatureToken());
+ symmetricBinding.setSignedEndorsingSupportingTokens(getSignedEndorsingSupportingTokens());
+ symmetricBinding.setSignedSupportingToken(getSignedSupportingToken());
+ symmetricBinding.setTokenProtection(isTokenProtection());
+
+ symmetricBinding.setNormalized(true);
+ wrapper.addPolicyComponent(symmetricBinding);
+ exactlyOne.addPolicyComponent(wrapper);
+ }
+
+ policy.addPolicyComponent(exactlyOne);
+ return policy;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix;
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:SymmetricBinding>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String policyLocalName = SPConstants.POLICY.getLocalPart();
+ String policyNamespaceURI = SPConstants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(policyNamespaceURI);
+ if (wspWriterPrefix == null) {
+ wspPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, policyNamespaceURI);
+
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, policyLocalName, policyNamespaceURI);
+
+ if (encryptionToken != null) {
+ encryptionToken.serialize(writer);
+
+ } else if ( protectionToken != null) {
+ protectionToken.serialize(writer);
+
+ } else {
+ throw new RuntimeException("Either EncryptionToken or ProtectionToken must be set");
+ }
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+
+ if (algorithmSuite == null) {
+ throw new RuntimeException("AlgorithmSuite must be set");
+ }
+ // <sp:AlgorithmSuite />
+ algorithmSuite.serialize(writer);
+
+ Layout layout = getLayout();
+ if (layout != null) {
+ // <sp:Layout />
+ layout.serialize(writer);
+ }
+
+ if (isIncludeTimestamp()) {
+ // <sp:IncludeTimestamp />
+ writer.writeStartElement(prefix, SPConstants.INCLUDE_TIMESTAMP, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(getProtectionOrder())) {
+ // <sp:EncryptBeforeSigning />
+ writer.writeStartElement(prefix, SPConstants.ENCRYPT_BEFORE_SIGNING, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isSignatureProtection()) {
+ // <sp:EncryptSignature />
+ writer.writeStartElement(prefix, SPConstants.ENCRYPT_SIGNATURE , namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if(isEntireHeadersAndBodySignatures()) {
+ writer.writeEmptyElement(prefix, SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY, namespaceURI);
+ }
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:SymmetricBinding>
+ writer.writeEndElement();
+
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java
new file mode 100644
index 0000000..6df1c8e
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.ws.secpolicy.SPConstants;
+
+public abstract class Token extends AbstractSecurityAssertion {
+
+ /**
+ * Inclusion property of a TokenAssertion
+ */
+ private int inclusion = SPConstants.INCLUDE_TOEKN_ALWAYS;
+
+ /**
+ * Whether to derive keys or not
+ */
+ private boolean derivedKeys;
+
+ private boolean impliedDerivedKeys;
+
+ private boolean explicitDerivedKeys;
+
+ /**
+ * @return Returns the inclusion.
+ */
+ public int getInclusion() {
+ return inclusion;
+ }
+
+ /**
+ * @param inclusion The inclusion to set.
+ */
+ public void setInclusion(int inclusion) {
+ if(SPConstants.INCLUDE_TOEKN_ALWAYS == inclusion ||
+ SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == inclusion ||
+ SPConstants.INCLUDE_TOEKN_ALWAYS_TO_INITIATOR == inclusion ||
+ SPConstants.INCLUDE_TOKEN_NEVER == inclusion ||
+ SPConstants.INCLUDE_TOKEN_ONCE == inclusion ) {
+ this.inclusion = inclusion;
+ } else {
+ //TODO replace this with a proper (WSSPolicyException) exception
+ throw new RuntimeException("Incorrect inclusion value: " + inclusion);
+ }
+ }
+
+ /**
+ * @return Returns the derivedKeys.
+ */
+ public boolean isDerivedKeys() {
+ return derivedKeys;
+ }
+
+ /**
+ * @param derivedKeys The derivedKeys to set.
+ */
+ public void setDerivedKeys(boolean derivedKeys) {
+ this.derivedKeys = derivedKeys;
+ }
+
+
+ public boolean isExplicitDerivedKeys() {
+ return explicitDerivedKeys;
+ }
+
+ public void setExplicitDerivedKeys(boolean explicitDerivedKeys) {
+ this.explicitDerivedKeys = explicitDerivedKeys;
+ }
+
+ public boolean isImpliedDerivedKeys() {
+ return impliedDerivedKeys;
+ }
+
+ public void setImpliedDerivedKeys(boolean impliedDerivedKeys) {
+ this.impliedDerivedKeys = impliedDerivedKeys;
+ }
+
+}
\ No newline at end of file
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java
new file mode 100644
index 0000000..1da62f7
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+public interface TokenWrapper {
+
+ public void setToken(Token tok);
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
new file mode 100644
index 0000000..ea1520b
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
@@ -0,0 +1,191 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+
+public class TransportBinding extends Binding {
+
+ private TransportToken transportToken;
+
+ private List transportBindings;
+
+ public TransportBinding(int version) {
+ super(version);
+ }
+ /**
+ * @return Returns the transportToken.
+ */
+ public TransportToken getTransportToken() {
+ return transportToken;
+ }
+
+ /**
+ * @param transportToken
+ * The transportToken to set.
+ */
+ public void setTransportToken(TransportToken transportToken) {
+ this.transportToken = transportToken;
+ }
+
+ public List getConfigurations() {
+ return transportBindings;
+ }
+
+ public TransportBinding getDefaultConfiguration() {
+ if (transportBindings != null) {
+ return (TransportBinding) transportBindings.get(0);
+ }
+ return null;
+ }
+
+ public void addConfiguration(TransportBinding transportBinding) {
+ if (transportBindings == null) {
+ transportBindings = new ArrayList();
+ }
+ transportBindings.add(transportBinding);
+ }
+
+ public QName getName() {
+ if (version == SPConstants.SP_V12) {
+ return SP12Constants.TRANSPORT_BINDING;
+ } else {
+ return SP11Constants.TRANSPORT_BINDING;
+ }
+ }
+
+ public PolicyComponent normalize() {
+ if (isNormalized()) {
+ return this;
+ }
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ List configurations = algorithmSuite.getConfigurations();
+
+ if (configurations != null && configurations.size() == 1) {
+ setNormalized(true);
+ return this;
+ }
+
+ Policy policy = new Policy();
+ ExactlyOne exactlyOne = new ExactlyOne();
+
+ All wrapper;
+ TransportBinding transportBinding;
+
+ for (Iterator iterator = configurations.iterator(); iterator.hasNext();) {
+ wrapper = new All();
+ transportBinding = new TransportBinding(this.getVersion());
+
+ algorithmSuite = (AlgorithmSuite) iterator.next();
+ transportBinding.setAlgorithmSuite(algorithmSuite);
+ transportBinding.setIncludeTimestamp(isIncludeTimestamp());
+ transportBinding.setLayout(getLayout());
+ transportBinding
+ .setSignedEndorsingSupportingTokens(getSignedEndorsingSupportingTokens());
+ transportBinding
+ .setSignedSupportingToken(getSignedSupportingToken());
+ transportBinding.setTransportToken(getTransportToken());
+
+ wrapper.addPolicyComponent(transportBinding);
+ exactlyOne.addPolicyComponent(wrapper);
+ }
+
+ policy.addPolicyComponent(exactlyOne);
+ return policy;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:TransportBinding>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+
+
+ if (transportToken == null) {
+ // TODO more meaningful exception
+ throw new RuntimeException("no TransportToken found");
+ }
+
+ // <sp:TransportToken>
+ transportToken.serialize(writer);
+ // </sp:TransportToken>
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ if (algorithmSuite == null) {
+ throw new RuntimeException("no AlgorithmSuite found");
+ }
+
+ // <sp:AlgorithmSuite>
+ algorithmSuite.serialize(writer);
+ // </sp:AlgorithmSuite>
+
+ Layout layout = getLayout();
+ if (layout != null) {
+ // <sp:Layout>
+ layout.serialize(writer);
+ // </sp:Layout>
+ }
+
+ if (isIncludeTimestamp()) {
+ // <sp:IncludeTimestamp>
+ writer.writeStartElement(prefix, SPConstants.INCLUDE_TIMESTAMP, namespaceURI);
+ writer.writeEndElement();
+ // </sp:IncludeTimestamp>
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:TransportBinding>
+ writer.writeEndElement();
+
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java
new file mode 100644
index 0000000..8d9963b
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java
@@ -0,0 +1,110 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+
+public class TransportToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token transportToken;
+
+ public TransportToken(int version){
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the transportToken.
+ */
+ public Token getTransportToken() {
+ return transportToken;
+ }
+
+ public QName getName() {
+ if ( version == SPConstants.SP_V12) {
+ return SP12Constants.TRANSPORT_TOKEN;
+ } else {
+ return SP11Constants.TRANSPORT_TOKEN;
+ }
+ }
+
+ public boolean isOptional() {
+ throw new UnsupportedOperationException();
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public short getType() {
+ return org.apache.neethi.Constants.TYPE_ASSERTION;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:TransportToken>
+
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ String wspPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
+ if (wspPrefix == null) {
+ wspPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, SPConstants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(SPConstants.POLICY.getPrefix(), SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+
+ // serialization of the token ..
+ if (transportToken != null) {
+ transportToken.serialize(writer);
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+
+ writer.writeEndElement();
+ // </sp:TransportToken>
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.ws.secpolicy.model.TokenWrapper#setToken(org.apache.ws.secpolicy.model.Token)
+ */
+ public void setToken(Token tok) {
+ this.transportToken = tok;
+ }
+
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java
new file mode 100644
index 0000000..264a7b5
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java
@@ -0,0 +1,204 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+
+/**
+ * Model bean to capture Trust10 assertion info
+ */
+public class Trust10 extends AbstractSecurityAssertion {
+
+ private boolean mustSupportClientChallenge;
+ private boolean mustSupportServerChallenge;
+ private boolean requireClientEntropy;
+ private boolean requireServerEntropy;
+ private boolean mustSupportIssuedTokens;
+
+ public Trust10(int version){
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the mustSupportClientChallenge.
+ */
+ public boolean isMustSupportClientChallenge() {
+ return mustSupportClientChallenge;
+ }
+
+ /**
+ * @param mustSupportClientChallenge The mustSupportClientChallenge to set.
+ */
+ public void setMustSupportClientChallenge(boolean mustSupportClientChallenge) {
+ this.mustSupportClientChallenge = mustSupportClientChallenge;
+ }
+
+ /**
+ * @return Returns the mustSupportIssuedTokens.
+ */
+ public boolean isMustSupportIssuedTokens() {
+ return mustSupportIssuedTokens;
+ }
+
+ /**
+ * @param mustSupportIssuedTokens The mustSupportIssuedTokens to set.
+ */
+ public void setMustSupportIssuedTokens(boolean mustSupportIssuedTokens) {
+ this.mustSupportIssuedTokens = mustSupportIssuedTokens;
+ }
+
+ /**
+ * @return Returns the mustSupportServerChallenge.
+ */
+ public boolean isMustSupportServerChallenge() {
+ return mustSupportServerChallenge;
+ }
+
+ /**
+ * @param mustSupportServerChallenge The mustSupportServerChallenge to set.
+ */
+ public void setMustSupportServerChallenge(boolean mustSupportServerChallenge) {
+ this.mustSupportServerChallenge = mustSupportServerChallenge;
+ }
+
+ /**
+ * @return Returns the requireClientEntropy.
+ */
+ public boolean isRequireClientEntropy() {
+ return requireClientEntropy;
+ }
+
+ /**
+ * @param requireClientEntropy The requireClientEntropy to set.
+ */
+ public void setRequireClientEntropy(boolean requireClientEntropy) {
+ this.requireClientEntropy = requireClientEntropy;
+ }
+
+ /**
+ * @return Returns the requireServerEntropy.
+ */
+ public boolean isRequireServerEntropy() {
+ return requireServerEntropy;
+ }
+
+ /**
+ * @param requireServerEntropy The requireServerEntropy to set.
+ */
+ public void setRequireServerEntropy(boolean requireServerEntropy) {
+ this.requireServerEntropy = requireServerEntropy;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#getName()
+ */
+ public QName getName() {
+ return SP11Constants.TRUST_10;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#isOptional()
+ */
+ public boolean isOptional() {
+ // TODO TODO Sanka
+ throw new UnsupportedOperationException("TODO Sanka");
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:Trust10>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String wspPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
+ if (wspPrefix == null) {
+ wspPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, SPConstants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(SPConstants.POLICY.getPrefix(), SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+
+ if (isMustSupportClientChallenge()) {
+ // <sp:MustSupportClientChallenge />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportServerChallenge()) {
+ // <sp:MustSupportServerChallenge />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireClientEntropy()) {
+ // <sp:RequireClientEntropy />
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_CLIENT_ENTROPY, namespaceURI);
+ writer.writeEndElement();
+ }
+
+
+ if (isRequireServerEntropy()) {
+ // <sp:RequireServerEntropy />
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_SERVER_ENTROPY, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportIssuedTokens()) {
+ // <sp:MustSupportIssuedTokens />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_ISSUED_TOKENS, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+
+ // </sp:Trust10>
+ writer.writeEndElement();
+
+
+
+
+ }
+
+ public short getType() {
+ return org.apache.neethi.Constants.TYPE_ASSERTION;
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust13.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust13.java
new file mode 100644
index 0000000..13e4088
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust13.java
@@ -0,0 +1,247 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+
+/**
+ * Model bean to capture Trust10 assertion info
+ */
+public class Trust13 extends AbstractSecurityAssertion {
+
+ private boolean mustSupportClientChallenge;
+ private boolean mustSupportServerChallenge;
+ private boolean requireClientEntropy;
+ private boolean requireServerEntropy;
+ private boolean mustSupportIssuedTokens;
+ private boolean requireRequestSecurityTokenCollection;
+ private boolean requireAppliesTo;
+
+ public Trust13(int version){
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the mustSupportClientChallenge.
+ */
+ public boolean isMustSupportClientChallenge() {
+ return mustSupportClientChallenge;
+ }
+
+ /**
+ * @param mustSupportClientChallenge The mustSupportClientChallenge to set.
+ */
+ public void setMustSupportClientChallenge(boolean mustSupportClientChallenge) {
+ this.mustSupportClientChallenge = mustSupportClientChallenge;
+ }
+
+ /**
+ * @return Returns the mustSupportIssuedTokens.
+ */
+ public boolean isMustSupportIssuedTokens() {
+ return mustSupportIssuedTokens;
+ }
+
+ /**
+ * @param mustSupportIssuedTokens The mustSupportIssuedTokens to set.
+ */
+ public void setMustSupportIssuedTokens(boolean mustSupportIssuedTokens) {
+ this.mustSupportIssuedTokens = mustSupportIssuedTokens;
+ }
+
+ /**
+ * @return Returns the mustSupportServerChallenge.
+ */
+ public boolean isMustSupportServerChallenge() {
+ return mustSupportServerChallenge;
+ }
+
+ /**
+ * @param mustSupportServerChallenge The mustSupportServerChallenge to set.
+ */
+ public void setMustSupportServerChallenge(boolean mustSupportServerChallenge) {
+ this.mustSupportServerChallenge = mustSupportServerChallenge;
+ }
+
+ /**
+ * @return Returns the requireClientEntropy.
+ */
+ public boolean isRequireClientEntropy() {
+ return requireClientEntropy;
+ }
+
+ /**
+ * @param requireClientEntropy The requireClientEntropy to set.
+ */
+ public void setRequireClientEntropy(boolean requireClientEntropy) {
+ this.requireClientEntropy = requireClientEntropy;
+ }
+
+ /**
+ * @return Returns the requireServerEntropy.
+ */
+ public boolean isRequireServerEntropy() {
+ return requireServerEntropy;
+ }
+
+ /**
+ * @param requireServerEntropy The requireServerEntropy to set.
+ */
+ public void setRequireServerEntropy(boolean requireServerEntropy) {
+ this.requireServerEntropy = requireServerEntropy;
+ }
+
+ /**
+ * @return Returns the requireRequestSecurityTokenCollection.
+ */
+ public boolean isRequireRequestSecurityTokenCollection() {
+ return requireRequestSecurityTokenCollection;
+ }
+
+ /**
+ * @param requireRequestSecurityTokenCollection The requireRequestSecurityTokenCollection to set.
+ */
+ public void setRequireRequestSecurityTokenCollection(boolean requireRequestSecurityTokenCollection) {
+ this.requireRequestSecurityTokenCollection = requireRequestSecurityTokenCollection;
+ }
+
+ /**
+ * @return Returns the requireAppliesTo.
+ */
+ public boolean isRequireAppliesTo() {
+ return requireAppliesTo;
+ }
+
+ /**
+ * @param requireAppliesTo The requireAppliesTo to set.
+ */
+ public void setRequireAppliesTo(boolean requireAppliesTo) {
+ this.requireAppliesTo = requireAppliesTo;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#getName()
+ */
+ public QName getName() {
+ return SP12Constants.TRUST_13;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#isOptional()
+ */
+ public boolean isOptional() {
+ // TODO TODO Sanka
+ throw new UnsupportedOperationException("TODO Sanka");
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:Trust13>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String wspPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
+
+ if (wspPrefix == null) {
+ wspPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, SPConstants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(SPConstants.POLICY.getPrefix(), SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+
+ if (isMustSupportClientChallenge()) {
+ // <sp:MustSupportClientChallenge />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportServerChallenge()) {
+ // <sp:MustSupportServerChallenge />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireClientEntropy()) {
+ // <sp:RequireClientEntropy />
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_CLIENT_ENTROPY, namespaceURI);
+ writer.writeEndElement();
+ }
+
+
+ if (isRequireServerEntropy()) {
+ // <sp:RequireServerEntropy />
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_SERVER_ENTROPY, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportIssuedTokens()) {
+ // <sp:MustSupportIssuedTokens />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_ISSUED_TOKENS, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireRequestSecurityTokenCollection()) {
+ // <sp:RequireRequestSecurityTokenCollection />
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireAppliesTo()) {
+ // <sp:RequireAppliesTo />
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_APPLIES_TO, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+
+ // </sp:Trust13>
+ writer.writeEndElement();
+
+
+
+
+ }
+
+ public short getType() {
+ return org.apache.neethi.Constants.TYPE_ASSERTION;
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java
new file mode 100644
index 0000000..1432dcb
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+
+public class UsernameToken extends Token {
+
+ private boolean useUTProfile10 = false;
+
+ private boolean useUTProfile11 = false;
+
+ private boolean noPassword;
+
+ private boolean hashPassword;
+
+ public UsernameToken(int version){
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the useUTProfile11.
+ */
+ public boolean isUseUTProfile11() {
+ return useUTProfile11;
+ }
+
+ /**
+ * @param useUTProfile11
+ * The useUTProfile11 to set.
+ */
+ public void setUseUTProfile11(boolean useUTProfile11) {
+ this.useUTProfile11 = useUTProfile11;
+ }
+
+ public boolean isNoPassword() {
+ return noPassword;
+ }
+
+ public void setNoPassword(boolean noPassword) {
+ this.noPassword = noPassword;
+ }
+
+ public boolean isHashPassword() {
+ return hashPassword;
+ }
+
+ public void setHashPassword(boolean hashPassword) {
+ this.hashPassword = hashPassword;
+ }
+
+ public boolean isUseUTProfile10() {
+ return useUTProfile10;
+ }
+
+ public void setUseUTProfile10(boolean useUTProfile10) {
+ this.useUTProfile10 = useUTProfile10;
+ }
+
+ public QName getName() {
+ if (version == SPConstants.SP_V12) {
+ return SP12Constants.USERNAME_TOKEN;
+ } else {
+ return SP11Constants.USERNAME_TOKEN;
+ }
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:UsernameToken
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String inclusion;
+
+ if (version == SPConstants.SP_V12) {
+ inclusion = SP12Constants.getAttributeValueFromInclusion(getInclusion());
+ } else {
+ inclusion = SP11Constants.getAttributeValueFromInclusion(getInclusion());
+ }
+
+ if (inclusion != null) {
+ writer.writeAttribute(prefix, namespaceURI, SPConstants.ATTR_INCLUDE_TOKEN, inclusion);
+ }
+
+ if (isUseUTProfile10() || isUseUTProfile11()) {
+ String pPrefix = writer.getPrefix(SPConstants.POLICY
+ .getNamespaceURI());
+ if (pPrefix == null) {
+ writer.setPrefix(SPConstants.POLICY.getPrefix(), SPConstants.POLICY
+ .getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(prefix, SPConstants.POLICY.getLocalPart(),
+ SPConstants.POLICY.getNamespaceURI());
+
+ // CHECKME
+ if (isUseUTProfile10()) {
+ // <sp:WssUsernameToken10 />
+ writer.writeStartElement(prefix, SPConstants.USERNAME_TOKEN10 , namespaceURI);
+ } else {
+ // <sp:WssUsernameToken11 />
+ writer.writeStartElement(prefix, SPConstants.USERNAME_TOKEN11 , namespaceURI);
+ }
+
+ if (version == SPConstants.SP_V12) {
+
+ if (isNoPassword()) {
+ writer.writeStartElement(prefix, SPConstants.NO_PASSWORD, namespaceURI);
+ writer.writeEndElement();
+ } else if (isHashPassword()){
+ writer.writeStartElement(prefix, SPConstants.HASH_PASSWORD, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isDerivedKeys()) {
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_DERIVED_KEYS, namespaceURI);
+ writer.writeEndElement();
+ } else if (isExplicitDerivedKeys()) {
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS, namespaceURI);
+ writer.writeEndElement();
+ } else if (isImpliedDerivedKeys()) {
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ }
+ writer.writeEndElement();
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ }
+
+ writer.writeEndElement();
+ // </sp:UsernameToken>
+
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java
new file mode 100644
index 0000000..7e46655
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class Wss10 extends AbstractSecurityAssertion {
+
+ private boolean mustSupportRefKeyIdentifier;
+ private boolean MustSupportRefIssuerSerial;
+ private boolean MustSupportRefExternalURI;
+ private boolean MustSupportRefEmbeddedToken;
+
+ public Wss10(int version) {
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the mustSupportRefEmbeddedToken.
+ */
+ public boolean isMustSupportRefEmbeddedToken() {
+ return MustSupportRefEmbeddedToken;
+ }
+ /**
+ * @param mustSupportRefEmbeddedToken The mustSupportRefEmbeddedToken to set.
+ */
+ public void setMustSupportRefEmbeddedToken(boolean mustSupportRefEmbeddedToken) {
+ MustSupportRefEmbeddedToken = mustSupportRefEmbeddedToken;
+ }
+ /**
+ * @return Returns the mustSupportRefExternalURI.
+ */
+ public boolean isMustSupportRefExternalURI() {
+ return MustSupportRefExternalURI;
+ }
+ /**
+ * @param mustSupportRefExternalURI The mustSupportRefExternalURI to set.
+ */
+ public void setMustSupportRefExternalURI(boolean mustSupportRefExternalURI) {
+ MustSupportRefExternalURI = mustSupportRefExternalURI;
+ }
+ /**
+ * @return Returns the mustSupportRefIssuerSerial.
+ */
+ public boolean isMustSupportRefIssuerSerial() {
+ return MustSupportRefIssuerSerial;
+ }
+ /**
+ * @param mustSupportRefIssuerSerial The mustSupportRefIssuerSerial to set.
+ */
+ public void setMustSupportRefIssuerSerial(boolean mustSupportRefIssuerSerial) {
+ MustSupportRefIssuerSerial = mustSupportRefIssuerSerial;
+ }
+ /**
+ * @return Returns the mustSupportRefKeyIdentifier.
+ */
+ public boolean isMustSupportRefKeyIdentifier() {
+ return mustSupportRefKeyIdentifier;
+ }
+ /**
+ * @param mustSupportRefKeyIdentifier The mustSupportRefKeyIdentifier to set.
+ */
+ public void setMustSupportRefKeyIdentifier(boolean mustSupportRefKeyIdentifier) {
+ this.mustSupportRefKeyIdentifier = mustSupportRefKeyIdentifier;
+ }
+
+ public QName getName() {
+ if ( version == SPConstants.SP_V12 ) {
+ return SP12Constants.WSS10;
+ } else {
+ return SP11Constants.WSS10;
+ }
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:Wss10>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ writer.setPrefix(SPConstants.POLICY.getPrefix(), SPConstants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(prefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+
+ if (isMustSupportRefKeyIdentifier()) {
+ // <sp:MustSupportRefKeyIdentifier />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefIssuerSerial()) {
+ // <sp:MustSupportRefIssuerSerial />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefExternalURI()) {
+ // <sp:MustSupportRefExternalURI />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefEmbeddedToken()) {
+ // <sp:MustSupportRefEmbeddedToken />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN, namespaceURI);
+ writer.writeEndElement();
+
+
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:Wss10>
+ writer.writeEndElement();
+
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java
new file mode 100644
index 0000000..04037d9
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class Wss11 extends Wss10 {
+
+ private boolean MustSupportRefThumbprint;
+ private boolean MustSupportRefEncryptedKey;
+ private boolean RequireSignatureConfirmation;
+
+ public Wss11(int version) {
+ super(version);
+ }
+
+ /**
+ * @return Returns the mustSupportRefEncryptedKey.
+ */
+ public boolean isMustSupportRefEncryptedKey() {
+ return MustSupportRefEncryptedKey;
+ }
+ /**
+ * @param mustSupportRefEncryptedKey The mustSupportRefEncryptedKey to set.
+ */
+ public void setMustSupportRefEncryptedKey(boolean mustSupportRefEncryptedKey) {
+ MustSupportRefEncryptedKey = mustSupportRefEncryptedKey;
+ }
+ /**
+ * @return Returns the mustSupportRefThumbprint.
+ */
+ public boolean isMustSupportRefThumbprint() {
+ return MustSupportRefThumbprint;
+ }
+ /**
+ * @param mustSupportRefThumbprint The mustSupportRefThumbprint to set.
+ */
+ public void setMustSupportRefThumbprint(boolean mustSupportRefThumbprint) {
+ MustSupportRefThumbprint = mustSupportRefThumbprint;
+ }
+ /**
+ * @return Returns the requireSignatureConfirmation.
+ */
+ public boolean isRequireSignatureConfirmation() {
+ return RequireSignatureConfirmation;
+ }
+ /**
+ * @param requireSignatureConfirmation The requireSignatureConfirmation to set.
+ */
+ public void setRequireSignatureConfirmation(boolean requireSignatureConfirmation) {
+ RequireSignatureConfirmation = requireSignatureConfirmation;
+ }
+
+ public QName getName() {
+ if ( version == SPConstants.SP_V12 ) {
+ return SP12Constants.WSS11;
+ } else {
+ return SP11Constants.WSS11;
+ }
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:Wss11>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ writer.setPrefix(SPConstants.POLICY.getPrefix(), SPConstants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(prefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+
+ // <sp:MustSupportRefKeyIndentifier />
+ if (isMustSupportRefKeyIdentifier()) {
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER , namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefIssuerSerial()) {
+ // <sp:MustSupportRefIssuerSerial />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL , namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefExternalURI()) {
+ // <sp:MustSupportRefExternalURI />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI , namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefEmbeddedToken()) {
+ // <sp:MustSupportRefEmbeddedToken />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN , namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefThumbprint()) {
+ // <sp:MustSupportRefThumbprint />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_THUMBPRINT , namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefEncryptedKey()) {
+ // <sp:MustSupportRefEncryptedKey />
+ writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY , namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireSignatureConfirmation()) {
+ // <sp:RequireSignatureConfirmation />
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION , namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:Wss11>
+ writer.writeEndElement();
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java
new file mode 100644
index 0000000..97f018a
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java
@@ -0,0 +1,228 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class X509Token extends Token {
+
+ private boolean requireKeyIdentifierReference;
+
+ private boolean requireIssuerSerialReference;
+
+ private boolean requireEmbeddedTokenReference;
+
+ private boolean requireThumbprintReference;
+
+ private String tokenVersionAndType = Constants.WSS_X509_V3_TOKEN10;
+
+ private String encryptionUser;
+
+ private String userCertAlias;
+
+ public String getEncryptionUser() {
+ return encryptionUser;
+ }
+
+ public void setEncryptionUser(String encryptionUser) {
+ this.encryptionUser = encryptionUser;
+ }
+
+ public String getUserCertAlias() {
+ return userCertAlias;
+ }
+
+ public void setUserCertAlias(String userCertAlias) {
+ this.userCertAlias = userCertAlias;
+ }
+
+ public X509Token(int version) {
+ setVersion(version);
+ }
+
+ /**
+ * @return Returns the requireEmbeddedTokenReference.
+ */
+ public boolean isRequireEmbeddedTokenReference() {
+ return requireEmbeddedTokenReference;
+ }
+
+ /**
+ * @param requireEmbeddedTokenReference The requireEmbeddedTokenReference to set.
+ */
+ public void setRequireEmbeddedTokenReference(
+ boolean requireEmbeddedTokenReference) {
+ this.requireEmbeddedTokenReference = requireEmbeddedTokenReference;
+ }
+
+ /**
+ * @return Returns the requireIssuerSerialReference.
+ */
+ public boolean isRequireIssuerSerialReference() {
+ return requireIssuerSerialReference;
+ }
+
+ /**
+ * @param requireIssuerSerialReference The requireIssuerSerialReference to set.
+ */
+ public void setRequireIssuerSerialReference(boolean requireIssuerSerialReference) {
+ this.requireIssuerSerialReference = requireIssuerSerialReference;
+ }
+
+ /**
+ * @return Returns the requireKeyIdentifierReference.
+ */
+ public boolean isRequireKeyIdentifierReference() {
+ return requireKeyIdentifierReference;
+ }
+
+ /**
+ * @param requireKeyIdentifierReference The requireKeyIdentifierReference to set.
+ */
+ public void setRequireKeyIdentifierReference(
+ boolean requireKeyIdentifierReference) {
+ this.requireKeyIdentifierReference = requireKeyIdentifierReference;
+ }
+
+ /**
+ * @return Returns the requireThumbprintReference.
+ */
+ public boolean isRequireThumbprintReference() {
+ return requireThumbprintReference;
+ }
+
+ /**
+ * @param requireThumbprintReference The requireThumbprintReference to set.
+ */
+ public void setRequireThumbprintReference(boolean requireThumbprintReference) {
+ this.requireThumbprintReference = requireThumbprintReference;
+ }
+
+ /**
+ * @return Returns the tokenVersionAndType.
+ */
+ public String getTokenVersionAndType() {
+ return tokenVersionAndType;
+ }
+
+ /**
+ * @param tokenVersionAndType The tokenVersionAndType to set.
+ */
+ public void setTokenVersionAndType(String tokenVersionAndType) {
+ this.tokenVersionAndType = tokenVersionAndType;
+ }
+
+ public QName getName() {
+ if ( version == SPConstants.SP_V12) {
+ return SP12Constants.X509_TOKEN;
+ } else {
+ return SP11Constants.X509_TOKEN;
+ }
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:X509Token>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ String inclusion;
+
+ if (version == SPConstants.SP_V12) {
+ inclusion = SP12Constants.getAttributeValueFromInclusion(getInclusion());
+ } else {
+ inclusion = SP11Constants.getAttributeValueFromInclusion(getInclusion());
+ }
+
+ if (inclusion != null) {
+ writer.writeAttribute(prefix, namespaceURI, SPConstants.ATTR_INCLUDE_TOKEN , inclusion);
+ }
+
+
+ String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+
+ if (isRequireKeyIdentifierReference()) {
+ // <sp:RequireKeyIdentifierReference />
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_KEY_IDENTIFIRE_REFERENCE, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireIssuerSerialReference()) {
+ // <sp:RequireIssuerSerialReference />
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_ISSUER_SERIAL_REFERENCE, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireEmbeddedTokenReference()) {
+ // <sp:RequireEmbeddedTokenReference />
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_EMBEDDED_TOKEN_REFERENCE, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireThumbprintReference()) {
+ // <sp:RequireThumbprintReference />
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_THUMBPRINT_REFERENCE, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (tokenVersionAndType != null) {
+ // <sp:WssX509V1Token10 /> | ..
+ writer.writeStartElement(prefix, tokenVersionAndType, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if(isDerivedKeys()) {
+ // <sp:RequireDerivedKeys/>
+ writer.writeStartElement(prefix, SPConstants.REQUIRE_DERIVED_KEYS, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:X509Token>
+ writer.writeEndElement();
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/AlgorithmSuiteBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/AlgorithmSuiteBuilder.java
new file mode 100644
index 0000000..f79a04f
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/AlgorithmSuiteBuilder.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+
+import javax.xml.namespace.QName;
+
+public class AlgorithmSuiteBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ AlgorithmSuite algorithmSuite = new AlgorithmSuite(SPConstants.SP_V11);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ Iterator iterAlterns = policy.getAlternatives();
+ List assertions = ((List) iterAlterns.next());
+
+ processAlternative(assertions, algorithmSuite);
+
+ return algorithmSuite;
+
+ }
+
+ private void processAlternative(List assertions, AlgorithmSuite algorithmSuite) {
+ Iterator iterator = assertions.iterator();
+ Assertion assertion = ((Assertion) iterator.next());
+ String name = assertion.getName().getLocalPart();
+ try {
+ algorithmSuite.setAlgorithmSuite(name);
+ } catch (WSSPolicyException e) {
+ throw new IllegalArgumentException(e);
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.ALGORITHM_SUITE};
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/AsymmetricBindingBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/AsymmetricBindingBuilder.java
new file mode 100644
index 0000000..dcf0503
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/AsymmetricBindingBuilder.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.AsymmetricBinding;
+import org.apache.ws.secpolicy.model.InitiatorToken;
+import org.apache.ws.secpolicy.model.Layout;
+import org.apache.ws.secpolicy.model.RecipientToken;
+
+public class AsymmetricBindingBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ AsymmetricBinding asymmetricBinding = new AsymmetricBinding(SPConstants.SP_V11);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), asymmetricBinding);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return asymmetricBinding;
+ }
+
+ private void processAlternative(List assertions, AsymmetricBinding asymmetricBinding) {
+
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (SP11Constants.INITIATOR_TOKEN.equals(name)) {
+ asymmetricBinding.setInitiatorToken((InitiatorToken) assertion);
+
+ } else if (SP11Constants.RECIPIENT_TOKEN.equals(name)){
+ asymmetricBinding.setRecipientToken((RecipientToken) assertion);
+
+ } else if (SP11Constants.ALGORITHM_SUITE.equals(name)) {
+ asymmetricBinding.setAlgorithmSuite((AlgorithmSuite) assertion);
+
+ } else if (SP11Constants.LAYOUT.equals(name)) {
+ asymmetricBinding.setLayout((Layout) assertion);
+
+ } else if (SP11Constants.INCLUDE_TIMESTAMP.equals(name)) {
+ asymmetricBinding.setIncludeTimestamp(true);
+
+ } else if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(name.getLocalPart())) {
+ asymmetricBinding.setProtectionOrder(SPConstants.ENCRYPT_BEFORE_SIGNING);
+
+ } else if (SPConstants.SIGN_BEFORE_ENCRYPTING.equals(name.getLocalPart())) {
+ asymmetricBinding.setProtectionOrder(SPConstants.SIGN_BEFORE_ENCRYPTING);
+
+ } else if (SPConstants.ENCRYPT_SIGNATURE.equals(name.getLocalPart())) {
+ asymmetricBinding.setSignatureProtection(true);
+
+ } else if (SPConstants.PROTECT_TOKENS.equals(name.getLocalPart())) {
+ asymmetricBinding.setTokenProtection(true);
+
+ } else if (SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY.equals(name.getLocalPart())) {
+ asymmetricBinding.setEntireHeadersAndBodySignatures(true);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[]{SP11Constants.ASYMMETRIC_BINDING};
+ }
+
+}
+
\ No newline at end of file
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java
new file mode 100644
index 0000000..edb8f2d
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+
+public class EncryptedElementsBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ SignedEncryptedElements signedEncryptedElements = new SignedEncryptedElements(false, SPConstants.SP_V11);
+
+ OMAttribute attribute = element.getAttribute(SP11Constants.ATTR_XPATH_VERSION);
+ if (attribute != null) {
+ signedEncryptedElements.setXPathVersion(attribute.getAttributeValue());
+ }
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedElements);
+ }
+
+ return signedEncryptedElements;
+ }
+
+
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.ENCRYPTED_ELEMENTS};
+ }
+
+
+
+ private void processElement(OMElement element, SignedEncryptedElements parent) {
+ if (SP11Constants.XPATH.equals(element.getQName())) {
+ parent.addXPathExpression(element.getText());
+ Iterator namespaces = element.getAllDeclaredNamespaces();
+ while (namespaces.hasNext()) {
+ OMNamespace nm = (OMNamespace) namespaces.next();
+ parent.addDeclaredNamespaces(nm.getNamespaceURI(), nm.getPrefix());
+ }
+ }
+ }
+
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedPartsBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedPartsBuilder.java
new file mode 100644
index 0000000..130f4a9
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedPartsBuilder.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+
+public class EncryptedPartsBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ SignedEncryptedParts signedEncryptedParts = new SignedEncryptedParts(false, SPConstants.SP_V11);
+
+ Iterator iterator = element.getChildElements();
+ if (iterator.hasNext()) {
+ for (; iterator.hasNext();) {
+ processElement((OMElement) iterator.next(),
+ signedEncryptedParts);
+ }
+ } else {
+ // If we have only <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ // then we need to encrypt the whole body (refer to http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826515).
+ signedEncryptedParts.setBody(true);
+ }
+
+ return signedEncryptedParts;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.ENCRYPTED_PARTS};
+ }
+
+ private void processElement(OMElement element, SignedEncryptedParts parent) {
+
+ QName name = element.getQName();
+
+ if (SP11Constants.HEADER.equals(name)) {
+ Header header = new Header();
+
+ OMAttribute nameAttribute = element.getAttribute(SPConstants.NAME);
+ if( nameAttribute != null ) {
+ header.setName(nameAttribute.getAttributeValue());
+ }
+
+ OMAttribute namespaceAttribute = element.getAttribute(SPConstants.NAMESPACE);
+ header.setNamespace(namespaceAttribute.getAttributeValue());
+
+ parent.addHeader(header);
+
+ } else if (SP11Constants.BODY.equals(name)) {
+ parent.setBody(true);
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/InitiatorTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/InitiatorTokenBuilder.java
new file mode 100644
index 0000000..33db538
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/InitiatorTokenBuilder.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.InitiatorToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class InitiatorTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ InitiatorToken initiatorToken = new InitiatorToken(SPConstants.SP_V11);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), initiatorToken);
+ break; // TODO process all the token that must be set ..
+ }
+
+ return initiatorToken;
+ }
+
+ private void processAlternative(List assertions, InitiatorToken parent) {
+
+ Object token;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ token = iterator.next();
+
+ if (token instanceof Token) {
+ parent.setInitiatorToken((Token) token);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.INITIATOR_TOKEN};
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/IssuedTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/IssuedTokenBuilder.java
new file mode 100644
index 0000000..fc2e1cb
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/IssuedTokenBuilder.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+
+import javax.xml.namespace.QName;
+
+import java.util.Iterator;
+import java.util.List;
+
+public class IssuedTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ IssuedToken issuedToken = new IssuedToken(SPConstants.SP_V11);
+
+ OMAttribute includeAttr = element.getAttribute(SP11Constants.INCLUDE_TOKEN);
+ if(includeAttr != null) {
+ issuedToken.setInclusion(SP11Constants.getInclusionFromAttributeValue(includeAttr.getAttributeValue()));
+ }
+ // Extract Issuer
+ OMElement issuerElem = element.getFirstChildWithName(SP11Constants.ISSUER);
+ if(issuerElem != null) {
+ OMElement issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Address"));
+
+ //try the other addressing namespace
+ if (issuerEpr == null) {
+ issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Address"));
+ }
+
+ issuedToken.setIssuerEpr(issuerEpr);
+ }
+
+ //TODO check why this returns an Address element
+ //iter = issuerElem.getChildrenWithLocalName("Metadata");
+
+ if (issuerElem != null ) {
+ OMElement issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Metadata"));
+
+ //try the other addressing namespace
+ if (issuerMex == null) {
+ issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Metadata"));
+ }
+
+ issuedToken.setIssuerMex(issuerMex);
+ }
+
+
+ // Extract RSTTemplate
+ OMElement rstTmplElem = element.getFirstChildWithName(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+ if (rstTmplElem != null) {
+ issuedToken.setRstTemplate(rstTmplElem);
+ }
+
+ OMElement policyElement = element.getFirstChildWithName(org.apache.neethi.Constants.Q_ELEM_POLICY);
+
+ if (policyElement != null) {
+
+ Policy policy = PolicyEngine.getPolicy(policyElement);
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator
+ .hasNext();) {
+ processAlternative((List) iterator.next(), issuedToken);
+ break; // since there should be only one alternative ..
+ }
+ }
+
+ return issuedToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] { SP11Constants.ISSUED_TOKEN };
+ }
+
+ private void processAlternative(List assertions, IssuedToken parent) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (SP11Constants.REQUIRE_DERIVED_KEYS.equals(name)) {
+ parent.setDerivedKeys(true);
+ } else if (SP11Constants.REQUIRE_EXTERNAL_REFERNCE.equals(name)) {
+ parent.setRequireExternalReference(true);
+ } else if (SP11Constants.REQUIRE_INTERNAL_REFERNCE.equals(name)) {
+ parent.setRequireInternalReference(true);
+ }
+ }
+
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/LayoutBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/LayoutBuilder.java
new file mode 100644
index 0000000..966caf3
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/LayoutBuilder.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.Layout;
+
+public class LayoutBuilder implements AssertionBuilder {
+
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ Layout layout = new Layout(SPConstants.SP_V11);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext(); ) {
+ processAlternative((List) iterator.next(), layout);
+ break; // there should be only one alternative
+ }
+
+ return layout;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.LAYOUT};
+ }
+
+ public void processAlternative(List assertions, Layout parent) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ Assertion assertion = (Assertion) iterator.next();
+ QName qname = assertion.getName();
+
+ if (SP11Constants.STRICT.equals(qname)) {
+ parent.setValue(SPConstants.LAYOUT_STRICT);
+ } else if (SP11Constants.LAX.equals(qname)) {
+ parent.setValue(SPConstants.LAYOUT_LAX);
+ } else if (SP11Constants.LAXTSFIRST.equals(qname)) {
+ parent.setValue(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST);
+ } else if (SP11Constants.LAXTSLAST.equals(qname)) {
+ parent.setValue(SPConstants.LAYOUT_LAX_TIMESTAMP_LAST);
+ }
+
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/ProtectionTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/ProtectionTokenBuilder.java
new file mode 100644
index 0000000..a53ce03
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/ProtectionTokenBuilder.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.ProtectionToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class ProtectionTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ ProtectionToken protectionToken = new ProtectionToken(SPConstants.SP_V11);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), protectionToken);
+ break; // since there should be only one alternative ..
+ }
+
+ return protectionToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.PROTECTION_TOKEN};
+ }
+
+ private void processAlternative(List assertions, ProtectionToken parent) {
+ Object token = assertions.get(0);
+
+ if (token instanceof Token) {
+ parent.setToken((Token) token);
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RecipientTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RecipientTokenBuilder.java
new file mode 100644
index 0000000..83f8c5c
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RecipientTokenBuilder.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.RecipientToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class RecipientTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ RecipientToken recipientToken = new RecipientToken(SPConstants.SP_V11);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), recipientToken);
+
+ /*
+ * for the moment we will pick the first token specified in the policy
+ */
+ break;
+ }
+
+ return recipientToken;
+ }
+
+ private void processAlternative(List assertions, RecipientToken parent) {
+
+ Assertion assertion;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+
+ if (assertion instanceof Token) {
+ parent.setToken((Token) assertion);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.RECIPIENT_TOKEN};
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RequiredElementsBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RequiredElementsBuilder.java
new file mode 100644
index 0000000..8ff78f9
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/RequiredElementsBuilder.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.model.RequiredElements;
+
+public class RequiredElementsBuilder implements AssertionBuilder {
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ RequiredElements requiredElements = new RequiredElements(SPConstants.SP_V11);
+ OMAttribute attrXPathVersion = element.getAttribute(SP11Constants.ATTR_XPATH_VERSION);
+
+ if (attrXPathVersion != null) {
+ requiredElements.setXPathVersion(attrXPathVersion.getAttributeValue());
+ }
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(),requiredElements);
+ }
+
+ return requiredElements;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.REQUIRED_ELEMENTS};
+ }
+
+ private void processElement(OMElement element, RequiredElements parent) {
+ QName name = element.getQName();
+ if (SP11Constants.XPATH.equals(name)) {
+ parent.addXPathExpression(element.getText());
+ Iterator namespaces = element.getAllDeclaredNamespaces();
+ while (namespaces.hasNext()) {
+ OMNamespace nm = (OMNamespace) namespaces.next();
+ parent.addDeclaredNamespaces(nm.getNamespaceURI(), nm.getPrefix());
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SecureConversationTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SecureConversationTokenBuilder.java
new file mode 100644
index 0000000..15dbc61
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SecureConversationTokenBuilder.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+
+public class SecureConversationTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ SecureConversationToken conversationToken = new SecureConversationToken(SPConstants.SP_V11);
+
+ OMAttribute attribute = element.getAttribute(SP11Constants.INCLUDE_TOKEN);
+ if (attribute == null) {
+ throw new IllegalArgumentException(
+ "SecurityContextToken doesn't contain any sp:IncludeToken attribute");
+ }
+
+ String inclusionValue = attribute.getAttributeValue().trim();
+
+ conversationToken.setInclusion(SP11Constants.getInclusionFromAttributeValue(inclusionValue));
+
+ OMElement issuer = element.getFirstChildWithName(SP11Constants.ISSUER);
+ if ( issuer != null) {
+ conversationToken.setIssuerEpr(issuer.getFirstElement());
+ }
+
+ element = element.getFirstChildWithName(SPConstants.POLICY);
+ if (element != null) {
+ if (element.getFirstChildWithName(SP11Constants.REQUIRE_DERIVED_KEYS) != null) {
+ conversationToken.setDerivedKeys(true);
+ }
+
+ if (element
+ .getFirstChildWithName(SP11Constants.REQUIRE_EXTERNAL_URI_REFERNCE) != null) {
+ conversationToken.setRequireExternalUriRef(true);
+ }
+
+ if (element
+ .getFirstChildWithName(SP11Constants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
+ conversationToken.setSc10SecurityContextToken(true);
+ }
+
+ OMElement bootstrapPolicyElement = element.getFirstChildWithName(SP11Constants.BOOTSTRAP_POLICY);
+ if (bootstrapPolicyElement != null) {
+ Policy policy = PolicyEngine.getPolicy(bootstrapPolicyElement.getFirstElement());
+ conversationToken.setBootstrapPolicy(policy);
+ }
+ }
+
+ return conversationToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.SECURE_CONVERSATION_TOKEN};
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SecurityContextTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SecurityContextTokenBuilder.java
new file mode 100644
index 0000000..5a6b773
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SecurityContextTokenBuilder.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.SecurityContextToken;
+
+import javax.xml.namespace.QName;
+
+public class SecurityContextTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ SecurityContextToken contextToken = new SecurityContextToken(SPConstants.SP_V11);
+
+ OMAttribute includeAttr = element.getAttribute(SP11Constants.INCLUDE_TOKEN);
+
+ if(includeAttr != null) {
+ int inclusion = SP11Constants.getInclusionFromAttributeValue(includeAttr.getAttributeValue());
+ contextToken.setInclusion(inclusion);
+ }
+
+ element = element.getFirstChildWithName(SPConstants.POLICY);
+
+ if (element != null) {
+
+ if (element.getFirstChildWithName(SP11Constants.REQUIRE_DERIVED_KEYS) != null) {
+ contextToken.setDerivedKeys(true);
+ }
+
+ if (element
+ .getFirstChildWithName(SP11Constants.REQUIRE_EXTERNAL_URI_REFERNCE) != null) {
+ contextToken.setRequireExternalUriRef(true);
+ }
+
+ if (element
+ .getFirstChildWithName(SP11Constants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
+ contextToken.setSc10SecurityContextToken(true);
+ }
+ }
+
+ return contextToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.SECURITY_CONTEXT_TOKEN};
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java
new file mode 100644
index 0000000..789f711
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+
+public class SignedElementsBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ SignedEncryptedElements signedEncryptedElements = new SignedEncryptedElements(true, SPConstants.SP_V11);
+ OMAttribute attrXPathVersion = element.getAttribute(SP11Constants.ATTR_XPATH_VERSION);
+
+ if (attrXPathVersion != null) {
+ signedEncryptedElements.setXPathVersion(attrXPathVersion.getAttributeValue());
+ }
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedElements);
+ }
+
+ return signedEncryptedElements;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.SIGNED_ELEMENTS};
+ }
+
+ private void processElement(OMElement element, SignedEncryptedElements parent) {
+ QName name = element.getQName();
+ if (SP11Constants.XPATH.equals(name)) {
+ parent.addXPathExpression(element.getText());
+ Iterator namespaces = element.getAllDeclaredNamespaces();
+ while (namespaces.hasNext()) {
+ OMNamespace nm = (OMNamespace) namespaces.next();
+ parent.addDeclaredNamespaces(nm.getNamespaceURI(), nm.getPrefix());
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedPartsBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedPartsBuilder.java
new file mode 100644
index 0000000..3461766
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedPartsBuilder.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+
+public class SignedPartsBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ SignedEncryptedParts signedEncryptedParts = new SignedEncryptedParts(true, SPConstants.SP_V11);
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedParts);
+ }
+
+ return signedEncryptedParts;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.SIGNED_PARTS};
+ }
+
+ private void processElement(OMElement element, SignedEncryptedParts parent) {
+
+ QName name = element.getQName();
+
+ if (SP11Constants.HEADER.equals(name)) {
+ Header header = new Header();
+
+ OMAttribute nameAttribute = element.getAttribute(SPConstants.NAME);
+ if( nameAttribute != null ) {
+ header.setName(nameAttribute.getAttributeValue());
+ }
+
+ OMAttribute namespaceAttribute = element.getAttribute(SPConstants.NAMESPACE);
+ header.setNamespace(namespaceAttribute.getAttributeValue());
+
+ parent.addHeader(header);
+
+ } else if (SP11Constants.BODY.equals(name)) {
+ parent.setBody(true);
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SupportingTokensBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SupportingTokensBuilder.java
new file mode 100644
index 0000000..73d7cdb
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SupportingTokensBuilder.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class SupportingTokensBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ QName name = element.getQName();
+ SupportingToken supportingToken = null;
+
+ if (SP11Constants.SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(SPConstants.SUPPORTING_TOKEN_SUPPORTING, SPConstants.SP_V11);
+ } else if (SP11Constants.SIGNED_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(SPConstants.SUPPORTING_TOKEN_SIGNED, SPConstants.SP_V11);
+ } else if (SP11Constants.ENDORSING_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(SPConstants.SUPPORTING_TOKEN_ENDORSING, SPConstants.SP_V11);
+ } else if (SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING, SPConstants.SP_V11);
+ }
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), supportingToken);
+ /*
+ * for the moment we will say there should be only one alternative
+ */
+ break;
+ }
+
+ return supportingToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] { SP11Constants.SUPPORTING_TOKENS,
+ SP11Constants.SIGNED_SUPPORTING_TOKENS,
+ SP11Constants.ENDORSING_SUPPORTING_TOKENS,
+ SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS};
+ }
+
+ private void processAlternative(List assertions, SupportingToken supportingToken) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+
+ Assertion primitive = (Assertion) iterator.next();
+ QName qname = primitive.getName();
+
+ if (SP11Constants.ALGORITHM_SUITE.equals(qname)) {
+ supportingToken.setAlgorithmSuite((AlgorithmSuite) primitive);
+
+ } else if (SP11Constants.SIGNED_PARTS.equals(qname)) {
+ supportingToken
+ .setSignedParts((SignedEncryptedParts) primitive);
+
+ } else if (SP11Constants.SIGNED_ELEMENTS.equals(qname)) {
+ supportingToken
+ .setSignedElements((SignedEncryptedElements) primitive);
+
+ } else if (SP11Constants.ENCRYPTED_PARTS.equals(qname)) {
+ supportingToken
+ .setEncryptedParts((SignedEncryptedParts) primitive);
+
+ } else if (SP11Constants.ENCRYPTED_ELEMENTS.equals(qname)) {
+ supportingToken
+ .setEncryptedElements((SignedEncryptedElements) primitive);
+
+ } else if (primitive instanceof Token) {
+ supportingToken.addToken((Token) primitive);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SymmetricBindingBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SymmetricBindingBuilder.java
new file mode 100644
index 0000000..aef1171
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SymmetricBindingBuilder.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.Layout;
+import org.apache.ws.secpolicy.model.ProtectionToken;
+import org.apache.ws.secpolicy.model.SymmetricBinding;
+
+public class SymmetricBindingBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ SymmetricBinding symmetricBinding = new SymmetricBinding(SPConstants.SP_V11);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternatives((List) iterator.next(), symmetricBinding);
+
+ /*
+ * since there should be only one alternative ..
+ */
+ break;
+ }
+ return symmetricBinding;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.SYMMETRIC_BINDING};
+ }
+
+ private void processAlternatives(List assertions, SymmetricBinding symmetricBinding) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (SP11Constants.ALGORITHM_SUITE.equals(name)) {
+ symmetricBinding.setAlgorithmSuite((AlgorithmSuite) assertion);
+
+ } else if (SP11Constants.LAYOUT.equals(name)) {
+ symmetricBinding.setLayout((Layout) assertion);
+
+ } else if (SP11Constants.INCLUDE_TIMESTAMP.equals(name)) {
+ symmetricBinding.setIncludeTimestamp(true);
+
+ } else if (SP11Constants.PROTECTION_TOKEN.equals(name)) {
+ symmetricBinding.setProtectionToken((ProtectionToken) assertion);
+
+ } else if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(name.getLocalPart())) {
+ symmetricBinding.setProtectionOrder(SPConstants.ENCRYPT_BEFORE_SIGNING);
+
+ } else if (SPConstants.SIGN_BEFORE_ENCRYPTING.equals(name.getLocalPart())) {
+ symmetricBinding.setProtectionOrder(SPConstants.SIGN_BEFORE_ENCRYPTING);
+
+ } else if (SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY.equals(name.getLocalPart())) {
+ symmetricBinding.setEntireHeadersAndBodySignatures(true);
+ } else if (SP11Constants.ENCRYPT_SIGNATURE.equals(name)) {
+ symmetricBinding.setSignatureProtection(true);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/TransportBindingBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/TransportBindingBuilder.java
new file mode 100644
index 0000000..57f7ac1
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/TransportBindingBuilder.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.Layout;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.TransportBinding;
+import org.apache.ws.secpolicy.model.TransportToken;
+
+public class TransportBindingBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ TransportBinding transportBinding = new TransportBinding(SPConstants.SP_V11);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), transportBinding, factory);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return transportBinding;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.TRANSPORT_BINDING};
+ }
+
+ private void processAlternative(List assertionList, TransportBinding parent, AssertionBuilderFactory factory) {
+
+ for (Iterator iterator = assertionList.iterator(); iterator.hasNext(); ) {
+
+ Assertion primitive = (Assertion) iterator.next();
+ QName name = primitive.getName();
+
+ if (name.equals(SP11Constants.ALGORITHM_SUITE)) {
+ parent.setAlgorithmSuite((AlgorithmSuite) primitive);
+
+ } else if (name.equals(SP11Constants.TRANSPORT_TOKEN)) {
+ parent.setTransportToken(((TransportToken) primitive));
+
+ } else if (name.equals(SP11Constants.INCLUDE_TIMESTAMP)) {
+ parent.setIncludeTimestamp(true);
+
+ } else if (name.equals(SP11Constants.LAYOUT)) {
+ parent.setLayout((Layout) primitive);
+
+ } else if (name.equals(SP11Constants.SIGNED_SUPPORTING_TOKENS)) {
+ parent.setSignedSupportingToken((SupportingToken) primitive);
+
+ } else if (name.equals(SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS)) {
+ parent.setSignedEndorsingSupportingTokens((SupportingToken) primitive);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/TransportTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/TransportTokenBuilder.java
new file mode 100644
index 0000000..38865c2
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/TransportTokenBuilder.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.neethi.builders.xml.XmlPrimtiveAssertion;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.HttpsToken;
+import org.apache.ws.secpolicy.model.TransportToken;
+
+public class TransportTokenBuilder implements AssertionBuilder {
+
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ TransportToken transportToken = new TransportToken(SPConstants.SP_V11);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), transportToken);
+ break; // since there should be only one alternative
+ }
+
+ return transportToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.TRANSPORT_TOKEN};
+ }
+
+ private void processAlternative(List assertions, TransportToken parent) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ XmlPrimtiveAssertion primtive = (XmlPrimtiveAssertion) iterator.next();
+ QName qname = primtive.getName();
+
+ if (SP11Constants.HTTPS_TOKEN.equals(qname)) {
+ HttpsToken httpsToken = new HttpsToken(SPConstants.SP_V11);
+ OMAttribute attr = primtive.getValue().getAttribute(SPConstants.REQUIRE_CLIENT_CERTIFICATE);
+ if(attr != null) {
+ httpsToken.setRequireClientCertificate("true".equals(attr.getAttributeValue()));
+ }
+ parent.setToken(httpsToken);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/Trust10Builder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/Trust10Builder.java
new file mode 100644
index 0000000..57bb68d
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/Trust10Builder.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.Trust10;
+
+public class Trust10Builder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ element = element.getFirstChildWithName(SPConstants.POLICY);
+
+ if (element == null) {
+ throw new IllegalArgumentException(
+ "Trust10 assertion doesn't contain any Policy");
+ }
+
+ Trust10 trust10 = new Trust10(SPConstants.SP_V11);
+
+ if (element
+ .getFirstChildWithName(SP11Constants.MUST_SUPPORT_CLIENT_CHALLENGE) != null) {
+ trust10.setMustSupportClientChallenge(true);
+ }
+
+ if (element
+ .getFirstChildWithName(SP11Constants.MUST_SUPPORT_SERVER_CHALLENGE) != null) {
+ trust10.setMustSupportServerChallenge(true);
+ }
+
+ if (element.getFirstChildWithName(SP11Constants.REQUIRE_CLIENT_ENTROPY) != null) {
+ trust10.setRequireClientEntropy(true);
+ }
+
+ if (element.getFirstChildWithName(SP11Constants.REQUIRE_SERVER_ENTROPY) != null) {
+ trust10.setRequireServerEntropy(true);
+ }
+
+ if (element.getFirstChildWithName(SP11Constants.MUST_SUPPORT_ISSUED_TOKENS) != null) {
+ trust10.setMustSupportIssuedTokens(true);
+ }
+
+ return trust10;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.TRUST_10};
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
new file mode 100644
index 0000000..959b1a3
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.UsernameToken;
+
+public class UsernameTokenBuilder implements AssertionBuilder {
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ UsernameToken usernameToken = new UsernameToken(SPConstants.SP_V11);
+
+ OMAttribute attribute = element.getAttribute(SP11Constants.INCLUDE_TOKEN);
+
+ if(attribute != null) {
+ int inclusion = SP11Constants.getInclusionFromAttributeValue(attribute.getAttributeValue());
+ usernameToken.setInclusion(inclusion);
+ }
+
+ OMElement policyElement = element.getFirstElement();
+
+ if (policyElement != null && !policyElement.getQName().equals(org.apache.neethi.Constants.Q_ELEM_POLICY)) {
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), usernameToken);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+ }
+
+ return usernameToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.USERNAME_TOKEN};
+ }
+
+ private void processAlternative(List assertions, UsernameToken parent) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ Assertion assertion = (Assertion) iterator.next();
+ QName qname = assertion.getName();
+
+ if (SP11Constants.WSS_USERNAME_TOKEN10.equals(qname)) {
+ parent.setUseUTProfile10(true);
+
+ } else if (SP11Constants.WSS_USERNAME_TOKEN11.equals(qname)) {
+ parent.setUseUTProfile11(true);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/WSS10Builder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/WSS10Builder.java
new file mode 100644
index 0000000..f9af42b
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/WSS10Builder.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.Wss10;
+
+public class WSS10Builder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ Wss10 wss10 = new Wss10(SPConstants.SP_V11);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), wss10);
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return wss10;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.WSS10};
+ }
+
+ private void processAlternative(List assertions, Wss10 parent) {
+
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext(); ) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (SP11Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER.equals(name)) {
+ parent.setMustSupportRefKeyIdentifier(true);
+
+ } else if (SP11Constants.MUST_SUPPORT_REF_ISSUER_SERIAL.equals(name)) {
+ parent.setMustSupportRefIssuerSerial(true);
+
+ } else if (SP11Constants.MUST_SUPPORT_REF_EXTERNAL_URI.equals(name)) {
+ parent.setMustSupportRefExternalURI(true);
+
+ } else if (SP11Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.equals(name)) {
+ parent.setMustSupportRefEmbeddedToken(true);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/WSS11Builder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/WSS11Builder.java
new file mode 100644
index 0000000..90cf6ce
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/WSS11Builder.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.Wss11;
+
+public class WSS11Builder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ Wss11 wss11 = new Wss11(SPConstants.SP_V11);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), wss11);
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return wss11;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.WSS11};
+ }
+
+ private void processAlternative(List assertions, Wss11 parent) {
+
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (SP11Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER.equals(name)) {
+ parent.setMustSupportRefKeyIdentifier(true);
+
+ } else if (SP11Constants.MUST_SUPPORT_REF_ISSUER_SERIAL.equals(name)) {
+ parent.setMustSupportRefIssuerSerial(true);
+
+ } else if (SP11Constants.MUST_SUPPORT_REF_EXTERNAL_URI.equals(name)) {
+ parent.setMustSupportRefExternalURI(true);
+
+ } else if (SP11Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.equals(name)) {
+ parent.setMustSupportRefEmbeddedToken(true);
+
+ } else if (SP11Constants.MUST_SUPPORT_REF_THUMBPRINT.equals(name)) {
+ parent.setMustSupportRefThumbprint(true);
+
+ } else if (SP11Constants.MUST_SUPPORT_REF_ENCRYPTED_KEY.equals(name)) {
+ parent.setMustSupportRefEncryptedKey(true);
+
+ } else if (SP11Constants.REQUIRE_SIGNATURE_CONFIRMATION.equals(name)) {
+ parent.setRequireSignatureConfirmation(true);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
new file mode 100644
index 0000000..5679832
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.X509Token;
+
+public class X509TokenBuilder implements AssertionBuilder {
+
+ public final static String USER_CERT_ALIAS_LN = "userCertAlias";
+
+ public final static String ENCRYPTION_USER_LN = "encryptionUser";
+
+ public static final QName RAMPART_CONFIG = new QName("http://ws.apache.org/rampart/policy",
+ "RampartConfig");
+
+ public static final QName USER_CERT_ALIAS = new QName("http://ws.apache.org/rampart/policy",
+ USER_CERT_ALIAS_LN);
+
+ public static final QName ENCRYPTION_USER = new QName("http://ws.apache.org/rampart/policy",
+ ENCRYPTION_USER_LN);
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ X509Token x509Token = new X509Token(SPConstants.SP_V11);
+
+ OMElement policyElement = element.getFirstElement();
+
+ //Process token inclusion
+ OMAttribute includeAttr = element.getAttribute(SP11Constants.INCLUDE_TOKEN);
+
+ if(includeAttr != null) {
+ int inclusion = SP11Constants.getInclusionFromAttributeValue(includeAttr.getAttributeValue());
+ x509Token.setInclusion(inclusion);
+ }
+
+ if (policyElement != null) {
+
+ if (policyElement.getFirstChildWithName(SP11Constants.REQUIRE_DERIVED_KEYS) != null) {
+ x509Token.setDerivedKeys(true);
+ }
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator
+ .hasNext();) {
+ processAlternative((List) iterator.next(), x509Token);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+ }
+
+ if (x509Token != null && policyElement != null) {
+ OMElement ramp = null;
+ ramp = policyElement.getFirstChildWithName(RAMPART_CONFIG);
+ if (ramp != null) {
+ OMElement child = null;
+ if ((child = ramp.getFirstChildWithName(USER_CERT_ALIAS)) != null) {
+ x509Token.setUserCertAlias(child.getText());
+ }
+ if ((child = ramp.getFirstChildWithName(ENCRYPTION_USER)) != null) {
+ x509Token.setEncryptionUser(child.getText());
+ }
+ }
+ }
+
+ return x509Token;
+ }
+
+ private void processAlternative(List assertions, X509Token parent) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (SP11Constants.REQUIRE_KEY_IDENTIFIRE_REFERENCE.equals(name)) {
+ parent.setRequireKeyIdentifierReference(true);
+
+ } else if (SP11Constants.REQUIRE_ISSUER_SERIAL_REFERENCE.equals(name)) {
+ parent.setRequireIssuerSerialReference(true);
+
+ } else if (SP11Constants.REQUIRE_EMBEDDED_TOKEN_REFERENCE.equals(name)) {
+ parent.setRequireEmbeddedTokenReference(true);
+
+ } else if (SP11Constants.REQUIRE_THUMBPRINT_REFERENCE.equals(name)) {
+ parent.setRequireThumbprintReference(true);
+
+ } else if (SP11Constants.WSS_X509_V1_TOKEN_10.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_V1_TOKEN10);
+
+ } else if (SP11Constants.WSS_X509_V1_TOKEN_11.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_V1_TOKEN11);
+
+ } else if (SP11Constants.WSS_X509_V3_TOKEN_10.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_V3_TOKEN10);
+
+ } else if (SP11Constants.WSS_X509_V3_TOKEN_11.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_V3_TOKEN11);
+
+ } else if (SP11Constants.WSS_X509_PKCS7_TOKEN_10.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_PKCS7_TOKEN10);
+
+ } else if (SP11Constants.WSS_X509_PKCS7_TOKEN_11.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_PKCS7_TOKEN11);
+
+ } else if (SP11Constants.WSS_X509_PKI_PATH_V1_TOKEN_10.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_PKI_PATH_V1_TOKEN10);
+
+ } else if (SP11Constants.WSS_X509_PKI_PATH_V1_TOKEN_11.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_PKI_PATH_V1_TOKEN11);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP11Constants.X509_TOKEN};
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/AlgorithmSuiteBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/AlgorithmSuiteBuilder.java
new file mode 100755
index 0000000..9e9662c
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/AlgorithmSuiteBuilder.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+
+import javax.xml.namespace.QName;
+
+public class AlgorithmSuiteBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ AlgorithmSuite algorithmSuite = new AlgorithmSuite(SPConstants.SP_V12);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ Iterator iterAlterns = policy.getAlternatives();
+ List assertions = ((List) iterAlterns.next());
+
+ processAlternative(assertions, algorithmSuite);
+
+ return algorithmSuite;
+
+ }
+
+ private void processAlternative(List assertions, AlgorithmSuite algorithmSuite) {
+ Iterator iterator = assertions.iterator();
+ Assertion assertion = ((Assertion) iterator.next());
+ String name = assertion.getName().getLocalPart();
+ try {
+ algorithmSuite.setAlgorithmSuite(name);
+ } catch (WSSPolicyException e) {
+ throw new IllegalArgumentException(e);
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.ALGORITHM_SUITE};
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/AsymmetricBindingBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/AsymmetricBindingBuilder.java
new file mode 100755
index 0000000..9936585
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/AsymmetricBindingBuilder.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.AsymmetricBinding;
+import org.apache.ws.secpolicy.model.InitiatorToken;
+import org.apache.ws.secpolicy.model.Layout;
+import org.apache.ws.secpolicy.model.RecipientToken;
+
+public class AsymmetricBindingBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ AsymmetricBinding asymmetricBinding = new AsymmetricBinding(SPConstants.SP_V12);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), asymmetricBinding);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return asymmetricBinding;
+ }
+
+ private void processAlternative(List assertions, AsymmetricBinding asymmetricBinding) {
+
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (SP12Constants.INITIATOR_TOKEN.equals(name)) {
+ asymmetricBinding.setInitiatorToken((InitiatorToken) assertion);
+
+ } else if (SP12Constants.RECIPIENT_TOKEN.equals(name)){
+ asymmetricBinding.setRecipientToken((RecipientToken) assertion);
+
+ } else if (SP12Constants.ALGORITHM_SUITE.equals(name)) {
+ asymmetricBinding.setAlgorithmSuite((AlgorithmSuite) assertion);
+
+ } else if (SP12Constants.LAYOUT.equals(name)) {
+ asymmetricBinding.setLayout((Layout) assertion);
+
+ } else if (SP12Constants.INCLUDE_TIMESTAMP.equals(name)) {
+ asymmetricBinding.setIncludeTimestamp(true);
+
+ } else if (SP12Constants.ENCRYPT_BEFORE_SIGNING.equals(name)) {
+ asymmetricBinding.setProtectionOrder(SPConstants.ENCRYPT_BEFORE_SIGNING);
+
+ } else if (SP12Constants.SIGN_BEFORE_ENCRYPTING.equals(name)) {
+ asymmetricBinding.setProtectionOrder(SPConstants.SIGN_BEFORE_ENCRYPTING);
+
+ } else if (SP12Constants.ENCRYPT_SIGNATURE.equals(name)) {
+ asymmetricBinding.setSignatureProtection(true);
+
+ } else if (SP12Constants.PROTECT_TOKENS.equals(name)) {
+ asymmetricBinding.setTokenProtection(true);
+
+ } else if (SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY
+ .equals(name.getLocalPart())) {
+ asymmetricBinding.setEntireHeadersAndBodySignatures(true);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[]{SP12Constants.ASYMMETRIC_BINDING};
+ }
+
+}
+
\ No newline at end of file
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ContentEncryptedElementsBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ContentEncryptedElementsBuilder.java
new file mode 100644
index 0000000..77e5c14
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ContentEncryptedElementsBuilder.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.ContentEncryptedElements;
+
+public class ContentEncryptedElementsBuilder implements AssertionBuilder {
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ ContentEncryptedElements contentEncryptedElements = new ContentEncryptedElements(SPConstants.SP_V12);
+ OMAttribute attrXPathVersion = element.getAttribute(SP12Constants.ATTR_XPATH_VERSION);
+
+ if (attrXPathVersion != null) {
+ contentEncryptedElements.setXPathVersion(attrXPathVersion.getAttributeValue());
+ }
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(),contentEncryptedElements);
+ }
+
+ return contentEncryptedElements;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.CONTENT_ENCRYPTED_ELEMENTS};
+ }
+
+ private void processElement(OMElement element, ContentEncryptedElements parent) {
+ QName name = element.getQName();
+ if (SP12Constants.XPATH.equals(name)) {
+ parent.addXPathExpression(element.getText());
+ Iterator namespaces = element.getAllDeclaredNamespaces();
+ while (namespaces.hasNext()) {
+ OMNamespace nm = (OMNamespace) namespaces.next();
+ parent.addDeclaredNamespaces(nm.getNamespaceURI(), nm.getPrefix());
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java
new file mode 100755
index 0000000..ba52374
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+
+public class EncryptedElementsBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ SignedEncryptedElements signedEncryptedElements = new SignedEncryptedElements(false, SPConstants.SP_V12);
+
+ OMAttribute attribute = element.getAttribute(SP12Constants.ATTR_XPATH_VERSION);
+ if (attribute != null) {
+ signedEncryptedElements.setXPathVersion(attribute.getAttributeValue());
+ }
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedElements);
+ }
+
+ return signedEncryptedElements;
+ }
+
+
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.ENCRYPTED_ELEMENTS};
+ }
+
+
+
+ private void processElement(OMElement element, SignedEncryptedElements parent) {
+ if (SP12Constants.XPATH.equals(element.getQName())) {
+ parent.addXPathExpression(element.getText());
+ Iterator namespaces = element.getAllDeclaredNamespaces();
+ while (namespaces.hasNext()) {
+ OMNamespace nm = (OMNamespace) namespaces.next();
+ parent.addDeclaredNamespaces(nm.getNamespaceURI(), nm.getPrefix());
+ }
+ }
+ }
+
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedPartsBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedPartsBuilder.java
new file mode 100755
index 0000000..4be24bc
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedPartsBuilder.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+
+public class EncryptedPartsBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ SignedEncryptedParts signedEncryptedParts = new SignedEncryptedParts(false, SPConstants.SP_V12);
+
+ Iterator iterator = element.getChildElements();
+ if (iterator.hasNext()) {
+ for (; iterator.hasNext();) {
+ processElement((OMElement) iterator.next(),
+ signedEncryptedParts);
+ }
+ } else {
+ // If we have only <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ // then we need to encrypt the whole body (refer to http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826515).
+ signedEncryptedParts.setBody(true);
+ }
+
+ return signedEncryptedParts;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.ENCRYPTED_PARTS};
+ }
+
+ private void processElement(OMElement element, SignedEncryptedParts parent) {
+
+ QName name = element.getQName();
+
+ if (SP12Constants.HEADER.equals(name)) {
+ Header header = new Header();
+
+ OMAttribute nameAttribute = element.getAttribute(SPConstants.NAME);
+ if( nameAttribute != null ) {
+ header.setName(nameAttribute.getAttributeValue());
+ }
+
+ OMAttribute namespaceAttribute = element.getAttribute(SPConstants.NAMESPACE);
+ header.setNamespace(namespaceAttribute.getAttributeValue());
+
+ parent.addHeader(header);
+
+ } else if (SP12Constants.BODY.equals(name)) {
+ parent.setBody(true);
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/HttpsTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/HttpsTokenBuilder.java
new file mode 100644
index 0000000..d7c58b8
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/HttpsTokenBuilder.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.neethi.builders.xml.XmlPrimtiveAssertion;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.HttpsToken;
+
+/**
+ * This is a standard assertion builder implementation for the https token
+ * as specified by the ws security policy 1.2 specification. In order for this builder to be used
+ * it is required that the security policy namespace uri is {@link SP12Constants#SP_NS}
+ * The builder will handle
+ * <ul>
+ * <li><code>HttpBasicAuthentication</code></li>
+ * <li><code>HttpDigestAuthentication</code></li>
+ * <li><code>RequireClientCertificate</code></li>
+ * </ul>
+ * alternatives in the HttpsToken considering both cases whether the policy is normalized or not.
+ *
+ */
+public class HttpsTokenBuilder implements AssertionBuilder {
+
+ /**
+ * {@inheritDoc}
+ */
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ HttpsToken httpsToken = new HttpsToken(SPConstants.SP_V12);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), httpsToken);
+ break; // since there should be only one alternative
+ }
+
+ return httpsToken;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.HTTPS_TOKEN};
+ }
+
+ /**
+ * Process policy alternatives inside the HttpsToken element.
+ * Essentially this method will search for<br>
+ * <ul>
+ * <li><code>HttpBasicAuthentication</code></li>
+ * <li><code>HttpDigestAuthentication</code></li>
+ * <li><code>RequireClientCertificate</code></li>
+ * </ul>
+ * elements.
+ * @param assertions the list of assertions to be searched through.
+ * @param parent the https token, that is to be populated with retrieved data.
+ */
+ private void processAlternative(List assertions, HttpsToken parent) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ XmlPrimtiveAssertion primtive = (XmlPrimtiveAssertion) iterator.next();
+ QName qname = primtive.getName();
+
+ if (qname != null) {
+ if (SP12Constants.HTTP_BASIC_AUTHENTICATION.equals(qname)) {
+ parent.setHttpBasicAuthentication(true);
+ } else if (SP12Constants.HTTP_DIGEST_AUTHENTICATION.equals(qname)) {
+ parent.setHttpDigestAuthentication(true);
+ } else if (SP12Constants.REQUIRE_CLIENT_CERTIFICATE.equals(qname)) {
+ parent.setRequireClientCertificate(true);
+ }
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/InitiatorTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/InitiatorTokenBuilder.java
new file mode 100755
index 0000000..62f39c4
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/InitiatorTokenBuilder.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.InitiatorToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class InitiatorTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ InitiatorToken initiatorToken = new InitiatorToken(SPConstants.SP_V12);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), initiatorToken);
+ break; // TODO process all the token that must be set ..
+ }
+
+ return initiatorToken;
+ }
+
+ private void processAlternative(List assertions, InitiatorToken parent) {
+
+ Object token;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ token = iterator.next();
+
+ if (token instanceof Token) {
+ parent.setInitiatorToken((Token) token);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.INITIATOR_TOKEN};
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/IssuedTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/IssuedTokenBuilder.java
new file mode 100755
index 0000000..a5de315
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/IssuedTokenBuilder.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+
+import javax.xml.namespace.QName;
+
+import java.util.Iterator;
+import java.util.List;
+
+public class IssuedTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ IssuedToken issuedToken = new IssuedToken(SPConstants.SP_V12);
+
+ OMAttribute includeAttr = element.getAttribute(SP12Constants.INCLUDE_TOKEN);
+ if(includeAttr != null) {
+ int inclusion = SP12Constants.getInclusionFromAttributeValue(includeAttr.getAttributeValue());
+ issuedToken.setInclusion(inclusion);
+ }
+ // Extract Issuer
+ OMElement issuerElem = element.getFirstChildWithName(SP12Constants.ISSUER);
+
+ if(issuerElem != null) {
+ OMElement issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Address"));
+
+ //try the other addressing namespace
+ if (issuerEpr == null) {
+ issuerEpr = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Address"));
+ }
+
+ issuedToken.setIssuerEpr(issuerEpr);
+ }
+
+ //TODO check why this returns an Address element
+ //iter = issuerElem.getChildrenWithLocalName("Metadata");
+
+ if (issuerElem != null ) {
+ OMElement issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Metadata"));
+
+ //try the other addressing namespace
+ if (issuerMex == null) {
+ issuerMex = issuerElem.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Metadata"));
+ }
+
+ issuedToken.setIssuerMex(issuerMex);
+ }
+
+ // Extract RSTTemplate
+ OMElement rstTmplElem = element.getFirstChildWithName(SP12Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+ if (rstTmplElem != null) {
+ issuedToken.setRstTemplate(rstTmplElem);
+ }
+
+ OMElement policyElement = element.getFirstChildWithName(org.apache.neethi.Constants.Q_ELEM_POLICY);
+
+ if (policyElement != null) {
+
+ Policy policy = PolicyEngine.getPolicy(policyElement);
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator
+ .hasNext();) {
+ processAlternative((List) iterator.next(), issuedToken);
+ break; // since there should be only one alternative ..
+ }
+ }
+
+ return issuedToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] { SP12Constants.ISSUED_TOKEN };
+ }
+
+ private void processAlternative(List assertions, IssuedToken parent) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (SP12Constants.REQUIRE_DERIVED_KEYS.equals(name)) {
+ parent.setDerivedKeys(true);
+ } else if (SP12Constants.REQUIRE_EXTERNAL_REFERNCE.equals(name)) {
+ parent.setRequireExternalReference(true);
+ } else if (SP12Constants.REQUIRE_INTERNAL_REFERNCE.equals(name)) {
+ parent.setRequireInternalReference(true);
+ }
+ }
+
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/LayoutBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/LayoutBuilder.java
new file mode 100755
index 0000000..ed2ae8c
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/LayoutBuilder.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.Layout;
+
+public class LayoutBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ Layout layout = new Layout(SPConstants.SP_V12);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext(); ) {
+ processAlternative((List) iterator.next(), layout);
+ break; // there should be only one alternative
+ }
+
+ return layout;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.LAYOUT};
+ }
+
+ public void processAlternative(List assertions, Layout parent) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ Assertion assertion = (Assertion) iterator.next();
+ QName qname = assertion.getName();
+
+ if (SP12Constants.STRICT.equals(qname)) {
+ parent.setValue(SPConstants.LAYOUT_STRICT);
+ } else if (SP12Constants.LAX.equals(qname)) {
+ parent.setValue(SPConstants.LAYOUT_LAX);
+ } else if (SP12Constants.LAXTSFIRST.equals(qname)) {
+ parent.setValue(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST);
+ } else if (SP12Constants.LAXTSLAST.equals(qname)) {
+ parent.setValue(SPConstants.LAYOUT_LAX_TIMESTAMP_LAST);
+ }
+
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ProtectionTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ProtectionTokenBuilder.java
new file mode 100755
index 0000000..8c44556
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/ProtectionTokenBuilder.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.ProtectionToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class ProtectionTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ ProtectionToken protectionToken = new ProtectionToken(SPConstants.SP_V12);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), protectionToken);
+ break; // since there should be only one alternative ..
+ }
+
+ return protectionToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.PROTECTION_TOKEN};
+ }
+
+ private void processAlternative(List assertions, ProtectionToken parent) {
+ Object token = assertions.get(0);
+
+ if (token instanceof Token) {
+ parent.setToken((Token) token);
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RecipientTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RecipientTokenBuilder.java
new file mode 100755
index 0000000..fc16639
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RecipientTokenBuilder.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.RecipientToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class RecipientTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ RecipientToken recipientToken = new RecipientToken(SPConstants.SP_V12);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), recipientToken);
+
+ /*
+ * for the moment we will pick the first token specified in the policy
+ */
+ break;
+ }
+
+ return recipientToken;
+ }
+
+ private void processAlternative(List assertions, RecipientToken parent) {
+
+ Assertion assertion;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+
+ if (assertion instanceof Token) {
+ parent.setToken((Token) assertion);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.RECIPIENT_TOKEN};
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredElementsBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredElementsBuilder.java
new file mode 100644
index 0000000..5c1dc6f
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredElementsBuilder.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.ContentEncryptedElements;
+import org.apache.ws.secpolicy.model.RequiredElements;
+
+public class RequiredElementsBuilder implements AssertionBuilder {
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ RequiredElements requiredElements = new RequiredElements(SPConstants.SP_V12);
+ OMAttribute attrXPathVersion = element.getAttribute(SP12Constants.ATTR_XPATH_VERSION);
+
+ if (attrXPathVersion != null) {
+ requiredElements.setXPathVersion(attrXPathVersion.getAttributeValue());
+ }
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(),requiredElements);
+ }
+
+ return requiredElements;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.REQUIRED_ELEMENTS};
+ }
+
+ private void processElement(OMElement element, RequiredElements parent) {
+ QName name = element.getQName();
+ if (SP12Constants.XPATH.equals(name)) {
+ parent.addXPathExpression(element.getText());
+ Iterator namespaces = element.getAllDeclaredNamespaces();
+ while (namespaces.hasNext()) {
+ OMNamespace nm = (OMNamespace) namespaces.next();
+ parent.addDeclaredNamespaces(nm.getNamespaceURI(), nm.getPrefix());
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredPartsBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredPartsBuilder.java
new file mode 100644
index 0000000..030e491
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/RequiredPartsBuilder.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.RequiredParts;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+
+public class RequiredPartsBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ RequiredParts requiredParts = new RequiredParts(SPConstants.SP_V12);
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), requiredParts);
+ }
+
+ return requiredParts;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.REQUIRED_PARTS};
+ }
+
+ private void processElement(OMElement element, RequiredParts parent) {
+
+ QName name = element.getQName();
+
+ if (SP12Constants.HEADER.equals(name)) {
+ Header header = new Header();
+
+ OMAttribute nameAttribute = element.getAttribute(SPConstants.NAME);
+ if( nameAttribute != null ) {
+ header.setName(nameAttribute.getAttributeValue());
+ }
+
+ OMAttribute namespaceAttribute = element.getAttribute(SPConstants.NAMESPACE);
+ header.setNamespace(namespaceAttribute.getAttributeValue());
+
+ parent.addHeader(header);
+
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SecureConversationTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SecureConversationTokenBuilder.java
new file mode 100755
index 0000000..00a7be0
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SecureConversationTokenBuilder.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+
+public class SecureConversationTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ SecureConversationToken conversationToken = new SecureConversationToken(SPConstants.SP_V12);
+
+ OMAttribute attribute = element.getAttribute(SP12Constants.INCLUDE_TOKEN);
+ if (attribute == null) {
+ throw new IllegalArgumentException(
+ "SecurityContextToken doesn't contain any sp:IncludeToken attribute");
+ }
+
+ String inclusionValue = attribute.getAttributeValue().trim();
+
+ conversationToken.setInclusion(SP12Constants.getInclusionFromAttributeValue(inclusionValue));
+
+ OMElement issuer = element.getFirstChildWithName(SP12Constants.ISSUER);
+ if ( issuer != null) {
+ conversationToken.setIssuerEpr(issuer.getFirstElement());
+ }
+
+ element = element.getFirstChildWithName(SPConstants.POLICY);
+ if (element != null) {
+ if (element.getFirstChildWithName(SP12Constants.REQUIRE_DERIVED_KEYS) != null) {
+ conversationToken.setDerivedKeys(true);
+ } else if (element.getFirstChildWithName(SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS) != null) {
+ conversationToken.setImpliedDerivedKeys(true);
+ } else if (element.getFirstChildWithName(SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS) != null) {
+ conversationToken.setExplicitDerivedKeys(true);
+ }
+
+ if (element
+ .getFirstChildWithName(SP12Constants.REQUIRE_EXTERNAL_URI_REFERNCE) != null) {
+ conversationToken.setRequireExternalUriRef(true);
+ }
+
+ if (element
+ .getFirstChildWithName(SP12Constants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
+ conversationToken.setSc10SecurityContextToken(true);
+ }
+
+ OMElement bootstrapPolicyElement = element.getFirstChildWithName(SP12Constants.BOOTSTRAP_POLICY);
+ if (bootstrapPolicyElement != null) {
+ Policy policy = PolicyEngine.getPolicy(bootstrapPolicyElement.getFirstElement());
+ conversationToken.setBootstrapPolicy(policy);
+ }
+ }
+
+ return conversationToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.SECURE_CONVERSATION_TOKEN};
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SecurityContextTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SecurityContextTokenBuilder.java
new file mode 100755
index 0000000..5b6ba09
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SecurityContextTokenBuilder.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.SecurityContextToken;
+
+import javax.xml.namespace.QName;
+
+public class SecurityContextTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ SecurityContextToken contextToken = new SecurityContextToken(SPConstants.SP_V12);
+
+ OMAttribute includeAttr = element.getAttribute(SP12Constants.INCLUDE_TOKEN);
+ if(includeAttr != null) {
+ int inclusion = SP12Constants.getInclusionFromAttributeValue(includeAttr.getAttributeValue());
+ contextToken.setInclusion(inclusion);
+ }
+
+ element = element.getFirstChildWithName(SPConstants.POLICY);
+
+ if (element != null) {
+
+ if (element.getFirstChildWithName(SP12Constants.REQUIRE_DERIVED_KEYS) != null) {
+ contextToken.setDerivedKeys(true);
+ }
+
+ if (element
+ .getFirstChildWithName(SP12Constants.REQUIRE_EXTERNAL_URI_REFERNCE) != null) {
+ contextToken.setRequireExternalUriRef(true);
+ }
+
+ if (element
+ .getFirstChildWithName(SP12Constants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
+ contextToken.setSc10SecurityContextToken(true);
+ }
+ }
+
+ return contextToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.SECURITY_CONTEXT_TOKEN};
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
new file mode 100755
index 0000000..57322a2
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+
+public class SignedElementsBuilder implements AssertionBuilder {
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ SignedEncryptedElements signedEncryptedElements = new SignedEncryptedElements(true, SPConstants.SP_V12);
+ OMAttribute attrXPathVersion = element.getAttribute(SP12Constants.ATTR_XPATH_VERSION);
+
+ if (attrXPathVersion != null) {
+ signedEncryptedElements.setXPathVersion(attrXPathVersion.getAttributeValue());
+ }
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedElements);
+ }
+
+ return signedEncryptedElements;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.SIGNED_ELEMENTS};
+ }
+
+ private void processElement(OMElement element, SignedEncryptedElements parent) {
+ QName name = element.getQName();
+ if (SP12Constants.XPATH.equals(name)) {
+ parent.addXPathExpression(element.getText());
+ Iterator namespaces = element.getAllDeclaredNamespaces();
+ while (namespaces.hasNext()) {
+ OMNamespace nm = (OMNamespace) namespaces.next();
+ parent.addDeclaredNamespaces(nm.getNamespaceURI(), nm.getPrefix());
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedPartsBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedPartsBuilder.java
new file mode 100755
index 0000000..23ebf28
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedPartsBuilder.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+
+public class SignedPartsBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ SignedEncryptedParts signedEncryptedParts = new SignedEncryptedParts(true, SPConstants.SP_V12);
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedParts);
+ }
+
+ return signedEncryptedParts;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.SIGNED_PARTS};
+ }
+
+ private void processElement(OMElement element, SignedEncryptedParts parent) {
+
+ QName name = element.getQName();
+
+ if (SP12Constants.HEADER.equals(name)) {
+ Header header = new Header();
+
+ OMAttribute nameAttribute = element.getAttribute(SPConstants.NAME);
+ if( nameAttribute != null ) {
+ header.setName(nameAttribute.getAttributeValue());
+ }
+
+ OMAttribute namespaceAttribute = element.getAttribute(SPConstants.NAMESPACE);
+ header.setNamespace(namespaceAttribute.getAttributeValue());
+
+ parent.addHeader(header);
+
+ } else if (SP12Constants.BODY.equals(name)) {
+ parent.setBody(true);
+ } else if (SPConstants.ATTACHMENTS.equals(name.getLocalPart())){
+ parent.setAttachments(true);
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SupportingTokensBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SupportingTokensBuilder.java
new file mode 100755
index 0000000..dcb11b7
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SupportingTokensBuilder.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class SupportingTokensBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ QName name = element.getQName();
+ SupportingToken supportingToken = null;
+
+ if (SP12Constants.SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ SPConstants.SUPPORTING_TOKEN_SUPPORTING, SPConstants.SP_V12);
+ } else if (SP12Constants.SIGNED_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ SPConstants.SUPPORTING_TOKEN_SIGNED, SPConstants.SP_V12);
+ } else if (SP12Constants.ENDORSING_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ SPConstants.SUPPORTING_TOKEN_ENDORSING, SPConstants.SP_V12);
+ } else if (SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING, SPConstants.SP_V12);
+ } else if (SP12Constants.ENCRYPTED_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ SPConstants.SUPPORTING_TOKEN_ENCRYPTED, SPConstants.SP_V12);
+ } else if (SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ SPConstants.SUPPORTING_TOKEN_SIGNED_ENCRYPTED, SPConstants.SP_V12);
+ } else if (SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ SPConstants.SUPPORTING_TOKEN_ENDORSING_ENCRYPTED, SPConstants.SP_V12);
+ } else if (SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING_ENCRYPTED, SPConstants.SP_V12);
+ }
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), supportingToken);
+ /*
+ * for the moment we will say there should be only one alternative
+ */
+ break;
+ }
+
+ return supportingToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] { SP12Constants.SUPPORTING_TOKENS,
+ SP12Constants.SIGNED_SUPPORTING_TOKENS,
+ SP12Constants.ENDORSING_SUPPORTING_TOKENS,
+ SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS,
+ SP12Constants.ENCRYPTED_SUPPORTING_TOKENS,
+ SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS,
+ SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS,
+ SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS
+ };
+ }
+
+ private void processAlternative(List assertions, SupportingToken supportingToken) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+
+ Assertion primitive = (Assertion) iterator.next();
+ QName qname = primitive.getName();
+
+ if (SP12Constants.ALGORITHM_SUITE.equals(qname)) {
+ supportingToken.setAlgorithmSuite((AlgorithmSuite) primitive);
+
+ } else if (SP12Constants.SIGNED_PARTS.equals(qname)) {
+ supportingToken
+ .setSignedParts((SignedEncryptedParts) primitive);
+
+ } else if (SP12Constants.SIGNED_ELEMENTS.equals(qname)) {
+ supportingToken
+ .setSignedElements((SignedEncryptedElements) primitive);
+
+ } else if (SP12Constants.ENCRYPTED_PARTS.equals(qname)) {
+ supportingToken
+ .setEncryptedParts((SignedEncryptedParts) primitive);
+
+ } else if (SP12Constants.ENCRYPTED_ELEMENTS.equals(qname)) {
+ supportingToken
+ .setEncryptedElements((SignedEncryptedElements) primitive);
+
+ } else if (primitive instanceof Token) {
+ supportingToken.addToken((Token) primitive);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SymmetricBindingBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SymmetricBindingBuilder.java
new file mode 100755
index 0000000..0be06c7
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SymmetricBindingBuilder.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.Layout;
+import org.apache.ws.secpolicy.model.ProtectionToken;
+import org.apache.ws.secpolicy.model.SymmetricBinding;
+
+public class SymmetricBindingBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ SymmetricBinding symmetricBinding = new SymmetricBinding(SPConstants.SP_V12);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternatives((List) iterator.next(), symmetricBinding);
+
+ /*
+ * since there should be only one alternative ..
+ */
+ break;
+ }
+ return symmetricBinding;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.SYMMETRIC_BINDING};
+ }
+
+ private void processAlternatives(List assertions, SymmetricBinding symmetricBinding) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (SP12Constants.ALGORITHM_SUITE.equals(name)) {
+ symmetricBinding.setAlgorithmSuite((AlgorithmSuite) assertion);
+
+ } else if (SP12Constants.LAYOUT.equals(name)) {
+ symmetricBinding.setLayout((Layout) assertion);
+
+ } else if (SP12Constants.INCLUDE_TIMESTAMP.equals(name)) {
+ symmetricBinding.setIncludeTimestamp(true);
+
+ } else if (SP12Constants.PROTECTION_TOKEN.equals(name)) {
+ symmetricBinding.setProtectionToken((ProtectionToken) assertion);
+
+ } else if (SP12Constants.ENCRYPT_BEFORE_SIGNING.equals(name)) {
+ symmetricBinding.setProtectionOrder(SPConstants.ENCRYPT_BEFORE_SIGNING);
+
+ } else if (SP12Constants.SIGN_BEFORE_ENCRYPTING.equals(name)) {
+ symmetricBinding.setProtectionOrder(SPConstants.SIGN_BEFORE_ENCRYPTING);
+
+ } else if (SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY.equals(name)) {
+ symmetricBinding.setEntireHeadersAndBodySignatures(true);
+ } else if (SP12Constants.ENCRYPT_SIGNATURE.equals(name)) {
+ symmetricBinding.setSignatureProtection(true);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportBindingBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportBindingBuilder.java
new file mode 100755
index 0000000..c980616
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportBindingBuilder.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.Layout;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.TransportBinding;
+import org.apache.ws.secpolicy.model.TransportToken;
+
+public class TransportBindingBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ TransportBinding transportBinding = new TransportBinding(SPConstants.SP_V12);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), transportBinding, factory);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return transportBinding;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.TRANSPORT_BINDING};
+ }
+
+ private void processAlternative(List assertionList, TransportBinding parent, AssertionBuilderFactory factory) {
+
+ for (Iterator iterator = assertionList.iterator(); iterator.hasNext(); ) {
+
+ Assertion primitive = (Assertion) iterator.next();
+ QName name = primitive.getName();
+
+ if (name.equals(SP12Constants.ALGORITHM_SUITE)) {
+ parent.setAlgorithmSuite((AlgorithmSuite) primitive);
+
+ } else if (name.equals(SP12Constants.TRANSPORT_TOKEN)) {
+ parent.setTransportToken(((TransportToken) primitive));
+
+ } else if (name.equals(SP12Constants.INCLUDE_TIMESTAMP)) {
+ parent.setIncludeTimestamp(true);
+
+ } else if (name.equals(SP12Constants.LAYOUT)) {
+ parent.setLayout((Layout) primitive);
+
+ } else if (name.equals(SP12Constants.SIGNED_SUPPORTING_TOKENS)) {
+ parent.setSignedSupportingToken((SupportingToken) primitive);
+
+ } else if (name.equals(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS)) {
+ parent.setSignedEndorsingSupportingTokens((SupportingToken) primitive);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportTokenBuilder.java
new file mode 100755
index 0000000..8b4ea77
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportTokenBuilder.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.neethi.builders.xml.XmlPrimtiveAssertion;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.HttpsToken;
+import org.apache.ws.secpolicy.model.TransportToken;
+
+public class TransportTokenBuilder implements AssertionBuilder {
+
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ TransportToken transportToken = new TransportToken(SPConstants.SP_V12);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), transportToken);
+ break; // since there should be only one alternative
+ }
+
+ return transportToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.TRANSPORT_TOKEN};
+ }
+
+ private void processAlternative(List assertions, TransportToken parent) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ XmlPrimtiveAssertion primtive = (XmlPrimtiveAssertion) iterator.next();
+ QName qname = primtive.getName();
+
+ if (SP12Constants.HTTPS_TOKEN.equals(qname)) {
+ HttpsToken httpsToken = new HttpsToken(SPConstants.SP_V12);
+
+ OMElement element = primtive.getValue().getFirstChildWithName(SPConstants.POLICY);
+
+ if (element != null) {
+ OMElement child = element.getFirstElement();
+ if (child != null) {
+ if (SP12Constants.HTTP_BASIC_AUTHENTICATION.equals(child.getQName())) {
+ httpsToken.setHttpBasicAuthentication(true);
+ } else if (SP12Constants.HTTP_DIGEST_AUTHENTICATION.equals(child.getQName())) {
+ httpsToken.setHttpDigestAuthentication(true);
+ } else if (SP12Constants.REQUIRE_CLIENT_CERTIFICATE.equals(child.getQName())) {
+ httpsToken.setRequireClientCertificate(true);
+ }
+ }
+ }
+
+ parent.setToken(httpsToken);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/Trust13Builder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/Trust13Builder.java
new file mode 100755
index 0000000..40245fd
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/Trust13Builder.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.Trust13;
+
+public class Trust13Builder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ element = element.getFirstChildWithName(SPConstants.POLICY);
+
+ if (element == null) {
+ throw new IllegalArgumentException(
+ "Trust10 assertion doesn't contain any Policy");
+ }
+
+ Trust13 trust13 = new Trust13(SPConstants.SP_V12);
+
+ if (element
+ .getFirstChildWithName(SP12Constants.MUST_SUPPORT_CLIENT_CHALLENGE) != null) {
+ trust13.setMustSupportClientChallenge(true);
+ }
+
+ if (element
+ .getFirstChildWithName(SP12Constants.MUST_SUPPORT_SERVER_CHALLENGE) != null) {
+ trust13.setMustSupportServerChallenge(true);
+ }
+
+ if (element.getFirstChildWithName(SP12Constants.REQUIRE_CLIENT_ENTROPY) != null) {
+ trust13.setRequireClientEntropy(true);
+ }
+
+ if (element.getFirstChildWithName(SP12Constants.REQUIRE_SERVER_ENTROPY) != null) {
+ trust13.setRequireServerEntropy(true);
+ }
+
+ if (element.getFirstChildWithName(SP12Constants.MUST_SUPPORT_ISSUED_TOKENS) != null) {
+ trust13.setMustSupportIssuedTokens(true);
+ }
+
+ if (element.getFirstChildWithName(SP12Constants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION) != null) {
+ trust13.setRequireRequestSecurityTokenCollection(true);
+ }
+
+ if (element.getFirstChildWithName(SP12Constants.REQUIRE_APPLIES_TO) != null) {
+ trust13.setRequireAppliesTo(true);
+ }
+
+ return trust13;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.TRUST_13};
+ }
+
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
new file mode 100755
index 0000000..1e69b03
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.UsernameToken;
+
+public class UsernameTokenBuilder implements AssertionBuilder {
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ UsernameToken usernameToken = new UsernameToken(SPConstants.SP_V12);
+
+ OMAttribute attribute = element.getAttribute(SP12Constants.INCLUDE_TOKEN);
+
+ if(attribute != null) {
+ int inclusion = SP12Constants.getInclusionFromAttributeValue(attribute.getAttributeValue());
+ usernameToken.setInclusion(inclusion);
+ }
+
+ OMElement policyElement = element.getFirstElement();
+
+ if (policyElement != null && policyElement.getQName().equals(org.apache.neethi.Constants.Q_ELEM_POLICY)) {
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), usernameToken);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+ }
+
+ return usernameToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.USERNAME_TOKEN};
+ }
+
+ private void processAlternative(List assertions, UsernameToken parent) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ Assertion assertion = (Assertion) iterator.next();
+ QName qname = assertion.getName();
+
+ if (SP12Constants.WSS_USERNAME_TOKEN10.equals(qname)) {
+ parent.setUseUTProfile10(true);
+ } else if (SP12Constants.WSS_USERNAME_TOKEN11.equals(qname)) {
+ parent.setUseUTProfile11(true);
+ } else if (SP12Constants.NO_PASSWORD.equals(qname)) {
+ parent.setNoPassword(true);
+ } else if (SP12Constants.HASH_PASSWORD.equals(qname)) {
+ parent.setHashPassword(true);
+ } else if (SP12Constants.REQUIRE_DERIVED_KEYS.equals(qname)) {
+ parent.setDerivedKeys(true);
+ } else if (SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS.equals(qname)) {
+ parent.setExplicitDerivedKeys(true);
+ } else if (SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS.equals(qname)) {
+ parent.setImpliedDerivedKeys(true);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/WSS10Builder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/WSS10Builder.java
new file mode 100755
index 0000000..a3fbe89
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/WSS10Builder.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.Wss10;
+
+public class WSS10Builder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ Wss10 wss10 = new Wss10(SPConstants.SP_V12);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), wss10);
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return wss10;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.WSS10};
+ }
+
+ private void processAlternative(List assertions, Wss10 parent) {
+
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext(); ) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (SP12Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER.equals(name)) {
+ parent.setMustSupportRefKeyIdentifier(true);
+
+ } else if (SP12Constants.MUST_SUPPORT_REF_ISSUER_SERIAL.equals(name)) {
+ parent.setMustSupportRefIssuerSerial(true);
+
+ } else if (SP12Constants.MUST_SUPPORT_REF_EXTERNAL_URI.equals(name)) {
+ parent.setMustSupportRefExternalURI(true);
+
+ } else if (SP12Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.equals(name)) {
+ parent.setMustSupportRefEmbeddedToken(true);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/WSS11Builder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/WSS11Builder.java
new file mode 100755
index 0000000..cf5ee7d
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/WSS11Builder.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.Wss11;
+
+public class WSS11Builder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ Wss11 wss11 = new Wss11(SPConstants.SP_V12);
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), wss11);
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return wss11;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.WSS11};
+ }
+
+ private void processAlternative(List assertions, Wss11 parent) {
+
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (SP12Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER.equals(name)) {
+ parent.setMustSupportRefKeyIdentifier(true);
+
+ } else if (SP12Constants.MUST_SUPPORT_REF_ISSUER_SERIAL.equals(name)) {
+ parent.setMustSupportRefIssuerSerial(true);
+
+ } else if (SP12Constants.MUST_SUPPORT_REF_EXTERNAL_URI.equals(name)) {
+ parent.setMustSupportRefExternalURI(true);
+
+ } else if (SP12Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.equals(name)) {
+ parent.setMustSupportRefEmbeddedToken(true);
+
+ } else if (SP12Constants.MUST_SUPPORT_REF_THUMBPRINT.equals(name)) {
+ parent.setMustSupportRefThumbprint(true);
+
+ } else if (SP12Constants.MUST_SUPPORT_REF_ENCRYPTED_KEY.equals(name)) {
+ parent.setMustSupportRefEncryptedKey(true);
+
+ } else if (SP12Constants.REQUIRE_SIGNATURE_CONFIRMATION.equals(name)) {
+ parent.setRequireSignatureConfirmation(true);
+ }
+ }
+ }
+}
diff --git a/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
new file mode 100755
index 0000000..f7f6090
--- /dev/null
+++ b/1_5/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.model.X509Token;
+
+public class X509TokenBuilder implements AssertionBuilder {
+
+ public final static String USER_CERT_ALIAS_LN = "userCertAlias";
+
+ public final static String ENCRYPTION_USER_LN = "encryptionUser";
+
+ public static final QName RAMPART_CONFIG = new QName("http://ws.apache.org/rampart/policy",
+ "RampartConfig");
+
+ public static final QName USER_CERT_ALIAS = new QName("http://ws.apache.org/rampart/policy",
+ USER_CERT_ALIAS_LN);
+
+ public static final QName ENCRYPTION_USER = new QName("http://ws.apache.org/rampart/policy",
+ ENCRYPTION_USER_LN);
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ X509Token x509Token = new X509Token(SPConstants.SP_V12);
+
+ OMElement policyElement = element.getFirstElement();
+
+ //Process token inclusion
+ OMAttribute includeAttr = element.getAttribute(SP12Constants.INCLUDE_TOKEN);
+ if(includeAttr != null) {
+ int inclusion = SP12Constants.getInclusionFromAttributeValue(includeAttr.getAttributeValue());
+ x509Token.setInclusion(inclusion);
+ }
+
+ if (policyElement != null) {
+
+ if (policyElement.getFirstChildWithName(SP12Constants.REQUIRE_DERIVED_KEYS) != null) {
+ x509Token.setDerivedKeys(true);
+ } else if (policyElement.getFirstChildWithName(SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS) != null) {
+ x509Token.setImpliedDerivedKeys(true);
+ } else if (policyElement.getFirstChildWithName(SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS) != null) {
+ x509Token.setExplicitDerivedKeys(true);
+ }
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator
+ .hasNext();) {
+ processAlternative((List) iterator.next(), x509Token);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+ }
+
+ if (x509Token != null && policyElement != null) {
+ OMElement ramp = null;
+ ramp = policyElement.getFirstChildWithName(RAMPART_CONFIG);
+ if (ramp != null) {
+ OMElement child = null;
+ if ((child = ramp.getFirstChildWithName(USER_CERT_ALIAS)) != null) {
+ x509Token.setUserCertAlias(child.getText());
+ }
+ if ((child = ramp.getFirstChildWithName(ENCRYPTION_USER)) != null) {
+ x509Token.setEncryptionUser(child.getText());
+ }
+ }
+ }
+
+ return x509Token;
+ }
+
+ private void processAlternative(List assertions, X509Token parent) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (SP12Constants.REQUIRE_KEY_IDENTIFIRE_REFERENCE.equals(name)) {
+ parent.setRequireKeyIdentifierReference(true);
+
+ } else if (SP12Constants.REQUIRE_ISSUER_SERIAL_REFERENCE.equals(name)) {
+ parent.setRequireIssuerSerialReference(true);
+
+ } else if (SP12Constants.REQUIRE_EMBEDDED_TOKEN_REFERENCE.equals(name)) {
+ parent.setRequireEmbeddedTokenReference(true);
+
+ } else if (SP12Constants.REQUIRE_THUMBPRINT_REFERENCE.equals(name)) {
+ parent.setRequireThumbprintReference(true);
+
+ } else if (SP12Constants.WSS_X509_V1_TOKEN_10.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_V1_TOKEN10);
+
+ } else if (SP12Constants.WSS_X509_V1_TOKEN_11.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_V1_TOKEN11);
+
+ } else if (SP12Constants.WSS_X509_V3_TOKEN_10.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_V3_TOKEN10);
+
+ } else if (SP12Constants.WSS_X509_V3_TOKEN_11.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_V3_TOKEN11);
+
+ } else if (SP12Constants.WSS_X509_PKCS7_TOKEN_10.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_PKCS7_TOKEN10);
+
+ } else if (SP12Constants.WSS_X509_PKCS7_TOKEN_11.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_PKCS7_TOKEN11);
+
+ } else if (SP12Constants.WSS_X509_PKI_PATH_V1_TOKEN_10.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_PKI_PATH_V1_TOKEN10);
+
+ } else if (SP12Constants.WSS_X509_PKI_PATH_V1_TOKEN_11.equals(name)) {
+ parent.setTokenVersionAndType(SPConstants.WSS_X509_PKI_PATH_V1_TOKEN11);
+
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {SP12Constants.X509_TOKEN};
+ }
+}
diff --git a/1_5/modules/rampart-samples/README.txt b/1_5/modules/rampart-samples/README.txt
new file mode 100644
index 0000000..136798c
--- /dev/null
+++ b/1_5/modules/rampart-samples/README.txt
@@ -0,0 +1,21 @@
+********************************************************************************
+**************************** Apache Rampart Samples ****************************
+********************************************************************************
+
+This directory contains three sub directories:
+
+ - basic - A set of samples that uses basic rampart configuration using
+ parameters
+
+ - policy - A set of samples that uses rampart with WS-SecurityPolicy
+
+ - keys - The keystore files that contains the keys used by the samples
+
+Please use Apache Ant with the build.xml file available here to copy all jars
+and mars to required places.
+
+ - Please copy log4j.jar to AXIS2_HOME/lib directory before trying out samples.
+
+ - Please follow the instructions on endorsing the default JAXP implementation
+ available in README.txt of this distribution before invoking
+ Sample 08.(Issuing a SAML 2.0 Token)
diff --git a/1_5/modules/rampart-samples/basic/README.txt b/1_5/modules/rampart-samples/basic/README.txt
new file mode 100644
index 0000000..18f66b1
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/README.txt
@@ -0,0 +1,44 @@
+********************************************************************************
+**************************** Apache Rampart Samples ****************************
+********************************************************************************
+
+This is a set of Apache Rampart samples which uses configuraiton parameters
+to configure rampart.
+
+Each "sampleX" directory contains :
+
+ - client.axis2.xml - Client configuration
+ - services.xml - Service configuration
+ - src - Source of the sample
+ - README.txt - you have to read this :-)
+
+We use two parameters named "InflowSecurity" and "OutflowSecurity" within
+these files to configure rampart.
+
+01.) Rampart Engaged and no configuration
+02.) UsernameToken authentication
+03.) UsernameToken authentication with a plain text password
+04.) Message integrity and non-repudiation with signature
+05.) Encryption
+06.) Sign and encrypt a messages
+07.) Encrypt and sign messages
+08.) Signing twice
+09.) Encryption with a key known to both parties
+10.) MTOM Optimizing base64 content in the secured message
+11.) Dynamic configuration : Get rid of the config files ... let's use code!
+
+You can use the ant build script provided here to run these samples.
+
+Exmaple: Running sample - 01
+ - Start two shell instnaces and change to the directory where this file is
+ - To start the service:
+ $ ant service.01
+ - To run client:
+ $ ant client.01
+
+--------------------------------------------------------------------------------
+NOTE: To view the messages exchanged
+ - Change the "client.port" property in the "build.xml" to an available port
+ E.g. : <property name="client.port" value="9080"/>
+ - Setup tcpmon (http://ws.apache.org/commons/tcpmon/) to listen on the above
+ port and to point to port 8080 (value of the service.port property)
\ No newline at end of file
diff --git a/1_5/modules/rampart-samples/basic/build.xml b/1_5/modules/rampart-samples/basic/build.xml
new file mode 100644
index 0000000..aba4049
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/build.xml
@@ -0,0 +1,259 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<project basedir="." default="clean">
+
+ <property name="service.repos.dir" value="build/service_repositories"/>
+ <property name="client.repos.dir" value="build/client_repositories"/>
+ <property name="temp.dir" value="build/temp"/>
+ <property name="keys.dir" value="../keys"/>
+ <property name="temp.client.dir" value="build/temp_client"/>
+
+ <property name="addressing.mar" value="addressing-1.5.1.mar"/>
+ <property name="rampart.mar" value="rampart-1.5.mar"/>
+
+ <property name="client.port" value="8080"/>
+ <property name="server.port" value="8080"/>
+
+ <property name="sample.services.url" value="http://localhost:${client.port}/axis2/services"/>
+
+ <property environment="env"/>
+
+ <target name="check.dependency" unless="env.AXIS2_HOME">
+ <echo message="AXIS2_HOME must be set"/>
+ </target>
+
+ <!-- Sample Service 01 -->
+ <target name="service.01" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="01"/>
+ </target>
+
+ <!-- Sample Client 01 -->
+ <target name="client.01" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="01"/>
+ </target>
+
+ <!-- Sample Service 02 -->
+ <target name="service.02" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="02"/>
+ </target>
+
+ <!-- Sample Client 02 -->
+ <target name="client.02" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="02"/>
+ </target>
+
+ <!-- Sample Service 03 -->
+ <target name="service.03" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="03"/>
+ </target>
+
+ <!-- Sample Client 03 -->
+ <target name="client.03" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="03"/>
+ </target>
+
+ <!-- Sample Service 04 -->
+ <target name="service.04" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="04"/>
+ </target>
+
+ <!-- Sample Client 04 -->
+ <target name="client.04" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="04"/>
+ </target>
+
+ <!-- Sample Service 05 -->
+ <target name="service.05" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="05"/>
+ </target>
+
+ <!-- Sample Client 05 -->
+ <target name="client.05" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="05"/>
+ </target>
+
+ <!-- Sample Service 06 -->
+ <target name="service.06" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="06"/>
+ </target>
+
+ <!-- Sample Client 06 -->
+ <target name="client.06" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="06"/>
+ </target>
+
+ <!-- Sample Service 07 -->
+ <target name="service.07" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="07"/>
+ </target>
+
+ <!-- Sample Client 07 -->
+ <target name="client.07" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="07"/>
+ </target>
+
+ <!-- Sample Service 08 -->
+ <target name="service.08" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="08"/>
+ </target>
+
+ <!-- Sample Client 08 -->
+ <target name="client.08" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="08"/>
+ </target>
+
+ <!-- Sample Service 09 -->
+ <target name="service.09" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="09"/>
+ </target>
+
+ <!-- Sample Client 09 -->
+ <target name="client.09" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="09"/>
+ </target>
+
+ <!-- Sample Service 10 -->
+ <target name="service.10" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="10"/>
+ </target>
+
+ <!-- Sample Client 10 -->
+ <target name="client.10" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="10"/>
+ </target>
+
+ <!-- Sample Service 11 -->
+ <target name="service.11" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="11"/>
+ </target>
+
+ <!-- Sample Client 11 -->
+ <target name="client.11" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="11"/>
+ </target>
+
+
+ <target name="clean">
+ <delete dir="build" />
+ </target>
+
+ <!-- Macro to create a service repo for a given sample -->
+ <macrodef name="create.service.repo">
+ <attribute name="sample.number" default="sample"/>
+ <sequential>
+
+ <property name="modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/services"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/modules"/>
+
+ <!-- copy modules -->
+ <copy file="${modules.dir}/${addressing.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rampart.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${rampart.mar}" overwrite="true"/>
+
+ <!-- create service -->
+ <mkdir dir="${temp.dir}"/>
+ <mkdir dir="${temp.dir}/META-INF"/>
+
+ <!-- Compile service -->
+ <javac srcdir="sample@{sample.number}/src" destdir="${temp.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/Client.java"/>
+ </javac>
+
+ <copy file="sample@{sample.number}/services.xml" tofile="${temp.dir}/META-INF/services.xml" overwrite="true"/>
+ <copy file="${keys.dir}/service.jks" tofile="${temp.dir}/service.jks" overwrite="true"/>
+ <copy file="${keys.dir}/service.properties" tofile="${temp.dir}/service.properties" overwrite="true"/>
+
+ <jar destfile="${service.repos.dir}/sample@{sample.number}/services/sample@{sample.number}.aar">
+ <fileset dir="${temp.dir}"></fileset>
+ </jar>
+
+ <delete dir="${temp.dir}" />
+ <!-- start SimpleHTTPserver -->
+ <java classname="org.apache.axis2.transport.http.SimpleHTTPServer" fork="true">
+ <arg value="${service.repos.dir}/sample@{sample.number}"/>
+ <arg value="-p${server.port}"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ </java>
+
+ </sequential>
+ </macrodef>
+
+ <macrodef name="create.and.run.client">
+ <attribute name="sample.number" default="sample"/>
+ <sequential>
+
+ <property name="modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <!-- Create the client repo -->
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}"/>
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}/conf"/>
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}/modules"/>
+
+ <!-- Copy axis2.xml file -->
+ <copy file="sample@{sample.number}/client.axis2.xml" tofile="${client.repos.dir}/sample@{sample.number}/conf/axis2.xml" overwrite="true"/>
+
+ <!-- copy modules -->
+ <copy file="${modules.dir}/${addressing.mar}" tofile="${client.repos.dir}/sample@{sample.number}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rampart.mar}" tofile="${client.repos.dir}/sample@{sample.number}/modules/${rampart.mar}" overwrite="true"/>
+
+ <mkdir dir="${temp.client.dir}"/>
+
+ <!-- Compile client -->
+ <javac srcdir="sample@{sample.number}/src" destdir="${temp.client.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/SimpleService.java"/>
+ </javac>
+
+ <copy file="${keys.dir}/client.jks" tofile="${temp.client.dir}/client.jks" overwrite="true"/>
+ <copy file="${keys.dir}/client.properties" tofile="${temp.client.dir}/client.properties" overwrite="true"/>
+
+
+ <!-- Run client -->
+ <java classname="org.apache.rampart.samples.sample@{sample.number}.Client" fork="true">
+ <arg value="${sample.services.url}/sample@{sample.number}"/>
+ <arg value="${client.repos.dir}/sample@{sample.number}"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ <dirset dir="${temp.client.dir}" />
+ </classpath>
+ </java>
+
+<!-- <delete dir="${temp.client.dir}"/> -->
+ </sequential>
+ </macrodef>
+
+</project>
diff --git a/1_5/modules/rampart-samples/basic/sample01/README.txt b/1_5/modules/rampart-samples/basic/sample01/README.txt
new file mode 100644
index 0000000..a4c35f9
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample01/README.txt
@@ -0,0 +1,6 @@
+Rampart Engaged and no configuration
+
+This sample shows that Apache Rampart does not work on the messages when simply
+engagd without any configuration
+
+Note: <module ref="rampart"/> in both client.axis2.xml and services.xml
\ No newline at end of file
diff --git a/1_5/modules/rampart-samples/basic/sample01/client.axis2.xml b/1_5/modules/rampart-samples/basic/sample01/client.axis2.xml
new file mode 100644
index 0000000..baba79c
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample01/client.axis2.xml
@@ -0,0 +1,455 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<axisconfig name="AxisJava2.0">
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment">true</parameter>
+ <parameter name="hotupdate">false</parameter>
+ <parameter name="enableMTOM">false</parameter>
+ <parameter name="enableSwA">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments">true</parameter>
+ <parameter name="attachmentDIR"></parameter>
+ <parameter name="sizeThreshold">4000</parameter-->
+
+ <!--Uncomment if you want to enable the reduction of the in-memory cache of WSDL definitions -->
+ <!--In some server environments, the available memory heap is limited and can fill up under load -->
+ <!--Since in-memory copies of WSDL definitions can be large, some steps can be taken-->
+ <!--to reduce the memory needed for the cached WSDL definitions. -->
+ <!--parameter name="reduceWSDLMemoryCache">true</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in milliseconds-->
+ <parameter name="ConfigContextTimeoutInterval">30000</parameter>
+
+ <!--During a fault, stack trace can be sent with the fault message. The following flag will control -->
+ <!--that behavior.-->
+ <parameter name="sendStacktraceDetailsWithFaults">false</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set, then Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason">false</parameter>
+
+ <parameter name="userName">admin</parameter>
+ <parameter name="password">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--ServicesDirectory only works on the following cases-->
+ <!---File based configurator and in that case the value should be a file URL (http:// not allowed)-->
+ <!---When creating URL Based configurator with URL “file://” -->
+ <!--- War based configurator with expanded case , -->
+
+ <!--All the other scenarios it will be ignored.-->
+ <!--<parameter name="ServicesDirectory">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="ModulesDirectory">modules</parameter>-->
+
+
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath">services</parameter>-->
+ <!--<parameter name="restPath">rest</parameter>-->
+
+ <!-- Following parameter will completely disable REST handling in Axis2-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- Following parameter will suppress generation of SOAP 1.2 bindings in auto-generated WSDL files -->
+ <parameter name="disableSOAP12" locked="true">false</parameter>
+
+ <!--POJO deployer , this will alow users to drop .class file and make that into a service-->
+ <deployer extension=".class" directory="pojo" class="org.apache.axis2.deployment.POJODeployer"/>
+ <!--<deployer extension=".jsa" directory="rmiservices" class="org.apache.axis2.rmi.deploy.RMIServiceDeployer"/>-->
+
+
+ <!-- Following parameter will set the host name for the epr-->
+ <!--<parameter name="hostname" locked="true">myhost.com</parameter>-->
+
+ <!-- If you have a front end host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the deafult MessageReceiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovrride this for a particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Message Formatter -->
+ <!-- ================================================= -->
+ <!--Following content type to message formatter mapping can be used to implement support for different message -->
+ <!--format serialization in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageFormatters>
+ <messageFormatter contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.transport.http.XFormURLEncodedFormatter"/>
+ <messageFormatter contentType="multipart/form-data"
+ class="org.apache.axis2.transport.http.MultipartFormDataFormatter"/>
+ <messageFormatter contentType="application/xml"
+ class="org.apache.axis2.transport.http.ApplicationXMLFormatter"/>
+ <messageFormatter contentType="text/xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ <messageFormatter contentType="application/soap+xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ </messageFormatters>
+
+ <!-- ================================================= -->
+ <!-- Message Builders -->
+ <!-- ================================================= -->
+ <!--Following content type to builder mapping can be used to implement support for different message -->
+ <!--formats in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageBuilders>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.builder.XFormURLEncodedBuilder"/>
+ <messageBuilder contentType="multipart/form-data"
+ class="org.apache.axis2.builder.MultipartFormDataBuilder"/>
+ </messageBuilders>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port">8080</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills up (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Listener -->
+
+ <!-- the non blocking http transport based on HttpCore + NIO extensions
+ <transportReceiver name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOListener">
+ <parameter name="port" locked="false">9000</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportReceiver>-->
+
+ <!-- the non blocking https transport based on HttpCore + SSL-NIO extensions
+ <transportReceiver name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener">
+ <parameter name="port" locked="false">9002</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="SSLVerifyClient">require</parameter>
+ supports optional|require or defaults to none -->
+ <!--</transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Listener -->
+ <!-- This is a sample configuration. It assumes a mail server running in localhost.
+ Listener pops messages that comes to the email address red@localhost. Users
+ password is red. Listener connect to the server every 3000 milliseconds.
+ Parameters with "transport." prefix is Axis2 specific. Others are all from Java Mail API.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="mail.pop3.host">localhost</parameter>
+ <parameter name="mail.pop3.user">red</parameter>
+ <parameter name="mail.store.protocol">pop3</parameter>
+ <parameter name="transport.mail.pop3.password">red</parameter>
+ <parameter name="transport.mail.replyToAddress">red@localhost</parameter>
+ <parameter name="transport.listener.interval">3000</parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have TCP transport support-->
+ <!--transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port">6060</parameter-->>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment the following paramter , and set it as you required.-->
+ <!--<parameter name="hostname">tcp://myApp.com/ws</parameter>-->
+ <!-- /transportReceiver -->
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <!-- transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/ -->
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+
+ <!-- If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages -->
+ <!-- <parameter name="OmitSOAP12Action">true</parameter> -->
+ </transportSender>
+
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+ </transportSender>
+ <transportSender name="java"
+ class="org.apache.axis2.transport.java.JavaTransportSender"/>
+
+ <!--<transportSender name="jms"-->
+ <!--class="org.apache.axis2.transport.jms.JMSSender"/>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Sender -->
+
+ <!-- the non-blocking http transport sender based on HttpCore + NIO extensions
+ <transportSender name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportSender>-->
+
+ <!-- the non-blocking https transport sender based on HttpCore + NIO SSL extensions
+ <transportSender name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>
+ supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
+ <!--</transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Sender -->
+ <!--Only need to uncomment the sender. Configuration is achieved with every client.
+ At any instant mail host should be given. Sample configuration has been given.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="mail.smtp.host">localhost</parameter>
+ </transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <!--<moduleConfig name="addressing">-->
+ <!--<parameter name="addressingPara">N/A</parameter>-->
+ <!--</moduleConfig>-->
+
+ <!-- ================================================= -->
+ <!-- Clustering -->
+ <!-- ================================================= -->
+ <!-- Configure and uncomment following for preparing Axis2 to a clustered environment -->
+ <!--
+ <cluster class="org.apache.axis2.cluster.tribes.TribesClusterManager">
+ <parameter name="param1">value1</parameter>
+ <parameter name="domain">apache.axis2.domain</parameter>
+ <parameter name="synchronizeAll">true</parameter>
+ <parameter name="maxRetries">10</parameter>
+ <configurationManager class="org.apache.axis2.cluster.configuration.TribesConfigurationManager">
+ <listener class="org.apache.axis2.cluster.configuration.DefaultConfigurationManagerListener"/>
+ </configurationManager>
+ <contextManager class="org.apache.axis2.cluster.context.TribesContextManager">
+ <listener class="org.apache.axis2.cluster.context.DefaultContextManagerListener"/>
+ </contextManager>
+ </cluster>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-samples/basic/sample01/services.xml b/1_5/modules/rampart-samples/basic/sample01/services.xml
new file mode 100644
index 0000000..f76daf9
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample01/services.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-1 : No Security-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample01.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+</service>
diff --git a/1_5/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/Client.java b/1_5/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/Client.java
new file mode 100644
index 0000000..b47c6be
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample01;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample01.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/SimpleService.java b/1_5/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/SimpleService.java
new file mode 100644
index 0000000..3247722
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.sample01;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/basic/sample02/README.txt b/1_5/modules/rampart-samples/basic/sample02/README.txt
new file mode 100644
index 0000000..de24747
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample02/README.txt
@@ -0,0 +1,10 @@
+UsernameToken authentication
+
+The client is configured to add a UsernameToken to the outgoing message.
+ - See the "OutflowSecurity" parameter in the client.axis2.xml
+
+The service is configured to process it.
+ - See the "InflowSecurity" parameter in the services.xml
+
+Note how org.apache.rampart.samples.sample02.PWCBHandler supplies the password
+to wss4j to compute the digest for comparison.
diff --git a/1_5/modules/rampart-samples/basic/sample02/client.axis2.xml b/1_5/modules/rampart-samples/basic/sample02/client.axis2.xml
new file mode 100644
index 0000000..2880724
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample02/client.axis2.xml
@@ -0,0 +1,464 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<axisconfig name="AxisJava2.0">
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameToken Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample02.PWCBHandler</passwordCallbackClass>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment">true</parameter>
+ <parameter name="hotupdate">false</parameter>
+ <parameter name="enableMTOM">false</parameter>
+ <parameter name="enableSwA">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments">true</parameter>
+ <parameter name="attachmentDIR"></parameter>
+ <parameter name="sizeThreshold">4000</parameter-->
+
+ <!--Uncomment if you want to enable the reduction of the in-memory cache of WSDL definitions -->
+ <!--In some server environments, the available memory heap is limited and can fill up under load -->
+ <!--Since in-memory copies of WSDL definitions can be large, some steps can be taken-->
+ <!--to reduce the memory needed for the cached WSDL definitions. -->
+ <!--parameter name="reduceWSDLMemoryCache">true</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in milliseconds-->
+ <parameter name="ConfigContextTimeoutInterval">30000</parameter>
+
+ <!--During a fault, stack trace can be sent with the fault message. The following flag will control -->
+ <!--that behavior.-->
+ <parameter name="sendStacktraceDetailsWithFaults">false</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set, then Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason">false</parameter>
+
+ <parameter name="userName">admin</parameter>
+ <parameter name="password">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--ServicesDirectory only works on the following cases-->
+ <!---File based configurator and in that case the value should be a file URL (http:// not allowed)-->
+ <!---When creating URL Based configurator with URL “file://” -->
+ <!--- War based configurator with expanded case , -->
+
+ <!--All the other scenarios it will be ignored.-->
+ <!--<parameter name="ServicesDirectory">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="ModulesDirectory">modules</parameter>-->
+
+
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath">services</parameter>-->
+ <!--<parameter name="restPath">rest</parameter>-->
+
+ <!-- Following parameter will completely disable REST handling in Axis2-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- Following parameter will suppress generation of SOAP 1.2 bindings in auto-generated WSDL files -->
+ <parameter name="disableSOAP12" locked="true">false</parameter>
+
+ <!--POJO deployer , this will alow users to drop .class file and make that into a service-->
+ <deployer extension=".class" directory="pojo" class="org.apache.axis2.deployment.POJODeployer"/>
+ <!--<deployer extension=".jsa" directory="rmiservices" class="org.apache.axis2.rmi.deploy.RMIServiceDeployer"/>-->
+
+
+ <!-- Following parameter will set the host name for the epr-->
+ <!--<parameter name="hostname" locked="true">myhost.com</parameter>-->
+
+ <!-- If you have a front end host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the deafult MessageReceiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovrride this for a particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Message Formatter -->
+ <!-- ================================================= -->
+ <!--Following content type to message formatter mapping can be used to implement support for different message -->
+ <!--format serialization in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageFormatters>
+ <messageFormatter contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.transport.http.XFormURLEncodedFormatter"/>
+ <messageFormatter contentType="multipart/form-data"
+ class="org.apache.axis2.transport.http.MultipartFormDataFormatter"/>
+ <messageFormatter contentType="application/xml"
+ class="org.apache.axis2.transport.http.ApplicationXMLFormatter"/>
+ <messageFormatter contentType="text/xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ <messageFormatter contentType="application/soap+xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ </messageFormatters>
+
+ <!-- ================================================= -->
+ <!-- Message Builders -->
+ <!-- ================================================= -->
+ <!--Following content type to builder mapping can be used to implement support for different message -->
+ <!--formats in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageBuilders>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.builder.XFormURLEncodedBuilder"/>
+ <messageBuilder contentType="multipart/form-data"
+ class="org.apache.axis2.builder.MultipartFormDataBuilder"/>
+ </messageBuilders>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port">8080</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills up (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Listener -->
+
+ <!-- the non blocking http transport based on HttpCore + NIO extensions
+ <transportReceiver name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOListener">
+ <parameter name="port" locked="false">9000</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportReceiver>-->
+
+ <!-- the non blocking https transport based on HttpCore + SSL-NIO extensions
+ <transportReceiver name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener">
+ <parameter name="port" locked="false">9002</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="SSLVerifyClient">require</parameter>
+ supports optional|require or defaults to none -->
+ <!--</transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Listener -->
+ <!-- This is a sample configuration. It assumes a mail server running in localhost.
+ Listener pops messages that comes to the email address red@localhost. Users
+ password is red. Listener connect to the server every 3000 milliseconds.
+ Parameters with "transport." prefix is Axis2 specific. Others are all from Java Mail API.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="mail.pop3.host">localhost</parameter>
+ <parameter name="mail.pop3.user">red</parameter>
+ <parameter name="mail.store.protocol">pop3</parameter>
+ <parameter name="transport.mail.pop3.password">red</parameter>
+ <parameter name="transport.mail.replyToAddress">red@localhost</parameter>
+ <parameter name="transport.listener.interval">3000</parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have TCP transport support-->
+ <!--transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port">6060</parameter-->>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment the following paramter , and set it as you required.-->
+ <!--<parameter name="hostname">tcp://myApp.com/ws</parameter>-->
+ <!-- /transportReceiver -->
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <!-- transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/ -->
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+
+ <!-- If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages -->
+ <!-- <parameter name="OmitSOAP12Action">true</parameter> -->
+ </transportSender>
+
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+ </transportSender>
+ <transportSender name="java"
+ class="org.apache.axis2.transport.java.JavaTransportSender"/>
+
+ <!--<transportSender name="jms"-->
+ <!--class="org.apache.axis2.transport.jms.JMSSender"/>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Sender -->
+
+ <!-- the non-blocking http transport sender based on HttpCore + NIO extensions
+ <transportSender name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportSender>-->
+
+ <!-- the non-blocking https transport sender based on HttpCore + NIO SSL extensions
+ <transportSender name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>
+ supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
+ <!--</transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Sender -->
+ <!--Only need to uncomment the sender. Configuration is achieved with every client.
+ At any instant mail host should be given. Sample configuration has been given.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="mail.smtp.host">localhost</parameter>
+ </transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <!--<moduleConfig name="addressing">-->
+ <!--<parameter name="addressingPara">N/A</parameter>-->
+ <!--</moduleConfig>-->
+
+ <!-- ================================================= -->
+ <!-- Clustering -->
+ <!-- ================================================= -->
+ <!-- Configure and uncomment following for preparing Axis2 to a clustered environment -->
+ <!--
+ <cluster class="org.apache.axis2.cluster.tribes.TribesClusterManager">
+ <parameter name="param1">value1</parameter>
+ <parameter name="domain">apache.axis2.domain</parameter>
+ <parameter name="synchronizeAll">true</parameter>
+ <parameter name="maxRetries">10</parameter>
+ <configurationManager class="org.apache.axis2.cluster.configuration.TribesConfigurationManager">
+ <listener class="org.apache.axis2.cluster.configuration.DefaultConfigurationManagerListener"/>
+ </configurationManager>
+ <contextManager class="org.apache.axis2.cluster.context.TribesContextManager">
+ <listener class="org.apache.axis2.cluster.context.DefaultContextManagerListener"/>
+ </contextManager>
+ </cluster>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-samples/basic/sample02/services.xml b/1_5/modules/rampart-samples/basic/sample02/services.xml
new file mode 100644
index 0000000..ac94b4b
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample02/services.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-2 : Timestamp and UsernameToken-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample02.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken Timestamp</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample02.PWCBHandler</passwordCallbackClass>
+ </action>
+ </parameter>
+</service>
diff --git a/1_5/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/Client.java b/1_5/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/Client.java
new file mode 100644
index 0000000..542ed61
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample02;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample02.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/PWCBHandler.java b/1_5/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/PWCBHandler.java
new file mode 100644
index 0000000..35074f4
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/PWCBHandler.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample02;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("bob".equals(id)) {
+ pwcb.setPassword("bobPW");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/SimpleService.java b/1_5/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/SimpleService.java
new file mode 100644
index 0000000..3249257
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/SimpleService.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.rampart.samples.sample02;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/basic/sample03/README.txt b/1_5/modules/rampart-samples/basic/sample03/README.txt
new file mode 100644
index 0000000..1446348
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample03/README.txt
@@ -0,0 +1,12 @@
+UsernameToken authentication with a plain text password
+
+The client is configured to add a UsernameToken to the outgoing message.
+ - See the "OutflowSecurity" parameter in the client.axis2.xml
+ - Note the <passwordType>PasswordText</passwordType> element
+
+The service is configured to process it.
+ - See the "InflowSecurity" parameter in the services.xml
+
+Note how org.apache.rampart.samples.sample03.PWCBHandler authenticates the
+password
+
diff --git a/1_5/modules/rampart-samples/basic/sample03/client.axis2.xml b/1_5/modules/rampart-samples/basic/sample03/client.axis2.xml
new file mode 100644
index 0000000..b8713b7
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample03/client.axis2.xml
@@ -0,0 +1,465 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<axisconfig name="AxisJava2.0">
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameToken</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample03.PWCBHandler</passwordCallbackClass>
+ <passwordType>PasswordText</passwordType>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment">true</parameter>
+ <parameter name="hotupdate">false</parameter>
+ <parameter name="enableMTOM">false</parameter>
+ <parameter name="enableSwA">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments">true</parameter>
+ <parameter name="attachmentDIR"></parameter>
+ <parameter name="sizeThreshold">4000</parameter-->
+
+ <!--Uncomment if you want to enable the reduction of the in-memory cache of WSDL definitions -->
+ <!--In some server environments, the available memory heap is limited and can fill up under load -->
+ <!--Since in-memory copies of WSDL definitions can be large, some steps can be taken-->
+ <!--to reduce the memory needed for the cached WSDL definitions. -->
+ <!--parameter name="reduceWSDLMemoryCache">true</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in milliseconds-->
+ <parameter name="ConfigContextTimeoutInterval">30000</parameter>
+
+ <!--During a fault, stack trace can be sent with the fault message. The following flag will control -->
+ <!--that behavior.-->
+ <parameter name="sendStacktraceDetailsWithFaults">false</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set, then Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason">false</parameter>
+
+ <parameter name="userName">admin</parameter>
+ <parameter name="password">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--ServicesDirectory only works on the following cases-->
+ <!---File based configurator and in that case the value should be a file URL (http:// not allowed)-->
+ <!---When creating URL Based configurator with URL “file://” -->
+ <!--- War based configurator with expanded case , -->
+
+ <!--All the other scenarios it will be ignored.-->
+ <!--<parameter name="ServicesDirectory">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="ModulesDirectory">modules</parameter>-->
+
+
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath">services</parameter>-->
+ <!--<parameter name="restPath">rest</parameter>-->
+
+ <!-- Following parameter will completely disable REST handling in Axis2-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- Following parameter will suppress generation of SOAP 1.2 bindings in auto-generated WSDL files -->
+ <parameter name="disableSOAP12" locked="true">false</parameter>
+
+ <!--POJO deployer , this will alow users to drop .class file and make that into a service-->
+ <deployer extension=".class" directory="pojo" class="org.apache.axis2.deployment.POJODeployer"/>
+ <!--<deployer extension=".jsa" directory="rmiservices" class="org.apache.axis2.rmi.deploy.RMIServiceDeployer"/>-->
+
+
+ <!-- Following parameter will set the host name for the epr-->
+ <!--<parameter name="hostname" locked="true">myhost.com</parameter>-->
+
+ <!-- If you have a front end host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the deafult MessageReceiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovrride this for a particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Message Formatter -->
+ <!-- ================================================= -->
+ <!--Following content type to message formatter mapping can be used to implement support for different message -->
+ <!--format serialization in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageFormatters>
+ <messageFormatter contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.transport.http.XFormURLEncodedFormatter"/>
+ <messageFormatter contentType="multipart/form-data"
+ class="org.apache.axis2.transport.http.MultipartFormDataFormatter"/>
+ <messageFormatter contentType="application/xml"
+ class="org.apache.axis2.transport.http.ApplicationXMLFormatter"/>
+ <messageFormatter contentType="text/xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ <messageFormatter contentType="application/soap+xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ </messageFormatters>
+
+ <!-- ================================================= -->
+ <!-- Message Builders -->
+ <!-- ================================================= -->
+ <!--Following content type to builder mapping can be used to implement support for different message -->
+ <!--formats in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageBuilders>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.builder.XFormURLEncodedBuilder"/>
+ <messageBuilder contentType="multipart/form-data"
+ class="org.apache.axis2.builder.MultipartFormDataBuilder"/>
+ </messageBuilders>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port">8080</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills up (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Listener -->
+
+ <!-- the non blocking http transport based on HttpCore + NIO extensions
+ <transportReceiver name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOListener">
+ <parameter name="port" locked="false">9000</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportReceiver>-->
+
+ <!-- the non blocking https transport based on HttpCore + SSL-NIO extensions
+ <transportReceiver name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener">
+ <parameter name="port" locked="false">9002</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="SSLVerifyClient">require</parameter>
+ supports optional|require or defaults to none -->
+ <!--</transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Listener -->
+ <!-- This is a sample configuration. It assumes a mail server running in localhost.
+ Listener pops messages that comes to the email address red@localhost. Users
+ password is red. Listener connect to the server every 3000 milliseconds.
+ Parameters with "transport." prefix is Axis2 specific. Others are all from Java Mail API.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="mail.pop3.host">localhost</parameter>
+ <parameter name="mail.pop3.user">red</parameter>
+ <parameter name="mail.store.protocol">pop3</parameter>
+ <parameter name="transport.mail.pop3.password">red</parameter>
+ <parameter name="transport.mail.replyToAddress">red@localhost</parameter>
+ <parameter name="transport.listener.interval">3000</parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have TCP transport support-->
+ <!--transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port">6060</parameter-->>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment the following paramter , and set it as you required.-->
+ <!--<parameter name="hostname">tcp://myApp.com/ws</parameter>-->
+ <!-- /transportReceiver -->
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <!-- transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/ -->
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+
+ <!-- If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages -->
+ <!-- <parameter name="OmitSOAP12Action">true</parameter> -->
+ </transportSender>
+
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+ </transportSender>
+ <transportSender name="java"
+ class="org.apache.axis2.transport.java.JavaTransportSender"/>
+
+ <!--<transportSender name="jms"-->
+ <!--class="org.apache.axis2.transport.jms.JMSSender"/>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Sender -->
+
+ <!-- the non-blocking http transport sender based on HttpCore + NIO extensions
+ <transportSender name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportSender>-->
+
+ <!-- the non-blocking https transport sender based on HttpCore + NIO SSL extensions
+ <transportSender name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>
+ supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
+ <!--</transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Sender -->
+ <!--Only need to uncomment the sender. Configuration is achieved with every client.
+ At any instant mail host should be given. Sample configuration has been given.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="mail.smtp.host">localhost</parameter>
+ </transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <!--<moduleConfig name="addressing">-->
+ <!--<parameter name="addressingPara">N/A</parameter>-->
+ <!--</moduleConfig>-->
+
+ <!-- ================================================= -->
+ <!-- Clustering -->
+ <!-- ================================================= -->
+ <!-- Configure and uncomment following for preparing Axis2 to a clustered environment -->
+ <!--
+ <cluster class="org.apache.axis2.cluster.tribes.TribesClusterManager">
+ <parameter name="param1">value1</parameter>
+ <parameter name="domain">apache.axis2.domain</parameter>
+ <parameter name="synchronizeAll">true</parameter>
+ <parameter name="maxRetries">10</parameter>
+ <configurationManager class="org.apache.axis2.cluster.configuration.TribesConfigurationManager">
+ <listener class="org.apache.axis2.cluster.configuration.DefaultConfigurationManagerListener"/>
+ </configurationManager>
+ <contextManager class="org.apache.axis2.cluster.context.TribesContextManager">
+ <listener class="org.apache.axis2.cluster.context.DefaultContextManagerListener"/>
+ </contextManager>
+ </cluster>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-samples/basic/sample03/services.xml b/1_5/modules/rampart-samples/basic/sample03/services.xml
new file mode 100644
index 0000000..1d0e6c5
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample03/services.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-3 : Timestamp and UsernameToken (with plaintext password)-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample03.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample03.PWCBHandler</passwordCallbackClass>
+ </action>
+ </parameter>
+</service>
diff --git a/1_5/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/Client.java b/1_5/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/Client.java
new file mode 100644
index 0000000..9aa0c34
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample03;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample03.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/PWCBHandler.java b/1_5/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/PWCBHandler.java
new file mode 100644
index 0000000..cb52caf
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/PWCBHandler.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample03;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ //When the server side need to authenticate the user
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ if(pwcb.getIdentifer().equals("bob") && pwcb.getPassword().equals("bobPW")) {
+ //If authentication successful, simply return
+ return;
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "check failed");
+ }
+ }
+
+ //When the client requests for the password to be added in to the
+ //UT element
+ pwcb.setPassword("bobPW");
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/SimpleService.java b/1_5/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/SimpleService.java
new file mode 100644
index 0000000..630cf80
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/SimpleService.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.sample03;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+
+import java.util.Vector;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/basic/sample04/README.txt b/1_5/modules/rampart-samples/basic/sample04/README.txt
new file mode 100644
index 0000000..df4599d
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample04/README.txt
@@ -0,0 +1,7 @@
+Message integrity and non-repudiation with signature
+
+Both client and servce are configured to sign the outgoing message and to verify
+the signature of the incoming message using their key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+
diff --git a/1_5/modules/rampart-samples/basic/sample04/client.axis2.xml b/1_5/modules/rampart-samples/basic/sample04/client.axis2.xml
new file mode 100644
index 0000000..4270cfa
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample04/client.axis2.xml
@@ -0,0 +1,473 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<axisconfig name="AxisJava2.0">
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <user>client</user>
+ <signaturePropFile>client.properties</signaturePropFile>
+ <passwordCallbackClass>org.apache.rampart.samples.sample04.PWCBHandler</passwordCallbackClass>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment">true</parameter>
+ <parameter name="hotupdate">false</parameter>
+ <parameter name="enableMTOM">false</parameter>
+ <parameter name="enableSwA">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments">true</parameter>
+ <parameter name="attachmentDIR"></parameter>
+ <parameter name="sizeThreshold">4000</parameter-->
+
+ <!--Uncomment if you want to enable the reduction of the in-memory cache of WSDL definitions -->
+ <!--In some server environments, the available memory heap is limited and can fill up under load -->
+ <!--Since in-memory copies of WSDL definitions can be large, some steps can be taken-->
+ <!--to reduce the memory needed for the cached WSDL definitions. -->
+ <!--parameter name="reduceWSDLMemoryCache">true</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in milliseconds-->
+ <parameter name="ConfigContextTimeoutInterval">30000</parameter>
+
+ <!--During a fault, stack trace can be sent with the fault message. The following flag will control -->
+ <!--that behavior.-->
+ <parameter name="sendStacktraceDetailsWithFaults">false</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set, then Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason">false</parameter>
+
+ <parameter name="userName">admin</parameter>
+ <parameter name="password">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--ServicesDirectory only works on the following cases-->
+ <!---File based configurator and in that case the value should be a file URL (http:// not allowed)-->
+ <!---When creating URL Based configurator with URL “file://” -->
+ <!--- War based configurator with expanded case , -->
+
+ <!--All the other scenarios it will be ignored.-->
+ <!--<parameter name="ServicesDirectory">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="ModulesDirectory">modules</parameter>-->
+
+
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath">services</parameter>-->
+ <!--<parameter name="restPath">rest</parameter>-->
+
+ <!-- Following parameter will completely disable REST handling in Axis2-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- Following parameter will suppress generation of SOAP 1.2 bindings in auto-generated WSDL files -->
+ <parameter name="disableSOAP12" locked="true">false</parameter>
+
+ <!--POJO deployer , this will alow users to drop .class file and make that into a service-->
+ <deployer extension=".class" directory="pojo" class="org.apache.axis2.deployment.POJODeployer"/>
+ <!--<deployer extension=".jsa" directory="rmiservices" class="org.apache.axis2.rmi.deploy.RMIServiceDeployer"/>-->
+
+
+ <!-- Following parameter will set the host name for the epr-->
+ <!--<parameter name="hostname" locked="true">myhost.com</parameter>-->
+
+ <!-- If you have a front end host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the deafult MessageReceiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovrride this for a particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Message Formatter -->
+ <!-- ================================================= -->
+ <!--Following content type to message formatter mapping can be used to implement support for different message -->
+ <!--format serialization in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageFormatters>
+ <messageFormatter contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.transport.http.XFormURLEncodedFormatter"/>
+ <messageFormatter contentType="multipart/form-data"
+ class="org.apache.axis2.transport.http.MultipartFormDataFormatter"/>
+ <messageFormatter contentType="application/xml"
+ class="org.apache.axis2.transport.http.ApplicationXMLFormatter"/>
+ <messageFormatter contentType="text/xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ <messageFormatter contentType="application/soap+xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ </messageFormatters>
+
+ <!-- ================================================= -->
+ <!-- Message Builders -->
+ <!-- ================================================= -->
+ <!--Following content type to builder mapping can be used to implement support for different message -->
+ <!--formats in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageBuilders>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.builder.XFormURLEncodedBuilder"/>
+ <messageBuilder contentType="multipart/form-data"
+ class="org.apache.axis2.builder.MultipartFormDataBuilder"/>
+ </messageBuilders>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port">8080</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills up (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Listener -->
+
+ <!-- the non blocking http transport based on HttpCore + NIO extensions
+ <transportReceiver name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOListener">
+ <parameter name="port" locked="false">9000</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportReceiver>-->
+
+ <!-- the non blocking https transport based on HttpCore + SSL-NIO extensions
+ <transportReceiver name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener">
+ <parameter name="port" locked="false">9002</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="SSLVerifyClient">require</parameter>
+ supports optional|require or defaults to none -->
+ <!--</transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Listener -->
+ <!-- This is a sample configuration. It assumes a mail server running in localhost.
+ Listener pops messages that comes to the email address red@localhost. Users
+ password is red. Listener connect to the server every 3000 milliseconds.
+ Parameters with "transport." prefix is Axis2 specific. Others are all from Java Mail API.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="mail.pop3.host">localhost</parameter>
+ <parameter name="mail.pop3.user">red</parameter>
+ <parameter name="mail.store.protocol">pop3</parameter>
+ <parameter name="transport.mail.pop3.password">red</parameter>
+ <parameter name="transport.mail.replyToAddress">red@localhost</parameter>
+ <parameter name="transport.listener.interval">3000</parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have TCP transport support-->
+ <!--transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port">6060</parameter-->>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment the following paramter , and set it as you required.-->
+ <!--<parameter name="hostname">tcp://myApp.com/ws</parameter>-->
+ <!-- /transportReceiver -->
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <!-- transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/ -->
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+
+ <!-- If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages -->
+ <!-- <parameter name="OmitSOAP12Action">true</parameter> -->
+ </transportSender>
+
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+ </transportSender>
+ <transportSender name="java"
+ class="org.apache.axis2.transport.java.JavaTransportSender"/>
+
+ <!--<transportSender name="jms"-->
+ <!--class="org.apache.axis2.transport.jms.JMSSender"/>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Sender -->
+
+ <!-- the non-blocking http transport sender based on HttpCore + NIO extensions
+ <transportSender name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportSender>-->
+
+ <!-- the non-blocking https transport sender based on HttpCore + NIO SSL extensions
+ <transportSender name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>
+ supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
+ <!--</transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Sender -->
+ <!--Only need to uncomment the sender. Configuration is achieved with every client.
+ At any instant mail host should be given. Sample configuration has been given.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="mail.smtp.host">localhost</parameter>
+ </transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <!--<moduleConfig name="addressing">-->
+ <!--<parameter name="addressingPara">N/A</parameter>-->
+ <!--</moduleConfig>-->
+
+ <!-- ================================================= -->
+ <!-- Clustering -->
+ <!-- ================================================= -->
+ <!-- Configure and uncomment following for preparing Axis2 to a clustered environment -->
+ <!--
+ <cluster class="org.apache.axis2.cluster.tribes.TribesClusterManager">
+ <parameter name="param1">value1</parameter>
+ <parameter name="domain">apache.axis2.domain</parameter>
+ <parameter name="synchronizeAll">true</parameter>
+ <parameter name="maxRetries">10</parameter>
+ <configurationManager class="org.apache.axis2.cluster.configuration.TribesConfigurationManager">
+ <listener class="org.apache.axis2.cluster.configuration.DefaultConfigurationManagerListener"/>
+ </configurationManager>
+ <contextManager class="org.apache.axis2.cluster.context.TribesContextManager">
+ <listener class="org.apache.axis2.cluster.context.DefaultContextManagerListener"/>
+ </contextManager>
+ </cluster>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-samples/basic/sample04/services.xml b/1_5/modules/rampart-samples/basic/sample04/services.xml
new file mode 100644
index 0000000..daff4d3
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample04/services.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-4 : Signature only -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample04.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample04.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/Client.java b/1_5/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/Client.java
new file mode 100644
index 0000000..e27bf8f
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample04;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample04.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/PWCBHandler.java b/1_5/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/PWCBHandler.java
new file mode 100644
index 0000000..557755c
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample04;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/SimpleService.java b/1_5/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/SimpleService.java
new file mode 100644
index 0000000..9132949
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample04;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/basic/sample05/README.txt b/1_5/modules/rampart-samples/basic/sample05/README.txt
new file mode 100644
index 0000000..8ca2fd8
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample05/README.txt
@@ -0,0 +1,7 @@
+Encrypting messages
+
+Both client and servce are configured to encrypt the outgoing message and to
+decrypt incoming message using their key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+
diff --git a/1_5/modules/rampart-samples/basic/sample05/client.axis2.xml b/1_5/modules/rampart-samples/basic/sample05/client.axis2.xml
new file mode 100644
index 0000000..2015421
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample05/client.axis2.xml
@@ -0,0 +1,472 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<axisconfig name="AxisJava2.0">
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <encryptionUser>service</encryptionUser>
+ <encryptionPropFile>client.properties</encryptionPropFile>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample05.PWCBHandler</passwordCallbackClass>
+ <decryptionPropFile>client.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment">true</parameter>
+ <parameter name="hotupdate">false</parameter>
+ <parameter name="enableMTOM">false</parameter>
+ <parameter name="enableSwA">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments">true</parameter>
+ <parameter name="attachmentDIR"></parameter>
+ <parameter name="sizeThreshold">4000</parameter-->
+
+ <!--Uncomment if you want to enable the reduction of the in-memory cache of WSDL definitions -->
+ <!--In some server environments, the available memory heap is limited and can fill up under load -->
+ <!--Since in-memory copies of WSDL definitions can be large, some steps can be taken-->
+ <!--to reduce the memory needed for the cached WSDL definitions. -->
+ <!--parameter name="reduceWSDLMemoryCache">true</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in milliseconds-->
+ <parameter name="ConfigContextTimeoutInterval">30000</parameter>
+
+ <!--During a fault, stack trace can be sent with the fault message. The following flag will control -->
+ <!--that behavior.-->
+ <parameter name="sendStacktraceDetailsWithFaults">false</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set, then Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason">false</parameter>
+
+ <parameter name="userName">admin</parameter>
+ <parameter name="password">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--ServicesDirectory only works on the following cases-->
+ <!---File based configurator and in that case the value should be a file URL (http:// not allowed)-->
+ <!---When creating URL Based configurator with URL “file://” -->
+ <!--- War based configurator with expanded case , -->
+
+ <!--All the other scenarios it will be ignored.-->
+ <!--<parameter name="ServicesDirectory">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="ModulesDirectory">modules</parameter>-->
+
+
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath">services</parameter>-->
+ <!--<parameter name="restPath">rest</parameter>-->
+
+ <!-- Following parameter will completely disable REST handling in Axis2-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- Following parameter will suppress generation of SOAP 1.2 bindings in auto-generated WSDL files -->
+ <parameter name="disableSOAP12" locked="true">false</parameter>
+
+ <!--POJO deployer , this will alow users to drop .class file and make that into a service-->
+ <deployer extension=".class" directory="pojo" class="org.apache.axis2.deployment.POJODeployer"/>
+ <!--<deployer extension=".jsa" directory="rmiservices" class="org.apache.axis2.rmi.deploy.RMIServiceDeployer"/>-->
+
+
+ <!-- Following parameter will set the host name for the epr-->
+ <!--<parameter name="hostname" locked="true">myhost.com</parameter>-->
+
+ <!-- If you have a front end host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the deafult MessageReceiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovrride this for a particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Message Formatter -->
+ <!-- ================================================= -->
+ <!--Following content type to message formatter mapping can be used to implement support for different message -->
+ <!--format serialization in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageFormatters>
+ <messageFormatter contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.transport.http.XFormURLEncodedFormatter"/>
+ <messageFormatter contentType="multipart/form-data"
+ class="org.apache.axis2.transport.http.MultipartFormDataFormatter"/>
+ <messageFormatter contentType="application/xml"
+ class="org.apache.axis2.transport.http.ApplicationXMLFormatter"/>
+ <messageFormatter contentType="text/xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ <messageFormatter contentType="application/soap+xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ </messageFormatters>
+
+ <!-- ================================================= -->
+ <!-- Message Builders -->
+ <!-- ================================================= -->
+ <!--Following content type to builder mapping can be used to implement support for different message -->
+ <!--formats in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageBuilders>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.builder.XFormURLEncodedBuilder"/>
+ <messageBuilder contentType="multipart/form-data"
+ class="org.apache.axis2.builder.MultipartFormDataBuilder"/>
+ </messageBuilders>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port">8080</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills up (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Listener -->
+
+ <!-- the non blocking http transport based on HttpCore + NIO extensions
+ <transportReceiver name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOListener">
+ <parameter name="port" locked="false">9000</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportReceiver>-->
+
+ <!-- the non blocking https transport based on HttpCore + SSL-NIO extensions
+ <transportReceiver name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener">
+ <parameter name="port" locked="false">9002</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="SSLVerifyClient">require</parameter>
+ supports optional|require or defaults to none -->
+ <!--</transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Listener -->
+ <!-- This is a sample configuration. It assumes a mail server running in localhost.
+ Listener pops messages that comes to the email address red@localhost. Users
+ password is red. Listener connect to the server every 3000 milliseconds.
+ Parameters with "transport." prefix is Axis2 specific. Others are all from Java Mail API.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="mail.pop3.host">localhost</parameter>
+ <parameter name="mail.pop3.user">red</parameter>
+ <parameter name="mail.store.protocol">pop3</parameter>
+ <parameter name="transport.mail.pop3.password">red</parameter>
+ <parameter name="transport.mail.replyToAddress">red@localhost</parameter>
+ <parameter name="transport.listener.interval">3000</parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have TCP transport support-->
+ <!--transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port">6060</parameter-->>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment the following paramter , and set it as you required.-->
+ <!--<parameter name="hostname">tcp://myApp.com/ws</parameter>-->
+ <!-- /transportReceiver -->
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <!-- transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/ -->
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+
+ <!-- If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages -->
+ <!-- <parameter name="OmitSOAP12Action">true</parameter> -->
+ </transportSender>
+
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+ </transportSender>
+ <transportSender name="java"
+ class="org.apache.axis2.transport.java.JavaTransportSender"/>
+
+ <!--<transportSender name="jms"-->
+ <!--class="org.apache.axis2.transport.jms.JMSSender"/>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Sender -->
+
+ <!-- the non-blocking http transport sender based on HttpCore + NIO extensions
+ <transportSender name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportSender>-->
+
+ <!-- the non-blocking https transport sender based on HttpCore + NIO SSL extensions
+ <transportSender name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>
+ supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
+ <!--</transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Sender -->
+ <!--Only need to uncomment the sender. Configuration is achieved with every client.
+ At any instant mail host should be given. Sample configuration has been given.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="mail.smtp.host">localhost</parameter>
+ </transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <!--<moduleConfig name="addressing">-->
+ <!--<parameter name="addressingPara">N/A</parameter>-->
+ <!--</moduleConfig>-->
+
+ <!-- ================================================= -->
+ <!-- Clustering -->
+ <!-- ================================================= -->
+ <!-- Configure and uncomment following for preparing Axis2 to a clustered environment -->
+ <!--
+ <cluster class="org.apache.axis2.cluster.tribes.TribesClusterManager">
+ <parameter name="param1">value1</parameter>
+ <parameter name="domain">apache.axis2.domain</parameter>
+ <parameter name="synchronizeAll">true</parameter>
+ <parameter name="maxRetries">10</parameter>
+ <configurationManager class="org.apache.axis2.cluster.configuration.TribesConfigurationManager">
+ <listener class="org.apache.axis2.cluster.configuration.DefaultConfigurationManagerListener"/>
+ </configurationManager>
+ <contextManager class="org.apache.axis2.cluster.context.TribesContextManager">
+ <listener class="org.apache.axis2.cluster.context.DefaultContextManagerListener"/>
+ </contextManager>
+ </cluster>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-samples/basic/sample05/services.xml b/1_5/modules/rampart-samples/basic/sample05/services.xml
new file mode 100644
index 0000000..2b329a8
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample05/services.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-5 : Encryption only -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample05.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample05.PWCBHandler</passwordCallbackClass>
+ <decryptionPropFile>service.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <encryptionUser>client</encryptionUser>
+ <encryptionPropFile>service.properties</encryptionPropFile>
+ </action>
+ </parameter>
+
+
+
+</service>
diff --git a/1_5/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/Client.java b/1_5/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/Client.java
new file mode 100644
index 0000000..7695f88
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample05;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample05.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/PWCBHandler.java b/1_5/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/PWCBHandler.java
new file mode 100644
index 0000000..b5f97d4
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample05;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/SimpleService.java b/1_5/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/SimpleService.java
new file mode 100644
index 0000000..083a322
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample05;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/basic/sample06/README.txt b/1_5/modules/rampart-samples/basic/sample06/README.txt
new file mode 100644
index 0000000..54642b5
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample06/README.txt
@@ -0,0 +1,8 @@
+Sign and encrypt messages
+
+Both client and servce are configured to first sign and then encrypt the
+outgoing message and to decrypt and verify the incoming message using their
+key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+
diff --git a/1_5/modules/rampart-samples/basic/sample06/client.axis2.xml b/1_5/modules/rampart-samples/basic/sample06/client.axis2.xml
new file mode 100644
index 0000000..e998ad8
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample06/client.axis2.xml
@@ -0,0 +1,478 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<axisconfig name="AxisJava2.0">
+
+ <!--Signature and Encryption : Using the request's certificate-->
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>service</encryptionUser>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment">true</parameter>
+ <parameter name="hotupdate">false</parameter>
+ <parameter name="enableMTOM">false</parameter>
+ <parameter name="enableSwA">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments">true</parameter>
+ <parameter name="attachmentDIR"></parameter>
+ <parameter name="sizeThreshold">4000</parameter-->
+
+ <!--Uncomment if you want to enable the reduction of the in-memory cache of WSDL definitions -->
+ <!--In some server environments, the available memory heap is limited and can fill up under load -->
+ <!--Since in-memory copies of WSDL definitions can be large, some steps can be taken-->
+ <!--to reduce the memory needed for the cached WSDL definitions. -->
+ <!--parameter name="reduceWSDLMemoryCache">true</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in milliseconds-->
+ <parameter name="ConfigContextTimeoutInterval">30000</parameter>
+
+ <!--During a fault, stack trace can be sent with the fault message. The following flag will control -->
+ <!--that behavior.-->
+ <parameter name="sendStacktraceDetailsWithFaults">false</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set, then Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason">false</parameter>
+
+ <parameter name="userName">admin</parameter>
+ <parameter name="password">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--ServicesDirectory only works on the following cases-->
+ <!---File based configurator and in that case the value should be a file URL (http:// not allowed)-->
+ <!---When creating URL Based configurator with URL “file://” -->
+ <!--- War based configurator with expanded case , -->
+
+ <!--All the other scenarios it will be ignored.-->
+ <!--<parameter name="ServicesDirectory">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="ModulesDirectory">modules</parameter>-->
+
+
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath">services</parameter>-->
+ <!--<parameter name="restPath">rest</parameter>-->
+
+ <!-- Following parameter will completely disable REST handling in Axis2-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- Following parameter will suppress generation of SOAP 1.2 bindings in auto-generated WSDL files -->
+ <parameter name="disableSOAP12" locked="true">false</parameter>
+
+ <!--POJO deployer , this will alow users to drop .class file and make that into a service-->
+ <deployer extension=".class" directory="pojo" class="org.apache.axis2.deployment.POJODeployer"/>
+ <!--<deployer extension=".jsa" directory="rmiservices" class="org.apache.axis2.rmi.deploy.RMIServiceDeployer"/>-->
+
+
+ <!-- Following parameter will set the host name for the epr-->
+ <!--<parameter name="hostname" locked="true">myhost.com</parameter>-->
+
+ <!-- If you have a front end host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the deafult MessageReceiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovrride this for a particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Message Formatter -->
+ <!-- ================================================= -->
+ <!--Following content type to message formatter mapping can be used to implement support for different message -->
+ <!--format serialization in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageFormatters>
+ <messageFormatter contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.transport.http.XFormURLEncodedFormatter"/>
+ <messageFormatter contentType="multipart/form-data"
+ class="org.apache.axis2.transport.http.MultipartFormDataFormatter"/>
+ <messageFormatter contentType="application/xml"
+ class="org.apache.axis2.transport.http.ApplicationXMLFormatter"/>
+ <messageFormatter contentType="text/xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ <messageFormatter contentType="application/soap+xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ </messageFormatters>
+
+ <!-- ================================================= -->
+ <!-- Message Builders -->
+ <!-- ================================================= -->
+ <!--Following content type to builder mapping can be used to implement support for different message -->
+ <!--formats in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageBuilders>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.builder.XFormURLEncodedBuilder"/>
+ <messageBuilder contentType="multipart/form-data"
+ class="org.apache.axis2.builder.MultipartFormDataBuilder"/>
+ </messageBuilders>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port">8080</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills up (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Listener -->
+
+ <!-- the non blocking http transport based on HttpCore + NIO extensions
+ <transportReceiver name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOListener">
+ <parameter name="port" locked="false">9000</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportReceiver>-->
+
+ <!-- the non blocking https transport based on HttpCore + SSL-NIO extensions
+ <transportReceiver name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener">
+ <parameter name="port" locked="false">9002</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="SSLVerifyClient">require</parameter>
+ supports optional|require or defaults to none -->
+ <!--</transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Listener -->
+ <!-- This is a sample configuration. It assumes a mail server running in localhost.
+ Listener pops messages that comes to the email address red@localhost. Users
+ password is red. Listener connect to the server every 3000 milliseconds.
+ Parameters with "transport." prefix is Axis2 specific. Others are all from Java Mail API.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="mail.pop3.host">localhost</parameter>
+ <parameter name="mail.pop3.user">red</parameter>
+ <parameter name="mail.store.protocol">pop3</parameter>
+ <parameter name="transport.mail.pop3.password">red</parameter>
+ <parameter name="transport.mail.replyToAddress">red@localhost</parameter>
+ <parameter name="transport.listener.interval">3000</parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have TCP transport support-->
+ <!--transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port">6060</parameter-->>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment the following paramter , and set it as you required.-->
+ <!--<parameter name="hostname">tcp://myApp.com/ws</parameter>-->
+ <!-- /transportReceiver -->
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <!-- transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/ -->
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+
+ <!-- If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages -->
+ <!-- <parameter name="OmitSOAP12Action">true</parameter> -->
+ </transportSender>
+
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+ </transportSender>
+ <transportSender name="java"
+ class="org.apache.axis2.transport.java.JavaTransportSender"/>
+
+ <!--<transportSender name="jms"-->
+ <!--class="org.apache.axis2.transport.jms.JMSSender"/>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Sender -->
+
+ <!-- the non-blocking http transport sender based on HttpCore + NIO extensions
+ <transportSender name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportSender>-->
+
+ <!-- the non-blocking https transport sender based on HttpCore + NIO SSL extensions
+ <transportSender name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>
+ supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
+ <!--</transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Sender -->
+ <!--Only need to uncomment the sender. Configuration is achieved with every client.
+ At any instant mail host should be given. Sample configuration has been given.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="mail.smtp.host">localhost</parameter>
+ </transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <!--<moduleConfig name="addressing">-->
+ <!--<parameter name="addressingPara">N/A</parameter>-->
+ <!--</moduleConfig>-->
+
+ <!-- ================================================= -->
+ <!-- Clustering -->
+ <!-- ================================================= -->
+ <!-- Configure and uncomment following for preparing Axis2 to a clustered environment -->
+ <!--
+ <cluster class="org.apache.axis2.cluster.tribes.TribesClusterManager">
+ <parameter name="param1">value1</parameter>
+ <parameter name="domain">apache.axis2.domain</parameter>
+ <parameter name="synchronizeAll">true</parameter>
+ <parameter name="maxRetries">10</parameter>
+ <configurationManager class="org.apache.axis2.cluster.configuration.TribesConfigurationManager">
+ <listener class="org.apache.axis2.cluster.configuration.DefaultConfigurationManagerListener"/>
+ </configurationManager>
+ <contextManager class="org.apache.axis2.cluster.context.TribesContextManager">
+ <listener class="org.apache.axis2.cluster.context.DefaultContextManagerListener"/>
+ </contextManager>
+ </cluster>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-samples/basic/sample06/services.xml b/1_5/modules/rampart-samples/basic/sample06/services.xml
new file mode 100644
index 0000000..2c9b865
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample06/services.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-6 : Signature and Encryption : Using the request's certificate-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample06.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/Client.java b/1_5/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/Client.java
new file mode 100644
index 0000000..441950c
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample06;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample06.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/PWCBHandler.java b/1_5/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/PWCBHandler.java
new file mode 100644
index 0000000..148b24d
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample06;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/SimpleService.java b/1_5/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/SimpleService.java
new file mode 100644
index 0000000..185825e
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample06;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/basic/sample07/README.txt b/1_5/modules/rampart-samples/basic/sample07/README.txt
new file mode 100644
index 0000000..f524604
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample07/README.txt
@@ -0,0 +1,8 @@
+Encrypt and sign messages
+
+Both client and servce are configured to first encrypt and then sign the
+outgoing message and to verify and decrypt the incoming message using their
+key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+
diff --git a/1_5/modules/rampart-samples/basic/sample07/client.axis2.xml b/1_5/modules/rampart-samples/basic/sample07/client.axis2.xml
new file mode 100644
index 0000000..d247bac
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample07/client.axis2.xml
@@ -0,0 +1,477 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Encrypt Signature</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>service</encryptionUser>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Encrypt Signature</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment">true</parameter>
+ <parameter name="hotupdate">false</parameter>
+ <parameter name="enableMTOM">false</parameter>
+ <parameter name="enableSwA">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments">true</parameter>
+ <parameter name="attachmentDIR"></parameter>
+ <parameter name="sizeThreshold">4000</parameter-->
+
+ <!--Uncomment if you want to enable the reduction of the in-memory cache of WSDL definitions -->
+ <!--In some server environments, the available memory heap is limited and can fill up under load -->
+ <!--Since in-memory copies of WSDL definitions can be large, some steps can be taken-->
+ <!--to reduce the memory needed for the cached WSDL definitions. -->
+ <!--parameter name="reduceWSDLMemoryCache">true</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in milliseconds-->
+ <parameter name="ConfigContextTimeoutInterval">30000</parameter>
+
+ <!--During a fault, stack trace can be sent with the fault message. The following flag will control -->
+ <!--that behavior.-->
+ <parameter name="sendStacktraceDetailsWithFaults">false</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set, then Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason">false</parameter>
+
+ <parameter name="userName">admin</parameter>
+ <parameter name="password">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--ServicesDirectory only works on the following cases-->
+ <!---File based configurator and in that case the value should be a file URL (http:// not allowed)-->
+ <!---When creating URL Based configurator with URL “file://” -->
+ <!--- War based configurator with expanded case , -->
+
+ <!--All the other scenarios it will be ignored.-->
+ <!--<parameter name="ServicesDirectory">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="ModulesDirectory">modules</parameter>-->
+
+
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath">services</parameter>-->
+ <!--<parameter name="restPath">rest</parameter>-->
+
+ <!-- Following parameter will completely disable REST handling in Axis2-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- Following parameter will suppress generation of SOAP 1.2 bindings in auto-generated WSDL files -->
+ <parameter name="disableSOAP12" locked="true">false</parameter>
+
+ <!--POJO deployer , this will alow users to drop .class file and make that into a service-->
+ <deployer extension=".class" directory="pojo" class="org.apache.axis2.deployment.POJODeployer"/>
+ <!--<deployer extension=".jsa" directory="rmiservices" class="org.apache.axis2.rmi.deploy.RMIServiceDeployer"/>-->
+
+
+ <!-- Following parameter will set the host name for the epr-->
+ <!--<parameter name="hostname" locked="true">myhost.com</parameter>-->
+
+ <!-- If you have a front end host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the deafult MessageReceiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovrride this for a particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Message Formatter -->
+ <!-- ================================================= -->
+ <!--Following content type to message formatter mapping can be used to implement support for different message -->
+ <!--format serialization in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageFormatters>
+ <messageFormatter contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.transport.http.XFormURLEncodedFormatter"/>
+ <messageFormatter contentType="multipart/form-data"
+ class="org.apache.axis2.transport.http.MultipartFormDataFormatter"/>
+ <messageFormatter contentType="application/xml"
+ class="org.apache.axis2.transport.http.ApplicationXMLFormatter"/>
+ <messageFormatter contentType="text/xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ <messageFormatter contentType="application/soap+xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ </messageFormatters>
+
+ <!-- ================================================= -->
+ <!-- Message Builders -->
+ <!-- ================================================= -->
+ <!--Following content type to builder mapping can be used to implement support for different message -->
+ <!--formats in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageBuilders>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.builder.XFormURLEncodedBuilder"/>
+ <messageBuilder contentType="multipart/form-data"
+ class="org.apache.axis2.builder.MultipartFormDataBuilder"/>
+ </messageBuilders>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port">8080</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills up (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Listener -->
+
+ <!-- the non blocking http transport based on HttpCore + NIO extensions
+ <transportReceiver name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOListener">
+ <parameter name="port" locked="false">9000</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportReceiver>-->
+
+ <!-- the non blocking https transport based on HttpCore + SSL-NIO extensions
+ <transportReceiver name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener">
+ <parameter name="port" locked="false">9002</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="SSLVerifyClient">require</parameter>
+ supports optional|require or defaults to none -->
+ <!--</transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Listener -->
+ <!-- This is a sample configuration. It assumes a mail server running in localhost.
+ Listener pops messages that comes to the email address red@localhost. Users
+ password is red. Listener connect to the server every 3000 milliseconds.
+ Parameters with "transport." prefix is Axis2 specific. Others are all from Java Mail API.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="mail.pop3.host">localhost</parameter>
+ <parameter name="mail.pop3.user">red</parameter>
+ <parameter name="mail.store.protocol">pop3</parameter>
+ <parameter name="transport.mail.pop3.password">red</parameter>
+ <parameter name="transport.mail.replyToAddress">red@localhost</parameter>
+ <parameter name="transport.listener.interval">3000</parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have TCP transport support-->
+ <!--transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port">6060</parameter-->>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment the following paramter , and set it as you required.-->
+ <!--<parameter name="hostname">tcp://myApp.com/ws</parameter>-->
+ <!-- /transportReceiver -->
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <!-- transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/ -->
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+
+ <!-- If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages -->
+ <!-- <parameter name="OmitSOAP12Action">true</parameter> -->
+ </transportSender>
+
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+ </transportSender>
+ <transportSender name="java"
+ class="org.apache.axis2.transport.java.JavaTransportSender"/>
+
+ <!--<transportSender name="jms"-->
+ <!--class="org.apache.axis2.transport.jms.JMSSender"/>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Sender -->
+
+ <!-- the non-blocking http transport sender based on HttpCore + NIO extensions
+ <transportSender name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportSender>-->
+
+ <!-- the non-blocking https transport sender based on HttpCore + NIO SSL extensions
+ <transportSender name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>
+ supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
+ <!--</transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Sender -->
+ <!--Only need to uncomment the sender. Configuration is achieved with every client.
+ At any instant mail host should be given. Sample configuration has been given.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="mail.smtp.host">localhost</parameter>
+ </transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <!--<moduleConfig name="addressing">-->
+ <!--<parameter name="addressingPara">N/A</parameter>-->
+ <!--</moduleConfig>-->
+
+ <!-- ================================================= -->
+ <!-- Clustering -->
+ <!-- ================================================= -->
+ <!-- Configure and uncomment following for preparing Axis2 to a clustered environment -->
+ <!--
+ <cluster class="org.apache.axis2.cluster.tribes.TribesClusterManager">
+ <parameter name="param1">value1</parameter>
+ <parameter name="domain">apache.axis2.domain</parameter>
+ <parameter name="synchronizeAll">true</parameter>
+ <parameter name="maxRetries">10</parameter>
+ <configurationManager class="org.apache.axis2.cluster.configuration.TribesConfigurationManager">
+ <listener class="org.apache.axis2.cluster.configuration.DefaultConfigurationManagerListener"/>
+ </configurationManager>
+ <contextManager class="org.apache.axis2.cluster.context.TribesContextManager">
+ <listener class="org.apache.axis2.cluster.context.DefaultContextManagerListener"/>
+ </contextManager>
+ </cluster>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-samples/basic/sample07/services.xml b/1_5/modules/rampart-samples/basic/sample07/services.xml
new file mode 100644
index 0000000..0b12f2b
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample07/services.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-7 : Encryption and Signature -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample07.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Encrypt Signature</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Encrypt Signature</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ </action>
+ </parameter>
+</service>
diff --git a/1_5/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/Client.java b/1_5/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/Client.java
new file mode 100644
index 0000000..c05d746
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample07;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample07.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/PWCBHandler.java b/1_5/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/PWCBHandler.java
new file mode 100644
index 0000000..2169966
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample07;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/SimpleService.java b/1_5/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/SimpleService.java
new file mode 100644
index 0000000..cd14fc0
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample07;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/basic/sample08/README.txt b/1_5/modules/rampart-samples/basic/sample08/README.txt
new file mode 100644
index 0000000..4643e47
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample08/README.txt
@@ -0,0 +1,10 @@
+Signing twice
+
+The client is configured to sign the outgoing message twice
+ - See the "OutflowSecurity" parameter in the client.axis2.xml
+ - Note the aditional <action> element that defines the second signature.
+
+The service is configured to process it.
+ - See the "InflowSecurity" parameter in the services.xml. Not that we
+ simply use "Signature Signature" as action items.
+
diff --git a/1_5/modules/rampart-samples/basic/sample08/client.axis2.xml b/1_5/modules/rampart-samples/basic/sample08/client.axis2.xml
new file mode 100644
index 0000000..2f30d30
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample08/client.axis2.xml
@@ -0,0 +1,478 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <!-- sample-8 : Double Signature -->
+ <parameter name="OutflowSecurity">
+
+ <action>
+ <items>Timestamp Signature NoSerialization</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample08.PWCBHandler</passwordCallbackClass>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signatureParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+
+ <action>
+ <items>Signature</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample08.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment">true</parameter>
+ <parameter name="hotupdate">false</parameter>
+ <parameter name="enableMTOM">false</parameter>
+ <parameter name="enableSwA">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments">true</parameter>
+ <parameter name="attachmentDIR"></parameter>
+ <parameter name="sizeThreshold">4000</parameter-->
+
+ <!--Uncomment if you want to enable the reduction of the in-memory cache of WSDL definitions -->
+ <!--In some server environments, the available memory heap is limited and can fill up under load -->
+ <!--Since in-memory copies of WSDL definitions can be large, some steps can be taken-->
+ <!--to reduce the memory needed for the cached WSDL definitions. -->
+ <!--parameter name="reduceWSDLMemoryCache">true</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in milliseconds-->
+ <parameter name="ConfigContextTimeoutInterval">30000</parameter>
+
+ <!--During a fault, stack trace can be sent with the fault message. The following flag will control -->
+ <!--that behavior.-->
+ <parameter name="sendStacktraceDetailsWithFaults">false</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set, then Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason">false</parameter>
+
+ <parameter name="userName">admin</parameter>
+ <parameter name="password">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--ServicesDirectory only works on the following cases-->
+ <!---File based configurator and in that case the value should be a file URL (http:// not allowed)-->
+ <!---When creating URL Based configurator with URL “file://” -->
+ <!--- War based configurator with expanded case , -->
+
+ <!--All the other scenarios it will be ignored.-->
+ <!--<parameter name="ServicesDirectory">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="ModulesDirectory">modules</parameter>-->
+
+
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath">services</parameter>-->
+ <!--<parameter name="restPath">rest</parameter>-->
+
+ <!-- Following parameter will completely disable REST handling in Axis2-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- Following parameter will suppress generation of SOAP 1.2 bindings in auto-generated WSDL files -->
+ <parameter name="disableSOAP12" locked="true">false</parameter>
+
+ <!--POJO deployer , this will alow users to drop .class file and make that into a service-->
+ <deployer extension=".class" directory="pojo" class="org.apache.axis2.deployment.POJODeployer"/>
+ <!--<deployer extension=".jsa" directory="rmiservices" class="org.apache.axis2.rmi.deploy.RMIServiceDeployer"/>-->
+
+
+ <!-- Following parameter will set the host name for the epr-->
+ <!--<parameter name="hostname" locked="true">myhost.com</parameter>-->
+
+ <!-- If you have a front end host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the deafult MessageReceiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovrride this for a particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Message Formatter -->
+ <!-- ================================================= -->
+ <!--Following content type to message formatter mapping can be used to implement support for different message -->
+ <!--format serialization in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageFormatters>
+ <messageFormatter contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.transport.http.XFormURLEncodedFormatter"/>
+ <messageFormatter contentType="multipart/form-data"
+ class="org.apache.axis2.transport.http.MultipartFormDataFormatter"/>
+ <messageFormatter contentType="application/xml"
+ class="org.apache.axis2.transport.http.ApplicationXMLFormatter"/>
+ <messageFormatter contentType="text/xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ <messageFormatter contentType="application/soap+xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ </messageFormatters>
+
+ <!-- ================================================= -->
+ <!-- Message Builders -->
+ <!-- ================================================= -->
+ <!--Following content type to builder mapping can be used to implement support for different message -->
+ <!--formats in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageBuilders>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.builder.XFormURLEncodedBuilder"/>
+ <messageBuilder contentType="multipart/form-data"
+ class="org.apache.axis2.builder.MultipartFormDataBuilder"/>
+ </messageBuilders>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port">8080</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills up (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Listener -->
+
+ <!-- the non blocking http transport based on HttpCore + NIO extensions
+ <transportReceiver name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOListener">
+ <parameter name="port" locked="false">9000</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportReceiver>-->
+
+ <!-- the non blocking https transport based on HttpCore + SSL-NIO extensions
+ <transportReceiver name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener">
+ <parameter name="port" locked="false">9002</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="SSLVerifyClient">require</parameter>
+ supports optional|require or defaults to none -->
+ <!--</transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Listener -->
+ <!-- This is a sample configuration. It assumes a mail server running in localhost.
+ Listener pops messages that comes to the email address red@localhost. Users
+ password is red. Listener connect to the server every 3000 milliseconds.
+ Parameters with "transport." prefix is Axis2 specific. Others are all from Java Mail API.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="mail.pop3.host">localhost</parameter>
+ <parameter name="mail.pop3.user">red</parameter>
+ <parameter name="mail.store.protocol">pop3</parameter>
+ <parameter name="transport.mail.pop3.password">red</parameter>
+ <parameter name="transport.mail.replyToAddress">red@localhost</parameter>
+ <parameter name="transport.listener.interval">3000</parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have TCP transport support-->
+ <!--transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port">6060</parameter-->>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment the following paramter , and set it as you required.-->
+ <!--<parameter name="hostname">tcp://myApp.com/ws</parameter>-->
+ <!-- /transportReceiver -->
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <!-- transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/ -->
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+
+ <!-- If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages -->
+ <!-- <parameter name="OmitSOAP12Action">true</parameter> -->
+ </transportSender>
+
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+ </transportSender>
+ <transportSender name="java"
+ class="org.apache.axis2.transport.java.JavaTransportSender"/>
+
+ <!--<transportSender name="jms"-->
+ <!--class="org.apache.axis2.transport.jms.JMSSender"/>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Sender -->
+
+ <!-- the non-blocking http transport sender based on HttpCore + NIO extensions
+ <transportSender name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportSender>-->
+
+ <!-- the non-blocking https transport sender based on HttpCore + NIO SSL extensions
+ <transportSender name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>
+ supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
+ <!--</transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Sender -->
+ <!--Only need to uncomment the sender. Configuration is achieved with every client.
+ At any instant mail host should be given. Sample configuration has been given.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="mail.smtp.host">localhost</parameter>
+ </transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <!--<moduleConfig name="addressing">-->
+ <!--<parameter name="addressingPara">N/A</parameter>-->
+ <!--</moduleConfig>-->
+
+ <!-- ================================================= -->
+ <!-- Clustering -->
+ <!-- ================================================= -->
+ <!-- Configure and uncomment following for preparing Axis2 to a clustered environment -->
+ <!--
+ <cluster class="org.apache.axis2.cluster.tribes.TribesClusterManager">
+ <parameter name="param1">value1</parameter>
+ <parameter name="domain">apache.axis2.domain</parameter>
+ <parameter name="synchronizeAll">true</parameter>
+ <parameter name="maxRetries">10</parameter>
+ <configurationManager class="org.apache.axis2.cluster.configuration.TribesConfigurationManager">
+ <listener class="org.apache.axis2.cluster.configuration.DefaultConfigurationManagerListener"/>
+ </configurationManager>
+ <contextManager class="org.apache.axis2.cluster.context.TribesContextManager">
+ <listener class="org.apache.axis2.cluster.context.DefaultContextManagerListener"/>
+ </contextManager>
+ </cluster>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-samples/basic/sample08/services.xml b/1_5/modules/rampart-samples/basic/sample08/services.xml
new file mode 100644
index 0000000..38a8ce2
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample08/services.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-8 : Double Signature -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample08.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Signature</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample08.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/Client.java b/1_5/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/Client.java
new file mode 100644
index 0000000..c08c279
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample08;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample08.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/PWCBHandler.java b/1_5/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/PWCBHandler.java
new file mode 100644
index 0000000..98c13be
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample08;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/SimpleService.java b/1_5/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/SimpleService.java
new file mode 100644
index 0000000..a61f706
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample08;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/basic/sample09/README.txt b/1_5/modules/rampart-samples/basic/sample09/README.txt
new file mode 100644
index 0000000..7202cc6
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample09/README.txt
@@ -0,0 +1,8 @@
+Encryption with a key known to both parties
+
+Both client and servce are configured to encrypt the outgoing message and to
+decrypt incoming message using a known named key
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+ - Note the use of <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ - Note that org.apache.rampart.samples.sample09.PWCBHandler sets the key
diff --git a/1_5/modules/rampart-samples/basic/sample09/client.axis2.xml b/1_5/modules/rampart-samples/basic/sample09/client.axis2.xml
new file mode 100644
index 0000000..04cd263
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample09/client.axis2.xml
@@ -0,0 +1,476 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <user>client</user>
+ <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
+ <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</EmbeddedKeyCallbackClass>
+ <encryptionPropFile>client.properties</encryptionPropFile>
+ <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</passwordCallbackClass>
+ <decryptionPropFile>client.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment">true</parameter>
+ <parameter name="hotupdate">false</parameter>
+ <parameter name="enableMTOM">false</parameter>
+ <parameter name="enableSwA">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments">true</parameter>
+ <parameter name="attachmentDIR"></parameter>
+ <parameter name="sizeThreshold">4000</parameter-->
+
+ <!--Uncomment if you want to enable the reduction of the in-memory cache of WSDL definitions -->
+ <!--In some server environments, the available memory heap is limited and can fill up under load -->
+ <!--Since in-memory copies of WSDL definitions can be large, some steps can be taken-->
+ <!--to reduce the memory needed for the cached WSDL definitions. -->
+ <!--parameter name="reduceWSDLMemoryCache">true</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in milliseconds-->
+ <parameter name="ConfigContextTimeoutInterval">30000</parameter>
+
+ <!--During a fault, stack trace can be sent with the fault message. The following flag will control -->
+ <!--that behavior.-->
+ <parameter name="sendStacktraceDetailsWithFaults">false</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set, then Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason">false</parameter>
+
+ <parameter name="userName">admin</parameter>
+ <parameter name="password">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--ServicesDirectory only works on the following cases-->
+ <!---File based configurator and in that case the value should be a file URL (http:// not allowed)-->
+ <!---When creating URL Based configurator with URL “file://” -->
+ <!--- War based configurator with expanded case , -->
+
+ <!--All the other scenarios it will be ignored.-->
+ <!--<parameter name="ServicesDirectory">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="ModulesDirectory">modules</parameter>-->
+
+
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath">services</parameter>-->
+ <!--<parameter name="restPath">rest</parameter>-->
+
+ <!-- Following parameter will completely disable REST handling in Axis2-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- Following parameter will suppress generation of SOAP 1.2 bindings in auto-generated WSDL files -->
+ <parameter name="disableSOAP12" locked="true">false</parameter>
+
+ <!--POJO deployer , this will alow users to drop .class file and make that into a service-->
+ <deployer extension=".class" directory="pojo" class="org.apache.axis2.deployment.POJODeployer"/>
+ <!--<deployer extension=".jsa" directory="rmiservices" class="org.apache.axis2.rmi.deploy.RMIServiceDeployer"/>-->
+
+
+ <!-- Following parameter will set the host name for the epr-->
+ <!--<parameter name="hostname" locked="true">myhost.com</parameter>-->
+
+ <!-- If you have a front end host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the deafult MessageReceiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovrride this for a particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Message Formatter -->
+ <!-- ================================================= -->
+ <!--Following content type to message formatter mapping can be used to implement support for different message -->
+ <!--format serialization in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageFormatters>
+ <messageFormatter contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.transport.http.XFormURLEncodedFormatter"/>
+ <messageFormatter contentType="multipart/form-data"
+ class="org.apache.axis2.transport.http.MultipartFormDataFormatter"/>
+ <messageFormatter contentType="application/xml"
+ class="org.apache.axis2.transport.http.ApplicationXMLFormatter"/>
+ <messageFormatter contentType="text/xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ <messageFormatter contentType="application/soap+xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ </messageFormatters>
+
+ <!-- ================================================= -->
+ <!-- Message Builders -->
+ <!-- ================================================= -->
+ <!--Following content type to builder mapping can be used to implement support for different message -->
+ <!--formats in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageBuilders>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.builder.XFormURLEncodedBuilder"/>
+ <messageBuilder contentType="multipart/form-data"
+ class="org.apache.axis2.builder.MultipartFormDataBuilder"/>
+ </messageBuilders>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port">8080</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills up (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Listener -->
+
+ <!-- the non blocking http transport based on HttpCore + NIO extensions
+ <transportReceiver name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOListener">
+ <parameter name="port" locked="false">9000</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportReceiver>-->
+
+ <!-- the non blocking https transport based on HttpCore + SSL-NIO extensions
+ <transportReceiver name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener">
+ <parameter name="port" locked="false">9002</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="SSLVerifyClient">require</parameter>
+ supports optional|require or defaults to none -->
+ <!--</transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Listener -->
+ <!-- This is a sample configuration. It assumes a mail server running in localhost.
+ Listener pops messages that comes to the email address red@localhost. Users
+ password is red. Listener connect to the server every 3000 milliseconds.
+ Parameters with "transport." prefix is Axis2 specific. Others are all from Java Mail API.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="mail.pop3.host">localhost</parameter>
+ <parameter name="mail.pop3.user">red</parameter>
+ <parameter name="mail.store.protocol">pop3</parameter>
+ <parameter name="transport.mail.pop3.password">red</parameter>
+ <parameter name="transport.mail.replyToAddress">red@localhost</parameter>
+ <parameter name="transport.listener.interval">3000</parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have TCP transport support-->
+ <!--transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port">6060</parameter-->>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment the following paramter , and set it as you required.-->
+ <!--<parameter name="hostname">tcp://myApp.com/ws</parameter>-->
+ <!-- /transportReceiver -->
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <!-- transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/ -->
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+
+ <!-- If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages -->
+ <!-- <parameter name="OmitSOAP12Action">true</parameter> -->
+ </transportSender>
+
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+ </transportSender>
+ <transportSender name="java"
+ class="org.apache.axis2.transport.java.JavaTransportSender"/>
+
+ <!--<transportSender name="jms"-->
+ <!--class="org.apache.axis2.transport.jms.JMSSender"/>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Sender -->
+
+ <!-- the non-blocking http transport sender based on HttpCore + NIO extensions
+ <transportSender name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportSender>-->
+
+ <!-- the non-blocking https transport sender based on HttpCore + NIO SSL extensions
+ <transportSender name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>
+ supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
+ <!--</transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Sender -->
+ <!--Only need to uncomment the sender. Configuration is achieved with every client.
+ At any instant mail host should be given. Sample configuration has been given.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="mail.smtp.host">localhost</parameter>
+ </transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <!--<moduleConfig name="addressing">-->
+ <!--<parameter name="addressingPara">N/A</parameter>-->
+ <!--</moduleConfig>-->
+
+ <!-- ================================================= -->
+ <!-- Clustering -->
+ <!-- ================================================= -->
+ <!-- Configure and uncomment following for preparing Axis2 to a clustered environment -->
+ <!--
+ <cluster class="org.apache.axis2.cluster.tribes.TribesClusterManager">
+ <parameter name="param1">value1</parameter>
+ <parameter name="domain">apache.axis2.domain</parameter>
+ <parameter name="synchronizeAll">true</parameter>
+ <parameter name="maxRetries">10</parameter>
+ <configurationManager class="org.apache.axis2.cluster.configuration.TribesConfigurationManager">
+ <listener class="org.apache.axis2.cluster.configuration.DefaultConfigurationManagerListener"/>
+ </configurationManager>
+ <contextManager class="org.apache.axis2.cluster.context.TribesContextManager">
+ <listener class="org.apache.axis2.cluster.context.DefaultContextManagerListener"/>
+ </contextManager>
+ </cluster>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-samples/basic/sample09/services.xml b/1_5/modules/rampart-samples/basic/sample09/services.xml
new file mode 100644
index 0000000..9c2f5c0
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample09/services.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-9 : Encryption using a known key -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample09.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</passwordCallbackClass>
+ <decryptionPropFile>service.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <user>service</user>
+ <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
+ <encryptionPropFile>service.properties</encryptionPropFile>
+ <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</EmbeddedKeyCallbackClass>
+ <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/Client.java b/1_5/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/Client.java
new file mode 100644
index 0000000..9478f1e
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample09;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample09.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/PWCBHandler.java b/1_5/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/PWCBHandler.java
new file mode 100644
index 0000000..92adde4
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/PWCBHandler.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample09;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e };
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
+
+ if (pwcb.getUsage() == WSPasswordCallback.KEY_NAME) {
+ pwcb.setKey(key);
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/SimpleService.java b/1_5/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/SimpleService.java
new file mode 100644
index 0000000..7862caf
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample09;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/basic/sample10/README.txt b/1_5/modules/rampart-samples/basic/sample10/README.txt
new file mode 100644
index 0000000..0ad0c6a
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample10/README.txt
@@ -0,0 +1,8 @@
+Sign and encrypt messages
+
+Both client and servce are configured to first sign and then encrypt the
+outgoing message and to decrypt and verify the incoming message using their
+key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+ - Note the use of <optimizeParts>[xpath expression]</optimizeParts>
diff --git a/1_5/modules/rampart-samples/basic/sample10/client.axis2.xml b/1_5/modules/rampart-samples/basic/sample10/client.axis2.xml
new file mode 100644
index 0000000..9c9d83e
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample10/client.axis2.xml
@@ -0,0 +1,481 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<axisconfig name="AxisJava2.0">
+ <module ref="rampart" />
+
+ <!-- sample-10 : MTOM optimize encrypted content -->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample10.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>service</encryptionUser>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample10.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment">true</parameter>
+ <parameter name="hotupdate">false</parameter>
+ <parameter name="enableMTOM">true</parameter>
+ <parameter name="enableSwA">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments">true</parameter>
+ <parameter name="attachmentDIR"></parameter>
+ <parameter name="sizeThreshold">4000</parameter-->
+
+ <!--Uncomment if you want to enable the reduction of the in-memory cache of WSDL definitions -->
+ <!--In some server environments, the available memory heap is limited and can fill up under load -->
+ <!--Since in-memory copies of WSDL definitions can be large, some steps can be taken-->
+ <!--to reduce the memory needed for the cached WSDL definitions. -->
+ <!--parameter name="reduceWSDLMemoryCache">true</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in milliseconds-->
+ <parameter name="ConfigContextTimeoutInterval">30000</parameter>
+
+ <!--During a fault, stack trace can be sent with the fault message. The following flag will control -->
+ <!--that behavior.-->
+ <parameter name="sendStacktraceDetailsWithFaults">false</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set, then Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason">false</parameter>
+
+ <parameter name="userName">admin</parameter>
+ <parameter name="password">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--ServicesDirectory only works on the following cases-->
+ <!---File based configurator and in that case the value should be a file URL (http:// not allowed)-->
+ <!---When creating URL Based configurator with URL “file://” -->
+ <!--- War based configurator with expanded case , -->
+
+ <!--All the other scenarios it will be ignored.-->
+ <!--<parameter name="ServicesDirectory">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="ModulesDirectory">modules</parameter>-->
+
+
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath">services</parameter>-->
+ <!--<parameter name="restPath">rest</parameter>-->
+
+ <!-- Following parameter will completely disable REST handling in Axis2-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- Following parameter will suppress generation of SOAP 1.2 bindings in auto-generated WSDL files -->
+ <parameter name="disableSOAP12" locked="true">false</parameter>
+
+ <!--POJO deployer , this will alow users to drop .class file and make that into a service-->
+ <deployer extension=".class" directory="pojo" class="org.apache.axis2.deployment.POJODeployer"/>
+ <!--<deployer extension=".jsa" directory="rmiservices" class="org.apache.axis2.rmi.deploy.RMIServiceDeployer"/>-->
+
+
+ <!-- Following parameter will set the host name for the epr-->
+ <!--<parameter name="hostname" locked="true">myhost.com</parameter>-->
+
+ <!-- If you have a front end host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the deafult MessageReceiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovrride this for a particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Message Formatter -->
+ <!-- ================================================= -->
+ <!--Following content type to message formatter mapping can be used to implement support for different message -->
+ <!--format serialization in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageFormatters>
+ <messageFormatter contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.transport.http.XFormURLEncodedFormatter"/>
+ <messageFormatter contentType="multipart/form-data"
+ class="org.apache.axis2.transport.http.MultipartFormDataFormatter"/>
+ <messageFormatter contentType="application/xml"
+ class="org.apache.axis2.transport.http.ApplicationXMLFormatter"/>
+ <messageFormatter contentType="text/xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ <messageFormatter contentType="application/soap+xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ </messageFormatters>
+
+ <!-- ================================================= -->
+ <!-- Message Builders -->
+ <!-- ================================================= -->
+ <!--Following content type to builder mapping can be used to implement support for different message -->
+ <!--formats in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageBuilders>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.builder.XFormURLEncodedBuilder"/>
+ <messageBuilder contentType="multipart/form-data"
+ class="org.apache.axis2.builder.MultipartFormDataBuilder"/>
+ </messageBuilders>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port">8080</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills up (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Listener -->
+
+ <!-- the non blocking http transport based on HttpCore + NIO extensions
+ <transportReceiver name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOListener">
+ <parameter name="port" locked="false">9000</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportReceiver>-->
+
+ <!-- the non blocking https transport based on HttpCore + SSL-NIO extensions
+ <transportReceiver name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener">
+ <parameter name="port" locked="false">9002</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="SSLVerifyClient">require</parameter>
+ supports optional|require or defaults to none -->
+ <!--</transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Listener -->
+ <!-- This is a sample configuration. It assumes a mail server running in localhost.
+ Listener pops messages that comes to the email address red@localhost. Users
+ password is red. Listener connect to the server every 3000 milliseconds.
+ Parameters with "transport." prefix is Axis2 specific. Others are all from Java Mail API.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="mail.pop3.host">localhost</parameter>
+ <parameter name="mail.pop3.user">red</parameter>
+ <parameter name="mail.store.protocol">pop3</parameter>
+ <parameter name="transport.mail.pop3.password">red</parameter>
+ <parameter name="transport.mail.replyToAddress">red@localhost</parameter>
+ <parameter name="transport.listener.interval">3000</parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have TCP transport support-->
+ <!--transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port">6060</parameter-->>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment the following paramter , and set it as you required.-->
+ <!--<parameter name="hostname">tcp://myApp.com/ws</parameter>-->
+ <!-- /transportReceiver -->
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <!-- transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/ -->
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+
+ <!-- If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages -->
+ <!-- <parameter name="OmitSOAP12Action">true</parameter> -->
+ </transportSender>
+
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+ </transportSender>
+ <transportSender name="java"
+ class="org.apache.axis2.transport.java.JavaTransportSender"/>
+
+ <!--<transportSender name="jms"-->
+ <!--class="org.apache.axis2.transport.jms.JMSSender"/>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Sender -->
+
+ <!-- the non-blocking http transport sender based on HttpCore + NIO extensions
+ <transportSender name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportSender>-->
+
+ <!-- the non-blocking https transport sender based on HttpCore + NIO SSL extensions
+ <transportSender name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>
+ supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
+ <!--</transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Sender -->
+ <!--Only need to uncomment the sender. Configuration is achieved with every client.
+ At any instant mail host should be given. Sample configuration has been given.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="mail.smtp.host">localhost</parameter>
+ </transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <!--<moduleConfig name="addressing">-->
+ <!--<parameter name="addressingPara">N/A</parameter>-->
+ <!--</moduleConfig>-->
+
+ <!-- ================================================= -->
+ <!-- Clustering -->
+ <!-- ================================================= -->
+ <!-- Configure and uncomment following for preparing Axis2 to a clustered environment -->
+ <!--
+ <cluster class="org.apache.axis2.cluster.tribes.TribesClusterManager">
+ <parameter name="param1">value1</parameter>
+ <parameter name="domain">apache.axis2.domain</parameter>
+ <parameter name="synchronizeAll">true</parameter>
+ <parameter name="maxRetries">10</parameter>
+ <configurationManager class="org.apache.axis2.cluster.configuration.TribesConfigurationManager">
+ <listener class="org.apache.axis2.cluster.configuration.DefaultConfigurationManagerListener"/>
+ </configurationManager>
+ <contextManager class="org.apache.axis2.cluster.context.TribesContextManager">
+ <listener class="org.apache.axis2.cluster.context.DefaultContextManagerListener"/>
+ </contextManager>
+ </cluster>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-samples/basic/sample10/services.xml b/1_5/modules/rampart-samples/basic/sample10/services.xml
new file mode 100644
index 0000000..8cada6d
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample10/services.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-10 : MTOM optimize encrypted content -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample10.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample10.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample10.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/Client.java b/1_5/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/Client.java
new file mode 100644
index 0000000..1704002
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample10;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample10.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/PWCBHandler.java b/1_5/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/PWCBHandler.java
new file mode 100644
index 0000000..2675cdb
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample10;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/SimpleService.java b/1_5/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/SimpleService.java
new file mode 100644
index 0000000..93743ea
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample10;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/basic/sample11/README.txt b/1_5/modules/rampart-samples/basic/sample11/README.txt
new file mode 100644
index 0000000..2a60545
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample11/README.txt
@@ -0,0 +1,8 @@
+Dynamic configuration : Get rid of the config files ... let's use code!
+
+Both client and servce are configured to first sign and then encrypt the
+outgoing message and to decrypt and verify the incoming message using their
+key pairs.
+ - Note that we don't use any parameters in the client.axis2.xml
+ - See org.apache.rampart.samples.sample11.Client's getOutflowConfiguration()
+ getInflowConfiguration() methods and their usage.
diff --git a/1_5/modules/rampart-samples/basic/sample11/client.axis2.xml b/1_5/modules/rampart-samples/basic/sample11/client.axis2.xml
new file mode 100644
index 0000000..097f55f
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample11/client.axis2.xml
@@ -0,0 +1,454 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<axisconfig name="AxisJava2.0">
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment">true</parameter>
+ <parameter name="hotupdate">false</parameter>
+ <parameter name="enableMTOM">false</parameter>
+ <parameter name="enableSwA">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments">true</parameter>
+ <parameter name="attachmentDIR"></parameter>
+ <parameter name="sizeThreshold">4000</parameter-->
+
+ <!--Uncomment if you want to enable the reduction of the in-memory cache of WSDL definitions -->
+ <!--In some server environments, the available memory heap is limited and can fill up under load -->
+ <!--Since in-memory copies of WSDL definitions can be large, some steps can be taken-->
+ <!--to reduce the memory needed for the cached WSDL definitions. -->
+ <!--parameter name="reduceWSDLMemoryCache">true</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in milliseconds-->
+ <parameter name="ConfigContextTimeoutInterval">30000</parameter>
+
+ <!--During a fault, stack trace can be sent with the fault message. The following flag will control -->
+ <!--that behavior.-->
+ <parameter name="sendStacktraceDetailsWithFaults">false</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set, then Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason">false</parameter>
+
+ <parameter name="userName">admin</parameter>
+ <parameter name="password">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--ServicesDirectory only works on the following cases-->
+ <!---File based configurator and in that case the value should be a file URL (http:// not allowed)-->
+ <!---When creating URL Based configurator with URL “file://” -->
+ <!--- War based configurator with expanded case , -->
+
+ <!--All the other scenarios it will be ignored.-->
+ <!--<parameter name="ServicesDirectory">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="ModulesDirectory">modules</parameter>-->
+
+
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath">services</parameter>-->
+ <!--<parameter name="restPath">rest</parameter>-->
+
+ <!-- Following parameter will completely disable REST handling in Axis2-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- Following parameter will suppress generation of SOAP 1.2 bindings in auto-generated WSDL files -->
+ <parameter name="disableSOAP12" locked="true">false</parameter>
+
+ <!--POJO deployer , this will alow users to drop .class file and make that into a service-->
+ <deployer extension=".class" directory="pojo" class="org.apache.axis2.deployment.POJODeployer"/>
+ <!--<deployer extension=".jsa" directory="rmiservices" class="org.apache.axis2.rmi.deploy.RMIServiceDeployer"/>-->
+
+
+ <!-- Following parameter will set the host name for the epr-->
+ <!--<parameter name="hostname" locked="true">myhost.com</parameter>-->
+
+ <!-- If you have a front end host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the deafult MessageReceiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovrride this for a particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2006/01/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Message Formatter -->
+ <!-- ================================================= -->
+ <!--Following content type to message formatter mapping can be used to implement support for different message -->
+ <!--format serialization in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageFormatters>
+ <messageFormatter contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.transport.http.XFormURLEncodedFormatter"/>
+ <messageFormatter contentType="multipart/form-data"
+ class="org.apache.axis2.transport.http.MultipartFormDataFormatter"/>
+ <messageFormatter contentType="application/xml"
+ class="org.apache.axis2.transport.http.ApplicationXMLFormatter"/>
+ <messageFormatter contentType="text/xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ <messageFormatter contentType="application/soap+xml"
+ class="org.apache.axis2.transport.http.SOAPMessageFormatter"/>
+ </messageFormatters>
+
+ <!-- ================================================= -->
+ <!-- Message Builders -->
+ <!-- ================================================= -->
+ <!--Following content type to builder mapping can be used to implement support for different message -->
+ <!--formats in Axis2. These message formats are expected to be resolved based on the content type. -->
+ <messageBuilders>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/xml"
+ class="org.apache.axis2.builder.ApplicationXMLBuilder"/>
+ <messageBuilder contentType="application/x-www-form-urlencoded"
+ class="org.apache.axis2.builder.XFormURLEncodedBuilder"/>
+ <messageBuilder contentType="multipart/form-data"
+ class="org.apache.axis2.builder.MultipartFormDataBuilder"/>
+ </messageBuilders>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port">8080</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills up (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default">
+ <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Listener -->
+
+ <!-- the non blocking http transport based on HttpCore + NIO extensions
+ <transportReceiver name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOListener">
+ <parameter name="port" locked="false">9000</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportReceiver>-->
+
+ <!-- the non blocking https transport based on HttpCore + SSL-NIO extensions
+ <transportReceiver name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener">
+ <parameter name="port" locked="false">9002</parameter>
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="SSLVerifyClient">require</parameter>
+ supports optional|require or defaults to none -->
+ <!--</transportReceiver>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Listener -->
+ <!-- This is a sample configuration. It assumes a mail server running in localhost.
+ Listener pops messages that comes to the email address red@localhost. Users
+ password is red. Listener connect to the server every 3000 milliseconds.
+ Parameters with "transport." prefix is Axis2 specific. Others are all from Java Mail API.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="mail.pop3.host">localhost</parameter>
+ <parameter name="mail.pop3.user">red</parameter>
+ <parameter name="mail.store.protocol">pop3</parameter>
+ <parameter name="transport.mail.pop3.password">red</parameter>
+ <parameter name="transport.mail.replyToAddress">red@localhost</parameter>
+ <parameter name="transport.listener.interval">3000</parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have TCP transport support-->
+ <!--transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port">6060</parameter-->>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment the following paramter , and set it as you required.-->
+ <!--<parameter name="hostname">tcp://myApp.com/ws</parameter>-->
+ <!-- /transportReceiver -->
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <!-- transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/ -->
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+
+ <!-- If following is set to 'true', optional action part of the Content-Type will not be added to the SOAP 1.2 messages -->
+ <!-- <parameter name="OmitSOAP12Action">true</parameter> -->
+ </transportSender>
+
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding">chunked</parameter>
+ </transportSender>
+ <transportSender name="java"
+ class="org.apache.axis2.transport.java.JavaTransportSender"/>
+
+ <!--<transportSender name="jms"-->
+ <!--class="org.apache.axis2.transport.jms.JMSSender"/>-->
+
+ <!-- ================================================= -->
+ <!-- Non-blocking http/s Transport Sender -->
+
+ <!-- the non-blocking http transport sender based on HttpCore + NIO extensions
+ <transportSender name="http" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ </transportSender>-->
+
+ <!-- the non-blocking https transport sender based on HttpCore + NIO SSL extensions
+ <transportSender name="https" class="org.apache.axis2.transport.nhttp.HttpCoreNIOSSLSender">
+ <parameter name="non-blocking" locked="false">true</parameter>
+ <parameter name="keystore" locked="false">
+ <KeyStore>
+ <Location>identity.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ <KeyPassword>password</KeyPassword>
+ </KeyStore>
+ </parameter>
+ <parameter name="truststore" locked="false">
+ <TrustStore>
+ <Location>trust.jks</Location>
+ <Type>JKS</Type>
+ <Password>password</Password>
+ </TrustStore>
+ </parameter>-->
+ <!--<parameter name="HostnameVerifier">DefaultAndLocalhost</parameter>
+ supports Strict|AllowAll|DefaultAndLocalhost or the default if none specified -->
+ <!--</transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Mail Transport Sender -->
+ <!--Only need to uncomment the sender. Configuration is achieved with every client.
+ At any instant mail host should be given. Sample configuration has been given.
+ http://people.apache.org/~pzf/SMTPBase64Binding-0.2.html
+ -->
+ <!-- ================================================= -->
+ <!--<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="mail.smtp.host">localhost</parameter>
+ </transportSender>-->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <!--<moduleConfig name="addressing">-->
+ <!--<parameter name="addressingPara">N/A</parameter>-->
+ <!--</moduleConfig>-->
+
+ <!-- ================================================= -->
+ <!-- Clustering -->
+ <!-- ================================================= -->
+ <!-- Configure and uncomment following for preparing Axis2 to a clustered environment -->
+ <!--
+ <cluster class="org.apache.axis2.cluster.tribes.TribesClusterManager">
+ <parameter name="param1">value1</parameter>
+ <parameter name="domain">apache.axis2.domain</parameter>
+ <parameter name="synchronizeAll">true</parameter>
+ <parameter name="maxRetries">10</parameter>
+ <configurationManager class="org.apache.axis2.cluster.configuration.TribesConfigurationManager">
+ <listener class="org.apache.axis2.cluster.configuration.DefaultConfigurationManagerListener"/>
+ </configurationManager>
+ <contextManager class="org.apache.axis2.cluster.context.TribesContextManager">
+ <listener class="org.apache.axis2.cluster.context.DefaultContextManagerListener"/>
+ </contextManager>
+ </cluster>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-samples/basic/sample11/services.xml b/1_5/modules/rampart-samples/basic/sample11/services.xml
new file mode 100644
index 0000000..28715e1
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample11/services.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-11 : Dynamic client configuration -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample11.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample11.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample11.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ </action>
+ </parameter>
+</service>
diff --git a/1_5/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/Client.java b/1_5/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/Client.java
new file mode 100644
index 0000000..bef552a
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/Client.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample11;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+
+ //Set the rampart parameters
+ options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, getOutflowConfiguration());
+ options.setProperty(WSSHandlerConstants.INFLOW_SECURITY, getInflowConfiguration());
+
+ client.setOptions(options);
+
+ //Engage rampart
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample11.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+ private static Parameter getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+ ofc.setActionItems("Timestamp Signature Encrypt");
+ ofc.setUser("client");
+ ofc.setPasswordCallbackClass("org.apache.rampart.samples.sample11.PWCBHandler");
+ ofc.setSignaturePropFile("client.properties");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
+ ofc.setEncryptionUser("service");
+
+ return ofc.getProperty();
+ }
+
+ private static Parameter getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+ ifc.setActionItems("Timestamp Signature Encrypt");
+ ifc.setPasswordCallbackClass("org.apache.rampart.samples.sample11.PWCBHandler");
+ ifc.setSignaturePropFile("client.properties");
+
+ return ifc.getProperty();
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/PWCBHandler.java b/1_5/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/PWCBHandler.java
new file mode 100644
index 0000000..1e10288
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample11;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/SimpleService.java b/1_5/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/SimpleService.java
new file mode 100644
index 0000000..012bd62
--- /dev/null
+++ b/1_5/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample11;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/build.xml b/1_5/modules/rampart-samples/build.xml
new file mode 100644
index 0000000..708bc83
--- /dev/null
+++ b/1_5/modules/rampart-samples/build.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<project basedir="." default="setup">
+
+ <property name="lib.dir" value="../lib"/>
+ <property name="modules.dir" value="../modules"/>
+
+ <property environment="env"/>
+
+ <target name="check.dependency" unless="env.AXIS2_HOME">
+ <echo message="AXIS2_HOME must be set"/>
+ </target>
+
+ <!-- Copy the required jars and mars appropriately -->
+ <target name="setup" if="env.AXIS2_HOME" depends="check.dependency">
+
+ <property name="axis2.modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="axis2.lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <copy todir="${axis2.lib.dir}">
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </copy>
+
+ <copy todir="${axis2.modules.dir}">
+ <fileset dir="${modules.dir}">
+ <include name="**/*.mar"/>
+ </fileset>
+ </copy>
+
+ </target>
+
+</project>
diff --git a/1_5/modules/rampart-samples/keys/client.jks b/1_5/modules/rampart-samples/keys/client.jks
new file mode 100644
index 0000000..15cecc5
--- /dev/null
+++ b/1_5/modules/rampart-samples/keys/client.jks
Binary files differ
diff --git a/1_5/modules/rampart-samples/keys/client.properties b/1_5/modules/rampart-samples/keys/client.properties
new file mode 100644
index 0000000..985250f
--- /dev/null
+++ b/1_5/modules/rampart-samples/keys/client.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=apache
+org.apache.ws.security.crypto.merlin.file=client.jks
\ No newline at end of file
diff --git a/1_5/modules/rampart-samples/keys/service.jks b/1_5/modules/rampart-samples/keys/service.jks
new file mode 100644
index 0000000..83dade2
--- /dev/null
+++ b/1_5/modules/rampart-samples/keys/service.jks
Binary files differ
diff --git a/1_5/modules/rampart-samples/keys/service.properties b/1_5/modules/rampart-samples/keys/service.properties
new file mode 100644
index 0000000..cdd231c
--- /dev/null
+++ b/1_5/modules/rampart-samples/keys/service.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=apache
+org.apache.ws.security.crypto.merlin.file=service.jks
\ No newline at end of file
diff --git a/1_5/modules/rampart-samples/keys/sts.jks b/1_5/modules/rampart-samples/keys/sts.jks
new file mode 100644
index 0000000..f463c9b
--- /dev/null
+++ b/1_5/modules/rampart-samples/keys/sts.jks
Binary files differ
diff --git a/1_5/modules/rampart-samples/policy/build.xml b/1_5/modules/rampart-samples/policy/build.xml
new file mode 100644
index 0000000..caabbf3
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/build.xml
@@ -0,0 +1,287 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<project basedir="." default="clean">
+
+ <property name="service.repos.dir" value="build/service_repositories"/>
+ <property name="client.repos.dir" value="build/client_repositories"/>
+ <property name="temp.dir" value="build/temp"/>
+ <property name="keys.dir" value="../keys"/>
+ <property name="temp.client.dir" value="build/temp_client"/>
+
+ <property name="addressing.mar" value="addressing-1.5.1.mar"/>
+ <property name="rampart.mar" value="rampart-1.5.mar"/>
+ <property name="rahas.mar" value="rahas-1.5.mar"/>
+
+ <property name="client.port" value="8080"/>
+ <property name="server.port" value="8080"/>
+
+ <property name="sample.services.url" value="http://localhost:${client.port}/axis2/services"/>
+
+ <property environment="env"/>
+
+ <target name="check.dependency" unless="env.AXIS2_HOME">
+ <echo message="AXIS2_HOME must be set"/>
+ </target>
+
+ <!-- Sample Service 01 -->
+ <target name="service.01" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="01"/>
+ </target>
+
+ <!-- Sample Client 01 -->
+ <target name="client.01" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="01"/>
+ </target>
+
+ <!-- Sample Service 02 -->
+ <target name="service.02" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="02"/>
+ </target>
+
+ <!-- Sample Client 02 -->
+ <target name="client.02" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="02"/>
+ </target>
+
+ <!-- Sample Service 03 -->
+ <target name="service.03" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="03"/>
+ </target>
+
+ <!-- Sample Client 01 -->
+ <target name="client.03" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="03"/>
+ </target>
+
+ <!-- Sample Service 04 -->
+ <target name="service.04" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="04"/>
+ </target>
+
+ <!-- Sample Client 04 -->
+ <target name="client.04" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="04"/>
+ </target>
+
+ <!-- Sample Service 05 -->
+ <target name="service.05" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="05"/>
+ </target>
+
+ <!-- Sample Client 05 -->
+ <target name="client.05" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="05"/>
+ </target>
+
+ <!-- Sample Service 06 -->
+ <target name="service.06" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.trust.service.repo sample.number="06"/>
+ </target>
+
+ <!-- Sample Client 06 -->
+ <target name="client.06" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="06"/>
+ </target>
+
+ <!-- Sample Service 07 -->
+ <target name="service.07" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.trust.service.repo sample.number="07"/>
+ </target>
+
+ <!-- Sample Client 07 -->
+ <target name="client.07" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="07"/>
+ </target>
+
+ <!-- Sample Service 08 -->
+ <target name="service.08" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="08"/>
+ </target>
+
+ <!-- Sample Client 08 -->
+ <target name="client.08" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="08"/>
+ </target>
+
+
+ <target name="clean">
+ <delete dir="build" />
+ </target>
+
+ <!-- Macro to create a service repo for a given sample -->
+ <macrodef name="create.service.repo">
+ <attribute name="sample.number" default="sample"/>
+ <sequential>
+
+ <property name="modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/services"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/modules"/>
+
+ <!-- copy modules -->
+ <copy file="${modules.dir}/${addressing.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rampart.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${rampart.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rahas.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${rahas.mar}" overwrite="true"/>
+
+ <!-- create service -->
+ <mkdir dir="${temp.dir}"/>
+ <mkdir dir="${temp.dir}/META-INF"/>
+
+ <!-- Compile service -->
+ <javac srcdir="sample@{sample.number}/src" destdir="${temp.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/Client.java"/>
+ </javac>
+
+ <copy file="sample@{sample.number}/services.xml" tofile="${temp.dir}/META-INF/services.xml" overwrite="true"/>
+ <copy file="${keys.dir}/service.jks" tofile="${temp.dir}/service.jks" overwrite="true"/>
+ <copy file="${keys.dir}/sts.jks" tofile="${temp.dir}/sts.jks" overwrite="true"/>
+ <copy file="${keys.dir}/service.properties" tofile="${temp.dir}/service.properties" overwrite="true"/>
+
+ <jar destfile="${service.repos.dir}/sample@{sample.number}/services/sample@{sample.number}.aar">
+ <fileset dir="${temp.dir}"></fileset>
+ </jar>
+
+ <delete dir="${temp.dir}" />
+ <!-- start SimpleHTTPserver -->
+ <java classname="org.apache.axis2.transport.http.SimpleHTTPServer" fork="true">
+ <arg value="${service.repos.dir}/sample@{sample.number}"/>
+ <arg value="-p${server.port}"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ </java>
+
+ </sequential>
+ </macrodef>
+
+ <!-- Macro to create a service repo for a given trust sample -->
+ <macrodef name="create.trust.service.repo">
+ <attribute name="sample.number" default="sample"/>
+ <sequential>
+
+ <property name="modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/services"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/modules"/>
+
+ <!-- copy modules -->
+ <copy file="${modules.dir}/${addressing.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rampart.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${rampart.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rahas.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${rahas.mar}" overwrite="true"/>
+
+ <!-- create service -->
+ <mkdir dir="${temp.dir}"/>
+ <mkdir dir="${temp.dir}/META-INF"/>
+
+ <!-- Compile service -->
+ <javac srcdir="sample@{sample.number}/src" destdir="${temp.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/Client.java"/>
+ </javac>
+
+ <copy file="sample@{sample.number}/services.xml" tofile="${temp.dir}/META-INF/services.xml" overwrite="true"/>
+ <copy file="sample@{sample.number}/mex_policy.xml" tofile="${temp.dir}/mex_policy.xml" overwrite="true"/>
+ <copy file="${keys.dir}/service.jks" tofile="${temp.dir}/service.jks" overwrite="true"/>
+ <copy file="${keys.dir}/sts.jks" tofile="${temp.dir}/sts.jks" overwrite="true"/>
+ <copy file="${keys.dir}/service.properties" tofile="${temp.dir}/service.properties" overwrite="true"/>
+
+ <jar destfile="${service.repos.dir}/sample@{sample.number}/services/sample@{sample.number}.aar">
+ <fileset dir="${temp.dir}"></fileset>
+ </jar>
+
+ <delete dir="${temp.dir}" />
+ <!-- start SimpleHTTPserver -->
+ <java classname="org.apache.axis2.transport.http.SimpleHTTPServer" fork="true">
+ <arg value="${service.repos.dir}/sample@{sample.number}"/>
+ <arg value="-p${server.port}"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ </java>
+
+ </sequential>
+ </macrodef>
+
+ <macrodef name="create.and.run.client">
+ <attribute name="sample.number" default="sample"/>
+ <sequential>
+
+ <property name="modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <!-- Create the client repo -->
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}"/>
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}/conf"/>
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}/modules"/>
+
+ <!-- copy modules -->
+ <copy file="${modules.dir}/${addressing.mar}" tofile="${client.repos.dir}/sample@{sample.number}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rampart.mar}" tofile="${client.repos.dir}/sample@{sample.number}/modules/${rampart.mar}" overwrite="true"/>
+
+ <mkdir dir="${temp.client.dir}"/>
+
+ <!-- Compile client -->
+ <javac srcdir="sample@{sample.number}/src" destdir="${temp.client.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/SimpleService.java"/>
+ </javac>
+
+ <copy file="${keys.dir}/client.jks" tofile="${temp.client.dir}/client.jks" overwrite="true"/>
+ <copy file="${keys.dir}/client.properties" tofile="${temp.client.dir}/client.properties" overwrite="true"/>
+
+
+ <!-- Run client -->
+ <java classname="org.apache.rampart.samples.policy.sample@{sample.number}.Client" fork="true">
+ <arg value="${sample.services.url}/sample@{sample.number}"/>
+ <arg value="${client.repos.dir}/sample@{sample.number}"/>
+ <arg value="sample@{sample.number}/policy.xml"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ <dirset dir="${temp.client.dir}" />
+ </classpath>
+ </java>
+
+<!-- <delete dir="${temp.client.dir}"/> -->
+ </sequential>
+ </macrodef>
+
+</project>
diff --git a/1_5/modules/rampart-samples/policy/sample-tomcat/README b/1_5/modules/rampart-samples/policy/sample-tomcat/README
new file mode 100644
index 0000000..ec3e928
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample-tomcat/README
@@ -0,0 +1,37 @@
+********************************************************************************
+**************************** Apache Rampart Tomcat Samples *********************
+********************************************************************************
+
+It is strongly recommended to run other samples before trying this. Because it will create the directory structure to expected by the build file.
+
+UsernameToken Authentication over HTTPS.
+
+Step1: Install Axis2 in Tomcat by reading the Axis2 installation guide available in http://ws.apache.org/axis2/. Then test axis2 in Tomcat.
+
+Step2: Copy keystores into Tomcat by giving the following command in this directory.
+$ant copy.keys
+
+Step3: Copy rampart jars and mars into Tomcat by giving the following command in this directory.
+$ant copy.rampart.to.tomcat
+
+Step4: Enable HTTPS on Tomcat. For Tomcat5 uncomment the "SSL HTTP/1.1 Connector". The default HTTPS port for Tomcat is 8443. For more information "http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html"
+
+Step5: Add the key store information by adding the following into the Connector element in server.xml.
+
+truststoreFile="rampart-sample-keys.jks"
+truststorePass="apache"
+truststoreType="JKS"
+keystoreFile="rampart-sample-keys.jks"
+keystorePass="apache"
+
+Start tomcat and check the service by typing "https://127.0.0.1:8443/axis2/services/listServices" in the browser. If you have changed the SSL port then type the correct port number and please change the build.xml's ssl.port accordingly.
+
+Step6: The following command will copy the ut-over-https.aar into the ${CATALINA_HOME}/webapps/axis2/WEB-INF/services/ut-over-https.aar
+$ant create.and.copy.service
+
+Step7: Start tomcat. View https://127.0.0.1:8443/axis2/services/listServices to see wether the service is available.
+
+Step8: The following command will create and run the client.
+$ant create.and.run.client
+
+
diff --git a/1_5/modules/rampart-samples/policy/sample-tomcat/build.xml b/1_5/modules/rampart-samples/policy/sample-tomcat/build.xml
new file mode 100644
index 0000000..88053ce
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample-tomcat/build.xml
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<project basedir="." default="clean">
+
+ <property name="client.repos.dir" value="build/client_repository"/>
+ <property name="service.dir" value="build/ut-over-https"/>
+ <property name="temp.dir" value="build"/>
+ <property name="keys.dir" value="../../keys"/>
+ <property name="temp.client.dir" value="build/temp_client"/>
+
+ <property name="addressing.mar" value="addressing-1.3.mar"/>
+ <property name="rampart.mar" value="rampart-1.3.mar"/>
+
+ <property name="ssl.port" value="8443"/>
+ <!--can be removed-->
+ <property name="sample.services.url" value="https://127.0.0.1:${ssl.port}/axis2/services/ut-over-https"/>
+
+ <property environment="env"/>
+
+ <target name="check.tomcat" unless="env.CATALINA_HOME">
+ <echo message="CATALINA_HOME must be set"/>
+ </target>
+
+ <target name="copy.keys" depends="check.tomcat">
+ <copy file="${keys.dir}/service.jks" tofile="${env.CATALINA_HOME}/rampart-sample-keys.jks" overwrite="true"/>
+ </target>
+
+ <target name="copy.rampart.to.tomcat" depends="check.tomcat">
+ <property name="to.modules.dir" value="${env.CATALINA_HOME}/webapps/axis2/WEB-INF/modules"/>
+ <property name="to.lib.dir" value="${env.CATALINA_HOME}/webapps/axis2/WEB-INF/lib"/>
+
+ <property name="from.lib.dir" value="$../../../../../lib"/>
+ <property name="from.module.dir" value="$../../../../../"/>
+
+
+ <copy todir="${to.lib.dir}">
+ <fileset dir="${from.lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </copy>
+
+ <copy todir="${to.modules.dir}">
+ <fileset dir="${from.module.dir}">
+ <include name="*.mar"/>
+ </fileset>
+ </copy>
+
+ <!-- copy modules rampart mar and libs xx-->
+ </target>
+
+ <target name="clean">
+ <delete dir="build" />
+ </target>
+
+ <!-- Macro to create a service repo for a given sample -->
+ <target name="create.and.copy.service" depends="check.tomcat,clean">
+
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+ <mkdir dir="${temp.dir}"/>
+
+ <!-- create service -->
+ <mkdir dir="${service.dir}"/>
+ <mkdir dir="${service.dir}/META-INF"/>
+
+ <!-- Compile service -->
+ <javac srcdir="src" destdir="${service.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/Client.java"/>
+ </javac>
+
+ <copy file="services.xml" tofile="${service.dir}/META-INF/services.xml" overwrite="true"/>
+ <jar destfile="${temp.dir}/ut-over-https.aar">
+ <fileset dir="${service.dir}"></fileset>
+ </jar>
+
+ <copy file="${temp.dir}/ut-over-https.aar" tofile="${env.CATALINA_HOME}/webapps/axis2/WEB-INF/services/ut-over-https.aar" overwrite="true"/>
+
+ </target>
+
+ <target name="create.and.run.client" depends="check.tomcat,clean">
+
+ <property name="from.modules" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <mkdir dir="${temp.dir}"/>
+ <mkdir dir="${temp.client.dir}"/>
+
+ <!-- Create the client repo -->
+ <mkdir dir="${client.repos.dir}"/>
+ <mkdir dir="${client.repos.dir}/conf"/>
+ <mkdir dir="${client.repos.dir}/modules"/>
+
+ <!-- copy modules -->
+ <copy file="${from.modules}/${addressing.mar}" tofile="${client.repos.dir}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${from.modules}/${rampart.mar}" tofile="${client.repos.dir}/modules/${rampart.mar}" overwrite="true"/>
+
+ <!-- Compile client -->
+ <javac srcdir="src" destdir="${temp.client.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/SimpleService.java"/>
+ </javac>
+
+ <copy file="${keys.dir}/client.jks" tofile="${temp.dir}/client.jks" overwrite="true"/>
+
+ <!-- Run client -->
+ <java classname="org.apache.rampart.tomcat.sample.Client" fork="true">
+ <arg value="${sample.services.url}"/>
+ <arg value="${client.repos.dir}"/>
+ <arg value="policy.xml"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ <dirset dir="${temp.client.dir}" />
+ </classpath>
+ </java>
+ </target>
+
+</project>
diff --git a/1_5/modules/rampart-samples/policy/sample-tomcat/policy.xml b/1_5/modules/rampart-samples/policy/sample-tomcat/policy.xml
new file mode 100644
index 0000000..cd62aaf
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample-tomcat/policy.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:passwordCallbackClass>org.apache.rampart.tomcat.sample.PWCBHandler</ramp:passwordCallbackClass>
+ <ramp:sslConfig>
+ <ramp:property name="javax.net.ssl.trustStore">build/client.jks</ramp:property>
+ <ramp:property name="javax.net.ssl.trustStorePassword">apache</ramp:property>
+ </ramp:sslConfig>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-samples/policy/sample-tomcat/services.xml b/1_5/modules/rampart-samples/policy/sample-tomcat/services.xml
new file mode 100644
index 0000000..8184637
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample-tomcat/services.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-1 : UsernameToken-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.tomcat.sample.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:passwordCallbackClass>org.apache.rampart.tomcat.sample.PWCBHandler</ramp:passwordCallbackClass>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/Client.java b/1_5/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/Client.java
new file mode 100644
index 0000000..2bc3ecb
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/Client.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.tomcat.sample;
+
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+ System.out.println(response);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ OMElement elem = builder.getDocumentElement();
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample.tomcat.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/PWCBHandler.java b/1_5/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/PWCBHandler.java
new file mode 100644
index 0000000..114fd3f
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/PWCBHandler.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.tomcat.sample;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+
+ //When the server side need to authenticate the user
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ if(pwcb.getIdentifer().equals("alice") && pwcb.getPassword().equals("bobPW")) {
+ return;
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "check failed");
+ }
+ }
+
+ //When the client requests for the password to be added in to the
+ //UT element
+ pwcb.setPassword("bobPW");
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/SimpleService.java b/1_5/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/SimpleService.java
new file mode 100644
index 0000000..dce7a69
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/SimpleService.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.tomcat.sample;
+
+
+public class SimpleService {
+
+ public String echo(String arg) throws Exception {
+ System.out.println("Tomcat service accessed successfully.. :)");
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/policy/sample01/README.txt b/1_5/modules/rampart-samples/policy/sample01/README.txt
new file mode 100644
index 0000000..9bd7b81
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample01/README.txt
@@ -0,0 +1,17 @@
+UsernameToken Authentication
+
+The policy uses a TransportBinding and requires a SignedSupportingToken which
+is a UsernameToken and the inclusion of a TimeStamp.
+
+Note that Rampart enforces the use of HTTPS transport and that
+{http://ws.apache.org/rampart/policy}RampartConfig assertion provides
+additional information required to secure the message.
+
+Expected result :
+org.apache.axis2.AxisFault: Expected transport is "https" but incoming transport found : "http"
+
+This sample uses http transport while the policy enforces https transport. Thus you
+get a error message as mentioned above. You can find a complete tutorial on transport level
+security here.
+http://wso2.org/library/3190
+
diff --git a/1_5/modules/rampart-samples/policy/sample01/policy.xml b/1_5/modules/rampart-samples/policy/sample01/policy.xml
new file mode 100644
index 0000000..7e7209d
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample01/policy.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/rampart-samples/policy/sample01/services.xml b/1_5/modules/rampart-samples/policy/sample01/services.xml
new file mode 100644
index 0000000..24dad18
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample01/services.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-1 : UsernameToken-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample01.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/Client.java b/1_5/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/Client.java
new file mode 100644
index 0000000..4e0600f
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/Client.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample01;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample01.policy.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java b/1_5/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java
new file mode 100644
index 0000000..a7c0011
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample01;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+
+ //When the server side need to authenticate the user
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ if(pwcb.getIdentifer().equals("alice") && pwcb.getPassword().equals("bobPW")) {
+ return;
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "check failed");
+ }
+ }
+
+ //When the client requests for the password to be added in to the
+ //UT element
+ pwcb.setPassword("bobPW");
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/SimpleService.java b/1_5/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/SimpleService.java
new file mode 100644
index 0000000..2dd8e82
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample01;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/policy/sample02/README.txt b/1_5/modules/rampart-samples/policy/sample02/README.txt
new file mode 100644
index 0000000..47a2fa7
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample02/README.txt
@@ -0,0 +1,7 @@
+Sign only
+
+An AsymmetricBinding is used. Entire headers and body to be signed.
+Algorithm suite is TripleDesRsa15
+
+Note that {http://ws.apache.org/rampart/policy}RampartConfig assertion provides
+additional information required to secure the message.
\ No newline at end of file
diff --git a/1_5/modules/rampart-samples/policy/sample02/policy.xml b/1_5/modules/rampart-samples/policy/sample02/policy.xml
new file mode 100644
index 0000000..a5b55c5
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample02/policy.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="SigOnly"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample02.PWCBHandler
+ </ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/rampart-samples/policy/sample02/services.xml b/1_5/modules/rampart-samples/policy/sample02/services.xml
new file mode 100644
index 0000000..223ae98
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample02/services.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-2 : Sign only-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample02.SimpleService</parameter>
+
+ <module ref="rampart"/>
+ <module ref="addressing"/>
+
+ <wsp:Policy wsu:Id="SigOnly"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample02.PWCBHandler
+ </ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/1_5/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/Client.java b/1_5/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/Client.java
new file mode 100644
index 0000000..6cd1f11
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/Client.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample02;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample02.policy.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", ns);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/PWCBHandler.java b/1_5/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/PWCBHandler.java
new file mode 100644
index 0000000..684fb99
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample02;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/SimpleService.java b/1_5/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/SimpleService.java
new file mode 100644
index 0000000..7404669
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample02;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/policy/sample03/README.txt b/1_5/modules/rampart-samples/policy/sample03/README.txt
new file mode 100644
index 0000000..57bf529
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample03/README.txt
@@ -0,0 +1,9 @@
+Sign and Encrypt messages
+
+An AsymmetricBinding is used. Entire headers and body to be signed.
+EncryptionParts specifies the Body to be encrypted.
+
+Algorithm suite is TripleDesRsa15
+
+Note that {http://ws.apache.org/rampart/policy}RampartConfig assertion provides
+additional information required to secure the message.
\ No newline at end of file
diff --git a/1_5/modules/rampart-samples/policy/sample03/policy.xml b/1_5/modules/rampart-samples/policy/sample03/policy.xml
new file mode 100644
index 0000000..72e85ac
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample03/policy.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<wsp:Policy wsu:Id="SigEncr"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample03.PWCBHandler
+ </ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-samples/policy/sample03/services.xml b/1_5/modules/rampart-samples/policy/sample03/services.xml
new file mode 100644
index 0000000..b41d8c3
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample03/services.xml
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-03 : Sign and Encryption-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample03.SimpleService</parameter>
+
+ <module ref="rampart"/>
+ <module ref="addressing"/>
+
+ <wsp:Policy wsu:Id="SigEncr"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample03.PWCBHandler
+ </ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/Client.java b/1_5/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/Client.java
new file mode 100644
index 0000000..6fd3507
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/Client.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample03;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample03.policy.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", ns);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/PWCBHandler.java b/1_5/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/PWCBHandler.java
new file mode 100644
index 0000000..2d8ef1f
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample03;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/SimpleService.java b/1_5/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/SimpleService.java
new file mode 100644
index 0000000..2ed33a6
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample03;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/policy/sample04/README.txt b/1_5/modules/rampart-samples/policy/sample04/README.txt
new file mode 100644
index 0000000..33a0168
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample04/README.txt
@@ -0,0 +1,15 @@
+SecureConversation
+
+The secure session is bootstrapped using a SymetricBinding which uses
+derived keys based on an ephemeral key.
+
+Messages in the secure conversation :
+ - Includes a timestamp
+ - All headers are signed along with the timestamp
+ - Signature encrypted
+ - Body encrypted
+
+Algorithm suite is Basic128Rsa15
+
+Note that {http://ws.apache.org/rampart/policy}RampartConfig assertion provides
+additional information required to secure the message.
\ No newline at end of file
diff --git a/1_5/modules/rampart-samples/policy/sample04/policy.xml b/1_5/modules/rampart-samples/policy/sample04/policy.xml
new file mode 100644
index 0000000..07ab984
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample04/policy.xml
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample04.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/rampart-samples/policy/sample04/services.xml b/1_5/modules/rampart-samples/policy/sample04/services.xml
new file mode 100644
index 0000000..b94c461
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample04/services.xml
@@ -0,0 +1,198 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-04 : Secure Conversation -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample04.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="rahas" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="SecConvPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample04.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+
+ </token-canceler-config>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/Client.java b/1_5/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/Client.java
new file mode 100644
index 0000000..ac6a5a0
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/Client.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample04;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world1"));
+ System.out.println("Response 1 : " + response);
+ response = client.sendReceive(getPayload("Hello world2"));
+ System.out.println("Response 2 : " + response);
+ response = client.sendReceive(getPayload("Hello world3"));
+ System.out.println("Response 3 : " + response);
+
+ System.out.println("Sending cancel request");
+ options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_TRUE);
+ response = client.sendReceive(getPayload("Hello world3"));
+ System.out.println("Cancel response: " + response);
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample04.policy.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/PWCBHandler.java b/1_5/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/PWCBHandler.java
new file mode 100644
index 0000000..c3b3a47
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample04;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/SimpleService.java b/1_5/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/SimpleService.java
new file mode 100644
index 0000000..d539c87
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample04;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/policy/sample05/README.txt b/1_5/modules/rampart-samples/policy/sample05/README.txt
new file mode 100644
index 0000000..3093c68
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample05/README.txt
@@ -0,0 +1,11 @@
+WS-Trust - RST - Resquest Security Token Service - Issuing a SAML token - issuing a token
+
+When using this sample with the TCPMon to monitor the soap messages, you have to use the
+correct URL in the client code before build the sample 05.
+
+There is a known bug in OpenSAML-1.1.jar, which is used for implementing SAML 1.1 support in Rampart.
+So before you run this sample, please download the patched OpenSAML jar from here[1], and replace it
+with the OpenSAML-1.1.jar in your $AXIS2_HOME/lib.
+
+[1] - http://dist.wso2.org/maven2/opensaml/opensaml/1.1.406/opensaml-1.1.406.jar
+
diff --git a/1_5/modules/rampart-samples/policy/sample05/policy.xml b/1_5/modules/rampart-samples/policy/sample05/policy.xml
new file mode 100755
index 0000000..76c726e
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample05/policy.xml
@@ -0,0 +1,86 @@
+<wsp:Policy wsu:Id="SgnOnlyAnonymous"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/STS</Address>
+ </Issuer>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SignedParts>
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-samples/policy/sample05/services.xml b/1_5/modules/rampart-samples/policy/sample05/services.xml
new file mode 100644
index 0000000..dd0f5af
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample05/services.xml
@@ -0,0 +1,231 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of Sample05 : WS Trust -->
+<serviceGroup>
+<service name="STS">
+ <module ref="rampart" />
+ <module ref="addressing" />
+ <module ref="rahas" />
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>SAMPLE_STS</issuerName>
+ <issuerKeyAlias>service</issuerKeyAlias>
+ <issuerKeyPassword>apache</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">service.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ <trusted-services>
+ <service alias="service">*</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+
+
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+
+</service>
+<service name="sample05">
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample05.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="SgnOnlyAnonymous"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <Address xmlns="http://www.w3.org/2005/08/addressing">https://kirillgdev04/Security_Federation_SecurityTokenService_Indigo/Symmetric.svc/Scenario_1_IssuedTokenOverTransport_UsernameOverTransport</Address>
+ </Issuer>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SignedParts>
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+
+</service>
+</serviceGroup>
diff --git a/1_5/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java b/1_5/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
new file mode 100644
index 0000000..45ddcb4
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample05;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.client.STSClient;
+import org.apache.rampart.RampartMessageData;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ STSClient stsClient = new STSClient(ctx);
+
+ stsClient.setRstTemplate(getRSTTemplate());
+ String action = TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ stsClient.setAction(action);
+
+ Token responseToken = stsClient.requestSecurityToken(loadPolicy("sample05/policy.xml"), "http://localhost:8080/axis2/services/STS", loadPolicy("sample05/sts_policy.xml"), null);
+
+ System.out.println("\n############################# Requested Token ###################################\n");
+ System.out.println(responseToken.getToken().toString());
+
+ TokenStorage store = TrustUtil.getTokenStore(ctx);
+ store.add(responseToken);
+
+
+ ServiceClient client = new ServiceClient(ctx, null);
+
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("sample05/policy.xml"));
+ options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId());
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world1"));
+ System.out.println("Response : " + response);
+
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getSAMLToken(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ return elem;
+ }
+
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample05.policy.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+
+ }
+
+ private static OMElement getRSTTemplate() throws Exception {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMElement elem = fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java b/1_5/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java
new file mode 100644
index 0000000..e2573d6
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample05;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/SimpleService.java b/1_5/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/SimpleService.java
new file mode 100755
index 0000000..56b759c
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample05;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/policy/sample05/sts_policy.xml b/1_5/modules/rampart-samples/policy/sample05/sts_policy.xml
new file mode 100644
index 0000000..a656287
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample05/sts_policy.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-samples/policy/sample06/README.txt b/1_5/modules/rampart-samples/policy/sample06/README.txt
new file mode 100755
index 0000000..1ab186d
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample06/README.txt
@@ -0,0 +1,5 @@
+WS-Trust ( With WS Metada Exchange) - RST - Resquest Security Token Service - Issuing a SAML token - issuing a token
+
+When using this sample with the TCPMon to monitor the soap messages, you have to use the
+correct URL in the client code before build the sample 05.
+
diff --git a/1_5/modules/rampart-samples/policy/sample06/mex_policy.xml b/1_5/modules/rampart-samples/policy/sample06/mex_policy.xml
new file mode 100644
index 0000000..33f1a69
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample06/mex_policy.xml
@@ -0,0 +1,49 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-samples/policy/sample06/policy.xml b/1_5/modules/rampart-samples/policy/sample06/policy.xml
new file mode 100755
index 0000000..1fa40d6
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample06/policy.xml
@@ -0,0 +1,109 @@
+<wsp:Policy wsu:Id="SgnOnlyAnonymous"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/STS</Address>
+ <Metadata xmlns="http://www.w3.org/2005/08/addressing">
+ <mex:Metadata
+ xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
+ <mex:MetadataReference>
+ <Address
+ xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/mex</Address>
+ </mex:MetadataReference>
+ </mex:MetadataSection>
+ </mex:Metadata>
+ </Metadata>
+ </Issuer>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SignedParts>
+ <sp:Body/>
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:stsAlias>sts</ramp:stsAlias>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample06.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+
+ <ramp:stsCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:stsCrypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-samples/policy/sample06/services.xml b/1_5/modules/rampart-samples/policy/sample06/services.xml
new file mode 100755
index 0000000..2f8501a
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample06/services.xml
@@ -0,0 +1,253 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of Sample 06 : Trust sample with mex -->
+<serviceGroup>
+<service name="STS">
+ <module ref="rampart" />
+ <module ref="addressing" />
+ <module ref="rahas" />
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>SAMPLE_STS</issuerName>
+ <issuerKeyAlias>sts</issuerKeyAlias>
+ <issuerKeyPassword>apache</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ <trusted-services>
+ <!-- <service alias="sts">http://localhost:8090/axis2/services/sample06/</service> -->
+ <service alias="sts">*</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>sts</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample06.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">sts.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+
+
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+
+</service>
+<service name="sample06">
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="SgnOnlyAnonymous"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8090/axis2/services/STS</Address>
+ <Metadata xmlns="http://www.w3.org/2005/08/addressing">
+ <mex:Metadata
+ xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
+ <mex:MetadataReference>
+ <Address
+ xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/mex</Address>
+ </mex:MetadataReference>
+ </mex:MetadataSection>
+ </mex:Metadata>
+ </Metadata>
+ </Issuer>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ <sp:SignedParts>
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample06.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
+<service name="mex">
+
+ <operation name="get">
+ <actionMapping>http://schemas.xmlsoap.org/ws/2004/09/mex/GetMetadata/Request</actionMapping>
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.MexService</parameter>
+
+ </service>
+
+</serviceGroup>
diff --git a/1_5/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/Client.java b/1_5/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/Client.java
new file mode 100755
index 0000000..f617071
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/Client.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample06;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.client.STSClient;
+import org.apache.rampart.RampartMessageData;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ options.setSoapVersionURI(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI);
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world1"));
+ System.out.println("Response : " + response);
+
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getSAMLToken(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ return elem;
+ }
+
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample06.policy.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+
+ }
+
+ private static OMElement getRSTTemplate() throws Exception {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMElement elem = fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java b/1_5/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java
new file mode 100644
index 0000000..2b8a12f
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample06;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.stream.XMLStreamException;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.mex.MexConstants;
+import org.apache.axis2.mex.om.Metadata;
+import org.apache.axis2.mex.om.MetadataSection;
+
+public class MexService {
+
+ public OMElement get(OMElement element) throws AxisFault {
+
+ MetadataSection section = new MetadataSection();
+ section.setDialect(MexConstants.SPEC.DIALECT_TYPE_POLICY);
+ section.setinlineData(getPolicy());
+
+ List lst = new ArrayList();
+ lst.add(section);
+
+ Metadata mdata = new Metadata();
+ mdata.setMetadatSections(lst);
+
+ return mdata.toOM();
+
+ }
+
+
+ private OMElement getPolicy() throws AxisFault {
+
+ try {
+
+ File file = new File("sample06/mex_policy.xml");
+ System.out.println(file.getAbsolutePath());
+ StAXOMBuilder builder = new StAXOMBuilder(new FileInputStream(file));
+ return builder.getDocumentElement();
+ } catch (FileNotFoundException e) {
+ throw new AxisFault("Error reading the file",e);
+ } catch (XMLStreamException e) {
+ throw new AxisFault("Error parsing the file",e);
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/PWCBHandler.java b/1_5/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/PWCBHandler.java
new file mode 100755
index 0000000..900502d
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/PWCBHandler.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample06;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("sts".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/SimpleService.java b/1_5/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/SimpleService.java
new file mode 100755
index 0000000..c3042d6
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample06;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/policy/sample06/sts_policy.xml b/1_5/modules/rampart-samples/policy/sample06/sts_policy.xml
new file mode 100644
index 0000000..3d1b6b5
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample06/sts_policy.xml
@@ -0,0 +1,64 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-samples/policy/sample07/README.txt b/1_5/modules/rampart-samples/policy/sample07/README.txt
new file mode 100644
index 0000000..2194b3d
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample07/README.txt
@@ -0,0 +1,13 @@
+Sign and Encrypt messages with multiple X509 certficates with multiple supporting tokens.
+
+An AsymmetricBinding is used.
+
+Multiple Supporting Tokens used each having different X509 certs for signature and encryption.
+
+X509Token asserton carries a RampartConfig assertion to specify the keys that needs to be used to sign/encrypt
+EncryptedElements/EncryptedParts/SignedElements/SignedParts
+
+Algorithm suite is TripleDesRsa15
+
+Note that {http://ws.apache.org/rampart/policy}RampartConfig assertion provides
+additional information required to secure the message.
\ No newline at end of file
diff --git a/1_5/modules/rampart-samples/policy/sample07/mex_policy.xml b/1_5/modules/rampart-samples/policy/sample07/mex_policy.xml
new file mode 100644
index 0000000..fca6df5
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample07/mex_policy.xml
@@ -0,0 +1,97 @@
+ <wsp:Policy wsu:Id="SigEncrWithMultipleKeys"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:SupportingTokens
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ <sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param0</sp:XPath>
+ </sp:EncryptedElements>
+ <sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param0</sp:XPath>
+ </sp:SignedElements>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SupportingTokens
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ <sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param1</sp:XPath>
+ </sp:EncryptedElements>
+ <sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param1</sp:XPath>
+ </sp:SignedElements>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ </wsp:Policy>
+ </sp:Wss10>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/rampart-samples/policy/sample07/policy.xml b/1_5/modules/rampart-samples/policy/sample07/policy.xml
new file mode 100644
index 0000000..9700009
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample07/policy.xml
@@ -0,0 +1,124 @@
+<wsp:Policy wsu:Id="SigEncrWithMultipleKeys"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:SupportingTokens
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:userCertAlias>client2</ramp:userCertAlias>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ </ramp:RampartConfig>
+ </wsp:Policy>
+ </sp:X509Token>
+ <sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param0</sp:XPath>
+ </sp:EncryptedElements>
+ <sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param0</sp:XPath>
+ </sp:SignedElements>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SupportingTokens
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:userCertAlias>client</ramp:userCertAlias>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ </ramp:RampartConfig>
+ </wsp:Policy>
+ </sp:X509Token>
+ <sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param1</sp:XPath>
+ </sp:EncryptedElements>
+ <sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param1</sp:XPath>
+ </sp:SignedElements>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ </wsp:Policy>
+ </sp:Wss10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample07.PWCBHandler</ramp:passwordCallbackClass>
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-samples/policy/sample07/services.xml b/1_5/modules/rampart-samples/policy/sample07/services.xml
new file mode 100644
index 0000000..30edaf8
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample07/services.xml
@@ -0,0 +1,158 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-07 : Sign and Encryption with multiple keys-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample07.SimpleService</parameter>
+
+ <module ref="rampart"/>
+ <module ref="addressing"/>
+
+ <wsp:Policy wsu:Id="SigEncrWithMultipleKeys"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:SupportingTokens
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:userCertAlias>client2</ramp:userCertAlias>
+ <ramp:encryptionUser>client2</ramp:encryptionUser>
+ </ramp:RampartConfig>
+ </wsp:Policy>
+ </sp:X509Token>
+ <sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param0</sp:XPath>
+ </sp:EncryptedElements>
+ <sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param0</sp:XPath>
+ </sp:SignedElements>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SupportingTokens
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:userCertAlias>client</ramp:userCertAlias>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ </ramp:RampartConfig>
+ </wsp:Policy>
+ </sp:X509Token>
+ <sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param1</sp:XPath>
+ </sp:EncryptedElements>
+ <sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param1</sp:XPath>
+ </sp:SignedElements>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ </wsp:Policy>
+ </sp:Wss10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample07.PWCBHandler
+ </ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-samples/policy/sample07/src/org/apache/rampart/samples/policy/sample07/Client.java b/1_5/modules/rampart-samples/policy/sample07/src/org/apache/rampart/samples/policy/sample07/Client.java
new file mode 100644
index 0000000..0b5f3b3
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample07/src/org/apache/rampart/samples/policy/sample07/Client.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample07;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample07.policy.samples.rampart.apache.org","ns");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", ns);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample07/src/org/apache/rampart/samples/policy/sample07/PWCBHandler.java b/1_5/modules/rampart-samples/policy/sample07/src/org/apache/rampart/samples/policy/sample07/PWCBHandler.java
new file mode 100644
index 0000000..bef48a3
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample07/src/org/apache/rampart/samples/policy/sample07/PWCBHandler.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample07;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }else if("client2".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample07/src/org/apache/rampart/samples/policy/sample07/SimpleService.java b/1_5/modules/rampart-samples/policy/sample07/src/org/apache/rampart/samples/policy/sample07/SimpleService.java
new file mode 100644
index 0000000..216ab79
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample07/src/org/apache/rampart/samples/policy/sample07/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample07;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/policy/sample08/README.txt b/1_5/modules/rampart-samples/policy/sample08/README.txt
new file mode 100644
index 0000000..e0ea5ce
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample08/README.txt
@@ -0,0 +1,8 @@
+WS-Trust - RST - Resquest Security Token Service - Issuing a SAML 2.0 token - issuing a token
+
+When using this sample with the TCPMon to monitor the soap messages, you have to use the
+correct URL in the client code before build the sample 08.
+
+You have to endorse the default JAXP implementation of your JDK before invoking this sample.
+Please follow the instructions available in the README.txt of this distribution to endorse
+the default JAXP implementation.
diff --git a/1_5/modules/rampart-samples/policy/sample08/policy.xml b/1_5/modules/rampart-samples/policy/sample08/policy.xml
new file mode 100644
index 0000000..f1a09da
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample08/policy.xml
@@ -0,0 +1,73 @@
+<wsp:Policy wsu:Id="SgnOnlyAnonymous"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/STS</Address>
+ </Issuer>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SignedParts>
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-samples/policy/sample08/services.xml b/1_5/modules/rampart-samples/policy/sample08/services.xml
new file mode 100644
index 0000000..fea6f7e
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample08/services.xml
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml for STS of Sample06 : WS Trust -->
+
+<service name="STS">
+ <module ref="rampart" />
+ <module ref="addressing" />
+ <module ref="rahas" />
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>SAMPLE_STS</issuerName>
+ <issuerKeyAlias>service</issuerKeyAlias>
+ <issuerKeyPassword>apache</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">service.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ <trusted-services>
+ <service alias="service">*</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample08.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
+
diff --git a/1_5/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/Client.java b/1_5/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/Client.java
new file mode 100644
index 0000000..79822c2
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/Client.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample08;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.client.STSClient;
+import org.apache.rampart.RampartMessageData;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ STSClient stsClient = new STSClient(ctx);
+
+ stsClient.setRstTemplate(getRSTTemplate());
+ String action = TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ stsClient.setAction(action);
+
+ Token responseToken = stsClient.requestSecurityToken(loadPolicy("sample08/policy.xml"), "http://localhost:8080/axis2/services/STS", loadPolicy("sample08/sts_policy.xml"), null);
+
+ System.out.println("\n############################# Requested SAML 2.0 Token ###################################\n");
+ System.out.println(responseToken.getToken().toString());
+ System.out.println("\n##########################################################################################\n");
+
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getSAMLToken(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ return elem;
+ }
+
+
+ private static OMElement getRSTTemplate() throws Exception {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMElement elem = fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_20);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+ return elem;
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/PWCBHandler.java b/1_5/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/PWCBHandler.java
new file mode 100644
index 0000000..dd71409
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample08;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/SimpleService.java b/1_5/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/SimpleService.java
new file mode 100644
index 0000000..57cdcc7
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample08;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/1_5/modules/rampart-samples/policy/sample08/sts_policy.xml b/1_5/modules/rampart-samples/policy/sample08/sts_policy.xml
new file mode 100644
index 0000000..39d3974
--- /dev/null
+++ b/1_5/modules/rampart-samples/policy/sample08/sts_policy.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample08.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/pom.xml b/1_5/modules/rampart-tests/pom.xml
new file mode 100644
index 0000000..a74c95b
--- /dev/null
+++ b/1_5/modules/rampart-tests/pom.xml
@@ -0,0 +1,72 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.5</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-tests</artifactId>
+ <packaging>jar</packaging>
+ <name>Rampart - Test Suite</name>
+
+ <build>
+ <testSourceDirectory>src/test/java</testSourceDirectory>
+ <testResources>
+ <testResource>
+ <directory>test-resources</directory>
+ <includes>
+ <include>**/*.properties</include>
+ <include>**/*.xml</include>
+ <include>**/*.xsl</include>
+ </includes>
+ </testResource>
+ </testResources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-core</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent"/>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
diff --git a/1_5/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java b/1_5/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java
new file mode 100644
index 0000000..e824232
--- /dev/null
+++ b/1_5/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import junit.framework.TestCase;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+
+import java.util.Date;
+
+public class SimpleTokenStoreTest extends TestCase {
+
+ public void testAdd() {
+ SimpleTokenStore store = new SimpleTokenStore();
+ try {
+ store.add(getTestToken("id-1"));
+ } catch (TrustException e) {
+ fail("Adding a new token to an empty store should not fail, " +
+ "message : " + e.getMessage());
+ }
+ Token token = null;
+ try {
+ token = getTestToken("id-1");
+ store.add(token);
+ fail("Adding an existing token must throw an exception");
+ } catch (TrustException e) {
+ assertEquals("Incorrect exception message",
+ TrustException.getMessage("tokenAlreadyExists",
+ new String[]{token.getId()}), e.getMessage());
+ }
+ }
+
+ public void testGettokenIdentifiers() {
+ SimpleTokenStore store = new SimpleTokenStore();
+ try {
+ String[] ids = store.getTokenIdentifiers();
+ assertEquals("There should not be any token ids at this point", 0, ids.length);
+ } catch (TrustException e) {
+ fail(e.getMessage());
+ }
+ try {
+ store.add(getTestToken("id-1"));
+ store.add(getTestToken("id-2"));
+ store.add(getTestToken("id-3"));
+ String[] ids = store.getTokenIdentifiers();
+ assertEquals("Incorrect number fo token ids", 3, ids.length);
+ } catch (TrustException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ public void testUpdate() {
+ SimpleTokenStore store = new SimpleTokenStore();
+ Token token1 = null;
+ try {
+ token1 = getTestToken("id-1");
+ } catch (TrustException e) {
+ fail();
+ }
+ try {
+ store.update(token1);
+ fail("An exception must be thrown at this point : noTokenToUpdate");
+ } catch (TrustException e) {
+ assertEquals("Incorrect exception message", TrustException
+ .getMessage("noTokenToUpdate", new String[]{token1
+ .getId()}), e.getMessage());
+ }
+ try {
+ store.add(token1);
+ store.add(getTestToken("id-2"));
+ store.add(getTestToken("id-3"));
+ token1.setState(Token.EXPIRED);
+ store.update(token1);
+ } catch (TrustException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ public void testGetValidExpiredRenewedTokens() {
+ SimpleTokenStore store = new SimpleTokenStore();
+ try {
+ Token token1 = getTestToken("id-1", new Date(System.currentTimeMillis() + 10000));
+ Token token2 = getTestToken("id-2", new Date(System.currentTimeMillis() + 10000));
+ Token token3 = getTestToken("id-3", new Date(System.currentTimeMillis() + 10000));
+ Token token4 = getTestToken("id-4", new Date(System.currentTimeMillis() + 10000));
+ Token token5 = getTestToken("id-5", new Date(System.currentTimeMillis() + 10000));
+ Token token6 = getTestToken("id-6", new Date(System.currentTimeMillis() + 10000));
+ Token token7 = getTestToken("id-7", new Date(System.currentTimeMillis() + 10000));
+
+ token1.setState(Token.ISSUED);
+ token2.setState(Token.ISSUED);
+ token3.setState(Token.ISSUED);
+ token4.setState(Token.RENEWED);
+ token5.setState(Token.RENEWED);
+ token6.setState(Token.EXPIRED);
+ token7.setState(Token.CANCELLED);
+
+ store.add(token1);
+ store.add(token2);
+ store.add(token3);
+ store.add(token4);
+ store.add(token5);
+ store.add(token6);
+ store.add(token7);
+
+ Token[] list = store.getValidTokens();
+ Token[] list2 = store.getExpiredTokens();
+ Token[] list3 = store.getRenewedTokens();
+ Token[] list4 = store.getCancelledTokens();
+
+ assertEquals("Incorrect number of valid tokens", 5, list.length);
+ assertEquals("Incorrect number of expired tokens", 1, list2.length);
+ assertEquals("Incorrect number of newed tokens", 2, list3.length);
+ assertEquals("Incorrect number of newed tokens", 1, list4.length);
+
+ } catch (TrustException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ private Token getTestToken(String tokenId) throws TrustException {
+ return getTestToken(tokenId, new Date());
+ }
+
+ private Token getTestToken(String tokenId, Date expiry) throws TrustException {
+ OMFactory factory = DOOMAbstractFactory.getOMFactory();
+ OMElement tokenEle = factory.createOMElement("testToken", "", "");
+ Token token = new Token(tokenId, tokenEle, new Date(), expiry);
+ token.setAttachedReference(tokenEle);
+ token.setPreviousToken(tokenEle);
+ token.setState(Token.ISSUED);
+ token.setSecret("Top secret!".getBytes());
+ return token;
+ }
+}
diff --git a/1_5/modules/rampart-tests/src/test/java/org/apache/rahas/TempIssuer.java b/1_5/modules/rampart-tests/src/test/java/org/apache/rahas/TempIssuer.java
new file mode 100644
index 0000000..042713e
--- /dev/null
+++ b/1_5/modules/rampart-tests/src/test/java/org/apache/rahas/TempIssuer.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+
+public class TempIssuer implements TokenIssuer {
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#setConfigurationFile(java.lang.String)
+ */
+ public void setConfigurationFile(String configFile) {
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#setConfigurationElement(org.apache.axiom.om.OMElement)
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#setConfigurationParamName(java.lang.String)
+ */
+ public void setConfigurationParamName(String configParamName) {
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#issue(org.apache.rahas.RahasData)
+ */
+ public SOAPEnvelope issue(RahasData data) throws TrustException {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#getResponseAction(org.apache.rahas.RahasData)
+ */
+ public String getResponseAction(RahasData data) throws TrustException {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+}
diff --git a/1_5/modules/rampart-tests/src/test/java/org/apache/rahas/TokenRequestDispatcherConfigTest.java b/1_5/modules/rampart-tests/src/test/java/org/apache/rahas/TokenRequestDispatcherConfigTest.java
new file mode 100644
index 0000000..44bbc2f
--- /dev/null
+++ b/1_5/modules/rampart-tests/src/test/java/org/apache/rahas/TokenRequestDispatcherConfigTest.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import junit.framework.TestCase;
+
+public class TokenRequestDispatcherConfigTest extends TestCase {
+
+ public TokenRequestDispatcherConfigTest() {
+ super();
+ }
+
+ public TokenRequestDispatcherConfigTest(String arg0) {
+ super(arg0);
+ }
+
+ /**
+ * Testing a valid config file
+ */
+ public void testWithConfigFile() {
+ try {
+ TokenRequestDispatcherConfig config = TokenRequestDispatcherConfig
+ .load("test-resources/trust/dispatcher.config.xml");
+
+ assertEquals("Incorrect default issuer class name",
+ "org.apache.rahas.TempIssuer", config
+ .getDefaultIssuerName());
+
+ TokenIssuer issuer = config
+ .getIssuer("http://example.org/mySpecialToken1");
+
+ assertEquals("Incorrect issuer for token type : "
+ + "http://example.org/mySpecialToken1", TempIssuer.class
+ .getName(), issuer.getClass().getName());
+
+ } catch (TrustException e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ /**
+ * Testing expected faliure when the default issuer is not specified
+ */
+ public void testInvalidCOnfigWithMissingDefaultIssuer() {
+ try {
+ TokenRequestDispatcherConfig
+ .load("test-resources/trust/dispatcher.config.invalid.1.xml");
+ fail("This should fail since there's no default isser specified");
+ } catch (TrustException e) {
+ assertEquals("Incorrect error", TrustException.getMessage(
+ "defaultIssuerMissing", null), e.getMessage());
+ }
+ }
+
+ /**
+ * Testing expected faliure when the tokenType value is missing from a
+ * tokenType definition
+ */
+ public void testInvalidRequestTypeDef() {
+ try {
+ TokenRequestDispatcherConfig
+ .load("test-resources/trust/dispatcher.config.invalid.2.xml");
+ fail("This should fail since there is an invalid " +
+ "requestType definition");
+ } catch (TrustException e) {
+ assertEquals("Incorrect error", TrustException.getMessage(
+ "invalidTokenTypeDefinition", new String[] { "Issuer",
+ TempIssuer.class.getName() }), e.getMessage());
+ }
+ }
+}
diff --git a/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/AsymmetricBindingBuilderTest.java b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/AsymmetricBindingBuilderTest.java
new file mode 100644
index 0000000..6f49d1c
--- /dev/null
+++ b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/AsymmetricBindingBuilderTest.java
@@ -0,0 +1,250 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.neethi.Policy;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.conversation.ConversationConstants;
+
+import javax.xml.namespace.QName;
+
+import java.util.ArrayList;
+
+public class AsymmetricBindingBuilderTest extends MessageBuilderTestBase {
+
+ public void testAsymmBinding() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-1.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testAsymmBindingServerSide() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ ctx.setServerSide(true);
+ String policyXml = "test-resources/policy/rampart-asymm-binding-1.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testAsymmBindingWithSigDK() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-2-sig-dk.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testAsymmBindingWithDK() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-3-dk.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testAsymmBindingWithDKEncrBeforeSig() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+
+ public void testAsymmBindingEncrBeforeSig() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-5-ebs.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testAsymmBindingTripleDesRSA15() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testAsymmBindingTripleDesRSA15DK() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS,WSConstants.BINARY_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
new file mode 100644
index 0000000..0bc5d94
--- /dev/null
+++ b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.ServiceContext;
+import org.apache.axis2.context.ServiceGroupContext;
+import org.apache.axis2.description.AxisMessage;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.AxisServiceGroup;
+import org.apache.axis2.description.OutInAxisOperation;
+import org.apache.axis2.engine.AxisConfiguration;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.ws.security.WSConstants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.FactoryConfigurationError;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+
+import java.io.FileInputStream;
+import java.util.Iterator;
+
+import junit.framework.TestCase;
+
+public class MessageBuilderTestBase extends TestCase {
+
+ public MessageBuilderTestBase() {
+ super();
+ }
+
+ public MessageBuilderTestBase(String arg0) {
+ super(arg0);
+ }
+
+ /**
+ * @throws XMLStreamException
+ * @throws FactoryConfigurationError
+ * @throws AxisFault
+ */
+ protected MessageContext getMsgCtx() throws Exception {
+ MessageContext ctx = new MessageContext();
+
+ AxisConfiguration axisConfiguration = new AxisConfiguration();
+ AxisService axisService = new AxisService("TestService");
+ axisConfiguration.addService(axisService);
+ AxisServiceGroup axisServiceGroup = new AxisServiceGroup();
+ axisConfiguration.addServiceGroup(axisServiceGroup);
+ ctx.setConfigurationContext(new ConfigurationContext(axisConfiguration));
+ axisServiceGroup.addService(axisService);
+ ServiceGroupContext gCtx = ctx.getConfigurationContext().createServiceGroupContext(axisServiceGroup);
+ ServiceContext serviceContext = gCtx.getServiceContext(axisService);
+ ctx.setServiceContext(serviceContext);
+ ctx.setAxisService(axisService);
+ OutInAxisOperation outInAxisOperation = new OutInAxisOperation(new QName("http://rampart.org", "test"));
+ AxisMessage msg = new AxisMessage();
+ outInAxisOperation.addMessage(msg,WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
+ outInAxisOperation.addMessage(msg,WSDLConstants.MESSAGE_LABEL_IN_VALUE);
+ ctx.setAxisOperation(outInAxisOperation);
+ ctx.setAxisMessage(msg);
+ Options options = new Options();
+ options.setAction("urn:testOperation");
+ ctx.setOptions(options);
+
+ XMLStreamReader reader =
+ XMLInputFactory.newInstance().
+ createXMLStreamReader(new FileInputStream("test-resources/policy/soapmessage.xml"));
+ ctx.setEnvelope(new StAXSOAPModelBuilder(reader, null).getSOAPEnvelope());
+ return ctx;
+ }
+
+ protected Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ protected void verifySecHeader(Iterator qnameList, SOAPEnvelope env) {
+ Iterator secHeaderChildren =
+ env.getHeader().
+ getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ WSConstants.WSSE_LN)).getChildElements();
+
+ while (secHeaderChildren.hasNext()) {
+ OMElement element = (OMElement) secHeaderChildren.next();
+ if (qnameList.hasNext()) {
+ if (!element.getQName().equals(qnameList.next())) {
+ fail("Incorrect Element" + element);
+ }
+ } else {
+ fail("Extra child in the security header: " + element.toString());
+ }
+ }
+
+ if (qnameList.hasNext()) {
+ fail("Incorrect number of children in the security header: " +
+ "next expected element" + qnameList.next().toString());
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
new file mode 100644
index 0000000..4f42405
--- /dev/null
+++ b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import java.io.ByteArrayInputStream;
+import java.util.Vector;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.builder.SOAPBuilder;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.engine.AxisEngine;
+import org.apache.neethi.Policy;
+import org.apache.rampart.util.Axis2Util;
+
+public class RampartEngineTest extends MessageBuilderTestBase {
+
+ public RampartEngineTest(String name) {
+ super(name);
+ }
+
+ public void testEmptySOAPMessage() throws Exception {
+
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ RampartEngine engine = new RampartEngine();
+ engine.process(ctx);
+ } catch (RampartException e) {
+ assertEquals("Expected rampart to complain about missing security header",
+ "Missing wsse:Security header in request", e.getMessage());
+ }
+ }
+
+ public void testValidSOAPMessage() throws Exception {
+
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
+ Policy policy = loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ // Building the SOAP envelope from the OMElement
+ SOAPBuilder soapBuilder = new SOAPBuilder();
+ SOAPEnvelope env = ctx.getEnvelope();
+ ByteArrayInputStream inStream = new ByteArrayInputStream(env.toString().getBytes());
+ env = (SOAPEnvelope) soapBuilder.processDocument(inStream, "text/xml", ctx);
+ ctx.setEnvelope(env);
+
+ RampartEngine engine = new RampartEngine();
+ engine.process(ctx);
+
+ }
+}
diff --git a/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/SymmetricBindingBuilderTest.java b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/SymmetricBindingBuilderTest.java
new file mode 100644
index 0000000..7d7614e
--- /dev/null
+++ b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/SymmetricBindingBuilderTest.java
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import java.util.ArrayList;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.neethi.Policy;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.conversation.ConversationConstants;
+
+public class SymmetricBindingBuilderTest extends MessageBuilderTestBase {
+
+ public void testSymmBinding() {
+
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-symm-binding-1.xml";
+
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch(Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+// public void testSymmBindingServerSide() {
+//
+// try {
+// MessageContext ctx = getMsgCtx();
+//
+// ctx.setServerSide(true);
+// String policyXml = "test-resources/policy/rampart-symm-binding-1.xml";
+// Policy policy = this.loadPolicy(policyXml);
+//
+// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+//
+// MessageBuilder builder = new MessageBuilder();
+// builder.build(ctx);
+//
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+//
+// } catch(Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+// }
+
+ public void testSymmBindingWithDK() {
+
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-symm-binding-2-dk.xml";
+
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch(Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testSymmBindingWithDKEncrSig() {
+
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-symm-binding-3-dk-es.xml";
+
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_DATA_LN));
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch(Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testSymmBindingEncrBeforeSig() {
+
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-symm-binding-4-ebs.xml";
+
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch(Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testSymmBindingWithDKEncrBeforeSig() {
+
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-symm-binding-5-dk-ebs.xml";
+
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch(Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java
new file mode 100644
index 0000000..ef43f08
--- /dev/null
+++ b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+
+public class TestCBHandler implements CallbackHandler {
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
diff --git a/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/TransportBindingBuilderTest.java b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/TransportBindingBuilderTest.java
new file mode 100644
index 0000000..34d8c7d
--- /dev/null
+++ b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/TransportBindingBuilderTest.java
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.neethi.Policy;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.conversation.ConversationConstants;
+
+import javax.xml.namespace.QName;
+import java.util.ArrayList;
+import java.util.List;
+
+public class TransportBindingBuilderTest extends MessageBuilderTestBase {
+
+ public void testTransportBinding() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-transport-binding.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ List list = new ArrayList();
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testTransportBindingNoBST() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-transport-binding-no-bst.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ List list = new ArrayList();
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testTransportBindingWithDK() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-transport-binding-dk.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ List list = new ArrayList();
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02,
+ ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testTransportBindingWithDKServerSide() {
+ try {
+ MessageContext ctx = getMsgCtx();
+ ctx.setServerSide(true);
+
+ String policyXml = "test-resources/policy/rampart-transport-binding-dk.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ List list = new ArrayList();
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+
+}
diff --git a/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/InflowConfigurationTest.java b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/InflowConfigurationTest.java
new file mode 100644
index 0000000..4f2ca7b
--- /dev/null
+++ b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/InflowConfigurationTest.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import junit.framework.TestCase;
+
+public class InflowConfigurationTest extends TestCase {
+
+ public InflowConfigurationTest() {
+ super();
+ }
+
+ public InflowConfigurationTest(String name) {
+ super(name);
+ }
+
+ public void testGetProperty() {
+ String actionItems = "Timestamp Signature Encrypt";
+ String sigPropFile = "sig.properties";
+ String decPropFile = "enc.properties";
+ String pwcb = "org.apache.axis2.security.PWCallback";
+
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems(actionItems);
+ ifc.setSignaturePropFile(sigPropFile);
+ ifc.setDecryptionPropFile(decPropFile);
+ ifc.setPasswordCallbackClass(pwcb);
+
+ // Check whether the props are there
+ assertTrue("Action items missing", -1 < ifc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSSHandlerConstants.ACTION_ITEMS + ">"
+ + actionItems + "</"
+ + WSSHandlerConstants.ACTION_ITEMS + ">"));
+
+ assertTrue("passwordCallbackClass missing", -1 < ifc.getProperty().getParameterElement()
+ .toString().indexOf(
+ "<" + WSHandlerConstants.PW_CALLBACK_CLASS + ">" + pwcb
+ + "</" + WSHandlerConstants.PW_CALLBACK_CLASS
+ + ">"));
+
+ assertTrue("sigPropFile missing", -1 < ifc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SIG_PROP_FILE + ">"
+ + sigPropFile + "</"
+ + WSHandlerConstants.SIG_PROP_FILE + ">"));
+
+ assertTrue("decPropFile missing", -1 < ifc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.DEC_PROP_FILE + ">"
+ + decPropFile + "</"
+ + WSHandlerConstants.DEC_PROP_FILE + ">"));
+ }
+
+}
diff --git a/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/OutflowConfigurationTest.java b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/OutflowConfigurationTest.java
new file mode 100644
index 0000000..01f786a
--- /dev/null
+++ b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/OutflowConfigurationTest.java
@@ -0,0 +1,194 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import junit.framework.TestCase;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+/**
+ * Tests the org.apache.axis2.security.handler.config.OutflowConfiguration
+ */
+public class OutflowConfigurationTest extends TestCase {
+
+ public OutflowConfigurationTest() {
+ super();
+ }
+
+ public OutflowConfigurationTest(String name) {
+ super(name);
+ }
+
+ /**
+ * This sets all the possible properties that can be set with
+ * the outflow configuration
+ */
+ public void testGetProperty() {
+
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ String actionItems = "Timestamp Signature Encrypt";
+ String user = "alice";
+ String pwcb = "org.apache.axis2.security.PWCallback";
+ String sigKeyId = "interop.properties";
+ String sigParts = "{Element}{http://schemas.xmlsoap.org/ws/2004/08/"
+ + "addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/"
+ + "2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp";
+ String optimizeParts = "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue";
+ String embeddedKeyCallbackClass = "org.apache.axis2.security.PWCallback";
+ String encrUser = "bob";
+ String samlPropFile = "saml.properties";
+ String sigPropFile = "sig.properties";
+ String encPropFile = "enc.properties";
+
+ // Setting the properties in the ofc
+ ofc.setActionItems(actionItems);
+ ofc.setUser(user);
+ ofc.setPasswordCallbackClass(pwcb);
+ ofc.setSignatureKeyIdentifier(sigKeyId);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureParts(sigParts);
+ ofc.setOptimizeParts(optimizeParts);
+ ofc.setEmbeddedKeyCallbackClass(embeddedKeyCallbackClass);
+ ofc.setEncryptionKeyTransportAlgorithm(WSConstants.KEYTRANSPORT_RSA15);
+ ofc.setEncryptionSymAlgorithm(WSConstants.AES_128);
+ ofc.setEncryptionUser(encrUser);
+ ofc.setPasswordType(WSConstants.PW_DIGEST);
+ ofc.setSamlPropFile(samlPropFile);
+ ofc.setSignaturePropFile(sigPropFile);
+ ofc.setEncryptionPropFile(encPropFile);
+
+ // Check whether the props are there
+ assertTrue("Action items missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSSHandlerConstants.ACTION_ITEMS + ">"
+ + actionItems + "</"
+ + WSSHandlerConstants.ACTION_ITEMS + ">"));
+
+ assertTrue("User missing", -1 < ofc.getProperty().getParameterElement().toString().indexOf(
+ "<" + WSHandlerConstants.USER + ">" + user + "</"
+ + WSHandlerConstants.USER + ">"));
+
+ assertTrue("passwordCallbackClass missing", -1 < ofc.getProperty().getParameterElement()
+ .toString().indexOf(
+ "<" + WSHandlerConstants.PW_CALLBACK_CLASS + ">" + pwcb
+ + "</" + WSHandlerConstants.PW_CALLBACK_CLASS
+ + ">"));
+
+ assertTrue("sigKeyId missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SIG_KEY_ID + ">" + sigKeyId
+ + "</" + WSHandlerConstants.SIG_KEY_ID + ">"));
+
+ assertTrue("encKeyId missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_KEY_ID + ">"
+ + WSSHandlerConstants.SKI_KEY_IDENTIFIER + "</"
+ + WSHandlerConstants.ENC_KEY_ID + ">"));
+
+ assertTrue("signature parts missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SIGNATURE_PARTS + ">"
+ + sigParts + "</"
+ + WSHandlerConstants.SIGNATURE_PARTS + ">"));
+
+ assertTrue("optimize parts missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSSHandlerConstants.OPTIMIZE_PARTS + ">"
+ + optimizeParts + "</"
+ + WSSHandlerConstants.OPTIMIZE_PARTS + ">"));
+
+ assertTrue("EmbeddedKeyCallbackClass missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_CALLBACK_CLASS + ">"
+ + embeddedKeyCallbackClass + "</"
+ + WSHandlerConstants.ENC_CALLBACK_CLASS + ">"));
+
+ assertTrue("encryptionKeyTransportAlgorithm missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_KEY_TRANSPORT + ">"
+ + WSConstants.KEYTRANSPORT_RSA15 + "</"
+ + WSHandlerConstants.ENC_KEY_TRANSPORT + ">"));
+
+ assertTrue("encryptionSymAlgorithm missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_SYM_ALGO + ">"
+ + WSConstants.AES_128 + "</"
+ + WSHandlerConstants.ENC_SYM_ALGO + ">"));
+
+ assertTrue("encrUser missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENCRYPTION_USER + ">"
+ + encrUser + "</"
+ + WSHandlerConstants.ENCRYPTION_USER + ">"));
+
+ assertTrue("passwordType missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.PASSWORD_TYPE + ">"
+ + WSConstants.PW_DIGEST + "</"
+ + WSHandlerConstants.PASSWORD_TYPE + ">"));
+
+ assertTrue("samlPropFile missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SAML_PROP_FILE + ">"
+ + samlPropFile + "</"
+ + WSHandlerConstants.SAML_PROP_FILE + ">"));
+
+ assertTrue("sigPropFile missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SIG_PROP_FILE + ">"
+ + sigPropFile + "</"
+ + WSHandlerConstants.SIG_PROP_FILE + ">"));
+ assertTrue("encPropFile missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_PROP_FILE + ">"
+ + encPropFile + "</"
+ + WSHandlerConstants.ENC_PROP_FILE + ">"));
+ }
+
+ /**
+ * This tests multiple action configurations
+ */
+ public void testMultipleActions() {
+ OutflowConfiguration ofc = new OutflowConfiguration(2);
+
+ String actionItems1 = "Timestamp Signature Encrypt";
+ String user1 = "alice";
+
+ String actionItems2 = "Signature Encrypt Timestamp";
+ String user2 = "alice2";
+
+ ofc.setActionItems(actionItems1);
+ ofc.setUser(user1);
+
+ ofc.nextAction();
+
+ ofc.setActionItems(actionItems2);
+ ofc.setUser(user2);
+
+ assertEquals("Action items mismatch", actionItems2, ofc.getActionItems());
+ assertEquals("Action items mismatch", user2, ofc.getUser());
+
+ ofc.previousAction();
+
+ assertEquals("Action items mismatch", actionItems1, ofc.getActionItems());
+ assertEquals("Action items mismatch", user1, ofc.getUser());
+
+ }
+
+}
diff --git a/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/policy/model/RampartPolicyTest.java b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/policy/model/RampartPolicyTest.java
new file mode 100644
index 0000000..db78554
--- /dev/null
+++ b/1_5/modules/rampart-tests/src/test/java/org/apache/rampart/policy/model/RampartPolicyTest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+
+import javax.xml.namespace.QName;
+
+import java.util.Properties;
+
+import junit.framework.TestCase;
+
+public class RampartPolicyTest extends TestCase {
+
+ public final static QName RAMPART_CONFIG_NAME = new QName(RampartConfig.NS,RampartConfig.RAMPART_CONFIG_LN);
+ public final static QName CRYPTO_CONFIG_NAME = new QName(RampartConfig.NS,CryptoConfig.CRYPTO_LN);
+
+ public void testLoadPolicy() {
+ try {
+ String xmlPath = "test-resources/policy/rampart-policy-1.xml";
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+
+ OMElement elem = builder.getDocumentElement();
+
+ Policy policy = PolicyEngine.getPolicy(elem);
+
+ Assertion assertion = (Assertion)policy.getAssertions().get(0);
+
+ assertEquals("Incorrect namespace in RampartConfig",
+ RAMPART_CONFIG_NAME.getNamespaceURI(), assertion.getName()
+ .getNamespaceURI());
+ assertEquals("Incorrect localname in RampartConfig",
+ RAMPART_CONFIG_NAME.getLocalPart(), assertion.getName()
+ .getLocalPart());
+
+ RampartConfig config = (RampartConfig) assertion;
+ CryptoConfig sigCryptoConfig = config.getSigCryptoConfig();
+
+ assertNotNull("Signature Crypto missing", sigCryptoConfig);
+
+ assertEquals("Incorrect namespace in SignatureCrypto",
+ CRYPTO_CONFIG_NAME.getNamespaceURI(), sigCryptoConfig
+ .getName().getNamespaceURI());
+ assertEquals("Incorrect localname in SignatureCrypto",
+ CRYPTO_CONFIG_NAME.getLocalPart(), sigCryptoConfig.getName()
+ .getLocalPart());
+
+ assertEquals("Incorrect provider value",
+ "org.apache.ws.security.components.crypto.Merlin",
+ sigCryptoConfig.getProvider());
+
+ Properties prop = sigCryptoConfig.getProp();
+ assertEquals("Incorrect number of properties", 3, prop.size());
+
+ assertEquals("Incorrect property value", "JKS", prop
+ .getProperty("keystoreType"));
+ assertEquals("Incorrect property value", "/path/to/file.jks", prop
+ .getProperty("keystoreFile"));
+ assertEquals("Incorrect property value", "password", prop
+ .getProperty("keystorePassword"));
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+
+ }
+
+}
\ No newline at end of file
diff --git a/1_5/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java b/1_5/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java
new file mode 100644
index 0000000..65a4854
--- /dev/null
+++ b/1_5/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.ws.secpolicy.SPConstants;
+
+import java.util.Iterator;
+import java.util.List;
+
+import junit.framework.TestCase;
+
+public class SecpolicyModelTest extends TestCase {
+
+
+ public void testSymmBinding() {
+ try {
+ Policy p = this.getPolicy("test-resources/policy-symm-binding.xml");
+ List assertions = (List)p.getAlternatives().next();
+
+ boolean symmBindingFound = false;
+
+ for (Iterator iter = assertions.iterator(); iter.hasNext();) {
+ Assertion assertion = (Assertion) iter.next();
+ if(assertion instanceof SymmetricBinding) {
+ symmBindingFound = true;
+ SymmetricBinding binding = (SymmetricBinding)assertion;
+ assertEquals("IncludeTimestamp assertion not processed", true, binding.isIncludeTimestamp());
+
+ ProtectionToken protectionToken = binding.getProtectionToken();
+ assertNotNull("ProtectionToken missing", protectionToken);
+
+ Token token = protectionToken.getProtectionToken();
+ if(token instanceof X509Token) {
+ assertEquals("incorrect X509 token versin and type",
+ SPConstants.WSS_X509_V3_TOKEN10,
+ ((X509Token) token).getTokenVersionAndType());
+ } else {
+ fail("ProtectionToken must contain a X509Token assertion");
+ }
+
+ }
+ }
+ //The Asymm binding mean is not built in the policy processing :-(
+ assertTrue("SymmetricBinding not porcessed", symmBindingFound);
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testAsymmBinding() {
+ try {
+ this.getPolicy("test-resources/policy-asymm-binding.xml");
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testTransportBinding() {
+ try {
+ this.getPolicy("test-resources/policy-transport-binding.xml");
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ private Policy getPolicy(String filePath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(filePath);
+ OMElement elem = builder.getDocumentElement();
+ return PolicyEngine.getPolicy(elem);
+ }
+}
diff --git a/1_5/modules/rampart-tests/test-resources/PWCallback.java b/1_5/modules/rampart-tests/test-resources/PWCallback.java
new file mode 100644
index 0000000..df9d4de
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/PWCallback.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+
+
+/**
+
+ * Class PWCallback
+
+ */
+
+public class PWCallback implements CallbackHandler {
+
+
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
+
+
diff --git a/1_5/modules/rampart-tests/test-resources/axis2.xml b/1_5/modules/rampart-tests/test-resources/axis2.xml
new file mode 100644
index 0000000..703400d
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/axis2.xml
@@ -0,0 +1,98 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+
+ <!-- This is only till we get the service specific parameters fixed in service.xml -->
+ <parameter name="InAction" locked="false">UsernameToken</parameter>
+ <parameter name="passwordCallbackClass" locked="false">
+ org.apache.axis2.security.PWCallback</parameter>
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <module ref="security"/>
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/1_5/modules/rampart-tests/test-resources/commons-logging.properties b/1_5/modules/rampart-tests/test-resources/commons-logging.properties
new file mode 100755
index 0000000..1e570d6
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/commons-logging.properties
@@ -0,0 +1,30 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# This is the logging properties that goes to the war, there are two logging conf kept at the
+# svn, one for developement (one at src/test-resources) and other for producation
+
+# Uncomment the next line to disable all logging.
+#org.apache.commons.logging.Log=org.apache.commons.logging.impl.NoOpLog
+
+# Uncomment the next line to enable the simple log based logging
+#org.apache.commons.logging.Log=org.apache.commons.logging.impl.SimpleLog
+
+# Uncomment the next line to enable log4j based logging
+org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger
diff --git a/1_5/modules/rampart-tests/test-resources/keys/interop2.jks b/1_5/modules/rampart-tests/test-resources/keys/interop2.jks
new file mode 100644
index 0000000..a7d1a3f
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/keys/interop2.jks
Binary files differ
diff --git a/1_5/modules/rampart-tests/test-resources/policy-asymm-binding.xml b/1_5/modules/rampart-tests/test-resources/policy-asymm-binding.xml
new file mode 100644
index 0000000..aae3ea5
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy-asymm-binding.xml
@@ -0,0 +1,46 @@
+<wsp:Policy wsu:Id="1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy-symm-binding.xml b/1_5/modules/rampart-tests/test-resources/policy-symm-binding.xml
new file mode 100644
index 0000000..de8bd5b
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy-symm-binding.xml
@@ -0,0 +1,53 @@
+<wsp:Policy wsu:Id="3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy-transport-binding.xml b/1_5/modules/rampart-tests/test-resources/policy-transport-binding.xml
new file mode 100644
index 0000000..a74b444
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy-transport-binding.xml
@@ -0,0 +1,43 @@
+<wsp:Policy wsu:Id="2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy/SecurityPolicyBindings.xml b/1_5/modules/rampart-tests/test-resources/policy/SecurityPolicyBindings.xml
new file mode 100644
index 0000000..2f3e7a3
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/SecurityPolicyBindings.xml
@@ -0,0 +1,50 @@
+
+<!-- Example Endpoint Policy -->
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+<sp:AsymmetricBinding>
+ <wsp:Policy>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always" />
+ </wsp:Policy> </sp:RecipientToken>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always" />
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:EncryptBeforeSigning />
+ <sp:EncryptSignature />
+ <sp:ProtectTokens />
+ <sp:SignedSupportingTokens>
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:SignedEndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once" />
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:RequireSignatureConfirmation />
+ </wsp:Policy>
+ </sp:Wss11>
+ </wsp:Policy>
+
+
\ No newline at end of file
diff --git a/1_5/modules/rampart-tests/test-resources/policy/SecurityPolicyBindingsSymm.xml b/1_5/modules/rampart-tests/test-resources/policy/SecurityPolicyBindingsSymm.xml
new file mode 100644
index 0000000..fb32250
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/SecurityPolicyBindingsSymm.xml
@@ -0,0 +1,43 @@
+<!-- Example Endpoint Policy -->
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+<sp:SymmetricBinding>
+<wsp:Policy>
+<sp:ProtectionToken>
+<wsp:Policy>
+<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
+</wsp:Policy>
+</sp:ProtectionToken>
+<sp:AlgorithmSuite>
+<wsp:Policy>
+<sp:Basic256 />
+</wsp:Policy>
+</sp:AlgorithmSuite>
+<sp:Layout>
+<wsp:Policy>
+<sp:Strict />
+</wsp:Policy>
+</sp:Layout>
+<sp:IncludeTimestamp />
+<sp:EncryptBeforeSigning />
+<sp:EncryptSignature />
+<sp:ProtectTokens />
+<sp:SignedSupportingTokens>
+<wsp:Policy>
+<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once" />
+</wsp:Policy>
+</sp:SignedSupportingTokens>
+<!--<sp:SignedEndorsingSupportingTokens>
+<wsp:Policy>
+<sp:X509V3Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/IncludeToken/Once" />
+</wsp:Policy>
+</sp:SignedEndorsingSupportingTokens> -->
+</wsp:Policy>
+</sp:SymmetricBinding>
+<sp:Wss11>
+<wsp:Policy>
+<sp:RequireSignatureConfirmation />
+</wsp:Policy>
+</sp:Wss11>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy/SecurityPolicyMsg.xml b/1_5/modules/rampart-tests/test-resources/policy/SecurityPolicyMsg.xml
new file mode 100644
index 0000000..3074acf
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/SecurityPolicyMsg.xml
@@ -0,0 +1,19 @@
+<!-- Example Endpoint Policy -->
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+
+ <!-- Example Message Policy -->
+
+ <sp:SignedParts>
+ <sp:Header Name="Header1" Namespace="uri:namespace_1" />
+ <sp:Header Name="Header2" Namespace="uri:namespace_2" />
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts>
+ <sp:Header Name="Header2" Namespace="uri:namespace_2" />
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ </wsp:Policy>
+
\ No newline at end of file
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml
new file mode 100644
index 0000000..3930028
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml
@@ -0,0 +1,75 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml
new file mode 100644
index 0000000..b2102da
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml
@@ -0,0 +1,76 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml
new file mode 100644
index 0000000..8d648b2
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml
@@ -0,0 +1,77 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
new file mode 100644
index 0000000..55cbb13
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
@@ -0,0 +1,85 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml
new file mode 100644
index 0000000..fd66030
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml
@@ -0,0 +1,81 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:EncryptBeforeSigning />
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml
new file mode 100644
index 0000000..735d8c5
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml
@@ -0,0 +1,74 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml
new file mode 100644
index 0000000..7adeceb
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml
@@ -0,0 +1,76 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-policy-1.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-policy-1.xml
new file mode 100644
index 0000000..5f1e907
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-policy-1.xml
@@ -0,0 +1,15 @@
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.axis2.security.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="keystoreType">JKS</ramp:property>
+ <ramp:property name="keystoreFile">/path/to/file.jks</ramp:property>
+ <ramp:property name="keystorePassword">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml
new file mode 100644
index 0000000..e5fd9f7
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml
@@ -0,0 +1,76 @@
+<wsp:Policy wsu:Id="policy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml
new file mode 100644
index 0000000..20300e7
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml
@@ -0,0 +1,76 @@
+<wsp:Policy wsu:Id="policy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml
new file mode 100644
index 0000000..92d2fd4
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml
@@ -0,0 +1,77 @@
+<wsp:Policy wsu:Id="policy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml
new file mode 100644
index 0000000..3433513
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml
@@ -0,0 +1,77 @@
+<wsp:Policy wsu:Id="policy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml
new file mode 100644
index 0000000..bb3564b
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml
@@ -0,0 +1,78 @@
+<wsp:Policy wsu:Id="policy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml
new file mode 100644
index 0000000..f84ada7
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml
@@ -0,0 +1,68 @@
+<wsp:Policy wsu:Id="5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:SignedEndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml
new file mode 100644
index 0000000..a9c407b
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml
@@ -0,0 +1,64 @@
+<wsp:Policy wsu:Id="5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:SignedEndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never" />
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml b/1_5/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml
new file mode 100644
index 0000000..0ba03af
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml
@@ -0,0 +1,64 @@
+<wsp:Policy wsu:Id="5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:SignedEndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/1_5/modules/rampart-tests/test-resources/policy/soapmessage.xml b/1_5/modules/rampart-tests/test-resources/policy/soapmessage.xml
new file mode 100644
index 0000000..1080754
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/policy/soapmessage.xml
@@ -0,0 +1,57 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:axis2="http://ws.apache.org/namespaces/axis2">
+ <soapenv:Header xmlns:fabrikam="http://example.com/fabrikam">
+ <wsa:MessageID soapenv:mustUnderstand="0">
+ uuid:920C5190-0B8F-11D9-8CED-F22EDEEBF7E5</wsa:MessageID>
+ <wsa:To soapenv:mustUnderstand="0">http://localhost:8081/axis/services/BankPort</wsa:To>
+ <wsa:From axis2:AttrExt="123456789" soapenv:mustUnderstand="0" >
+ <wsa:Address>
+ http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:From>
+ <wsa:Action>http://ws.apache.org/tests/action</wsa:Action>
+ <wsa:ReplyTo axis2:AttrExt="123456789">
+ <wsa:Address>http://example.com/fabrikam/acct</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:ReplyTo>
+
+ <wsa:FaultTo axis2:AttrExt="123456789">
+ <wsa:Address>http://example.com/fabrikam/fault</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:FaultTo>
+ <wsa:RelatesTo>http://some.previous.message</wsa:RelatesTo>
+ <wsa:RelatesTo RelationshipType="axis2:some.custom.relationship">http://identifier.of.other.message/</wsa:RelatesTo>
+
+ </soapenv:Header>
+ <soapenv:Body>
+ <ns1:getBalance soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
+ xmlns:ns1="http://localhost:8081/axis/services/BankPort">
+ <accountNo href="#id0"/>
+ </ns1:getBalance>
+ <multiRef id="id0" soapenc:root="0"
+ soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
+ xsi:type="xsd:int" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
+ 1001</multiRef>
+ </soapenv:Body>
+</soapenv:Envelope>
\ No newline at end of file
diff --git a/1_5/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.1.xml b/1_5/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.1.xml
new file mode 100644
index 0000000..74887ea
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.1.xml
@@ -0,0 +1,6 @@
+<token-dispatcher-configuration>
+ <issuer class="org.apache.rahas.TempIssuer">
+ <tokenType>http://example.org/mySpecialToken1</tokenType>
+ <tokenType>http://example.org/mySpecialToken2</tokenType>
+ </issuer>
+</token-dispatcher-configuration>
diff --git a/1_5/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.2.xml b/1_5/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.2.xml
new file mode 100644
index 0000000..87f6844
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.2.xml
@@ -0,0 +1,6 @@
+<token-dispatcher-configuration>
+ <issuer class="org.apache.rahas.TempIssuer" default="true">
+ <tokenType></tokenType>
+ <tokenType>http://example.org/mySpecialToken2</tokenType>
+ </issuer>
+</token-dispatcher-configuration>
diff --git a/1_5/modules/rampart-tests/test-resources/trust/dispatcher.config.xml b/1_5/modules/rampart-tests/test-resources/trust/dispatcher.config.xml
new file mode 100644
index 0000000..1c8dea1
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/trust/dispatcher.config.xml
@@ -0,0 +1,6 @@
+<token-dispatcher-configuration>
+ <issuer class="org.apache.rahas.TempIssuer" default="true">
+ <tokenType>http://example.org/mySpecialToken1</tokenType>
+ <tokenType>http://example.org/mySpecialToken2</tokenType>
+ </issuer>
+</token-dispatcher-configuration>
diff --git a/1_5/modules/rampart-tests/test-resources/trust/impl/sct-issuer-config.xml b/1_5/modules/rampart-tests/test-resources/trust/impl/sct-issuer-config.xml
new file mode 100644
index 0000000..f0a5238
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/trust/impl/sct-issuer-config.xml
@@ -0,0 +1,4 @@
+<sct-issuer-config>
+ <proofToken>EncryptedKey</proofToken>
+ <cryptoProperties>sctIssuer.properties</cryptoProperties>
+</sct-issuer-config>
diff --git a/1_5/modules/rampart-tests/test-resources/trust/impl/sctIssuer.properties b/1_5/modules/rampart-tests/test-resources/trust/impl/sctIssuer.properties
new file mode 100755
index 0000000..c126c57
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/trust/impl/sctIssuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sts.jks
diff --git a/1_5/modules/rampart-tests/test-resources/trust/impl/sts-services.xml b/1_5/modules/rampart-tests/test-resources/trust/impl/sts-services.xml
new file mode 100644
index 0000000..d3a489b
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/trust/impl/sts-services.xml
@@ -0,0 +1,29 @@
+<!-- Security token service configuration -->
+<service name="STS">
+
+ <operation name="RequestSecurityToken">
+ <messageReceiver class="org.apache.rahas.STSMessageReceiver"/>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
+ </operation>
+
+ <!-- Using the config file -->
+ <parameter name="token-dispatcher-configuration-file">token-dispatcher-configuration.xml</parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp</items>
+ </action>
+ </parameter>
+
+</service>
diff --git a/1_5/modules/rampart-tests/test-resources/trust/impl/sts.jks b/1_5/modules/rampart-tests/test-resources/trust/impl/sts.jks
new file mode 100644
index 0000000..b4514d7
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/trust/impl/sts.jks
Binary files differ
diff --git a/1_5/modules/rampart-tests/test-resources/trust/impl/token-dispatcher-configuration.xml b/1_5/modules/rampart-tests/test-resources/trust/impl/token-dispatcher-configuration.xml
new file mode 100644
index 0000000..b3ca9ea
--- /dev/null
+++ b/1_5/modules/rampart-tests/test-resources/trust/impl/token-dispatcher-configuration.xml
@@ -0,0 +1,6 @@
+<token-dispatcher-configuration>
+ <issuer class="org.apache.rahas.impl.SCTIssuer" default="true">
+ <configuration-file>sct-issuer-config.xml</configuration-file>
+ <tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType>
+ </issuer>
+</token-dispatcher-configuration>
diff --git a/1_5/modules/rampart-trust-mar/module.xml b/1_5/modules/rampart-trust-mar/module.xml
new file mode 100644
index 0000000..c24682f
--- /dev/null
+++ b/1_5/modules/rampart-trust-mar/module.xml
@@ -0,0 +1,56 @@
+<module name="rahas">
+ <Description>This module is used to STS enable a service where it adds
+ the RequestSecurityToken operation to a service that the module is engaged to</Description>
+
+ <supported-policy-namespaces namespaces="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+
+ <operation name="RequestSecurityToken" mep="http://www.w3.org/2006/01/wsdl/in-out">
+ <messageReceiver class="org.apache.rahas.STSMessageReceiver"/>
+
+ <!-- Action mapping to accept SCT requests -->
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
+
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
+
+ <parameter name="token-dispatcher-configuration">
+ <token-dispatcher-configuration>
+ <!-- Issuers. You may have many issuers. -->
+ <issuer class="org.apache.rahas.impl.SCTIssuer" default="true">
+ <configuration type="parameter">sct-issuer-config</configuration>
+ <tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType>
+ </issuer>
+ <issuer class="org.apache.rahas.impl.SAMLTokenIssuer">
+ <configuration type="parameter">saml-issuer-config</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+ </issuer>
+ <issuer class="org.apache.rahas.impl.SAML2TokenIssuer">
+ <configuration type="parameter">saml-issuer-config</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</tokenType>
+ </issuer>
+
+ <validator class="org.apache.rahas.impl.SAMLTokenValidator" default="true">
+ <configuration type="parameter">saml-issuer-config</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+ </validator>
+
+ <!-- Only a single canceler is allowed -->
+ <canceler class="org.apache.rahas.impl.TokenCancelerImpl">
+ <configuration type="parameter">token-canceler-config</configuration>
+ </canceler>
+
+ <!-- Renewers. You may have many renewers -->
+ <renewer class="org.apache.rahas.impl.SAMLTokenRenewer" default="true">
+ <configuration type="parameter">saml-issuer-config</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+ </renewer>
+
+ </token-dispatcher-configuration>
+ </parameter>
+
+ </operation>
+
+</module>
diff --git a/1_5/modules/rampart-trust-mar/pom.xml b/1_5/modules/rampart-trust-mar/pom.xml
new file mode 100644
index 0000000..2e9afe2
--- /dev/null
+++ b/1_5/modules/rampart-trust-mar/pom.xml
@@ -0,0 +1,111 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.5</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rahas</artifactId>
+ <packaging>mar</packaging>
+ <version>${rahas.mar.version}</version><!-- TODO need to remove this-->
+ <name>Rampart - Trust-Mar</name>
+
+ <scm>
+ <connection>scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</developerConnection>
+ <url>https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</url>
+ </scm>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-mar-maven-plugin</artifactId>
+ <version>1.2</version>
+ <extensions>true</extensions>
+ <configuration>
+ <includeDependencies>false</includeDependencies>
+ <moduleXmlFile>module.xml</moduleXmlFile>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>1.5</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>1.5</version>
+ </dependency>
+ </dependencies>
+
+ <pluginRepositories>
+ <pluginRepository>
+ <id>apache-m2</id>
+ <name>Apache M2 Repository</name>
+ <url>http://people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ <layout>default</layout>
+ <snapshots>
+ <enabled>false</enabled>
+ <updatePolicy>daily</updatePolicy>
+ <checksumPolicy>ignore</checksumPolicy>
+ </snapshots>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ </pluginRepository>
+ <pluginRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Snapshots Repository</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+ <layout>default</layout>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>daily</updatePolicy>
+ <checksumPolicy>ignore</checksumPolicy>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+ </pluginRepositories>
+ <distributionManagement>
+ <repository>
+ <id>apache-repo</id>
+ <name>Maven Central Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ </repository>
+ <snapshotRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Development Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-snapshot-repository</url>
+ <uniqueVersion>false</uniqueVersion>
+ </snapshotRepository>
+ </distributionManagement>
+</project>
diff --git a/1_5/modules/rampart-trust/pom.xml b/1_5/modules/rampart-trust/pom.xml
new file mode 100644
index 0000000..bf1819d
--- /dev/null
+++ b/1_5/modules/rampart-trust/pom.xml
@@ -0,0 +1,60 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.5</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-trust</artifactId>
+ <packaging>jar</packaging>
+ <name>Rampart - Trust</name>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ <excludes>
+ <exclude>**/*.java</exclude>
+ </excludes>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent"/>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java
new file mode 100644
index 0000000..aab11b6
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import java.util.Date;
+
+import org.apache.axiom.om.OMElement;
+
+/**
+ * This token is used store Encrypted Key Tokens. This token contains the
+ * SHA1 value of the Encrypted Key.
+ *
+ * These tokens are stored using the storage mechanism provided via the
+ * <code>TokenStorage</code> interface.
+ * @see org.apache.rahas.TokenStorage
+ *
+ */
+public class EncryptedKeyToken extends Token {
+
+ /**
+ * SHA1 value of the encrypted key
+ */
+ private String sha;
+
+ public EncryptedKeyToken (String id,Date created, Date expires) {
+ super(id,created,expires);
+ }
+
+ public EncryptedKeyToken (String id, OMElement tokenElem,
+ Date created, Date expires)throws TrustException{
+ super(id,tokenElem,created,expires);
+ }
+
+ /**
+ * @param sha SHA1 of the encrypted key
+ */
+ public void setSHA1(String sha) {
+ this.sha = sha;
+ }
+
+ /**
+ * @return SHA1 value of the encrypted key
+ */
+ public String getSHA1() {
+ return sha;
+ }
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
new file mode 100644
index 0000000..f560120
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+
+public class RahasConstants {
+
+ public final static int VERSION_05_02 = 1;
+ public final static int VERSION_05_12 = 2;
+
+ /**
+ * WS-Trust 2005 Feb namespace
+ */
+ public final static String WST_NS_05_02 = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+
+ /**
+ * WS-SX Namespace
+ */
+ public final static String WST_NS_05_12 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
+
+ public final static String WST_PREFIX = "wst";
+
+ public final static String WSP_NS = "http://schemas.xmlsoap.org/ws/2004/09/policy";
+ public final static String WSP_PREFIX = "wsp";
+
+ public static class LocalNames {
+ public static final String REQUEST_SECURITY_TOKEN = "RequestSecurityToken";
+ public static final String REQUEST_SECURITY_TOKEN_RESPONSE = "RequestSecurityTokenResponse";
+ public static final String REQUEST_TYPE = "RequestType";
+ public static final String TOKEN_TYPE = "TokenType";
+ public static final String REQUESTED_PROOF_TOKEN = "RequestedProofToken";
+ public static final String
+ REQUEST_SECURITY_TOKEN_RESPONSE_COLLECTION = "RequestSecurityTokenResponseCollection";
+ public final static String BINARY_SECRET = "BinarySecret";
+ public final static String VALIDATE_TARGET = "ValidateTarget";
+ public final static String RENEW_TARGET = "RenewTarget";
+
+ /* <wst:RequestSecurityTokenResponse>
+ * <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Status</wst:TokenType>
+ * <wst:Status>
+ * <wst:Code>http://schemas.xmlsoap.org/ws/2005/02/trust/status/valid</wst:Code>
+ * </wst:Status> ... </wst:RequestSecurityTokenResponse>"
+ */
+ public static final String STATUS = "Status";
+ public static final String CODE = "Code";
+ }
+
+ public static class IssuanceBindingLocalNames {
+ public static final String REQUESTED_SECURITY_TOKEN = "RequestedSecurityToken";
+ public static final String COMPUTED_KEY_ALGO = "ComputedKeyAlgorithm";
+ public static final String COMPUTED_KEY = "ComputedKey";
+ public static final String REQUESTED_ATTACHED_REFERENCE = "RequestedAttachedReference";
+ public static final String REQUESTED_UNATTACHED_REFERENCE = "RequestedUnattachedReference";
+ public static final String KEY_SIZE = "KeySize";
+ public static final String KEY_TYPE = "KeyType";
+ public static final String ENTROPY = "Entropy";
+ public static final String APPLIES_TO = "AppliesTo";
+ public static final String LIFETIME = "Lifetime";
+ public static final String CLAIMS = "Claims";
+
+ }
+
+ public static class CancelBindingLocalNames {
+ public static final String REQUESTED_TOKEN_CANCELED = "RequestedTokenCancelled";
+ public static final String CANCEL_TARGET = "CancelTarget";
+ public static final String URI = "URI";
+ }
+
+ //Key types
+ public static final String KEY_TYPE_SYMM_KEY = "/SymmetricKey";
+ public static final String KEY_TYPE_PUBLIC_KEY = "/PublicKey";
+ public static final String KEY_TYPE_BEARER = "/Bearer";
+
+ //Attr values
+ public static final String BIN_SEC_TYPE_NONCE = "/Nonce";
+
+ //ComputedKey algos
+ public static final String COMPUTED_KEY_PSHA1 = "/CK/PSHA1";
+
+ // RequestTypes
+ public static final String REQ_TYPE_ISSUE = "/Issue";
+ public static final String REQ_TYPE_VALIDATE = "/Validate";
+ public static final String REQ_TYPE_RENEW = "/Renew";
+ public static final String REQ_TYPE_CANCEL = "/Cancel";
+
+ //RST actions
+ public static final String RST_ACTION_ISSUE = "/RST" + REQ_TYPE_ISSUE;
+ public static final String RST_ACTION_VALIDATE = "/RST" + REQ_TYPE_VALIDATE;
+ public static final String RST_ACTION_RENEW = "/RST" + REQ_TYPE_RENEW;
+ public static final String RST_ACTION_CANCEL = "/RST" + REQ_TYPE_CANCEL;
+ public static final String RST_ACTION_SCT = "/RST/SCT";
+ public static final String RST_ACTION_CANCEL_SCT = "/RST/SCT" + REQ_TYPE_CANCEL;
+
+ //RSTR actions
+ public static final String RSTR_ACTION_ISSUE = "/RSTR" + REQ_TYPE_ISSUE;
+ public static final String RSTR_ACTION_VALIDATE = "/RSTR" + REQ_TYPE_VALIDATE;
+ public static final String RSTR_ACTION_RENEW = "/RSTR" + REQ_TYPE_RENEW;
+ public static final String RSTR_ACTION_CANCEL = "/RSTR" + REQ_TYPE_CANCEL;
+ public static final String RSTR_ACTION_SCT = "/RSTR/SCT";
+ public static final String RSTR_ACTION_CANCEL_SCT = "/RSTR/SCT" + REQ_TYPE_CANCEL;
+
+ //Status codes
+ public static final String STATUS_CODE_VALID = "/status/valid";
+ public static final String STATUS_CODE_INVALID = "/status/invalid";
+
+ public static final String TOK_TYPE_STATUS = "/RSTR/Status";
+
+ //Token types
+ public static final String TOK_TYPE_SAML_10 = "http://docs.oasis-open.org/wss/" +
+ "oasis-wss-saml-token-profile-1.1#SAMLV1.1";
+
+ public static final String TOK_TYPE_SAML_20 = "http://docs.oasis-open.org/wss/" +
+ "oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+ //Attrs
+ public static final String ATTR_TYPE = "Type";
+ public static final String ATTR_CLAIMS_DIALECT = "Dialect";
+
+ //Constants required for SAML2 assertion generation
+ public final static String X509_CERT ="X509Certificate";
+ public final static String USERNAME = "username";
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
new file mode 100644
index 0000000..2457621
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
@@ -0,0 +1,542 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.factory.OMDOMFactory;
+import org.apache.axiom.om.util.Base64;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.opensaml.SAMLAssertion;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Vector;
+
+/**
+ * Common data items on WS-Trust request messages
+ */
+public class RahasData {
+
+ private MessageContext inMessageContext;
+
+ private OMElement rstElement;
+
+ private int version = -1;
+
+ private String wstNs;
+
+ private String requestType;
+
+ private String tokenType;
+
+ private String tokenId;
+
+ private int keysize = -1;
+
+ private String computedKeyAlgo;
+
+ private String keyType;
+
+ private String appliesToAddress;
+
+ private OMElement appliesToEpr;
+
+ private Principal principal;
+
+ private X509Certificate clientCert;
+
+ private byte[] ephmeralKey;
+
+ private byte[] requestEntropy;
+
+ private byte[] responseEntropy;
+
+ private String addressingNs;
+
+ private String soapNs;
+
+ private OMElement claimElem;
+
+ private String claimDialect;
+
+ private SAMLAssertion assertion;
+ /**
+ * Create a new RahasData instance and populate it with the information from
+ * the request.
+ *
+ * @throws TrustException <code>RequestSecurityToken</code> element is invalid.
+ */
+ public RahasData(MessageContext inMessageContext) throws TrustException {
+
+ this.inMessageContext = inMessageContext;
+
+ //Check for an authenticated Principal
+ this.processWSS4JSecurityResults();
+
+ // Find out the incoming addressing version
+ this.addressingNs = (String) this.inMessageContext
+ .getProperty(AddressingConstants.WS_ADDRESSING_VERSION);
+
+ this.rstElement = this.inMessageContext.getEnvelope().getBody()
+ .getFirstElement();
+
+ this.soapNs = this.inMessageContext.getEnvelope().getNamespace()
+ .getNamespaceURI();
+
+ this.wstNs = this.rstElement.getNamespace().getNamespaceURI();
+
+ int ver = TrustUtil.getWSTVersion(this.wstNs);
+
+ if (ver == -1) {
+ throw new TrustException(TrustException.INVALID_REQUEST);
+ } else {
+ this.version = ver;
+ }
+
+ this.processRequestType();
+
+ this.processTokenType();
+
+ this.processKeyType();
+
+ this.processKeySize();
+
+ this.processAppliesTo();
+
+ this.processEntropy();
+
+ this.processClaims();
+
+ this.processValidateTarget();
+
+ this.processRenewTarget();
+
+ }
+
+ /**
+ * Processes the authenticated user information from the WSS4J security
+ * results.
+ *
+ * @throws TrustException
+ */
+ private void processWSS4JSecurityResults() throws TrustException {
+
+ /*
+ * User can be identifier using a UsernameToken or a certificate - If a
+ * certificate is found then we use that to - identify the user and -
+ * encrypt the response (if required) - If a UsernameToken is found then
+ * we will not be encrypting the response
+ */
+
+ Vector results;
+ if ((results = (Vector) this.inMessageContext
+ .getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
+ throw new TrustException(TrustException.REQUEST_FAILED);
+ } else {
+
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult = (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
+ .get(j);
+ Object principalObject = wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+ int act = ((Integer)wser.get(WSSecurityEngineResult.TAG_ACTION)).
+ intValue();
+ if (act == WSConstants.SIGN && principalObject != null) {
+ this.clientCert = (X509Certificate) wser
+ .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ this.principal = (Principal)principalObject;
+ } else if (act == WSConstants.UT && principalObject != null) {
+ this.principal = (Principal)principalObject;
+ } else if (act == WSConstants.BST) {
+ final X509Certificate[] certificates =
+ (X509Certificate[]) wser
+ .get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
+ this.clientCert = certificates[0];
+ this.principal = this.clientCert.getSubjectDN();
+ } else if (act == WSConstants.ST_UNSIGNED) {
+ this.assertion = (SAMLAssertion) wser
+ .get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+
+ }
+ }
+ }
+ // If the principal or a SAML assertion is missing
+ if (this.principal == null && this.assertion == null) {
+ throw new TrustException(TrustException.REQUEST_FAILED);
+ }
+ }
+ }
+
+ private void processAppliesTo() throws TrustException {
+
+ OMElement appliesToElem = this.rstElement
+ .getFirstChildWithName(new QName(RahasConstants.WSP_NS,
+ RahasConstants.IssuanceBindingLocalNames.
+ APPLIES_TO));
+
+ if (appliesToElem != null) {
+ OMElement eprElem = appliesToElem.getFirstElement();
+ this.appliesToEpr = eprElem;
+
+ // If there were no addressing headers
+ // The find the addressing version using the EPR element
+ if (this.addressingNs == null) {
+ this.addressingNs = eprElem.getNamespace()
+ .getNamespaceURI();
+ }
+
+ if (eprElem != null) {
+
+ //Of the epr is a web service then try to get the addr
+
+ OMElement addrElem = eprElem
+ .getFirstChildWithName(new QName(
+ this.addressingNs,
+ AddressingConstants.EPR_ADDRESS));
+ if (addrElem != null && addrElem.getText() != null
+ && !"".equals(addrElem.getText().trim())) {
+ this.appliesToAddress = addrElem.getText().trim();
+ }
+ } else {
+ throw new TrustException("invalidAppliesToElem");
+ }
+ }
+ }
+
+ private void processRequestType() throws TrustException {
+ OMElement reqTypeElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.LocalNames.REQUEST_TYPE));
+
+ if (reqTypeElem == null ||
+ reqTypeElem.getText() == null ||
+ reqTypeElem.getText().trim().length() == 0) {
+ throw new TrustException(TrustException.INVALID_REQUEST);
+ } else {
+ this.requestType = reqTypeElem.getText().trim();
+ }
+ }
+
+ private void processTokenType() {
+ OMElement tokTypeElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.LocalNames.TOKEN_TYPE));
+
+ if (tokTypeElem != null && tokTypeElem.getText() != null
+ && !"".equals(tokTypeElem.getText().trim())) {
+ this.tokenType = tokTypeElem.getText().trim();
+ }
+ }
+
+ /**
+ * Find the value of the KeyType element of the RST
+ */
+ private void processKeyType() {
+ OMElement keyTypeElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.IssuanceBindingLocalNames.KEY_TYPE));
+ if (keyTypeElem != null) {
+ String text = keyTypeElem.getText();
+ if (text != null && !"".equals(text.trim())) {
+ this.keyType = text.trim();
+ }
+ }
+ }
+
+ /**
+ * Finds the KeySize and creates an empty ephmeral key.
+ *
+ * @throws TrustException
+ */
+ private void processKeySize() throws TrustException {
+ OMElement keySizeElem =
+ this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.IssuanceBindingLocalNames.
+ KEY_SIZE));
+ if (keySizeElem != null) {
+ String text = keySizeElem.getText();
+ if (text != null && !"".equals(text.trim())) {
+ try {
+ //Set key size
+ this.keysize = Integer.parseInt(text.trim());
+
+ //Create an empty array to hold the key
+ this.ephmeralKey = new byte[this.keysize/8];
+ } catch (NumberFormatException e) {
+ throw new TrustException(TrustException.INVALID_REQUEST,
+ new String[]{"invalid wst:Keysize value"}, e);
+ }
+ }
+ }
+ this.keysize = -1;
+ }
+
+ /**
+ * Processes a claims.
+ *
+ */
+ private void processClaims() throws TrustException{
+ claimElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.IssuanceBindingLocalNames.CLAIMS));
+
+ if(claimElem != null){
+ claimDialect = claimElem.getAttributeValue(new QName(this.wstNs,
+ RahasConstants.ATTR_CLAIMS_DIALECT));
+ }
+
+ }
+
+ private void processValidateTarget()throws TrustException{
+
+ OMElement validateTargetElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.LocalNames.VALIDATE_TARGET));
+
+ if (validateTargetElem != null) {
+
+ OMElement strElem = validateTargetElem.getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ "SecurityTokenReference"));
+
+ Element elem = (Element)(new StAXOMBuilder(new OMDOMFactory(),
+ strElem.getXMLStreamReader()).getDocumentElement());
+
+ try {
+ SecurityTokenReference str = new SecurityTokenReference((Element)elem);
+ if (str.containsReference()) {
+ tokenId = str.getReference().getURI();
+ }
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorExtractingTokenId",e);
+ }
+ }
+ }
+
+ private void processRenewTarget()throws TrustException{
+
+ OMElement renewTargetElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.LocalNames.RENEW_TARGET));
+ if (renewTargetElem != null) {
+
+ OMElement strElem = renewTargetElem.getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ "SecurityTokenReference"));
+
+ Element elem = (Element)(new StAXOMBuilder(new OMDOMFactory(),
+ strElem.getXMLStreamReader()).getDocumentElement());
+
+ try {
+ SecurityTokenReference str = new SecurityTokenReference((Element)elem);
+ if (str.containsReference()) {
+ tokenId = str.getReference().getURI();
+ }
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorExtractingTokenId",e);
+ }
+ }
+ }
+
+ /**
+ * Process wst:Entropy element in the request.
+ */
+ private void processEntropy() throws TrustException {
+ OMElement entropyElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.IssuanceBindingLocalNames.ENTROPY));
+
+ if (entropyElem != null) {
+ OMElement binSecElem = entropyElem.getFirstElement();
+ if (binSecElem != null && binSecElem.getText() != null
+ && !"".equals(binSecElem.getText())) {
+ this.requestEntropy = Base64.decode(binSecElem.getText());
+ } else {
+ throw new TrustException("malformedEntropyElement",
+ new String[]{entropyElem.toString()});
+ }
+
+ }
+ }
+
+ /**
+ * @return Returns the appliesToAddress.
+ */
+ public String getAppliesToAddress() {
+ return appliesToAddress;
+ }
+
+ /**
+ * @return Returns the clientCert.
+ */
+ public X509Certificate getClientCert() {
+ return clientCert;
+ }
+
+ /**
+ * @return Returns the computedKeyAlgo.
+ */
+ public String getComputedKeyAlgo() {
+ return computedKeyAlgo;
+ }
+
+ /**
+ * @return Returns the ephmeralKey.
+ */
+ public byte[] getEphmeralKey() {
+ return ephmeralKey;
+ }
+
+ /**
+ * @return Returns the inMessageContext.
+ */
+ public MessageContext getInMessageContext() {
+ return inMessageContext;
+ }
+
+ /**
+ * @return Returns the keysize.
+ */
+ public int getKeysize() {
+ return keysize;
+ }
+
+ /**
+ * @return Returns the keyType.
+ */
+ public String getKeyType() {
+ return keyType;
+ }
+
+ /**
+ * @return Returns the principal.
+ */
+ public Principal getPrincipal() {
+ return principal;
+ }
+
+ /**
+ * @return Returns the requestEntropy.
+ */
+ public byte[] getRequestEntropy() {
+ return requestEntropy;
+ }
+
+ /**
+ * @return Returns the requestType.
+ */
+ public String getRequestType() {
+ return requestType;
+ }
+
+ /**
+ * @return Returns the responseEntropy.
+ */
+ public byte[] getResponseEntropy() {
+ return responseEntropy;
+ }
+
+ /**
+ * @return Returns the rstElement.
+ */
+ public OMElement getRstElement() {
+ return rstElement;
+ }
+
+ /**
+ * @return Returns the tokenType.
+ */
+ public String getTokenType() {
+ return tokenType;
+ }
+
+ /**
+ * @return Returns the version.
+ */
+ public int getVersion() {
+ return version;
+ }
+
+ /**
+ * @return Returns the addressingNs.
+ */
+ public String getAddressingNs() {
+ return addressingNs;
+ }
+
+ /**
+ * @return Returns the wstNs.
+ */
+ public String getWstNs() {
+ return wstNs;
+ }
+
+ /**
+ * @return Returns the soapNs.
+ */
+ public String getSoapNs() {
+ return soapNs;
+ }
+
+ /**
+ * @return Returns the tokenId.
+ */
+ public String getTokenId() {
+ return tokenId;
+ }
+
+ /**
+ * @param responseEntropy The responseEntropy to set.
+ */
+ public void setResponseEntropy(byte[] responseEntropy) {
+ this.responseEntropy = responseEntropy;
+ }
+
+ /**
+ * @param ephmeralKey The ephmeralKey to set.
+ */
+ public void setEphmeralKey(byte[] ephmeralKey) {
+ this.ephmeralKey = ephmeralKey;
+ }
+
+ public String getClaimDialect() {
+ return claimDialect;
+ }
+
+ public OMElement getClaimElem() {
+ return claimElem;
+ }
+
+ public OMElement getAppliesToEpr() {
+ return appliesToEpr;
+ }
+
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/STSMessageReceiver.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/STSMessageReceiver.java
new file mode 100644
index 0000000..f3bd34f
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/STSMessageReceiver.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.receivers.AbstractInOutMessageReceiver;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import javax.xml.namespace.QName;
+
+public class STSMessageReceiver extends AbstractInOutMessageReceiver {
+
+ private static final Log log = LogFactory.getLog(STSMessageReceiver.class);
+
+ public void invokeBusinessLogic(MessageContext inMessage,
+ MessageContext outMessage) throws AxisFault {
+
+ try {
+ Parameter param = inMessage
+ .getParameter(TokenRequestDispatcherConfig.CONFIG_PARAM_KEY);
+ Parameter paramFile = inMessage
+ .getParameter(TokenRequestDispatcherConfig.CONFIG_FILE_KEY);
+ TokenRequestDispatcher dispatcher = null;
+ if (param != null) {
+ dispatcher = new TokenRequestDispatcher(param
+ .getParameterElement().getFirstChildWithName(
+ new QName("token-dispatcher-configuration")));
+ } else if (paramFile != null) {
+ dispatcher = new TokenRequestDispatcher((String) paramFile
+ .getValue());
+ } else {
+ dispatcher = new TokenRequestDispatcher(
+ (OMElement) inMessage
+ .getProperty(TokenRequestDispatcherConfig.CONFIG_PARAM_KEY));
+ }
+
+ if(dispatcher != null) {
+ SOAPEnvelope responseEnv = dispatcher.handle(inMessage, outMessage);
+ outMessage.setEnvelope(responseEnv);
+ } else {
+ throw new TrustException("missingDispatcherConfiguration");
+ }
+ } catch (TrustException e) {
+ e.printStackTrace();
+ //Log the exception
+ log.error(e);
+ throw new AxisFault(e.getFaultString(), e.getFaultCode());
+ }
+ }
+
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java
new file mode 100644
index 0000000..f56bcdc
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java
@@ -0,0 +1,232 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.Reference;
+
+import javax.xml.namespace.QName;
+import java.util.*;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReadWriteLock;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+
+/**
+ * In-memory implementation of the token storage
+ */
+public class SimpleTokenStore implements TokenStorage {
+
+ protected Map tokens = new Hashtable();
+
+ /**
+ * We use a read write lock to improve concurrency while avoiding concurrent modification
+ * exceptions. We allow concurrent reads and avoid concurrent reads and modifications
+ * ReentrantReadWriteLock supports a maximum of 65535 recursive write locks and 65535 read locks
+ */
+ protected final ReadWriteLock readWriteLock = new ReentrantReadWriteLock();
+
+ protected final Lock readLock = readWriteLock.readLock();
+
+ protected final Lock writeLock = readWriteLock.writeLock();
+
+ public void add(Token token) throws TrustException {
+
+ if (token != null && !"".equals(token.getId()) && token.getId() != null) {
+
+ writeLock.lock();
+
+ try {
+ if (this.tokens.keySet().size() == 0
+ || (this.tokens.keySet().size() > 0 && !this.tokens
+ .keySet().contains(token.getId()))) {
+ tokens.put(token.getId(), token);
+ } else {
+ throw new TrustException("tokenAlreadyExists",
+ new String[]{token.getId()});
+ }
+ } finally {
+ writeLock.unlock();
+ }
+ }
+ }
+
+ public void update(Token token) throws TrustException {
+
+ if (token != null && token.getId() != null && token.getId().trim().length() != 0) {
+
+ writeLock.lock();
+
+ try {
+ if (!this.tokens.keySet().contains(token.getId())) {
+ throw new TrustException("noTokenToUpdate", new String[]{token.getId()});
+ }
+ this.tokens.put(token.getId(), token);
+ } finally {
+ writeLock.unlock();
+ }
+ }
+
+ }
+
+ public String[] getTokenIdentifiers() throws TrustException {
+ List identifiers = new ArrayList();
+
+ readLock.lock();
+ try {
+ for (Iterator iterator = tokens.keySet().iterator(); iterator.hasNext();) {
+ identifiers.add(iterator.next());
+ }
+ } finally {
+ readLock.unlock();
+ }
+ return (String[]) identifiers.toArray(new String[identifiers.size()]);
+ }
+
+ public Token[] getValidTokens() throws TrustException {
+ return getTokens(new int[]{Token.ISSUED, Token.RENEWED});
+ }
+
+ public Token[] getRenewedTokens() throws TrustException {
+ return getTokens(Token.RENEWED);
+ }
+
+
+ public Token[] getCancelledTokens() throws TrustException {
+ return getTokens(Token.CANCELLED);
+ }
+
+ public Token[] getExpiredTokens() throws TrustException {
+ return getTokens(Token.EXPIRED);
+ }
+
+ private Token[] getTokens(int[] states) throws TrustException {
+ processTokenExpiry();
+ List tokens = new ArrayList();
+
+ readLock.lock();
+
+ try {
+ for (Iterator iterator = this.tokens.values().iterator(); iterator.hasNext();) {
+ Token token = (Token) iterator.next();
+ for (int i = 0; i < states.length; i++) {
+ if (token.getState() == states[i]) {
+ tokens.add(token);
+ break;
+ }
+ }
+ }
+ } finally {
+ readLock.unlock();
+ }
+ return (Token[]) tokens.toArray(new Token[tokens.size()]);
+ }
+
+ private Token[] getTokens(int state) throws TrustException {
+ processTokenExpiry();
+ List tokens = new ArrayList();
+
+ readLock.lock();
+
+ try {
+ for (Iterator iterator = this.tokens.values().iterator(); iterator.hasNext();) {
+ Token token = (Token) iterator.next();
+ if (token.getState() == state) {
+ tokens.add(token);
+ }
+ }
+ } finally {
+ readLock.unlock();
+ }
+ return (Token[]) tokens.toArray(new Token[tokens.size()]);
+ }
+
+ public Token getToken(String id) throws TrustException {
+ processTokenExpiry();
+
+ readLock.lock();
+
+ Token token;
+
+ try {
+
+ token = (Token) this.tokens.get(id);
+
+ if(token == null) {
+ //Try to find the token using attached refs & unattached refs
+ for (Iterator iterator = this.tokens.values().iterator(); iterator.hasNext();) {
+ Token tempToken = (Token) iterator.next();
+ OMElement elem = tempToken.getAttachedReference();
+ if(elem != null && id.equals(this.getIdFromSTR(elem))) {
+ token = tempToken;
+ }
+ elem = tempToken.getUnattachedReference();
+ if(elem != null && id.equals(this.getIdFromSTR(elem))) {
+ token = tempToken;
+ }
+
+ }
+
+ }
+
+ } finally {
+ readLock.unlock();
+ }
+
+ return token;
+ }
+
+ protected void processTokenExpiry() throws TrustException {
+
+ readLock.lock();
+
+ try {
+ for (Iterator iterator = tokens.values().iterator(); iterator.hasNext();) {
+ Token token = (Token) iterator.next();
+ if (token.getExpires() != null &&
+ token.getExpires().getTime() < System.currentTimeMillis()) {
+ token.setState(Token.EXPIRED);
+ }
+ }
+ } finally {
+ readLock.unlock();
+ }
+ }
+
+ public static String getIdFromSTR(OMElement str) {
+ //ASSUMPTION:SecurityTokenReference/KeyIdentifier
+ OMElement child = str.getFirstElement();
+ if(child == null) {
+ return null;
+ }
+
+ if (child.getQName().equals(new QName(WSConstants.SIG_NS, "KeyInfo"))) {
+ return child.getText();
+ } else if(child.getQName().equals(Reference.TOKEN)) {
+ String uri = child.getAttributeValue(new QName("URI"));
+ if (uri.charAt(0) == '#') {
+ uri = uri.substring(1);
+ }
+ return uri;
+ } else {
+ return null;
+ }
+ }
+
+
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
new file mode 100644
index 0000000..019c3e2
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
@@ -0,0 +1,338 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMException;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+
+import javax.xml.namespace.QName;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.util.Date;
+import java.util.Properties;
+
+/**
+ * This represents a security token which can have either one of 4 states.
+ * <ul>
+ * <li>ISSUED</li>
+ * <li>EXPIRED</li>
+ * <li>CACELLED</li>
+ * <li>RENEWED</li>
+ * </ul>
+ * Also this holds the <code>OMElement</code>s representing the token in its
+ * present state and the previous state.
+ *
+ * These tokens are stored using the storage mechanism provided via the
+ * <code>TokenStorage</code> interface.
+ * @see org.apache.rahas.TokenStorage
+ */
+public class Token {
+
+ public final static int ISSUED = 1;
+ public final static int EXPIRED = 2;
+ public final static int CANCELLED = 3;
+ public final static int RENEWED = 4;
+
+ /**
+ * Token identifier
+ */
+ private String id;
+
+ /**
+ * Current state of the token
+ */
+ private int state = -1;
+
+ /**
+ * The actual token in its current state
+ */
+ private OMElement token;
+
+ /**
+ * The token in its previous state
+ */
+ private OMElement previousToken;
+
+ /**
+ * The RequestedAttachedReference element
+ * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows
+ * an extensibility mechanism for wsse:SecurityTokenReference and
+ * wsse:Reference. Hence we cannot limit to the
+ * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and
+ * the ValueType values.
+ */
+ private OMElement attachedReference;
+
+ /**
+ * The RequestedUnattachedReference element
+ * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows
+ * an extensibility mechanism for wsse:SecurityTokenRefence and
+ * wsse:Reference. Hence we cannot limit to the
+ * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and
+ * the ValueType values.
+ */
+ private OMElement unattachedReference;
+
+ /**
+ * A bag to hold any other properties
+ */
+ private Properties properties;
+
+ /**
+ * A flag to assist the TokenStorage
+ */
+ private boolean changed;
+
+ /**
+ * The secret associated with the Token
+ */
+ private byte[] secret;
+
+ /**
+ * Created time
+ */
+ private Date created;
+
+ /**
+ * Expiration time
+ */
+ private Date expires;
+
+ /**
+ * Issuer end point address
+ */
+ private String issuerAddress;
+
+ private String encrKeySha1Value;
+
+ public Token(String id, Date created, Date expires) {
+ this.id = id;
+ this.created = created;
+ this.expires = expires;
+ }
+
+ public Token(String id,
+ OMElement tokenElem,
+ Date created,
+ Date expires) throws TrustException {
+ this.id = id;
+ StAXOMBuilder stAXOMBuilder = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
+ tokenElem.getXMLStreamReader());
+ stAXOMBuilder.setNamespaceURIInterning(true);
+ this.token = stAXOMBuilder.getDocumentElement();
+ this.created = created;
+ this.expires = expires;
+ }
+
+ public Token(String id,
+ OMElement tokenElem,
+ OMElement lifetimeElem) throws TrustException {
+ this.id = id;
+ StAXOMBuilder stAXOMBuilder = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
+ tokenElem.getXMLStreamReader());
+ stAXOMBuilder.setNamespaceURIInterning(true);
+ this.token = stAXOMBuilder.getDocumentElement();
+ this.processLifeTime(lifetimeElem);
+ }
+
+ /**
+ * @param lifetimeElem
+ * @throws TrustException
+ */
+ private void processLifeTime(OMElement lifetimeElem) throws TrustException {
+ try {
+ DateFormat zulu = new XmlSchemaDateFormat();
+ OMElement createdElem =
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
+ WSConstants.CREATED_LN));
+ this.created = zulu.parse(createdElem.getText());
+
+ OMElement expiresElem =
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
+ WSConstants.EXPIRES_LN));
+ this.expires = zulu.parse(expiresElem.getText());
+ } catch (OMException e) {
+ throw new TrustException("lifeTimeProcessingError",
+ new String[]{lifetimeElem.toString()}, e);
+ } catch (ParseException e) {
+ throw new TrustException("lifeTimeProcessingError",
+ new String[]{lifetimeElem.toString()}, e);
+ }
+ }
+
+ /**
+ * @return Returns the changed.
+ */
+ public boolean isChanged() {
+ return changed;
+ }
+
+ /**
+ * @param chnaged The changed to set.
+ */
+ public void setChanged(boolean chnaged) {
+ this.changed = chnaged;
+ }
+
+ /**
+ * @return Returns the properties.
+ */
+ public Properties getProperties() {
+ return properties;
+ }
+
+ /**
+ * @param properties The properties to set.
+ */
+ public void setProperties(Properties properties) {
+ this.properties = properties;
+ }
+
+ /**
+ * @return Returns the state.
+ */
+ public int getState() {
+ return state;
+ }
+
+ /**
+ * @param state The state to set.
+ */
+ public void setState(int state) {
+ this.state = state;
+ }
+
+ /**
+ * @return Returns the token.
+ */
+ public OMElement getToken() {
+ return token;
+ }
+
+ /**
+ * @param token The token to set.
+ */
+ public void setToken(OMElement token) {
+ this.token = token;
+ }
+
+ /**
+ * @return Returns the id.
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * @return Returns the presivousToken.
+ */
+ public OMElement getPreviousToken() {
+ return previousToken;
+ }
+
+ /**
+ * @param presivousToken The presivousToken to set.
+ */
+ public void setPreviousToken(OMElement presivousToken) {
+ this.previousToken = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
+ presivousToken.getXMLStreamReader()).getDocumentElement();
+ }
+
+ /**
+ * @return Returns the secret.
+ */
+ public byte[] getSecret() {
+ return secret;
+ }
+
+ /**
+ * @param secret The secret to set.
+ */
+ public void setSecret(byte[] secret) {
+ this.secret = secret;
+ }
+
+ /**
+ * @return Returns the attachedReference.
+ */
+ public OMElement getAttachedReference() {
+ return attachedReference;
+ }
+
+ /**
+ * @param attachedReference The attachedReference to set.
+ */
+ public void setAttachedReference(OMElement attachedReference) {
+ if(attachedReference != null) {
+ this.attachedReference = new StAXOMBuilder(DOOMAbstractFactory
+ .getOMFactory(), attachedReference.getXMLStreamReader())
+ .getDocumentElement();
+ }
+ }
+
+ /**
+ * @return Returns the unattachedReference.
+ */
+ public OMElement getUnattachedReference() {
+ return unattachedReference;
+ }
+
+ /**
+ * @param unattachedReference The unattachedReference to set.
+ */
+ public void setUnattachedReference(OMElement unattachedReference) {
+ if(unattachedReference != null) {
+ this.unattachedReference = new StAXOMBuilder(DOOMAbstractFactory
+ .getOMFactory(), unattachedReference.getXMLStreamReader())
+ .getDocumentElement();
+ }
+ }
+
+ /**
+ * @return Returns the created.
+ */
+ public Date getCreated() {
+ return created;
+ }
+
+ /**
+ * @return Returns the expires.
+ */
+ public Date getExpires() {
+ return expires;
+ }
+
+ /**
+ * @param expires The expires to set.
+ */
+ public void setExpires(Date expires) {
+ this.expires = expires;
+ }
+
+ public String getIssuerAddress() {
+ return issuerAddress;
+ }
+
+ public void setIssuerAddress(String issuerAddress) {
+ this.issuerAddress = issuerAddress;
+ }
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenCanceler.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenCanceler.java
new file mode 100644
index 0000000..8eca6c2
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenCanceler.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.om.OMElement;
+
+public interface TokenCanceler {
+
+ /**
+ * Cancel the token specified in the request.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Response SOAPEnveloper
+ * @throws TrustException
+ */
+ SOAPEnvelope cancel(RahasData data) throws TrustException;
+
+ /**
+ * Set the configuration file of this TokenCanceller.
+ * <p/>
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ void setConfigurationFile(String configFile);
+
+ /**
+ * Set the configuration element of this TokenCanceller.
+ * <p/>
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement <code>OMElement</code> representing the configuration
+ */
+ void setConfigurationElement(OMElement configElement);
+
+ /**
+ * Set the name of the configuration parameter.
+ * <p/>
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @param configParamName
+ * @see org.apache.axis2.description.Parameter
+ */
+ void setConfigurationParamName(String configParamName);
+
+ /**
+ * Returns the <code>wsa:Action</code> of the response.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Returns the <code>wsa:Action</code> of the response
+ * @throws TrustException
+ */
+ String getResponseAction(RahasData data) throws TrustException;
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenIssuer.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenIssuer.java
new file mode 100644
index 0000000..5362d8f
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenIssuer.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+
+/**
+ * The <code>TokenIssuer</code>
+ */
+public interface TokenIssuer {
+
+ /**
+ * Create the response <code>soap:Envelope</code> for the given issue
+ * request.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return The response <code>soap:Envelope</code> for the given issue
+ * request.
+ * @throws TrustException
+ */
+ SOAPEnvelope issue(RahasData data) throws TrustException;
+
+ /**
+ * Returns the <code>wsa:Action</code> of the response.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Returns the <code>wsa:Action</code> of the response
+ * @throws TrustException
+ */
+ String getResponseAction(RahasData data) throws TrustException;
+
+ /**
+ * Set the configuration file of this TokenIssuer.
+ * <p/>
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ void setConfigurationFile(String configFile);
+
+ /**
+ * Set the configuration element of this TokenIssuer.
+ * <p/>
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement <code>OMElement</code> representing the configuration
+ */
+ void setConfigurationElement(OMElement configElement);
+
+ /**
+ * Set the name of the configuration parameter.
+ * <p/>
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @param configParamName
+ * @see org.apache.axis2.description.Parameter
+ */
+ void setConfigurationParamName(String configParamName);
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java
new file mode 100644
index 0000000..b9ef4f9
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+
+public interface TokenRenewer {
+
+ /**
+ * Renew the token specified in the given request.
+ *
+ * @param data
+ * A populated <code>RahasData</code> instance
+ * @return Response SOAPEnveloper
+ * @throws TrustException
+ */
+ public SOAPEnvelope renew(RahasData data) throws TrustException;
+
+ /**
+ * Set the configuration file of this TokenRenewer.
+ *
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ public void setConfigurationFile(String configFile);
+
+ /**
+ * Set the configuration element of TokenRenewer.
+ *
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement
+ * <code>OMElement</code> representing the configuration
+ */
+ public void setConfigurationElement(OMElement configElement);
+
+ /**
+ * Set the name of the configuration parameter.
+ *
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @see org.apache.axis2.description.Parameter
+ * @param configParamName
+ */
+ public void setConfigurationParamName(String configParamName);
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java
new file mode 100644
index 0000000..7004d2c
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.impl.SAMLTokenValidator;
+
+public class TokenRequestDispatcher {
+
+ private TokenRequestDispatcherConfig config;
+
+ private static Log mlog = LogFactory.getLog("org.apache.rampart.messages");
+ private static Log log = LogFactory.getLog(TokenRequestDispatcher.class.getName());
+
+ public TokenRequestDispatcher(TokenRequestDispatcherConfig config) throws TrustException {
+ this.config = config;
+ }
+
+ public TokenRequestDispatcher(OMElement config) throws TrustException {
+ this(TokenRequestDispatcherConfig.load(config));
+ }
+
+ public TokenRequestDispatcher(String configFilePath) throws TrustException {
+ this(TokenRequestDispatcherConfig.load(configFilePath));
+ }
+
+ /**
+ * Processes the incoming request and returns a SOAPEnvelope
+ * @param inMsgCtx
+ * @return The response SOAPEnvelope
+ * @throws TrustException
+ */
+ public SOAPEnvelope handle(MessageContext inMsgCtx,
+ MessageContext outMsgCtx) throws TrustException {
+
+ if(mlog.isDebugEnabled()){
+ mlog.debug("*********************** TokenRequestDispatcher received \n"+inMsgCtx.getEnvelope());
+ }
+ RahasData data = new RahasData(inMsgCtx);
+
+ String reqType = data.getRequestType();
+ String tokenType = data.getTokenType();
+ if ((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_ISSUE).equals(reqType) ||
+ (RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_ISSUE).equals(reqType)) {
+ log.debug("issue");
+ TokenIssuer issuer;
+ if (tokenType == null || tokenType.trim().length() == 0) {
+ issuer = config.getDefaultIssuerInstace();
+ } else {
+ issuer = config.getIssuer(tokenType);
+ }
+
+ SOAPEnvelope response = issuer.issue(data);
+
+ //set the response wsa/soap action in the out message context
+ outMsgCtx.getOptions().setAction(issuer.getResponseAction(data));
+
+ if(mlog.isDebugEnabled()){
+ mlog.debug("*********************** TokenRequestDispatcher sent out \n"+response);
+ }
+
+ return response;
+ } else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_VALIDATE).equals(reqType) ||
+ (RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_VALIDATE).equals(reqType)) {
+ log.debug("validate");
+
+ TokenValidator validator;
+ if (tokenType == null || tokenType.trim().length() == 0) {
+ validator = config.getDefaultValidatorInstance();
+ } else {
+ validator = config.getValidator(tokenType);
+ }
+
+ SOAPEnvelope response = validator.validate(data);
+
+ outMsgCtx.getOptions().setAction(
+ TrustUtil.getActionValue(data.getVersion(),
+ RahasConstants.RSTR_ACTION_VALIDATE));
+
+ return response;
+
+
+
+ } else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_RENEW).equals(reqType) ||
+ (RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_RENEW).equals(reqType)) {
+ log.debug("renew");
+
+ TokenRenewer renewer;
+ if (tokenType == null || tokenType.trim().length() == 0) {
+ renewer = config.getDefaultRenewerInstance();
+ } else {
+ renewer = config.getRenewer(tokenType);
+ }
+
+ SOAPEnvelope response = renewer.renew(data);
+
+ outMsgCtx.getOptions().setAction(
+ TrustUtil.getActionValue(data.getVersion(),
+ RahasConstants.RSTR_ACTION_RENEW));
+
+ return response;
+
+ } else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_CANCEL).equals(reqType) ||
+ (RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_CANCEL).equals(reqType)) {
+ log.debug("cancel");
+ TokenCanceler canceler = config.getDefaultCancelerInstance();
+ SOAPEnvelope response = canceler.cancel(data);
+
+ //set the response wsa/soap action in the out message context
+ outMsgCtx.getOptions().setAction(canceler.getResponseAction(data));
+ return response;
+ } else {
+ throw new TrustException(TrustException.INVALID_REQUEST);
+ }
+
+
+
+
+ }
+
+
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java
new file mode 100644
index 0000000..2486c3f
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java
@@ -0,0 +1,425 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.ws.security.util.Loader;
+
+import javax.xml.namespace.QName;
+import java.io.FileInputStream;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.Map;
+
+public class TokenRequestDispatcherConfig {
+
+ public final static String CONFIG_PARAM_KEY = "token-dispatcher-configuration";
+ public final static String CONFIG_FILE_KEY = "token-dispatcher-configuration-file";
+
+ private final static QName DISPATCHER_CONFIG = new QName("token-dispatcher-configuration");
+ private final static QName ISSUER = new QName("issuer");
+ private final static QName CANCELER = new QName("canceler");
+ private final static QName VALIDATOR = new QName("validator");
+ private final static QName RENEWER = new QName("renewer");
+ private final static QName TOKEN_TYPE = new QName("tokenType");
+ private final static QName CLASS_ATTR = new QName("class");
+ private final static QName DEFAULT_ATTR = new QName("default");
+ private final static QName CONFIGURATION_ELEMENT = new QName("configuration");
+
+ private Map issuers;
+ private Map validators;
+ private Map renewers;
+ private Map configFiles = new Hashtable();
+ private Map configElements = new Hashtable();
+ private Map configParamNames = new Hashtable();
+
+ private String defaultIssuerClassName;
+ private String defaultCancelerClassName;
+ private String defaultValidatorClassName;
+ private String defaultRenewerClassName;
+
+ public static TokenRequestDispatcherConfig load(OMElement configElem) throws TrustException {
+
+ if (!DISPATCHER_CONFIG.equals(configElem.getQName())) {
+ throw new TrustException("incorrectConfiguration");
+ }
+ TokenRequestDispatcherConfig conf = new TokenRequestDispatcherConfig();
+
+ // Issuers
+ handleIssuers(configElem, conf);
+
+ //Validators
+ handleValidators(configElem, conf);
+
+ //Renewers
+ handleRenewers(configElem, conf);
+
+ // Cancelers
+ handleCancelers(configElem, conf);
+
+
+
+ //There must be a defulat issuer
+ if (conf.defaultIssuerClassName == null) {
+ throw new TrustException("defaultIssuerMissing");
+ }
+ return conf;
+ }
+
+ private static void handleCancelers(OMElement configElem,
+ TokenRequestDispatcherConfig conf) throws TrustException {
+
+ OMElement cancelerEle = configElem.getFirstChildWithName(CANCELER); // support only one canceler
+ if (cancelerEle != null) {
+ //get the class attr
+ String cancelerClass = cancelerEle.getAttributeValue(CLASS_ATTR);
+ if (cancelerClass == null) {
+ throw new TrustException("missingClassName");
+ }
+ conf.defaultCancelerClassName = cancelerClass;
+ processConfiguration(cancelerEle, conf, cancelerClass);
+ }
+
+ //TODO: imple
+ }
+
+ private static void handleIssuers(OMElement configElem,
+ TokenRequestDispatcherConfig conf) throws TrustException {
+ for (Iterator issuerElems = configElem.getChildrenWithName(ISSUER);
+ issuerElems.hasNext();) {
+
+ OMElement element = (OMElement) issuerElems.next();
+
+ //get the class attr
+ String issuerClass = element.getAttributeValue(CLASS_ATTR);
+ if (issuerClass == null) {
+ throw new TrustException("missingClassName");
+ }
+ String isDefault = element.getAttributeValue(DEFAULT_ATTR);
+ if (isDefault != null && "true".equalsIgnoreCase(isDefault)) {
+ //Use the first default issuer as the default isser
+ if (conf.defaultIssuerClassName == null) {
+ conf.defaultIssuerClassName = issuerClass;
+ } else {
+ throw new TrustException("badDispatcherConfigMultipleDefaultIssuers");
+ }
+ }
+
+ processConfiguration(element, conf, issuerClass);
+
+ //Process token types
+ for (Iterator tokenTypes = element.getChildrenWithName(TOKEN_TYPE);
+ tokenTypes.hasNext();) {
+ OMElement type = (OMElement) tokenTypes.next();
+ String value = type.getText();
+ if (value == null || value.trim().length() == 0) {
+ throw new TrustException("invalidTokenTypeDefinition",
+ new String[]{"Issuer", issuerClass});
+ }
+ if (conf.issuers == null) {
+ conf.issuers = new Hashtable();
+ }
+ //If the token type is not already declared then add it to the
+ //table with the issuer classname
+ if (!conf.issuers.keySet().contains(value)) {
+ conf.issuers.put(value, issuerClass);
+ }
+ }
+ }
+ }
+
+ private static void handleValidators(OMElement configElem,
+ TokenRequestDispatcherConfig conf) throws TrustException {
+
+ for (Iterator validatorElems = configElem.getChildrenWithName(VALIDATOR);
+ validatorElems.hasNext();) {
+
+ OMElement element = (OMElement) validatorElems.next();
+
+ //get the class attr
+ String validatorClass = element.getAttributeValue(CLASS_ATTR);
+ if (validatorClass == null) {
+ throw new TrustException("missingClassName");
+ }
+ String isDefault = element.getAttributeValue(DEFAULT_ATTR);
+ if (isDefault != null && "true".equalsIgnoreCase(isDefault)) {
+ //Use the first default issuer as the default isser
+ if (conf.defaultValidatorClassName == null) {
+ conf.defaultValidatorClassName = validatorClass;
+ } else {
+ throw new TrustException("badDispatcherConfigMultipleDefaultValidators");
+ }
+ }
+
+ processConfiguration(element, conf, validatorClass);
+
+ //Process token types
+ for (Iterator tokenTypes = element.getChildrenWithName(TOKEN_TYPE);
+ tokenTypes.hasNext();) {
+ OMElement type = (OMElement) tokenTypes.next();
+ String value = type.getText();
+ if (value == null || value.trim().length() == 0) {
+ throw new TrustException("invalidTokenTypeDefinition",
+ new String[]{"Validator", validatorClass});
+ }
+ if (conf.validators == null) {
+ conf.validators = new Hashtable();
+ }
+ //If the token type is not already declared then add it to the
+ //table with the validator classname
+ if (!conf.validators.keySet().contains(value)) {
+ conf.validators.put(value, validatorClass);
+ }
+ }
+ }
+ }
+
+ private static void handleRenewers(OMElement configElem,
+ TokenRequestDispatcherConfig conf) throws TrustException {
+
+ for (Iterator renewerElems = configElem.getChildrenWithName(RENEWER);
+ renewerElems.hasNext();) {
+
+ OMElement element = (OMElement) renewerElems.next();
+
+ //get the class attr
+ String renewerClass = element.getAttributeValue(CLASS_ATTR);
+ if (renewerClass == null) {
+ throw new TrustException("missingClassName");
+ }
+ String isDefault = element.getAttributeValue(DEFAULT_ATTR);
+ if (isDefault != null && "true".equalsIgnoreCase(isDefault)) {
+ //Use the first default issuer as the default isser
+ if (conf.defaultRenewerClassName == null) {
+ conf.defaultRenewerClassName = renewerClass;
+ } else {
+ throw new TrustException("badDispatcherConfigMultipleDefaultRenewers");
+ }
+ }
+
+ processConfiguration(element, conf, renewerClass);
+
+ //Process token types
+ for (Iterator tokenTypes = element.getChildrenWithName(TOKEN_TYPE);
+ tokenTypes.hasNext();) {
+ OMElement type = (OMElement) tokenTypes.next();
+ String value = type.getText();
+ if (value == null || value.trim().length() == 0) {
+ throw new TrustException("invalidTokenTypeDefinition",
+ new String[]{"Renewer", renewerClass});
+ }
+ if (conf.renewers == null) {
+ conf.renewers = new Hashtable();
+ }
+ //If the token type is not already declared then add it to the
+ //table with the renwer classname
+ if (!conf.renewers.keySet().contains(value)) {
+ conf.renewers.put(value, renewerClass);
+ }
+ }
+ }
+ }
+
+ private static void processConfiguration(OMElement element,
+ TokenRequestDispatcherConfig conf,
+ String implClass) {
+
+ for (Iterator configs = element.getChildrenWithName(CONFIGURATION_ELEMENT);
+ configs.hasNext();) {
+ OMElement configEle = (OMElement) configs.next();
+ String configType =
+ configEle.getAttribute(new QName("type")).getAttributeValue().trim();
+ if (configType.equalsIgnoreCase("file")) { //Process configuration file information
+ String issuerConfigFile = configEle.getText();
+ if (issuerConfigFile != null) {
+ conf.configFiles.put(implClass, issuerConfigFile);
+ }
+ } else if (configType.equalsIgnoreCase("element"))
+ { //Process configuration element information
+ conf.configElements.put(implClass, configEle);
+ } else if (configType.equalsIgnoreCase("parameter"))
+ { //Process configuration parameter name information
+ conf.configParamNames.put(implClass, configEle.getText());
+ }
+ }
+ }
+
+ public static TokenRequestDispatcherConfig load(String configFilePath) throws TrustException {
+ FileInputStream fis;
+ StAXOMBuilder builder;
+ try {
+ fis = new FileInputStream(configFilePath);
+ builder = new StAXOMBuilder(fis);
+ } catch (Exception e) {
+ throw new TrustException("errorLoadingConfigFile", new String[]{configFilePath});
+ }
+ return load(builder.getDocumentElement());
+ }
+
+ public TokenIssuer getDefaultIssuerInstace() throws TrustException {
+ if (this.defaultIssuerClassName != null) {
+ try {
+ return createIssuer(this.defaultIssuerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{this.defaultIssuerClassName}, e);
+ }
+ } else {
+ return null;
+ }
+ }
+
+ public TokenCanceler getDefaultCancelerInstance() throws TrustException {
+ if (this.defaultCancelerClassName != null) {
+ try {
+ return createCanceler(this.defaultCancelerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{this.defaultCancelerClassName}, e);
+ }
+ } else {
+ return null;
+ }
+ }
+
+ public TokenValidator getDefaultValidatorInstance() throws TrustException {
+ if (this.defaultValidatorClassName != null) {
+ try {
+ return createValidator(this.defaultValidatorClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{this.defaultValidatorClassName}, e);
+ }
+ } else {
+ return null;
+ }
+ }
+
+ public TokenRenewer getDefaultRenewerInstance() throws TrustException {
+ if (this.defaultRenewerClassName != null) {
+ try {
+ return createRenewer(this.defaultRenewerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{this.defaultRenewerClassName}, e);
+ }
+ } else {
+ return null;
+ }
+ }
+
+
+ public String getDefaultIssuerName() {
+ return this.defaultIssuerClassName;
+ }
+
+
+ public TokenIssuer getIssuer(String tokenType) throws TrustException {
+ String issuerClassName = null;
+ //try to find the issuer class name from the tokenType<->issuer map
+ if (this.issuers != null) {
+ issuerClassName = (String) this.issuers.get(tokenType);
+ }
+ //If a specific issuer is not found use the default issuer
+ if (issuerClassName == null) {
+ issuerClassName = this.defaultIssuerClassName;
+ }
+ try {
+ return createIssuer(issuerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{issuerClassName}, e);
+ }
+ }
+
+ public TokenValidator getValidator(String tokenType) throws TrustException {
+ String validatorClassName = null;
+ //try to find the validator class name from the tokenType<->validator map
+ if (this.validators != null) {
+ validatorClassName = (String) this.validators.get(tokenType);
+ }
+ //If a specific validator is not found use the default validator
+ if (validatorClassName == null) {
+ validatorClassName = this.defaultValidatorClassName;
+ }
+ try {
+ return createValidator(validatorClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{validatorClassName}, e);
+ }
+ }
+
+ public TokenRenewer getRenewer(String tokenType) throws TrustException {
+ String renewerClassName = null;
+ //try to find the renewer class name from the tokenType<->Renewer map
+ if (this.renewers != null) {
+ renewerClassName = (String) this.renewers.get(tokenType);
+ }
+ //If a specific renewer is not found use the default renewer
+ if (renewerClassName == null) {
+ renewerClassName = this.defaultRenewerClassName;
+ }
+ try {
+ return createRenewer(renewerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{renewerClassName}, e);
+ }
+ }
+
+ /**
+ * @param issuerClassName
+ * @return TokenIssuer
+ */
+ private TokenIssuer createIssuer(String issuerClassName) throws Exception {
+ TokenIssuer issuer = (TokenIssuer) Loader.loadClass(this.getClass().getClassLoader(),
+ issuerClassName).newInstance();
+ issuer.setConfigurationElement((OMElement) this.configElements.get(issuerClassName));
+ issuer.setConfigurationFile((String) this.configFiles.get(issuerClassName));
+ issuer.setConfigurationParamName((String) this.configParamNames.get(issuerClassName));
+ return issuer;
+ }
+
+ private TokenCanceler createCanceler(String cancelerClassName) throws Exception {
+ TokenCanceler canceler = (TokenCanceler) Loader.loadClass(this.getClass().getClassLoader(),
+ cancelerClassName).newInstance();
+ canceler.setConfigurationElement((OMElement) this.configElements.get(cancelerClassName));
+ canceler.setConfigurationFile((String) this.configFiles.get(cancelerClassName));
+ canceler.setConfigurationParamName((String) this.configParamNames.get(cancelerClassName));
+ return canceler;
+ }
+
+ private TokenValidator createValidator(String validatorClassName) throws Exception {
+ TokenValidator validator = (TokenValidator) Loader.loadClass(this.getClass().getClassLoader(),
+ validatorClassName).newInstance();
+ validator.setConfigurationElement((OMElement) this.configElements.get(validatorClassName));
+ validator.setConfigurationFile((String) this.configFiles.get(validatorClassName));
+ validator.setConfigurationParamName((String) this.configParamNames.get(validatorClassName));
+ return validator;
+ }
+
+ private TokenRenewer createRenewer (String renewerClassName) throws Exception {
+ TokenRenewer renewer = (TokenRenewer) Loader.loadClass(this.getClass().getClassLoader(),
+ renewerClassName).newInstance();
+ renewer.setConfigurationElement((OMElement) this.configElements.get(renewerClassName));
+ renewer.setConfigurationFile((String) this.configFiles.get(renewerClassName));
+ renewer.setConfigurationParamName((String) this.configParamNames.get(renewerClassName));
+ return renewer;
+ }
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenStorage.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenStorage.java
new file mode 100644
index 0000000..cc9d656
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenStorage.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+
+/**
+ * The storage interface to store security tokens and
+ * manipulate them
+ */
+public interface TokenStorage {
+
+ String TOKEN_STORAGE_KEY = "org.apache.rahas.TokenStorage";
+
+ /**
+ * Add the given token to the list.
+ * @param token The token to be added
+ * @throws TrustException
+ */
+ void add(Token token) throws TrustException;
+
+ /**
+ * Update an existing token.
+ * @param token
+ * @throws TrustException
+ */
+ void update(Token token) throws TrustException;
+
+ /**
+ * Return the list of all token identifiers.
+ * @return As array of token identifiers
+ * @throws TrustException
+ */
+ String[] getTokenIdentifiers() throws TrustException;
+
+ /**
+ * Return the list of <code>EXPIRED</code> tokens.
+ * If there are no <code>EXPIRED</code> tokens <code>null</code> will be
+ * returned
+ * @return An array of expired <code>Tokens</code>
+ * @throws TrustException
+ */
+ Token[] getExpiredTokens() throws TrustException;
+
+ /**
+ * Return the list of ISSUED and RENEWED tokens.
+ * @return An array of ISSUED and RENEWED <code>Tokens</code>.
+ * @throws TrustException
+ */
+ Token[] getValidTokens() throws TrustException;
+
+ /**
+ * Return the list of RENEWED tokens.
+ * @return An array of RENEWED <code>Tokens</code>
+ * @throws TrustException
+ */
+ Token[] getRenewedTokens() throws TrustException;
+
+ /**
+ * Return the list of CANCELLED tokens
+ * @return An array of CANCELLED <code>Tokens</code>
+ * @throws TrustException
+ */
+ Token[] getCancelledTokens() throws TrustException;
+
+ /**
+ * Returns the <code>Token</code> of the given id
+ * @param id
+ * @return The requested <code>Token</code> identified by the give id
+ * @throws TrustException
+ */
+ Token getToken(String id) throws TrustException;
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java
new file mode 100644
index 0000000..2f5269c
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+
+public interface TokenValidator {
+
+ /**
+ * Validate the token specified in the given request.
+ *
+ * @param data
+ * A populated <code>RahasData</code> instance
+ * @return Response SOAPEnveloper
+ * @throws TrustException
+ */
+ public SOAPEnvelope validate(RahasData data) throws TrustException;
+
+ /**
+ * Set the configuration file of this TokenValidator.
+ *
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ public void setConfigurationFile(String configFile);
+
+ /**
+ * Set the configuration element of this TokenValidator.
+ *
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement
+ * <code>OMElement</code> representing the configuration
+ */
+ public void setConfigurationElement(OMElement configElement);
+
+ /**
+ * Set the name of the configuration parameter.
+ *
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @see org.apache.axis2.description.Parameter
+ * @param configParamName
+ */
+ public void setConfigurationParamName(String configParamName);
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TrustException.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TrustException.java
new file mode 100644
index 0000000..39a6ccc
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TrustException.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import java.text.MessageFormat;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+public class TrustException extends Exception {
+
+ private static final long serialVersionUID = -445341784514373965L;
+
+ public final static String INVALID_REQUEST = "InvalidRequest";
+ public final static String FAILED_AUTHENTICATION = "FailedAuthentication";
+ public final static String REQUEST_FAILED = "RequestFailed";
+ public final static String INVALID_SECURITY_TOKEN = "InvalidSecurityToken";
+ public final static String AUTHENTICATION_BAD_ELEMENTS = "AuthenticationBadElements";
+ public final static String BAD_REQUEST = "BadRequest";
+ public final static String EXPIRED_DATA = "ExpiredData";
+ public final static String INVALID_TIME_RANGE = "InvalidTimeRange";
+ public final static String INVALID_SCOPE = "InvalidScope";
+ public final static String RENEW_NEEDED = "RenewNeeded";
+ public final static String UNABLE_TO_RENEW = "UnableToRenew";
+
+
+ private static ResourceBundle resources;
+
+ private String faultCode;
+ private String faultString;
+
+ static {
+ try {
+ resources = ResourceBundle.getBundle("org.apache.rahas.errors");
+ } catch (MissingResourceException e) {
+ throw new RuntimeException(e.getMessage());
+ }
+ }
+
+ public TrustException(String faultCode, Object[] args) {
+ super(getMessage(faultCode, args));
+ this.faultCode = getFaultCode(faultCode);
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ /**
+ * Construct the fault properly code for the standard faults
+ * @param faultCode2
+ * @return
+ */
+ private String getFaultCode(String code) {
+ if(AUTHENTICATION_BAD_ELEMENTS.equals(code) ||
+ BAD_REQUEST.equals(code) ||
+ EXPIRED_DATA.equals(code) ||
+ FAILED_AUTHENTICATION.equals(code) ||
+ INVALID_REQUEST.equals(code) ||
+ INVALID_SCOPE.equals(code) ||
+ INVALID_SECURITY_TOKEN.equals(code) ||
+ INVALID_TIME_RANGE.equals(code) ||
+ RENEW_NEEDED.equals(code) ||
+ REQUEST_FAILED.equals(code) ||
+ UNABLE_TO_RENEW.equals(code)) {
+ return RahasConstants.WST_PREFIX + ":" + code;
+ } else {
+ return code;
+ }
+ }
+
+ public TrustException(String faultCode) {
+ this(faultCode, (Object[])null);
+ }
+
+ public TrustException(String faultCode, Object[] args, Throwable e) {
+ super(getMessage(faultCode, args),e);
+ this.faultCode = faultCode;
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ public TrustException(String faultCode, Throwable e) {
+ this(faultCode, null, e);
+ }
+
+ /**
+ * get the message from resource bundle.
+ * <p/>
+ *
+ * @return the message translated from the property (message) file.
+ */
+ protected static String getMessage(String faultCode, Object[] args) {
+ String msg = null;
+ try {
+ msg = MessageFormat.format(resources.getString(faultCode), args);
+ } catch (MissingResourceException e) {
+ throw new RuntimeException("Undefined '" + faultCode + "' resource property");
+ }
+ if(msg != null) {
+ return msg;
+ } else {
+ return faultCode;
+ }
+ }
+
+ /**
+ * @return Returns the faultCode.
+ */
+ protected String getFaultCode() {
+ return faultCode;
+ }
+
+ /**
+ * @return Returns the faultString.
+ */
+ protected String getFaultString() {
+ return faultString;
+ }
+
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
new file mode 100644
index 0000000..c52d355
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
@@ -0,0 +1,617 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.rahas.impl.AbstractIssuerConfig;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+
+import java.security.SecureRandom;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.Properties;
+import java.util.Iterator;
+
+public class TrustUtil {
+
+ private static final QName NAME = new QName("name");
+
+ /**
+ * Create a wsse:Reference element with the given URI and the value type
+ *
+ * @param doc
+ * @param refUri
+ * @param refValueType
+ * @return Element
+ */
+ public static Element createSecurityTokenReference(Document doc,
+ String refUri, String refValueType) {
+
+ Reference ref = new Reference(doc);
+ ref.setURI(refUri);
+ if (refValueType != null) {
+ ref.setValueType(refValueType);
+ }
+ SecurityTokenReference str = new SecurityTokenReference(doc);
+ str.setReference(ref);
+
+ return str.getElement();
+ }
+
+ public static OMElement
+ createRequestSecurityTokenResponseElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.LocalNames.REQUEST_SECURITY_TOKEN_RESPONSE,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement
+ createRequestSecurityTokenResponseCollectionElement(int version,
+ OMElement parent) throws TrustException {
+ String ns = getWSTNamespace(version);
+ return createOMElement(parent, ns,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE_COLLECTION,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestedSecurityTokenElement(
+ int version, OMElement parent) throws TrustException {
+ String ns = getWSTNamespace(version);
+ return createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.REQUESTED_SECURITY_TOKEN,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestSecurityTokenElement(int version) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ return fac.
+ createOMElement(RahasConstants.LocalNames.REQUEST_SECURITY_TOKEN,
+ ns,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestedProofTokenElement(
+ int version, OMElement parent) throws TrustException {
+ String ns = getWSTNamespace(version);
+ return createOMElement(parent, ns,
+ RahasConstants.LocalNames.REQUESTED_PROOF_TOKEN,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createEntropyElement(
+ int version, OMElement parent) throws TrustException {
+ String ns = getWSTNamespace(version);
+ return createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.ENTROPY,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createComputedKeyElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.IssuanceBindingLocalNames.COMPUTED_KEY,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestTypeElement(int version,
+ OMElement parent,
+ String value) throws TrustException {
+ String ns = getWSTNamespace(version);
+
+ OMElement elem = createOMElement(parent,
+ ns,
+ RahasConstants.LocalNames.REQUEST_TYPE,
+ RahasConstants.WST_PREFIX);
+
+ if (RahasConstants.REQ_TYPE_ISSUE.equals(value)
+ || RahasConstants.REQ_TYPE_CANCEL.equals(value)
+ || RahasConstants.REQ_TYPE_RENEW.equals(value)
+ || RahasConstants.REQ_TYPE_VALIDATE.equals(value)) {
+ elem.setText(ns + value);
+ } else {
+ elem.setText(value);
+ }
+
+ return elem;
+ }
+
+ public static OMElement createTokenTypeElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.LocalNames.TOKEN_TYPE,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createValidateTargetElement(int version, OMElement parent,
+ OMElement str) throws TrustException {
+ OMElement validateTarget = createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.LocalNames.VALIDATE_TARGET,
+ RahasConstants.WST_PREFIX);
+ validateTarget.addChild(str);
+
+ return validateTarget;
+
+ }
+
+ public static OMElement createRenewTargetElement(int version, OMElement parent,
+ OMElement str) throws TrustException {
+ OMElement renewTarget = createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.LocalNames.RENEW_TARGET,
+ RahasConstants.WST_PREFIX);
+ renewTarget.addChild(str);
+
+ return renewTarget;
+
+}
+
+
+
+ public static OMElement createBinarySecretElement(
+ int version,
+ OMElement parent,
+ String type) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement elem = createOMElement(parent, ns,
+ RahasConstants.LocalNames.BINARY_SECRET,
+ RahasConstants.WST_PREFIX);
+ if (type != null) {
+ elem.addAttribute(elem.getOMFactory().createOMAttribute(
+ RahasConstants.ATTR_TYPE, null, ns + type));
+ }
+ return elem;
+ }
+
+ public static OMElement createComputedKeyAlgorithm(int version,
+ OMElement parent,
+ String algoId) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement elem = createOMElement(parent,
+ ns,
+ RahasConstants.IssuanceBindingLocalNames.COMPUTED_KEY_ALGO,
+ RahasConstants.WST_PREFIX);
+ elem.setText(ns + algoId);
+ return elem;
+ }
+
+ public static OMElement
+ createRequestedUnattachedRef(int version,
+ OMElement parent,
+ String refUri,
+ String refValueType) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement elem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_UNATTACHED_REFERENCE,
+ RahasConstants.WST_PREFIX);
+ elem.addChild((OMElement) createSecurityTokenReference(
+ ((Element) parent).getOwnerDocument(), refUri, refValueType));
+ return elem;
+ }
+
+ public static OMElement createRequestedAttachedRef(int version,
+ OMElement parent,
+ String refUri,
+ String refValueType) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement elem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_ATTACHED_REFERENCE,
+ RahasConstants.WST_PREFIX);
+ elem.addChild((OMElement) createSecurityTokenReference(
+ ((Element) parent).getOwnerDocument(), refUri, refValueType));
+ return elem;
+ }
+
+ /**
+ * Create and add wst:AttachedReference element
+ *
+ * @param rstrElem
+ * wst:RequestSecurityToken element
+ * @param id
+ * Token identifier
+ * @throws TrustException
+ */
+ public static void createRequestedAttachedRef(OMElement rstrElem, String id, int version)
+ throws TrustException {
+ OMFactory fac = null;
+ OMElement rar = null;
+ OMElement str = null;
+ OMElement ki = null;
+
+ String ns = TrustUtil.getWSTNamespace(version);
+ fac = rstrElem.getOMFactory();
+ rar = fac.createOMElement(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.REQUESTED_ATTACHED_REFERENCE,
+ RahasConstants.WST_PREFIX), rstrElem);
+ str = fac.createOMElement(new QName(WSConstants.WSSE_NS,
+ SecurityTokenReference.SECURITY_TOKEN_REFERENCE, WSConstants.WSSE_PREFIX), rar);
+ ki = fac.createOMElement(new QName(WSConstants.WSSE_NS, "KeyIdentifier",
+ WSConstants.WSSE_PREFIX), str);
+ ki.addAttribute("ValueType", WSConstants.WSS_SAML_KI_VALUE_TYPE, null);
+ ki.setText(id);
+ }
+
+ /**
+ * Create and add wst:UnattachedReference element
+ *
+ * @param rstrElem
+ * wst:RequestSecurityToken element
+ * @param id
+ * Token identifier
+ * @throws TrustException
+ */
+ public static void createRequestedUnattachedRef(OMElement rstrElem, String id, int version)
+ throws TrustException {
+ OMFactory fac = null;
+ OMElement rar = null;
+ OMElement str = null;
+ OMElement ki = null;
+
+ String ns = TrustUtil.getWSTNamespace(version);
+ fac = rstrElem.getOMFactory();
+ rar = fac.createOMElement(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.REQUESTED_UNATTACHED_REFERENCE,
+ RahasConstants.WST_PREFIX), rstrElem);
+ str = fac.createOMElement(new QName(WSConstants.WSSE_NS,
+ SecurityTokenReference.SECURITY_TOKEN_REFERENCE, WSConstants.WSSE_PREFIX), rar);
+ ki = fac.createOMElement(new QName(WSConstants.WSSE_NS, "KeyIdentifier",
+ WSConstants.WSSE_PREFIX), str);
+
+ ki.addAttribute("ValueType", WSConstants.WSS_SAML_KI_VALUE_TYPE, null);
+ ki.setText(id);
+ }
+
+ public static OMElement createKeySizeElement(int version,
+ OMElement parent,
+ int size) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement ksElem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.KEY_SIZE,
+ RahasConstants.WST_PREFIX);
+ ksElem.setText(Integer.toString(size));
+ return ksElem;
+ }
+
+ public static OMElement createKeyTypeElement(int version,
+ OMElement parent,
+ String type) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement ktElem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.KEY_TYPE,
+ RahasConstants.WST_PREFIX);
+ if (RahasConstants.KEY_TYPE_BEARER.equals(type) ||
+ RahasConstants.KEY_TYPE_PUBLIC_KEY.equals(type) ||
+ RahasConstants.KEY_TYPE_SYMM_KEY.equals(type)) {
+ ktElem.setText(ns + type);
+ } else {
+ ktElem.setText(type);
+ }
+ return ktElem;
+ }
+
+ public static OMElement
+ createRequestedTokenCanceledElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.CancelBindingLocalNames.REQUESTED_TOKEN_CANCELED,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createLifetimeElement(int version,
+ OMElement parent,
+ String created,
+ String expires) throws TrustException {
+
+ String ns = getWSTNamespace(version);
+
+ OMElement ltElem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.LIFETIME,
+ RahasConstants.WST_PREFIX);
+
+ OMElement createdElem = createOMElement(ltElem, WSConstants.WSU_NS,
+ WSConstants.CREATED_LN,
+ WSConstants.WSU_PREFIX);
+ createdElem.setText(created);
+
+ OMElement expiresElem = createOMElement(ltElem, WSConstants.WSU_NS,
+ WSConstants.EXPIRES_LN,
+ WSConstants.WSU_PREFIX);
+ expiresElem.setText(expires);
+
+ return ltElem;
+ }
+
+ public static OMElement createLifetimeElement(int version,
+ OMElement parent,
+ long ttl) throws TrustException {
+
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+ expirationTime.setTime(creationTime.getTime() + ttl);
+
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ return createLifetimeElement(version,
+ parent,
+ zulu.format(creationTime),
+ zulu.format(expirationTime));
+ }
+
+ public static OMElement createAppliesToElement(OMElement parent,
+ String address, String addressingNs) {
+ OMElement appliesToElem = createOMElement(parent,
+ RahasConstants.WSP_NS,
+ RahasConstants.IssuanceBindingLocalNames.
+ APPLIES_TO,
+ RahasConstants.WSP_PREFIX);
+
+ OMElement eprElem = createOMElement(appliesToElem,
+ addressingNs,
+ "EndpointReference",
+ AddressingConstants.WSA_DEFAULT_PREFIX);
+ OMElement addressElem = createOMElement(eprElem, addressingNs,
+ AddressingConstants.EPR_ADDRESS,
+ AddressingConstants.WSA_DEFAULT_PREFIX);
+ addressElem.setText(address);
+
+ return appliesToElem;
+ }
+
+ public static String getActionValue(int version, String action) throws TrustException {
+ if (RahasConstants.RST_ACTION_ISSUE.equals(action) ||
+ RahasConstants.RST_ACTION_CANCEL.equals(action) ||
+ RahasConstants.RST_ACTION_RENEW.equals(action) ||
+ RahasConstants.RST_ACTION_VALIDATE.equals(action) ||
+ RahasConstants.RST_ACTION_SCT.equals(action) ||
+ RahasConstants.RSTR_ACTION_ISSUE.equals(action) ||
+ RahasConstants.RSTR_ACTION_CANCEL.equals(action) ||
+ RahasConstants.RSTR_ACTION_RENEW.equals(action) ||
+ RahasConstants.RSTR_ACTION_VALIDATE.equals(action) ||
+ RahasConstants.RSTR_ACTION_SCT.equals(action)) {
+
+ return getWSTNamespace(version) + action;
+ }
+ return action;
+ }
+
+ /**
+ * Create a new <code>SOAPEnvelope</code> of the same version as the
+ * SOAPEnvelope in the given <code>MessageContext</code>
+ *
+ * @param nsUri
+ * @return SOAPEnvelope
+ */
+ public static SOAPEnvelope createSOAPEnvelope(String nsUri) {
+ if (nsUri != null
+ && SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI.equals(nsUri)) {
+ return DOOMAbstractFactory.getSOAP11Factory().getDefaultEnvelope();
+ } else {
+ return DOOMAbstractFactory.getSOAP12Factory().getDefaultEnvelope();
+ }
+ }
+
+
+ private static OMElement createOMElement(OMElement parent,
+ String ns,
+ String ln,
+ String prefix) {
+ return parent.getOMFactory().createOMElement(new QName(ns, ln, prefix),
+ parent);
+ }
+
+ public static String getWSTNamespace(int version) throws TrustException {
+ switch (version) {
+ case RahasConstants.VERSION_05_02:
+ return RahasConstants.WST_NS_05_02;
+ case RahasConstants.VERSION_05_12:
+ return RahasConstants.WST_NS_05_12;
+ default:
+ throw new TrustException("unsupportedWSTVersion");
+ }
+ }
+
+ public static int getWSTVersion(String ns) throws TrustException {
+ if (RahasConstants.WST_NS_05_02.equals(ns)) {
+ return RahasConstants.VERSION_05_02;
+ } else if (RahasConstants.WST_NS_05_12.equals(ns)) {
+ return RahasConstants.VERSION_05_12;
+ } else {
+ throw new TrustException("unsupportedWSTVersion");
+ }
+ }
+
+ /**
+ * Returns the token store.
+ * If the token store is already available in the configuration context then
+ * fetch it and return it. If not create a new one, hook it up in the
+ * configuration context and return it
+ *
+ * @param msgCtx
+ * @return the token store
+ */
+ public static TokenStorage getTokenStore(MessageContext msgCtx) {
+ ConfigurationContext configCtx = msgCtx.getConfigurationContext();
+ return getTokenStore(configCtx);
+ }
+
+ /**
+ * Fetches the token storage from the configuration context.
+ * If the token store is already available in the configuration context then
+ * fetch it and return it. If not create a new one, hook it up in the
+ * configuration context and return it
+ * @param ctx
+ * @return
+ */
+ public static TokenStorage getTokenStore(ConfigurationContext ctx) {
+ TokenStorage storage = (TokenStorage) ctx
+ .getProperty(TokenStorage.TOKEN_STORAGE_KEY);
+ if (storage == null) {
+ storage = new SimpleTokenStore();
+ ctx.setProperty(TokenStorage.TOKEN_STORAGE_KEY, storage);
+ }
+ return storage;
+ }
+
+
+ /**
+ * Create an ephemeral key
+ *
+ * @return The generated ephemeral key
+ * @throws TrustException
+ */
+ protected byte[] generateEphemeralKey(int keySize) throws TrustException {
+ try {
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] temp = new byte[keySize / 8];
+ random.nextBytes(temp);
+ return temp;
+ } catch (Exception e) {
+ throw new TrustException("Error in creating the ephemeral key", e);
+ }
+ }
+
+ /**
+ * Create an ephemeral key
+ *
+ * @return The generated ephemeral key
+ * @throws TrustException
+ */
+ protected byte[] generateEphemeralKey(byte[] reqEnt,
+ byte[] respEnt,
+ String algo,
+ int keySize) throws TrustException {
+ try {
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] temp = new byte[keySize / 8];
+ random.nextBytes(temp);
+ return temp;
+ } catch (Exception e) {
+ throw new TrustException("Error in creating the ephemeral key", e);
+ }
+ }
+
+ public static OMElement createCancelTargetElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.CancelBindingLocalNames.CANCEL_TARGET,
+ RahasConstants.WST_PREFIX);
+
+ }
+
+ public static OMElement createClaims(int version,
+ OMElement parent, String dialect) throws TrustException{
+ OMElement omElem = createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.IssuanceBindingLocalNames.CLAIMS,
+ RahasConstants.WST_PREFIX);
+
+ OMNamespace ns = omElem.getOMFactory().createOMNamespace(getWSTNamespace(version),
+ RahasConstants.WSP_PREFIX);
+ omElem.addAttribute(RahasConstants.ATTR_CLAIMS_DIALECT , dialect, ns);
+
+
+ return omElem;
+ }
+
+
+
+ public static OMElement createCancelRequest(String tokenId,
+ int version) throws TrustException {
+ /*
+ <wst:RequestSecurityToken>
+ <wst:RequestType>
+ http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
+ </wst:RequestType>
+ <wst:CancelTarget>
+ <o:SecurityTokenReference
+ xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <o:Reference URI="urn:uuid:8e6a3a95-fd1b-4c24-96d4-28e875025ff7"
+ ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </o:SecurityTokenReference>
+ </wst:CancelTarget>
+ </wst:RequestSecurityToken>
+ */
+ OMElement rst = TrustUtil.createRequestSecurityTokenElement(version);
+ TrustUtil.createRequestTypeElement(version, rst, RahasConstants.REQ_TYPE_CANCEL);
+ OMElement cancelTargetEle = TrustUtil.createCancelTargetElement(version, rst);
+ OMFactory factory = rst.getOMFactory();
+ OMElement secTokenRefEle =
+ factory.createOMElement(SecurityTokenReference.SECURITY_TOKEN_REFERENCE,
+ WSConstants.WSSE_NS,
+ WSConstants.WSSE_PREFIX);
+ OMElement refEle =
+ factory.createOMElement(Reference.TOKEN);
+ refEle.addAttribute(factory.createOMAttribute(RahasConstants.CancelBindingLocalNames.URI,
+ null, tokenId));
+ secTokenRefEle.addChild(refEle);
+ cancelTargetEle.addChild(secTokenRefEle);
+
+ return rst;
+ }
+
+ public static Properties toProperties(OMElement cryptoElem) {
+ Properties properties = new Properties();
+
+ /*
+ Process an element similar to this;
+
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ */
+ for (Iterator propIter = cryptoElem.getChildElements(); propIter.hasNext();) {
+ OMElement propElem = (OMElement) propIter.next();
+ String name = propElem.getAttribute(NAME).getAttributeValue().trim();
+ String value = propElem.getText().trim();
+ properties.setProperty(name, value);
+ }
+ properties.setProperty("org.apache.ws.security.crypto.provider",
+ cryptoElem.getAttribute(AbstractIssuerConfig.PROVIDER)
+ .getAttributeValue().trim());
+ return properties;
+ }
+
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
new file mode 100644
index 0000000..8ffdd36
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
@@ -0,0 +1,829 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.client;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Vector;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.axiom.om.util.Base64;
+import org.apache.axiom.om.util.UUIDGenerator;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.description.AxisOperation;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.OutInAxisOperation;
+import org.apache.axis2.description.Parameter;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.Binding;
+import org.apache.ws.secpolicy.model.Trust10;
+import org.apache.ws.secpolicy.model.Trust13;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.conversation.dkalgo.P_SHA1;
+import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.processor.EncryptedKeyProcessor;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Element;
+
+public class STSClient {
+
+ private static final String RAMPART_POLICY = "rampartPolicy";
+
+ private static Log log = LogFactory.getLog(STSClient.class);
+
+ private String action;
+
+ private OMElement rstTemplate;
+
+ private int version = RahasConstants.VERSION_05_02;
+
+ private Options options;
+
+ private Trust10 trust10;
+
+ private Trust13 trust13;
+
+ private AlgorithmSuite algorithmSuite;
+
+ private ArrayList parameters = new ArrayList();
+
+ private byte[] requestorEntropy;
+
+ private String addressingNs = AddressingConstants.Submission.WSA_NAMESPACE;
+
+ private int keySize;
+
+ private String soapVersion = SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+
+ /**
+ * Life time in seconds
+ * Default is 300 seconds (5 mins)
+ */
+ private int ttl = 300;
+ private Crypto crypto;
+ private CallbackHandler cbHandler;
+ private ConfigurationContext configCtx;
+
+ public STSClient(ConfigurationContext configCtx) throws TrustException {
+ if (configCtx != null) {
+ this.configCtx = configCtx;
+ } else {
+ throw new TrustException("stsClientCfgCtxNull");
+ }
+ }
+
+ public Token requestSecurityToken(Policy servicePolicy,
+ String issuerAddress,
+ Policy issuerPolicy,
+ String appliesTo) throws TrustException {
+ try {
+ QName rstQn = new QName("requestSecurityToken");
+ String requestType =
+ TrustUtil.getWSTNamespace(version) + RahasConstants.REQ_TYPE_ISSUE;
+
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+
+ for (int i = 0; i < parameters.size(); i++) {
+ Parameter param = (Parameter)parameters.get(i);
+ client.getAxisService().addParameter(param.getName(), param.getValue());
+ }
+
+ client.getServiceContext().setProperty(RAMPART_POLICY, issuerPolicy);
+ final Options clientOptions = client.getOptions();
+ clientOptions.setSoapVersionURI(this.soapVersion);
+ clientOptions.setCallTransportCleanup(true);
+ if(this.addressingNs != null) {
+ clientOptions.setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.addressingNs);
+ }
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ //Process the STS and service policy policy
+ this.processPolicy(issuerPolicy, servicePolicy);
+
+ OMElement response = client.sendReceive(rstQn,
+ createIssueRequest(requestType, appliesTo));
+
+ return processIssueResponse(version, response, issuerAddress);
+ } catch (AxisFault e) {
+ log.error("errorInObtainingToken", e);
+ throw new TrustException("errorInObtainingToken", new String[]{issuerAddress},e);
+ }
+ }
+
+ /**
+ * Cancel a particular security token
+ *
+ * @param issuerAddress
+ * @param tokenId
+ * @return true is the Token was successfully canceled. False otherwise.
+ * @throws TrustException
+ */
+ public boolean cancelToken(String issuerAddress,
+ String tokenId,
+ String action) throws TrustException {
+ try {
+ QName rstQn = new QName("cancelSecurityToken");
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+ if(action != null) {
+ client.getOptions().setAction(action);
+ }
+
+ return processCancelResponse(client.sendReceive(rstQn,
+ createCancelRequest(tokenId)));
+ } catch (AxisFault e) {
+ log.error("errorInCancelingToken", e);
+ throw new TrustException("errorInCancelingToken", e);
+ }
+ }
+
+ public boolean validateToken(String tokenId,
+ String issuerAddress,
+ Policy issuerPolicy) throws TrustException {
+ try {
+ QName rstQn = new QName("requestSecurityToken");
+ String requestType =
+ TrustUtil.getWSTNamespace(version) + RahasConstants.REQ_TYPE_VALIDATE;
+
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+
+ client.getServiceContext().setProperty(RAMPART_POLICY, issuerPolicy);
+ client.getOptions().setSoapVersionURI(this.soapVersion);
+ if(this.addressingNs != null) {
+ client.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.addressingNs);
+ }
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ this.processPolicy(issuerPolicy, null);
+
+ OMElement response = client.sendReceive(rstQn,
+ createValidateRequest(requestType,tokenId));
+
+ return true;
+
+
+ } catch (AxisFault e) {
+ log.error("errorInValidatingToken", e);
+ throw new TrustException("errorInValidatingToken", new String[]{issuerAddress},e);
+ }
+
+ }
+
+ public boolean renewToken(String tokenId,
+ String issuerAddress,
+ Policy issuerPolicy) throws TrustException {
+
+ try {
+ QName rstQn = new QName("requestSecurityToken");
+
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+
+ client.getServiceContext().setProperty(RAMPART_POLICY, issuerPolicy);
+ client.getOptions().setSoapVersionURI(this.soapVersion);
+ if(this.addressingNs != null) {
+ client.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.addressingNs);
+ }
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ this.processPolicy(issuerPolicy, null);
+
+ String tokenType = RahasConstants.TOK_TYPE_SAML_10;
+
+ OMElement response = client.sendReceive(rstQn,
+ createRenewRequest(tokenType,tokenId));
+
+ return true;
+
+ } catch (AxisFault e) {
+ log.error("errorInRenewingToken", e);
+ throw new TrustException("errorInRenewingToken", new String[]{issuerAddress},e);
+ }
+
+ }
+
+ private ServiceClient getServiceClient(QName rstQn,
+ String issuerAddress) throws AxisFault {
+ AxisService axisService =
+ new AxisService("SecurityTokenService" + UUIDGenerator.getUUID());
+ axisService.setClientSide(true);
+ AxisOperation operation = new OutInAxisOperation(rstQn);
+ axisService.addOperation(operation);
+ ServiceClient client = new ServiceClient(this.configCtx, axisService);
+
+ if (this.options != null) {
+ client.setOptions(options);
+ }
+
+ //Set the action
+ client.getOptions().setAction(action);
+ client.getOptions().setTo(new EndpointReference(issuerAddress));
+ client.engageModule("rampart");
+ return client;
+ }
+
+ /**
+ * @param result
+ * @return Token
+ */
+ private Token processIssueResponse(int version, OMElement result,
+ String issuerAddress) throws TrustException {
+ OMElement rstr = result;
+ if (version == RahasConstants.VERSION_05_12) {
+ //The WS-SX result will be an RSTRC
+ rstr = result.getFirstElement();
+ }
+
+ String ns = TrustUtil.getWSTNamespace(version);
+
+ //Get the RequestedAttachedReference
+ OMElement reqAttElem = rstr.getFirstChildWithName(new QName(
+ ns, RahasConstants.IssuanceBindingLocalNames.REQUESTED_ATTACHED_REFERENCE));
+ OMElement reqAttRef = reqAttElem == null ? null : reqAttElem.getFirstElement();
+
+ //Get the RequestedUnattachedReference
+ OMElement reqUnattElem =
+ rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_UNATTACHED_REFERENCE));
+ OMElement reqUnattRef = reqUnattElem == null ? null : reqUnattElem.getFirstElement();
+
+ //Get the security token
+ OMElement reqSecTok =
+ rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ if (reqSecTok == null) {
+ throw new TrustException("reqestedSecTokMissing");
+ }
+
+ OMElement tokenElem = reqSecTok.getFirstElement();
+
+ String id = this.findIdentifier(reqAttRef, reqUnattRef, tokenElem);
+
+ if (id == null) {
+ throw new TrustException("cannotObtainTokenIdentifier");
+ }
+
+ OMElement lifeTimeEle =
+ rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ LIFETIME));
+
+ Token token = new Token(id, tokenElem, lifeTimeEle);
+ token.setIssuerAddress(issuerAddress);
+ token.setAttachedReference(reqAttRef);
+ token.setUnattachedReference(reqUnattRef);
+
+ //Handle proof token
+ OMElement rpt =
+ rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.LocalNames.
+ REQUESTED_PROOF_TOKEN));
+
+ byte[] secret = null;
+
+ if (rpt != null) {
+ OMElement child = rpt.getFirstElement();
+ if (child == null) {
+ throw new TrustException("invalidRPT");
+ }
+ if (child.getQName().equals(new QName(ns,
+ RahasConstants.LocalNames.
+ BINARY_SECRET))) {
+ //First check for the binary secret
+ String b64Secret = child.getText();
+ secret = Base64.decode(b64Secret);
+ } else if (child.getQName().equals(new QName(ns, WSConstants.ENC_KEY_LN))) {
+ try {
+ Element domChild = (Element) new StAXOMBuilder(
+ DOOMAbstractFactory.getOMFactory(), child
+ .getXMLStreamReader()).getDocumentElement();
+
+ EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
+
+ processor.handleToken(domChild, null, this.crypto,
+ this.cbHandler, null, new Vector(),
+ null);
+
+ secret = processor.getDecryptedBytes();
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorInProcessingEncryptedKey", e);
+ }
+ } else if (child.getQName().equals(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ COMPUTED_KEY))) {
+ //Handle the computed key
+
+ //Get service entropy
+ OMElement serviceEntrElem = rstr
+ .getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ ENTROPY));
+
+ OMElement binSecElem = serviceEntrElem.getFirstElement();
+
+ if (binSecElem != null && binSecElem.getText() != null
+ && !"".equals(binSecElem.getText().trim())) {
+
+ byte[] serviceEntr = Base64.decode(binSecElem.getText());
+
+ //Right now we only use PSHA1 as the computed key algo
+ P_SHA1 p_sha1 = new P_SHA1();
+
+ int length = (this.keySize > 0) ? keySize
+ : this.algorithmSuite
+ .getMaximumSymmetricKeyLength();
+ try {
+ secret = p_sha1.createKey(this.requestorEntropy, serviceEntr, 0, length/8);
+ } catch (ConversationException e) {
+ throw new TrustException("keyDerivationError", e);
+ }
+ } else {
+ //Service entropy missing
+ throw new TrustException("serviceEntropyMissing");
+ }
+ }
+
+ } else {
+ if (this.requestorEntropy != null) {
+ //Use requester entropy as the key
+ secret = this.requestorEntropy;
+ }
+ }
+ token.setSecret(secret);
+ return token;
+ }
+
+ private boolean processCancelResponse(OMElement response) {
+ /*
+ <wst:RequestSecurityTokenResponse>
+ <wst:RequestedTokenCancelled/>
+ </wst:RequestSecurityTokenResponse>
+ */
+ return response.
+ getFirstChildWithName(new QName(RahasConstants.
+ CancelBindingLocalNames.REQUESTED_TOKEN_CANCELED)) != null;
+ }
+
+ /**
+ * Find the token identifier.
+ *
+ * @param reqAttRef
+ * @param reqUnattRef
+ * @param token
+ * @return id
+ */
+ private String findIdentifier(OMElement reqAttRef,
+ OMElement reqUnattRef,
+ OMElement token) {
+ String id;
+ if (reqAttRef != null) {
+ //First try the attached ref
+ id = this.getIdFromSTR(reqAttRef);
+ } else if (reqUnattRef != null) {
+ //then try the unattached ref
+ id = this.getIdFromSTR(reqUnattRef);
+ } else {
+ //Return wsu:Id of the token element
+ id = token.getAttributeValue(new QName(WSConstants.WSU_NS, "Id"));
+ }
+ return id;
+ }
+
+
+ /**
+ * Process the given STR to find the id it refers to
+ *
+ * @param refElem
+ * @return id
+ */
+ private String getIdFromSTR(OMElement refElem) {
+ //ASSUMPTION:SecurityTokenReference/KeyIdentifier
+ OMElement child = refElem.getFirstElement();
+ if(child == null) {
+ return null;
+ }
+
+ if (child.getQName().equals(new QName(WSConstants.SIG_NS, "KeyInfo")) ||
+ child.getQName().equals(new QName(WSConstants.WSSE_NS, "KeyIdentifier"))) {
+ return child.getText();
+ } else if(child.getQName().equals(Reference.TOKEN)) {
+ return child.getAttributeValue(new QName("URI"));
+ } else {
+ return null;
+ }
+
+ }
+
+ /**
+ * Process the goven service policy and extract the info required to create
+ * the RST.
+ *
+ * @param servicePolicy
+ */
+ private void processPolicy(Policy issuerPolicy, Policy servicePolicy) {
+ //Get the policy assertions
+ //Assumption: there's only one alternative
+
+ if (issuerPolicy != null) {
+ log.debug("Processing Issuer policy");
+
+ List issuerAssertions = (List) issuerPolicy.getAlternatives().next();
+
+ for (Iterator iter = issuerAssertions.iterator(); iter.hasNext();) {
+ Assertion tempAssertion = (Assertion) iter.next();
+ //find the AlgorithmSuite assertion
+ if (tempAssertion instanceof Binding) {
+
+ log.debug("Extracting algo suite from issuer " +
+ "policy binding");
+
+ this.algorithmSuite = ((Binding) tempAssertion)
+ .getAlgorithmSuite();
+ }
+ }
+ }
+
+ if (servicePolicy != null) {
+
+ log.debug("Processing service policy to find Trust10 assertion");
+
+ List assertions = (List) servicePolicy.getAlternatives().next();
+
+ for (Iterator iter = assertions.iterator(); iter.hasNext();) {
+ Assertion tempAssertion = (Assertion) iter.next();
+ //find the Trust10 assertion
+ if (tempAssertion instanceof Trust10) {
+ log.debug("Extracting Trust10 assertion from " +
+ "service policy");
+ this.trust10 = (Trust10) tempAssertion;
+ } else if (tempAssertion instanceof Trust13) {
+ log.debug("Extracting Trust13 assertion from " +
+ "service policy");
+ this.trust13 = (Trust13) tempAssertion;
+ }
+ }
+ }
+ }
+
+ /**
+ * Create the RST request.
+ *
+ * @param requestType
+ * @param appliesTo
+ * @return OMElement
+ * @throws TrustException
+ */
+ private OMElement createIssueRequest(String requestType,
+ String appliesTo) throws TrustException {
+
+ log.debug("Creating request with request type: " + requestType +
+ " and applies to: " + appliesTo);
+
+ OMElement rst = TrustUtil.createRequestSecurityTokenElement(version);
+
+ TrustUtil.createRequestTypeElement(this.version, rst, requestType);
+ if (appliesTo != null) {
+ TrustUtil.createAppliesToElement(rst, appliesTo, this.addressingNs);
+ }
+ TrustUtil.createLifetimeElement(this.version, rst, this.ttl * 1000);
+
+ //Copy over the elements from the template
+ if (this.rstTemplate != null) {
+
+ log.debug("Using RSTTemplate: " + this.rstTemplate.toString());
+
+ Iterator templateChildren = rstTemplate.getChildElements();
+ while (templateChildren.hasNext()) {
+ OMNode child = (OMNode) templateChildren.next();
+ rst.addChild(child);
+ //Look for the key size element
+ if (child instanceof OMElement
+ && ((OMElement) child).getQName().equals(
+ new QName(TrustUtil.getWSTNamespace(this.version),
+ RahasConstants.IssuanceBindingLocalNames.KEY_SIZE))) {
+ log.debug("Extracting key size from the RSTTemplate: ");
+ OMElement childElem = (OMElement) child;
+ this.keySize =
+ (childElem.getText() != null && !"".equals(childElem.getText())) ?
+ Integer.parseInt(childElem.getText()) :
+ -1;
+ log.debug("Key size from RSTTemplate: " + this.keySize);
+ }
+ }
+ }
+
+ try {
+ // Handle entropy
+ if (this.trust10 != null) {
+
+ log.debug("Processing Trust assertion");
+
+ if (this.trust10.isRequireClientEntropy()) {
+
+ log.debug("Requires client entropy");
+
+ // setup requestor entropy
+ OMElement ent = TrustUtil.createEntropyElement(this.version, rst);
+ OMElement binSec =
+ TrustUtil.createBinarySecretElement(this.version,
+ ent,
+ RahasConstants.BIN_SEC_TYPE_NONCE);
+ this.requestorEntropy =
+ WSSecurityUtil.generateNonce(this.algorithmSuite.
+ getMaximumSymmetricKeyLength()/8);
+ binSec.setText(Base64.encode(this.requestorEntropy));
+
+ log.debug("Clien entropy : "
+ + Base64.encode(this.requestorEntropy));
+
+ // Add the ComputedKey element
+ TrustUtil.createComputedKeyAlgorithm(this.version, rst,
+ RahasConstants.COMPUTED_KEY_PSHA1);
+ }
+
+ } else if (this.trust13 != null) {
+
+ if (this.trust13.isRequireClientEntropy()) {
+
+ log.debug("Requires client entropy");
+
+ // setup requestor entropy
+ OMElement ent = TrustUtil.createEntropyElement(this.version, rst);
+ OMElement binSec =
+ TrustUtil.createBinarySecretElement(this.version,
+ ent,
+ RahasConstants.BIN_SEC_TYPE_NONCE);
+ this.requestorEntropy =
+ WSSecurityUtil.generateNonce(this.algorithmSuite.
+ getMaximumSymmetricKeyLength()/8);
+ binSec.setText(Base64.encode(this.requestorEntropy));
+
+ log.debug("Clien entropy : "
+ + Base64.encode(this.requestorEntropy));
+
+ // Add the ComputedKey element
+ TrustUtil.createComputedKeyAlgorithm(this.version, rst,
+ RahasConstants.COMPUTED_KEY_PSHA1);
+ }
+
+ }
+
+
+
+
+ } catch (Exception e) {
+ throw new TrustException("errorSettingUpRequestorEntropy", e);
+ }
+
+
+ return rst;
+
+ }
+
+ private OMElement createValidateRequest(String requestType, String tokenId) throws TrustException {
+
+ log.debug("Creating request with request type: " + requestType);
+
+ OMElement rst = TrustUtil.createRequestSecurityTokenElement(version);
+
+ TrustUtil.createRequestTypeElement(this.version, rst, requestType);
+
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(this.version, rst);
+
+ String tokenType =
+ TrustUtil.getWSTNamespace(version) + RahasConstants.TOK_TYPE_STATUS;
+
+ tokenTypeElem.setText(tokenType);
+
+ TokenStorage store = TrustUtil.getTokenStore(configCtx);
+
+ Token token = store.getToken(tokenId);
+
+ if ( token != null) {
+ OMElement str = token.getUnattachedReference();
+
+ if (str == null) {
+ str = token.getAttachedReference();
+ }
+
+ TrustUtil.createValidateTargetElement(this.version, rst,str);
+
+
+ } else {
+ throw new TrustException("noToken",new String[]{tokenId});
+ }
+
+ return rst;
+
+ }
+
+ private OMElement createRenewRequest(String tokenType, String tokenId) throws TrustException {
+
+ String requestType =
+ TrustUtil.getWSTNamespace(version) + RahasConstants.REQ_TYPE_RENEW;
+
+ log.debug("Creating request with request type: " + requestType);
+
+ OMElement rst = TrustUtil.createRequestSecurityTokenElement(version);
+
+ TrustUtil.createRequestTypeElement(this.version, rst, requestType);
+
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(version, rst);
+ tokenTypeElem.setText(tokenType);
+
+ TokenStorage store = TrustUtil.getTokenStore(configCtx);
+
+ Token token = store.getToken(tokenId);
+
+ if ( token != null) {
+
+ OMElement str = token.getUnattachedReference();
+
+ if (str == null) {
+ str = token.getAttachedReference();
+ }
+
+ TrustUtil.createRenewTargetElement(this.version, rst,str);
+
+
+ } else {
+ throw new TrustException("noToken",new String[]{tokenId});
+ }
+
+ return rst;
+
+
+ }
+
+ private OMElement createCancelRequest(String tokenId) throws TrustException {
+
+ return TrustUtil.createCancelRequest(tokenId, version);
+ }
+
+ /**
+ * Set this to set the entropy configurations.
+ * If this is provided in the given policy it will be overridden.
+ *
+ * @param trust10 The trust10 to set.
+ */
+ public void setTrust10(Trust10 trust10) {
+ this.trust10 = trust10;
+ }
+
+ /**
+ * Set this to set the entropy configurations.
+ * If this is provided in the given policy it will be overridden.
+ *
+ * @param trust13 The trust13 to set.
+ */
+ public void setTrust13(Trust13 trust13) {
+ this.trust13 = trust13;
+ }
+
+ /**
+ * This can be used in the case where the AlgorithmSuite is not specified in
+ * the given policy.
+ * If the AlgorithmSuite exists in a binding in the policy then the value
+ * set will be overridden.
+ *
+ * @param algorithmSuite The algorithmSuite to set.
+ */
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ /**
+ * @param addressingNs The addressingNs to set.
+ */
+ public void setAddressingNs(String addressingNs) {
+ this.addressingNs = addressingNs;
+ }
+
+ /**
+ * @param ttl The ttl to set.
+ */
+ public void setTtl(int ttl) {
+ this.ttl = ttl;
+ }
+
+ /**
+ * Sets the crypto information required to process the RSTR.
+ *
+ * @param crypto Crypto information
+ * @param cbHandler Callback handler to provide the private key password to
+ * decrypt
+ */
+ public void setCryptoInfo(Crypto crypto, CallbackHandler cbHandler) {
+ this.crypto = crypto;
+ this.cbHandler = cbHandler;
+ }
+
+ /**
+ * Sets the crypto information required to process the RSTR.
+ *
+ * @param crypto The crypto information
+ * @param privKeyPasswd Private key password to decrypt
+ */
+ public void setCryptoInfo(Crypto crypto, String privKeyPasswd) {
+ this.crypto = crypto;
+ this.cbHandler = new CBHandler(privKeyPasswd);
+ }
+
+ /**
+ * @param action The action to set.
+ */
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ /**
+ * @param options The options to set.
+ */
+ public void setOptions(Options options) {
+ this.options = options;
+ }
+
+ /**
+ * @param rstTemplate The rstTemplate to set.
+ */
+ public void setRstTemplate(OMElement rstTemplate) {
+ this.rstTemplate = rstTemplate;
+ }
+
+ private class CBHandler implements CallbackHandler {
+
+ private String passwd;
+
+ private CBHandler(String passwd) {
+ this.passwd = passwd;
+ }
+
+ public void handle(Callback[] cb) throws IOException,
+ UnsupportedCallbackException {
+ ((WSPasswordCallback) cb[0]).setPassword(this.passwd);
+ }
+
+ }
+
+ /**
+ * @param version The version to set.
+ */
+ public void setVersion(int version) {
+ this.version = version;
+ }
+
+ public void setSoapVersion(String soapVersion) {
+ this.soapVersion = soapVersion;
+ }
+
+ public void addParameter(Parameter param) {
+ parameters.add(param);
+ }
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
new file mode 100644
index 0000000..b092afa
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
@@ -0,0 +1,88 @@
+# -------------------------------------------------------------------
+# Copyright 2001-2004 The Apache Software Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -------------------------------------------------------------------
+
+
+InvalidRequest = The request was invalid or malformed, \"{0}\"
+FailedAuthentication = Authentication failed
+RequestFailed = The specified request failed
+InvalidSecurityToken = Security token has been revoked
+AuthenticationBadElements = Insufficient Digest Elements
+BadRequest = The specified RequestSecurityToken is not understood
+ExpiredData = The request data is out-of-date
+InvalidTimeRange = The requested time range is invalid or unsupported
+InvalidScope = The request scope is invalid or unsupported
+RenewNeeded = A renewable security token has expired
+UnableToRenew = The requested renewal failed
+
+
+errorInObtainingToken = Error in obtaining token from : \"{0}\"
+errorInValidatingToken = Error in validating token from : \"{0}\"
+incorrectConfiguration = The given configuration element is not a "token-dispatcher-configuration" element
+missingClassName = Class attribute missing
+cannotLoadClass = Error in loading and instantiating the class \"{0}\"
+invalidTokenTypeDefinition = Invalid 'tokenType' definition in \"{0}\" : \"{1}\"
+errorLoadingConfigFile = Error in loading configuration file : \"{0}\"
+defaultIssuerMissing = The default issuer must be specified
+tokenAlreadyExists = "The token \"{0}\" already exists in the store
+noTokenToUpdate = Canot find token : \"{0}\" to update
+noToken = Canot find token : \"{0}\"
+errorInBuildingTheEncryptedKey = Error in building a xenc:EncyptedKey , encrypted for \"{0}\"
+missingDispatcherConfiguration = Cannot find the token-dispatcher-configuration
+missingConfiguration = Missing configuration: \"{0}\"
+expectedParameterMissing = Expected parameter missing : \"{0}\"
+reqestedSecTokMissing = RequestedSecurityToken missing in the response
+rptMissing = RequestedProofToken missing in the response
+notSupported = Not supported: {0}
+errorCreatingSymmKey = Error in creating the ephemeral key
+badDispatcherConfigMultipleDefaultIssuers = Dispatcher configuration error : There should be only one default issuer
+errorInBuildingTheEncryptedKeyForPrincipal = Error in building encrypted key for principal : \"{0}\"
+invlidTTL = timeToLive (in milliseconds) must be a positive long value.
+invalidKeysize = Invalid key size
+unsupportedWSTVersion = Unsupported WS-Trust version
+unsupportedKeyType = Unsupported KeyType
+invalidAppliesToElem = Invalid AppliesTo element
+errorSettingUpRequestorEntropy = Error setting up requester entropy
+errorInProcessingSTR = Error in processing SecurityTokenReference : {0}
+cannotObtainTokenIdentifier = Cannot obtain token identifier
+lifeTimeProcessingError = Error in processing Lifetime : {0}
+invalidRPT = Invalid RequestedProofToken
+serviceEntropyMissing = Service entropy missing
+keyDerivationError = Error in key derivation
+errorInProcessingEncryptedKey = Error in processing encrypted key
+
+stsClientCfgCtxNull = STSClient: ConfigurationContext client is null
+
+#SCTIssuer specific error messages
+sctIssuerCryptoPropertiesMissing = When the tokenType is not \"BinarySecret\" the cryptoProperties MUST be specified
+
+#SAMLTokenIssuer specific error messages
+samlPropFileMissing = cryptoProperties missing in the SAMLTokenIssuer configuration
+samlIssuerKeyPasswdMissing = issuerKeyPassword missing in SAMLTokenIssuer configuration
+samlIssuerKeyAliasMissing = user value missing in the SAMLTokenIssuer configuration
+samlConverstionError = Error in converting a SAML token to DOOM
+samlAssertionCreationError = Error in creating a SAMLToken using Opensaml library
+aliasMissingForService = Certificate alias missing for service : \"{0}\"
+
+samlIssuerNameMissing = issuerName value missing in the SAMLTokenIssuer configuration
+samlUnsupportedPrincipal = Unsupported principal : \"{0}\"
+
+requiredElementNotFound = Required Element \"{0}\" not found!
+cannotDetermineTokenId = Cannot determine token ID from request
+tokenNotFound = Token with ID \"{0}\" cannot be found
+configurationIsNull = Configuration is null
+errorInCancelingToken = Error occurred while trying to cancel token
+
+errorExtractingTokenId = Error occurred while extracting token id from the Security Token Reference
\ No newline at end of file
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
new file mode 100644
index 0000000..0e86372
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+
+import javax.xml.namespace.QName;
+
+/**
+ *
+ */
+public abstract class AbstractIssuerConfig {
+
+ /**
+ * The key computation policy when clien't entropy is provided
+ */
+ public static class KeyComputation {
+ public static final QName KEY_COMPUTATION = new QName("keyComputation");
+ public final static int KEY_COMP_USE_REQ_ENT = 1;
+ public final static int KEY_COMP_PROVIDE_ENT = 2;
+ public final static int KEY_COMP_USE_OWN_KEY = 3;
+ }
+
+ public final static QName ADD_REQUESTED_ATTACHED_REF = new QName("addRequestedAttachedRef");
+ public final static QName ADD_REQUESTED_UNATTACHED_REF = new QName("addRequestedUnattachedRef");
+ public static final QName PROOF_KEY_TYPE = new QName("proofKeyType");
+
+ /**
+ * Element name to include the crypto properties used to load the
+ * information used securing the response
+ */
+ public final static QName CRYPTO_PROPERTIES = new QName("cryptoProperties");
+ public static final QName CRYPTO = new QName("crypto");
+ public static final QName PROVIDER = new QName("provider");
+ public static final QName PROPERTY = new QName("property");
+
+ protected int keyComputation = KeyComputation.KEY_COMP_PROVIDE_ENT;
+ protected String proofKeyType = TokenIssuerUtil.ENCRYPTED_KEY;
+ protected boolean addRequestedAttachedRef;
+ protected boolean addRequestedUnattachedRef;
+ protected long ttl = 300000;
+ protected String cryptoPropertiesFile;
+ protected OMElement cryptoPropertiesElement;
+ protected OMElement cryptoElement;
+ protected int keySize = 256;
+
+ public void setAddRequestedAttachedRef(boolean addRequestedAttachedRef) {
+ this.addRequestedAttachedRef = addRequestedAttachedRef;
+ }
+ public void setAddRequestedUnattachedRef(boolean addRequestedUnattachedRef) {
+ this.addRequestedUnattachedRef = addRequestedUnattachedRef;
+ }
+ public void setKeyComputation(int keyComputation) {
+ this.keyComputation = keyComputation;
+ }
+ public int getKeyComputation() {
+ return keyComputation;
+ }
+ public void setProofKeyType(String proofKeyType) {
+ this.proofKeyType = proofKeyType;
+ }
+ public void setTtl(long ttl) {
+ this.ttl = ttl;
+ }
+ public void setKeySize(int keySize) {
+ this.keySize = keySize;
+ }
+ public int getKeySize() {
+ return keySize;
+ }
+ public String getProofKeyType() {
+ return proofKeyType;
+ }
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
new file mode 100644
index 0000000..e998a80
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
@@ -0,0 +1,753 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import org.apache.rahas.*;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.impl.util.SignKeyHolder;
+import org.apache.rahas.impl.util.SAMLAttributeCallback;
+import org.apache.rahas.impl.util.SAMLCallbackHandler;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.util.UUIDGenerator;
+import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.Loader;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.apache.xml.security.utils.EncryptionConstants;
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.opensaml.*;
+import org.opensaml.Configuration;
+import org.opensaml.saml1.core.NameIdentifier;
+import org.opensaml.xml.*;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.signature.*;
+import org.opensaml.xml.io.*;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.common.SAMLObjectBuilder;
+import org.opensaml.saml2.core.impl.AssertionBuilder;
+import org.opensaml.saml2.core.impl.IssuerBuilder;
+import org.opensaml.saml2.core.impl.NameIDBuilder;
+import org.opensaml.saml2.core.*;
+import org.joda.time.DateTime;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Text;
+import org.w3c.dom.Node;
+import org.w3c.dom.ls.DOMImplementationLS;
+import org.w3c.dom.ls.LSOutput;
+import org.w3c.dom.ls.LSSerializer;
+import org.w3c.dom.bootstrap.DOMImplementationRegistry;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.DocumentBuilder;
+import java.util.Date;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.security.cert.X509Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.PrivateKey;
+import java.text.DateFormat;
+import java.io.InputStream;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+
+public class SAML2TokenIssuer implements TokenIssuer {
+
+ private Assertion SAMLAssertion;
+
+ private String configParamName;
+
+ private OMElement configElement;
+
+ private String configFile;
+
+ protected List<Signature> signatureList = new ArrayList<Signature>();
+
+ private boolean isSymmetricKeyBasedHoK = false;
+
+ private static Log log = LogFactory.getLog(SAML2TokenIssuer.class);
+
+ static {
+ try {
+ // Set the "javax.xml.parsers.DocumentBuilderFactory" system property
+ // to the endorsed JAXP impl.
+ System.setProperty("javax.xml.parsers.DocumentBuilderFactory",
+ "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
+ DefaultBootstrap.bootstrap();
+ } catch (ConfigurationException e) {
+ log.error("SAML2TokenIssuerBootstrapError", e);
+ throw new RuntimeException(e);
+ } finally {
+ // Unset the DOM impl to default
+ DocumentBuilderFactoryImpl.setDOOMRequired(false);
+ }
+ }
+
+ public SOAPEnvelope issue(RahasData data) throws TrustException {
+ MessageContext inMsgCtx = data.getInMessageContext();
+
+ try {
+ SAMLTokenIssuerConfig config = null;
+ if (this.configElement != null) {
+ config = new SAMLTokenIssuerConfig(configElement
+ .getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ }
+
+ // Look for the file
+ if (config == null && this.configFile != null) {
+ config = new SAMLTokenIssuerConfig(this.configFile);
+ }
+
+ // Look for the param
+ if (config == null && this.configParamName != null) {
+ Parameter param = inMsgCtx.getParameter(this.configParamName);
+ if (param != null && param.getParameterElement() != null) {
+ config = new SAMLTokenIssuerConfig(param.getParameterElement()
+ .getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ } else {
+ throw new TrustException("expectedParameterMissing",
+ new String[]{this.configParamName});
+ }
+ }
+
+ if (config == null) {
+ throw new TrustException("configurationIsNull");
+ }
+
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx.getEnvelope().getNamespace()
+ .getNamespaceURI());
+
+ Crypto crypto;
+ if (config.cryptoElement != null) { // crypto props
+ // defined as
+ // elements
+ crypto = CryptoFactory.getInstance(TrustUtil.toProperties(config.cryptoElement),
+ inMsgCtx.getAxisService().getClassLoader());
+ } else { // crypto props defined in a properties file
+ crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile, inMsgCtx
+ .getAxisService().getClassLoader());
+ }
+
+ // Get the document
+ Document doc = ((Element) env).getOwnerDocument();
+
+ // Get the key size and create a new byte array of that size
+ int keySize = data.getKeysize();
+ String keyType = data.getKeyType();
+
+ keySize = (keySize == -1) ? config.keySize : keySize;
+
+ // Build the assertion
+ AssertionBuilder assertionBuilder = new AssertionBuilder();
+ Assertion assertion = assertionBuilder.buildObject();
+ assertion.setVersion(SAMLVersion.VERSION_20);
+
+ // Set an UUID as the ID of an assertion
+ assertion.setID(UUIDGenerator.getUUID());
+
+ // Set the issuer
+ IssuerBuilder issuerBuilder = new IssuerBuilder();
+ Issuer issuer = issuerBuilder.buildObject();
+ issuer.setValue(config.issuerName);
+ assertion.setIssuer(issuer);
+
+ // Set the issued time.
+ assertion.setIssueInstant(new DateTime());
+
+ // Validity period
+ DateTime creationDate = new DateTime();
+ DateTime expirationDate = new DateTime(creationDate.getMillis() + config.ttl);
+
+ // These variables are used to build the trust assertion
+ Date creationTime = creationDate.toDate();
+ Date expirationTime = expirationDate.toDate();
+
+ // Create the subject
+ Subject subject = createSubject(config, doc, crypto, creationDate, expirationDate, data);
+
+ // Set the subject
+ assertion.setSubject(subject);
+
+ // If a SymmetricKey is used build an attr stmt, if a public key is build an authn stmt.
+ if (isSymmetricKeyBasedHoK) {
+ AttributeStatement attrStmt = createAttributeStatement(data, config);
+ assertion.getAttributeStatements().add(attrStmt);
+ } else {
+ AuthnStatement authStmt = createAuthnStatement(data);
+ assertion.getAuthnStatements().add(authStmt);
+ }
+
+ // Create a SignKeyHolder to hold the crypto objects that are used to sign the assertion
+ SignKeyHolder signKeyHolder = createSignKeyHolder(config, crypto);
+
+ // Sign the assertion
+ assertion = setSignature(assertion, signKeyHolder);
+
+ OMElement rstrElem;
+ int wstVersion = data.getVersion();
+ if (RahasConstants.VERSION_05_02 == wstVersion) {
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(wstVersion, env
+ .getBody());
+ } else {
+ OMElement rstrcElem = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(wstVersion, env
+ .getBody());
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,
+ rstrcElem);
+ }
+
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ RahasConstants.TOK_TYPE_SAML_20);
+
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+ TrustUtil.createKeySizeElement(wstVersion, rstrElem, keySize);
+ }
+
+ if (config.addRequestedAttachedRef) {
+ TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#" + assertion.getID(),
+ RahasConstants.TOK_TYPE_SAML_20);
+ }
+
+ if (config.addRequestedUnattachedRef) {
+ TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem, assertion.getID(),
+ RahasConstants.TOK_TYPE_SAML_20);
+ }
+
+ if (data.getAppliesToAddress() != null) {
+ TrustUtil.createAppliesToElement(rstrElem, data.getAppliesToAddress(), data
+ .getAddressingNs());
+ }
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu.format(creationTime), zulu
+ .format(expirationTime));
+
+ // Create the RequestedSecurityToken element and add the SAML token
+ // to it
+ OMElement reqSecTokenElem = TrustUtil.createRequestedSecurityTokenElement(wstVersion,
+ rstrElem);
+ Token assertionToken;
+
+ Node tempNode = assertion.getDOM();
+
+ // Serializing and re-generating the AXIOM element using the DOM Element created using
+ // xerces
+ Element element = assertion.getDOM();
+
+ ByteArrayOutputStream byteArrayOutputStrm = new ByteArrayOutputStream();
+
+ DOMImplementationRegistry registry = DOMImplementationRegistry.newInstance();
+
+ DOMImplementationLS impl = (DOMImplementationLS) registry.getDOMImplementation("LS");
+
+ LSSerializer writer = impl.createLSSerializer();
+ LSOutput output = impl.createLSOutput();
+ output.setByteStream(byteArrayOutputStrm);
+ writer.write(element, output);
+ String elementString = byteArrayOutputStrm.toString();
+
+ DocumentBuilderFactoryImpl.setDOOMRequired(true);
+
+ DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+ documentBuilderFactory.setNamespaceAware(true);
+ DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
+ Document document = docBuilder.parse(new ByteArrayInputStream(elementString.trim()
+ .getBytes()));
+ Element assertionElement = document.getDocumentElement();
+
+ reqSecTokenElem.addChild((OMNode) ((Element) rstrElem).getOwnerDocument().importNode(
+ tempNode, true));
+
+ // Store the token
+ assertionToken = new Token(assertion.getID(), (OMElement) assertionElement,
+ creationTime, expirationTime);
+
+ // At this point we definitely have the secret
+ // Otherwise it should fail with an exception earlier
+ assertionToken.setSecret(data.getEphmeralKey());
+ TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);
+
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
+ && config.keyComputation != SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) {
+
+ // Add the RequestedProofToken
+ TokenIssuerUtil.handleRequestedProofToken(data, wstVersion, config, rstrElem,
+ assertionToken, doc);
+ }
+
+ return env;
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ } finally {
+ // Unset the DOM impl to default
+ DocumentBuilderFactoryImpl.setDOOMRequired(false);
+ }
+
+ return null;
+ }
+
+ /**
+ * This method is used to create the subject of an assertion
+ *
+ * @param config
+ * @param doc
+ * @param crypto
+ * @param creationTime
+ * @param expirationTime
+ * @param data
+ * @return Subject
+ * @throws Exception
+ */
+ private Subject createSubject(SAMLTokenIssuerConfig config, Document doc, Crypto crypto,
+ DateTime creationTime, DateTime expirationTime, RahasData data) throws Exception {
+
+ XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+ SAMLObjectBuilder<Subject> subjectBuilder = (SAMLObjectBuilder<Subject>) builderFactory
+ .getBuilder(Subject.DEFAULT_ELEMENT_NAME);
+ Subject subject = subjectBuilder.buildObject();
+ Element keyInfoElem = null;
+
+ // If it is a Symmetric Key
+ if (data.getKeyType().endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+
+ isSymmetricKeyBasedHoK = true;
+ Element encryptedKeyElem;
+ X509Certificate serviceCert = null;
+ try {
+
+ // Get ApliesTo to figure out which service to issue the token
+ // for
+ serviceCert = config.getServiceCert(crypto, data.getAppliesToAddress());
+
+ // Create the encrypted key
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+
+ // Use thumbprint id
+ encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+
+ // SEt the encryption cert
+ encrKeyBuilder.setUseThisCert(serviceCert);
+
+ // set keysize
+ int keysize = data.getKeysize();
+ keysize = (keysize != -1) ? keysize : config.keySize;
+ encrKeyBuilder.setKeySize(keysize);
+
+ encrKeyBuilder.setEphemeralKey(TokenIssuerUtil.getSharedSecret(data,
+ config.keyComputation, keysize));
+
+ // Set key encryption algo
+ encrKeyBuilder.setKeyEncAlgo(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
+
+ // Build
+ encrKeyBuilder.prepare(doc, crypto);
+
+ // Extract the base64 encoded secret value
+ byte[] tempKey = new byte[keysize / 8];
+ System.arraycopy(encrKeyBuilder.getEphemeralKey(), 0, tempKey, 0, keysize / 8);
+
+ data.setEphmeralKey(tempKey);
+
+ // Extract the Encryptedkey DOM element
+ encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[]{serviceCert.getSubjectDN().getName()}, e);
+ }
+
+ keyInfoElem = doc.createElementNS(WSConstants.SIG_NS, "ds:KeyInfo");
+ ((OMElement) encryptedKeyElem).declareNamespace(WSConstants.SIG_NS,
+ WSConstants.SIG_PREFIX);
+ ((OMElement) encryptedKeyElem).declareNamespace(WSConstants.ENC_NS,
+ WSConstants.ENC_PREFIX);
+
+ keyInfoElem.appendChild(encryptedKeyElem);
+
+ }
+
+ // If it is a public Key
+ else {
+ try {
+ String subjectNameId = data.getPrincipal().getName();
+
+ // Create NameID and attach it to the subject
+ NameIDBuilder nb = new NameIDBuilder();
+ NameID nameID = nb.buildObject();
+ nameID.setValue(subjectNameId);
+ nameID.setFormat(NameIdentifier.EMAIL);
+ subject.setNameID(nameID);
+
+ // Create the ds:KeyValue element with the ds:X509Data
+ X509Certificate clientCert = data.getClientCert();
+
+ if (clientCert == null) {
+ X509Certificate[] certs = crypto.getCertificates(data.getPrincipal().getName());
+ clientCert = certs[0];
+ }
+
+ byte[] clientCertBytes = clientCert.getEncoded();
+
+ String base64Cert = Base64.encode(clientCertBytes);
+
+ Text base64CertText = doc.createTextNode(base64Cert);
+
+ // -----------------------------------------
+
+ Element x509CertElem = doc
+ .createElementNS(WSConstants.SIG_NS, "ds:X509Certificate");
+ x509CertElem.appendChild(base64CertText);
+ Element x509DataElem = doc.createElementNS(WSConstants.SIG_NS, "ds:X509Data");
+ x509DataElem.appendChild(x509CertElem);
+
+ if (x509DataElem != null) {
+ keyInfoElem = doc.createElementNS(WSConstants.SIG_NS, "ds:KeyInfo");
+ ((OMElement) x509DataElem).declareNamespace(WSConstants.SIG_NS,
+ WSConstants.SIG_PREFIX);
+ ((OMElement) x509DataElem).declareNamespace(WSConstants.ENC_NS,
+ WSConstants.ENC_PREFIX);
+
+ keyInfoElem.appendChild(x509DataElem);
+ }
+
+ } catch (Exception e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ }
+ }
+
+ // Unmarshall the keyInfo DOM element into an XMLObject
+ String keyInfoElementString = keyInfoElem.toString();
+ DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+ documentBuilderFactory.setNamespaceAware(true);
+ DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
+ Document document = docBuilder.parse(new ByteArrayInputStream(keyInfoElementString.trim()
+ .getBytes()));
+ Element element = document.getDocumentElement();
+
+ // Get appropriate unmarshaller
+ UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+ Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
+
+ // Unmarshall using the document root element, an keyInfo element in this case
+ XMLObject keyInfoElement = null;
+ try {
+ keyInfoElement = unmarshaller.unmarshall(element);
+ } catch (UnmarshallingException e) {
+ throw new TrustException("Error unmarshalling KeyInfo Element", e);
+ }
+
+ // Build the Subject Confirmation
+ SAMLObjectBuilder<SubjectConfirmation> subjectConfirmationBuilder = (SAMLObjectBuilder<SubjectConfirmation>) builderFactory
+ .getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
+ SubjectConfirmation subjectConfirmation = subjectConfirmationBuilder.buildObject();
+
+ // Set the subject Confirmation method
+ subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
+
+ SAMLObjectBuilder<KeyInfoConfirmationDataType> keyInfoSubjectConfirmationDataBuilder = (SAMLObjectBuilder<KeyInfoConfirmationDataType>) builderFactory
+ .getBuilder(KeyInfoConfirmationDataType.TYPE_NAME);
+
+ // Build the subject confirmation data element
+ KeyInfoConfirmationDataType scData = keyInfoSubjectConfirmationDataBuilder
+ .buildObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME,
+ KeyInfoConfirmationDataType.TYPE_NAME);
+
+ // Set the keyInfo element
+ scData.getKeyInfos().add(keyInfoElement);
+
+ // Set the validity period
+ scData.setNotBefore(creationTime);
+ scData.setNotOnOrAfter(expirationTime);
+
+ // Set the subject confirmation data
+ subjectConfirmation.setSubjectConfirmationData(scData);
+
+ // set the subject confirmation
+ subject.getSubjectConfirmations().add(subjectConfirmation);
+
+ if (log.isDebugEnabled()) {
+ log.debug("SAML2.0 subject is constructed successfully.");
+ }
+ return subject;
+ }
+
+ /**
+ * This method is used to sign the assertion
+ *
+ * @param assertion
+ * @param cred
+ * @return Assertion
+ * @throws Exception
+ */
+ public Assertion setSignature(Assertion assertion, SignKeyHolder cred) throws Exception {
+
+ // Build the signature object and set the credentials.
+ Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
+ signature.setSigningCredential(cred);
+ signature.setSignatureAlgorithm(cred.getSignatureAlgorithm());
+ signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+
+ // Build the KeyInfo element and set the certificate
+ try {
+ KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
+ X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
+ org.opensaml.xml.signature.X509Certificate cert = (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
+ String value = org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate()
+ .getEncoded());
+ cert.setValue(value);
+ data.getX509Certificates().add(cert);
+ keyInfo.getX509Datas().add(data);
+ signature.setKeyInfo(keyInfo);
+
+ assertion.setSignature(signature);
+ signatureList.add(signature);
+
+ // Marshall and Sign
+ MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration
+ .getMarshallerFactory();
+ Marshaller marshaller = marshallerFactory.getMarshaller(assertion);
+ marshaller.marshall(assertion);
+ org.apache.xml.security.Init.init();
+ Signer.signObjects(signatureList);
+ } catch (CertificateEncodingException e) {
+ throw new TrustException("Error in setting the signature", e);
+ } catch (SignatureException e) {
+ throw new TrustException("errorMarshellingOrSigning", e);
+ } catch (MarshallingException e) {
+ throw new TrustException("errorMarshellingOrSigning", e);
+ }
+
+ if (log.isDebugEnabled()) {
+ log.debug("SAML2.0 assertion is marshalled and signed..");
+ }
+
+ return assertion;
+ }
+
+ /**
+ * This method is used to build the assertion elements
+ *
+ * @param objectQName
+ * @return
+ * @throws Exception
+ */
+ protected static XMLObject buildXMLObject(QName objectQName) throws Exception {
+ XMLObjectBuilder builder = org.opensaml.xml.Configuration.getBuilderFactory().getBuilder(
+ objectQName);
+ if (builder == null) {
+ throw new TrustException("Unable to retrieve builder for object QName " + objectQName);
+ }
+ return builder.buildObject(objectQName.getNamespaceURI(), objectQName.getLocalPart(),
+ objectQName.getPrefix());
+ }
+
+ /**
+ * This method is used to create SignKeyHolder instances that contains the credentials required
+ * for signing the assertion
+ *
+ * @param config
+ * @param crypto
+ * @return
+ * @throws TrustException
+ */
+ private SignKeyHolder createSignKeyHolder(SAMLTokenIssuerConfig config, Crypto crypto)
+ throws TrustException {
+
+ SignKeyHolder signKeyHolder = new SignKeyHolder();
+
+ try {
+ X509Certificate[] issuerCerts = crypto.getCertificates(config.issuerKeyAlias);
+
+ String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ }
+ java.security.Key issuerPK = crypto.getPrivateKey(config.issuerKeyAlias,
+ config.issuerKeyPassword);
+
+ signKeyHolder.setIssuerCerts(issuerCerts);
+ signKeyHolder.setIssuerPK((PrivateKey) issuerPK);
+ signKeyHolder.setSignatureAlgorithm(sigAlgo);
+
+ } catch (Exception e) {
+ throw new TrustException("Error creating issuer signature");
+ }
+
+ if (log.isDebugEnabled()) {
+ log.debug("SignKeyHolder object is created with the credentials..");
+ }
+
+ return signKeyHolder;
+ }
+
+ /**
+ * Creates the Attribute Statement
+ *
+ * @param data
+ * @param config
+ * @return
+ * @throws SAMLException
+ * @throws TrustException
+ */
+ private AttributeStatement createAttributeStatement(RahasData data, SAMLTokenIssuerConfig config)
+ throws SAMLException, TrustException {
+
+ XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+ SAMLObjectBuilder<AttributeStatement> attrStmtBuilder = (SAMLObjectBuilder<AttributeStatement>) builderFactory
+ .getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
+
+ AttributeStatement attrstmt = attrStmtBuilder.buildObject();
+
+ Attribute[] attributes = null;
+
+ // Call the attribute callback handlers to get any attributes if exists
+ if (config.getCallbackHander() != null) {
+ SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
+ SAMLCallbackHandler handler = config.getCallbackHander();
+ handler.handle(cb);
+ attributes = cb.getSAML2Attributes();
+ } else if (config.getCallbackHandlerName() != null
+ && config.getCallbackHandlerName().trim().length() > 0) {
+ SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
+ SAMLCallbackHandler handler = null;
+ MessageContext msgContext = data.getInMessageContext();
+ ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
+ Class cbClass = null;
+ try {
+ cbClass = Loader.loadClass(classLoader, config.getCallbackHandlerName());
+ } catch (ClassNotFoundException e) {
+ throw new TrustException("cannotLoadPWCBClass", new String[]{config
+ .getCallbackHandlerName()}, e);
+ }
+ try {
+ handler = (SAMLCallbackHandler) cbClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new TrustException("cannotCreatePWCBInstance", new String[]{config
+ .getCallbackHandlerName()}, e);
+ }
+ handler.handle(cb);
+ attributes = cb.getSAML2Attributes();
+ // else add the attribute with a default value
+ } else {
+ SAMLObjectBuilder<Attribute> attrBuilder = (SAMLObjectBuilder<Attribute>) builderFactory
+ .getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
+ Attribute attribute = attrBuilder.buildObject();
+ attribute.setName("Name");
+ attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
+
+ XSStringBuilder attributeValueBuilder = (XSStringBuilder) builderFactory
+ .getBuilder(XSString.TYPE_NAME);
+
+ XSString stringValue = attributeValueBuilder.buildObject(
+ AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue("Colombo/Rahas");
+ attribute.getAttributeValues().add(stringValue);
+ attributes = new Attribute[1];
+ attributes[0] = attribute;
+ }
+ // add attributes to the attribute statement
+ attrstmt.getAttributes().addAll(Arrays.asList(attributes));
+
+ if (log.isDebugEnabled()) {
+ log.debug("SAML2.0 attribute statement is constructed successfully.");
+ }
+
+ return attrstmt;
+ }
+
+ /**
+ * build the authentication statement
+ *
+ * @param data
+ * @return
+ */
+ private AuthnStatement createAuthnStatement(RahasData data) {
+ XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
+ MessageContext inMsgCtx = data.getInMessageContext();
+
+ SAMLObjectBuilder<AuthnStatement> authStmtBuilder = (SAMLObjectBuilder<AuthnStatement>) builderFactory
+ .getBuilder(AuthnStatement.DEFAULT_ELEMENT_NAME);
+
+ // build the auth stmt
+ AuthnStatement authStmt = authStmtBuilder.buildObject();
+
+ // set the authn instance
+ authStmt.setAuthnInstant(new DateTime());
+
+ SAMLObjectBuilder<AuthnContext> authCtxBuilder = (SAMLObjectBuilder<AuthnContext>) builderFactory
+ .getBuilder(AuthnContext.DEFAULT_ELEMENT_NAME);
+ AuthnContext authContext = authCtxBuilder.buildObject();
+
+ SAMLObjectBuilder<AuthnContextClassRef> authCtxClassRefBuilder = (SAMLObjectBuilder<AuthnContextClassRef>) builderFactory
+ .getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
+ AuthnContextClassRef authCtxClassRef = authCtxClassRefBuilder.buildObject();
+
+ // if username/password based authn
+ if (inMsgCtx.getProperty(RahasConstants.USERNAME) != null) {
+ authCtxClassRef.setAuthnContextClassRef(AuthnContext.PASSWORD_AUTHN_CTX);
+ }
+ // if X.509 cert based authn
+ else if (inMsgCtx.getProperty(RahasConstants.X509_CERT) != null) {
+ authCtxClassRef.setAuthnContextClassRef(AuthnContext.X509_AUTHN_CTX);
+ }
+
+ authContext.setAuthnContextClassRef(authCtxClassRef);
+ authStmt.setAuthnContext(authContext);
+
+ if (log.isDebugEnabled()) {
+ log.debug("SAML2.0 authentication statement is constructed successfully.");
+ }
+
+ return authStmt;
+ }
+
+ public String getResponseAction(RahasData data) throws TrustException {
+ return null;
+ }
+
+ public void setConfigurationFile(String configFile) {
+ this.configFile = configFile;
+ }
+
+ public void setConfigurationElement(OMElement configElement) {
+ this.configElement = configElement;
+ }
+
+ public void setConfigurationParamName(String configParamName) {
+ this.configParamName = configParamName;
+ }
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
new file mode 100644
index 0000000..df94336
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
@@ -0,0 +1,605 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import java.security.Principal;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+import java.text.DateFormat;
+import java.util.Arrays;
+import java.util.Date;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenIssuer;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.impl.util.SAMLAttributeCallback;
+import org.apache.rahas.impl.util.SAMLCallbackHandler;
+import org.apache.rahas.impl.util.SAMLNameIdentifierCallback;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.Loader;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.utils.EncryptionConstants;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLAttribute;
+import org.opensaml.SAMLAttributeStatement;
+import org.opensaml.SAMLAuthenticationStatement;
+import org.opensaml.SAMLException;
+import org.opensaml.SAMLNameIdentifier;
+import org.opensaml.SAMLStatement;
+import org.opensaml.SAMLSubject;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.Text;
+
+/**
+ * Issuer to issue SAMl tokens
+ */
+public class SAMLTokenIssuer implements TokenIssuer {
+
+ private String configParamName;
+
+ private OMElement configElement;
+
+ private String configFile;
+
+ public SOAPEnvelope issue(RahasData data) throws TrustException {
+
+ try {
+ MessageContext inMsgCtx = data.getInMessageContext();
+
+ SAMLTokenIssuerConfig config = null;
+ if (this.configElement != null) {
+ config = new SAMLTokenIssuerConfig(configElement
+ .getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ }
+
+ // Look for the file
+ if (config == null && this.configFile != null) {
+ config = new SAMLTokenIssuerConfig(this.configFile);
+ }
+
+ // Look for the param
+ if (config == null && this.configParamName != null) {
+ Parameter param = inMsgCtx.getParameter(this.configParamName);
+ if (param != null && param.getParameterElement() != null) {
+ config = new SAMLTokenIssuerConfig(param
+ .getParameterElement().getFirstChildWithName(
+ SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ } else {
+ throw new TrustException("expectedParameterMissing",
+ new String[] { this.configParamName });
+ }
+ }
+
+ if (config == null) {
+ throw new TrustException("configurationIsNull");
+ }
+
+ // Set the DOM impl to DOOM
+ DocumentBuilderFactoryImpl.setDOOMRequired(true);
+
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
+ .getEnvelope().getNamespace().getNamespaceURI());
+
+ Crypto crypto;
+ if (config.cryptoElement != null) { // crypto props
+ // defined as
+ // elements
+ crypto = CryptoFactory.getInstance(TrustUtil
+ .toProperties(config.cryptoElement), inMsgCtx
+ .getAxisService().getClassLoader());
+ } else { // crypto props defined in a properties file
+ crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+ inMsgCtx.getAxisService().getClassLoader());
+ }
+
+ // Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+ expirationTime.setTime(creationTime.getTime() + config.ttl);
+
+ // Get the document
+ Document doc = ((Element) env).getOwnerDocument();
+
+ // Get the key size and create a new byte array of that size
+ int keySize = data.getKeysize();
+
+ keySize = (keySize == -1) ? config.keySize : keySize;
+
+ /*
+ * Find the KeyType If the KeyType is SymmetricKey or PublicKey,
+ * issue a SAML HoK assertion. - In the case of the PublicKey, in
+ * coming security header MUST contain a certificate (maybe via
+ * signature)
+ *
+ * If the KeyType is Bearer then issue a Bearer assertion
+ *
+ * If the key type is missing we will issue a HoK assertion
+ */
+
+ String keyType = data.getKeyType();
+ SAMLAssertion assertion;
+ if (keyType == null) {
+ throw new TrustException(TrustException.INVALID_REQUEST,
+ new String[] { "Requested KeyType is missing" });
+ }
+
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
+ || keyType.endsWith(RahasConstants.KEY_TYPE_PUBLIC_KEY)) {
+ assertion = createHoKAssertion(config, doc, crypto,
+ creationTime, expirationTime, data);
+ } else if (keyType.endsWith(RahasConstants.KEY_TYPE_BEARER)) {
+ assertion = createBearerAssertion(config, doc, crypto,
+ creationTime, expirationTime, data);
+ } else {
+ throw new TrustException("unsupportedKeyType");
+ }
+
+ OMElement rstrElem;
+ int wstVersion = data.getVersion();
+ if (RahasConstants.VERSION_05_02 == wstVersion) {
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, env.getBody());
+ } else {
+ OMElement rstrcElem = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(
+ wstVersion, env.getBody());
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, rstrcElem);
+ }
+
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ RahasConstants.TOK_TYPE_SAML_10);
+
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+ TrustUtil.createKeySizeElement(wstVersion, rstrElem, keySize);
+ }
+
+ if (config.addRequestedAttachedRef) {
+ TrustUtil.createRequestedAttachedRef(rstrElem, assertion.getId(),wstVersion);
+ }
+
+ if (config.addRequestedUnattachedRef) {
+ TrustUtil.createRequestedUnattachedRef(rstrElem, assertion.getId(),wstVersion);
+ }
+
+ if (data.getAppliesToAddress() != null) {
+ TrustUtil.createAppliesToElement(rstrElem, data
+ .getAppliesToAddress(), data.getAddressingNs());
+ }
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
+ .format(creationTime), zulu.format(expirationTime));
+
+ // Create the RequestedSecurityToken element and add the SAML token
+ // to it
+ OMElement reqSecTokenElem = TrustUtil
+ .createRequestedSecurityTokenElement(wstVersion, rstrElem);
+ Token assertionToken;
+ try {
+ Node tempNode = assertion.toDOM();
+ reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
+ .getOwnerDocument().importNode(tempNode, true));
+
+ // Store the token
+ assertionToken = new Token(assertion.getId(),
+ (OMElement) assertion.toDOM(), creationTime,
+ expirationTime);
+
+ // At this point we definitely have the secret
+ // Otherwise it should fail with an exception earlier
+ assertionToken.setSecret(data.getEphmeralKey());
+ TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);
+
+ } catch (SAMLException e) {
+ throw new TrustException("samlConverstionError", e);
+ }
+
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
+ && config.keyComputation != SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) {
+
+ // Add the RequestedProofToken
+ TokenIssuerUtil.handleRequestedProofToken(data, wstVersion,
+ config, rstrElem, assertionToken, doc);
+ }
+
+ return env;
+ } finally {
+ // Unset the DOM impl to default
+ DocumentBuilderFactoryImpl.setDOOMRequired(false);
+ }
+
+ }
+
+ private SAMLAssertion createBearerAssertion(SAMLTokenIssuerConfig config,
+ Document doc, Crypto crypto, Date creationTime,
+ Date expirationTime, RahasData data) throws TrustException {
+ try {
+ Principal principal = data.getPrincipal();
+ // In the case where the principal is a UT
+ if (principal instanceof WSUsernameTokenPrincipal) {
+ SAMLNameIdentifier nameId = null;
+ if(config.getCallbackHander() != null){
+ SAMLNameIdentifierCallback cb = new SAMLNameIdentifierCallback(data);
+ cb.setUserId(principal.getName());
+ SAMLCallbackHandler callbackHandler = config.getCallbackHander();
+ callbackHandler.handle(cb);
+ nameId = cb.getNameId();
+ }else{
+ nameId = new SAMLNameIdentifier(
+ principal.getName(), null, SAMLNameIdentifier.FORMAT_EMAIL);
+ }
+
+ return createAuthAssertion(doc, SAMLSubject.CONF_BEARER,
+ nameId, null, config, crypto, creationTime,
+ expirationTime);
+ } else {
+ throw new TrustException("samlUnsupportedPrincipal",
+ new String[] { principal.getClass().getName() });
+ }
+ } catch (SAMLException e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ }
+ }
+
+ private SAMLAssertion createHoKAssertion(SAMLTokenIssuerConfig config,
+ Document doc, Crypto crypto, Date creationTime,
+ Date expirationTime, RahasData data) throws TrustException {
+
+ if (data.getKeyType().endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+ Element encryptedKeyElem;
+ X509Certificate serviceCert = null;
+ try {
+
+ // Get ApliesTo to figure out which service to issue the token
+ // for
+ serviceCert = getServiceCert(config, crypto, data
+ .getAppliesToAddress());
+
+ // Create the encrypted key
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+
+ // Use thumbprint id
+ encrKeyBuilder
+ .setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+
+ // SEt the encryption cert
+ encrKeyBuilder.setUseThisCert(serviceCert);
+
+ // set keysize
+ int keysize = data.getKeysize();
+ keysize = (keysize != -1) ? keysize : config.keySize;
+ encrKeyBuilder.setKeySize(keysize);
+
+ encrKeyBuilder.setEphemeralKey(TokenIssuerUtil.getSharedSecret(
+ data, config.keyComputation, keysize));
+
+ // Set key encryption algo
+ encrKeyBuilder
+ .setKeyEncAlgo(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
+
+ // Build
+ encrKeyBuilder.prepare(doc, crypto);
+
+ // Extract the base64 encoded secret value
+ byte[] tempKey = new byte[keysize / 8];
+ System.arraycopy(encrKeyBuilder.getEphemeralKey(), 0, tempKey,
+ 0, keysize / 8);
+
+ data.setEphmeralKey(tempKey);
+
+ // Extract the Encryptedkey DOM element
+ encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+ } catch (WSSecurityException e) {
+ throw new TrustException(
+ "errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[] { serviceCert.getSubjectDN().getName() },
+ e);
+ }
+ return this.createAttributeAssertion(doc, data ,encryptedKeyElem, config,
+ crypto, creationTime, expirationTime);
+ } else {
+ try {
+ String subjectNameId = data.getPrincipal().getName();
+
+ SAMLNameIdentifier nameId = new SAMLNameIdentifier(
+ subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
+
+ // Create the ds:KeyValue element with the ds:X509Data
+ X509Certificate clientCert = data.getClientCert();
+
+ if(clientCert == null) {
+ X509Certificate[] certs = crypto.getCertificates(
+ data.getPrincipal().getName());
+ clientCert = certs[0];
+ }
+
+ byte[] clientCertBytes = clientCert.getEncoded();
+
+ String base64Cert = Base64.encode(clientCertBytes);
+
+ Text base64CertText = doc.createTextNode(base64Cert);
+ Element x509CertElem = doc.createElementNS(WSConstants.SIG_NS,
+ "X509Certificate");
+ x509CertElem.appendChild(base64CertText);
+ Element x509DataElem = doc.createElementNS(WSConstants.SIG_NS,
+ "X509Data");
+ x509DataElem.appendChild(x509CertElem);
+
+ return this.createAuthAssertion(doc,
+ SAMLSubject.CONF_HOLDER_KEY, nameId, x509DataElem,
+ config, crypto, creationTime, expirationTime);
+ } catch (Exception e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ }
+ }
+ }
+
+ /**
+ * Uses the <code>wst:AppliesTo</code> to figure out the certificate to
+ * encrypt the secret in the SAML token
+ *
+ * @param config
+ * @param crypto
+ * @param serviceAddress
+ * The address of the service
+ * @return
+ * @throws WSSecurityException
+ */
+ private X509Certificate getServiceCert(SAMLTokenIssuerConfig config,
+ Crypto crypto, String serviceAddress) throws WSSecurityException {
+
+ if (serviceAddress != null && !"".equals(serviceAddress)) {
+ String alias = (String) config.trustedServices.get(serviceAddress);
+ if (alias != null) {
+ return crypto.getCertificates(alias)[0];
+ } else {
+ alias = (String) config.trustedServices.get("*");
+ return crypto.getCertificates(alias)[0];
+ }
+ } else {
+ String alias = (String) config.trustedServices.get("*");
+ return crypto.getCertificates(alias)[0];
+ }
+
+ }
+
+ /**
+ * Create the SAML assertion with the secret held in an
+ * <code>xenc:EncryptedKey</code>
+ *
+ * @param doc
+ * @param keyInfoContent
+ * @param config
+ * @param crypto
+ * @param notBefore
+ * @param notAfter
+ * @return
+ * @throws TrustException
+ */
+ private SAMLAssertion createAttributeAssertion(Document doc, RahasData data,
+ Element keyInfoContent, SAMLTokenIssuerConfig config,
+ Crypto crypto, Date notBefore, Date notAfter) throws TrustException {
+ try {
+ String[] confirmationMethods = new String[] { SAMLSubject.CONF_HOLDER_KEY };
+
+ Element keyInfoElem = doc.createElementNS(WSConstants.SIG_NS,
+ "KeyInfo");
+ ((OMElement) keyInfoContent).declareNamespace(WSConstants.SIG_NS,
+ WSConstants.SIG_PREFIX);
+ ((OMElement) keyInfoContent).declareNamespace(WSConstants.ENC_NS,
+ WSConstants.ENC_PREFIX);
+
+ keyInfoElem.appendChild(keyInfoContent);
+
+ SAMLSubject subject = new SAMLSubject(null, Arrays
+ .asList(confirmationMethods), null, keyInfoElem);
+
+
+ SAMLAttribute[] attrs = null;
+ if(config.getCallbackHander() != null){
+ SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
+ SAMLCallbackHandler handler = config.getCallbackHander();
+ handler.handle(cb);
+ attrs = cb.getAttributes();
+ } else if (config.getCallbackHandlerName() != null
+ && config.getCallbackHandlerName().trim().length() > 0) {
+ SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
+ SAMLCallbackHandler handler = null;
+ MessageContext msgContext = data.getInMessageContext();
+ ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
+ Class cbClass = null;
+ try {
+ cbClass = Loader.loadClass(classLoader, config.getCallbackHandlerName());
+ } catch (ClassNotFoundException e) {
+ throw new TrustException("cannotLoadPWCBClass", new String[]{config
+ .getCallbackHandlerName()}, e);
+ }
+ try {
+ handler = (SAMLCallbackHandler) cbClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new TrustException("cannotCreatePWCBInstance", new String[]{config
+ .getCallbackHandlerName()}, e);
+ }
+ handler.handle(cb);
+ attrs = cb.getAttributes();
+ }else{
+ //TODO Remove this after discussing
+ SAMLAttribute attribute = new SAMLAttribute("Name",
+ "https://rahas.apache.org/saml/attrns", null, -1, Arrays
+ .asList(new String[] { "Colombo/Rahas" }));
+ attrs = new SAMLAttribute[]{attribute};
+ }
+
+ SAMLAttributeStatement attrStmt = new SAMLAttributeStatement(
+ subject, Arrays.asList(attrs ));
+
+ SAMLStatement[] statements = { attrStmt };
+
+ SAMLAssertion assertion = new SAMLAssertion(config.issuerName,
+ notBefore, notAfter, null, null, Arrays.asList(statements));
+
+ // sign the assertion
+ X509Certificate[] issuerCerts = crypto
+ .getCertificates(config.issuerKeyAlias);
+
+ String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ }
+ java.security.Key issuerPK = crypto.getPrivateKey(
+ config.issuerKeyAlias, config.issuerKeyPassword);
+ assertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts));
+
+ return assertion;
+ } catch (Exception e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ }
+ }
+
+ /**
+ * @param doc
+ * @param confMethod
+ * @param subjectNameId
+ * @param keyInfoContent
+ * @param config
+ * @param crypto
+ * @param notBefore
+ * @param notAfter
+ * @return
+ * @throws TrustException
+ */
+ private SAMLAssertion createAuthAssertion(Document doc, String confMethod,
+ SAMLNameIdentifier subjectNameId, Element keyInfoContent,
+ SAMLTokenIssuerConfig config, Crypto crypto, Date notBefore,
+ Date notAfter) throws TrustException {
+ try {
+ String[] confirmationMethods = new String[] { confMethod };
+
+ Element keyInfoElem = null;
+ if (keyInfoContent != null) {
+ keyInfoElem = doc
+ .createElementNS(WSConstants.SIG_NS, "KeyInfo");
+ ((OMElement) keyInfoContent).declareNamespace(
+ WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
+ ((OMElement) keyInfoContent).declareNamespace(
+ WSConstants.ENC_NS, WSConstants.ENC_PREFIX);
+
+ keyInfoElem.appendChild(keyInfoContent);
+ }
+
+ SAMLSubject subject = new SAMLSubject(subjectNameId, Arrays
+ .asList(confirmationMethods), null, keyInfoElem);
+
+ SAMLAuthenticationStatement authStmt = new SAMLAuthenticationStatement(
+ subject,
+ SAMLAuthenticationStatement.AuthenticationMethod_Password,
+ notBefore, null, null, null);
+ SAMLStatement[] statements = { authStmt };
+
+ SAMLAssertion assertion = new SAMLAssertion(config.issuerName,
+ notBefore, notAfter, null, null, Arrays.asList(statements));
+
+ // sign the assertion
+ X509Certificate[] issuerCerts = crypto
+ .getCertificates(config.issuerKeyAlias);
+
+ String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ }
+ java.security.Key issuerPK = crypto.getPrivateKey(
+ config.issuerKeyAlias, config.issuerKeyPassword);
+ assertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts));
+
+ return assertion;
+ } catch (Exception e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public String getResponseAction(RahasData data) throws TrustException {
+ return TrustUtil.getActionValue(data.getVersion(),
+ RahasConstants.RSTR_ACTION_ISSUE);
+ }
+
+ /**
+ * Create an ephemeral key
+ *
+ * @return The generated key as a byte array
+ * @throws TrustException
+ */
+ protected byte[] generateEphemeralKey(int keySize) throws TrustException {
+ try {
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] temp = new byte[keySize / 8];
+ random.nextBytes(temp);
+ return temp;
+ } catch (Exception e) {
+ throw new TrustException("Error in creating the ephemeral key", e);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setConfigurationFile(String configFile) {
+ this.configFile = configFile;
+
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ this.configElement = configElement;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setConfigurationParamName(String configParamName) {
+ this.configParamName = configParamName;
+ }
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
new file mode 100644
index 0000000..c899fa7
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
@@ -0,0 +1,451 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import java.io.FileInputStream;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+import java.security.cert.X509Certificate;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.description.Parameter;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.impl.util.SAMLCallbackHandler;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.WSSecurityException;
+
+/**
+ * Configuration manager for the <code>SAMLTokenIssuer</code>
+ *
+ * @see SAMLTokenIssuer
+ */
+public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
+
+
+ Log log = LogFactory.getLog(SAMLTokenIssuerConfig.class);
+
+ /**
+ * The QName of the configuration element of the SAMLTokenIssuer
+ */
+ public final static QName SAML_ISSUER_CONFIG = new QName("saml-issuer-config");
+
+ /**
+ * Element name to include the alias of the private key to sign the response or
+ * the issued token
+ */
+ private final static QName ISSUER_KEY_ALIAS = new QName("issuerKeyAlias");
+
+ /**
+ * Element name to include the password of the private key to sign the response or the issued
+ * token
+ */
+ private final static QName ISSUER_KEY_PASSWD = new QName("issuerKeyPassword");
+
+ /**
+ * Element name of the attribute call-back handler
+ */
+ private final static QName ATTR_CALLBACK_HANDLER_NAME = new QName("attrCallbackHandlerName");
+
+ /**
+ * Element to specify the lifetime of the SAMLToken
+ * Dafaults to 300000 milliseconds (5 mins)
+ */
+ private final static QName TTL = new QName("timeToLive");
+
+ /**
+ * Element to list the trusted services
+ */
+ private final static QName TRUSTED_SERVICES = new QName("trusted-services");
+
+ private final static QName KEY_SIZE = new QName("keySize");
+
+ private final static QName SERVICE = new QName("service");
+ private final static QName ALIAS = new QName("alias");
+
+ public final static QName USE_SAML_ATTRIBUTE_STATEMENT = new QName("useSAMLAttributeStatement");
+
+ public final static QName ISSUER_NAME = new QName("issuerName");
+
+ public final static QName SAML_CALLBACK_CLASS = new QName("dataCallbackHandlerClass");
+
+ protected String issuerKeyAlias;
+ protected String issuerKeyPassword;
+ protected String issuerName;
+ protected Map trustedServices = new HashMap();
+ protected String trustStorePropFile;
+ protected SAMLCallbackHandler callbackHander;
+ protected String callbackHandlerName;
+
+ /**
+ * Create a new configuration with issuer name and crypto information
+ * @param issuerName Name of the issuer
+ * @param cryptoProviderClassName WSS4J Crypto impl class name
+ * @param cryptoProps Configuration properties of crypto impl
+ */
+ public SAMLTokenIssuerConfig(String issuerName, String cryptoProviderClassName, Properties cryptoProps) {
+ this.issuerName = issuerName;
+ this.setCryptoProperties(cryptoProviderClassName, cryptoProps);
+ }
+
+ /**
+ * Create a SAMLTokenIssuer configuration with a config file picked from the
+ * given location.
+ * @param configFilePath Path to the config file
+ * @throws TrustException
+ */
+ public SAMLTokenIssuerConfig(String configFilePath) throws TrustException {
+ FileInputStream fis;
+ StAXOMBuilder builder;
+ try {
+ fis = new FileInputStream(configFilePath);
+ builder = new StAXOMBuilder(fis);
+ } catch (Exception e) {
+ throw new TrustException("errorLoadingConfigFile",
+ new String[] { configFilePath });
+ }
+ this.load(builder.getDocumentElement());
+ }
+
+ /**
+ * Create a SAMLTokenIssuer configuration using the give config element
+ * @param elem Configuration element as an <code>OMElement</code>
+ * @throws TrustException
+ */
+ public SAMLTokenIssuerConfig(OMElement elem) throws TrustException {
+ this.load(elem);
+ }
+
+ private void load(OMElement elem) throws TrustException {
+ OMElement proofKeyElem = elem.getFirstChildWithName(PROOF_KEY_TYPE);
+ if (proofKeyElem != null) {
+ this.proofKeyType = proofKeyElem.getText().trim();
+ }
+
+ OMElement callbackNameElem = elem.getFirstChildWithName(ATTR_CALLBACK_HANDLER_NAME);
+ if (callbackNameElem != null) {
+ this.callbackHandlerName = callbackNameElem.getText().trim();
+ }
+
+ //The alias of the private key
+ OMElement userElem = elem.getFirstChildWithName(ISSUER_KEY_ALIAS);
+ if (userElem != null) {
+ this.issuerKeyAlias = userElem.getText().trim();
+ }
+
+ if (this.issuerKeyAlias == null || "".equals(this.issuerKeyAlias)) {
+ throw new TrustException("samlIssuerKeyAliasMissing");
+ }
+
+ OMElement issuerKeyPasswdElem = elem.getFirstChildWithName(ISSUER_KEY_PASSWD);
+ if (issuerKeyPasswdElem != null) {
+ this.issuerKeyPassword = issuerKeyPasswdElem.getText().trim();
+ }
+
+ if (this.issuerKeyPassword == null || "".equals(this.issuerKeyPassword)) {
+ throw new TrustException("samlIssuerKeyPasswdMissing");
+ }
+
+ OMElement issuerNameElem = elem.getFirstChildWithName(ISSUER_NAME);
+ if (issuerNameElem != null) {
+ this.issuerName = issuerNameElem.getText().trim();
+ }
+
+ if (this.issuerName == null || "".equals(this.issuerName)) {
+ throw new TrustException("samlIssuerNameMissing");
+ }
+
+ this.cryptoPropertiesElement = elem.getFirstChildWithName(CRYPTO_PROPERTIES);
+ if (this.cryptoPropertiesElement != null) {
+ if ((this.cryptoElement =
+ this.cryptoPropertiesElement .getFirstChildWithName(CRYPTO)) == null){
+ // no children. Hence, prop file should have been defined
+ this.cryptoPropertiesFile = this.cryptoPropertiesElement .getText().trim();
+ }
+ // else Props should be defined as children of a crypto element
+ }
+
+ OMElement keyCompElem = elem.getFirstChildWithName(KeyComputation.KEY_COMPUTATION);
+ if (keyCompElem != null && keyCompElem.getText() != null && !"".equals(keyCompElem.getText())) {
+ this.keyComputation = Integer.parseInt(keyCompElem.getText());
+ }
+
+ //time to live
+ OMElement ttlElem = elem.getFirstChildWithName(TTL);
+ if (ttlElem != null) {
+ try {
+ this.ttl = Long.parseLong(ttlElem.getText().trim());
+ } catch (NumberFormatException e) {
+ throw new TrustException("invlidTTL");
+ }
+ }
+
+ OMElement keySizeElem = elem.getFirstChildWithName(KEY_SIZE);
+ if (keySizeElem != null) {
+ try {
+ this.keySize = Integer.parseInt(keySizeElem.getText().trim());
+ } catch (NumberFormatException e) {
+ throw new TrustException("invalidKeysize");
+ }
+ }
+
+ this.addRequestedAttachedRef = elem
+ .getFirstChildWithName(ADD_REQUESTED_ATTACHED_REF) != null;
+ this.addRequestedUnattachedRef = elem
+ .getFirstChildWithName(ADD_REQUESTED_UNATTACHED_REF) != null;
+
+ //Process trusted services
+ OMElement trustedServices = elem.getFirstChildWithName(TRUSTED_SERVICES);
+
+ /*
+ * If there are trusted services add them to a list
+ * Only trusts myself to issue tokens to :
+ * In this case the STS is embedded in the service as well and
+ * the issued token can only be used with that particular service
+ * since the response secret is encrypted by the service's public key
+ */
+ if (trustedServices != null) {
+ //Now process the trusted services
+ Iterator servicesIter = trustedServices.getChildrenWithName(SERVICE);
+ while (servicesIter.hasNext()) {
+ OMElement service = (OMElement) servicesIter.next();
+ OMAttribute aliasAttr = service.getAttribute(ALIAS);
+ if (aliasAttr == null) {
+ //The certificate alias is a must
+ throw new TrustException("aliasMissingForService",
+ new String[]{service.getText().trim()});
+ }
+ if (this.trustedServices == null) {
+ this.trustedServices = new HashMap();
+ }
+
+ //Add the trusted service and the alias to the map of services
+ this.trustedServices.put(service.getText().trim(), aliasAttr.getAttributeValue());
+ }
+
+ //There maybe no trusted services as well, Therefore do not
+ //throw an exception when there are no trusted in the list at the
+ //moment
+ }
+
+
+ OMElement attrElemet = elem.getFirstChildWithName(SAML_CALLBACK_CLASS);
+ if (attrElemet != null) {
+ try {
+ String value = attrElemet.getText();
+ Class handlerClass = Class.forName(value);
+ this.callbackHander = (SAMLCallbackHandler)handlerClass.newInstance();
+ } catch (ClassNotFoundException e) {
+ log.debug("Error loading class" , e);
+ throw new TrustException("Error loading class" , e);
+ } catch (InstantiationException e) {
+ log.debug("Error instantiating class" , e);
+ throw new TrustException("Error instantiating class" , e);
+ } catch (IllegalAccessException e) {
+ log.debug("Illegal Access" , e);
+ throw new TrustException("Illegal Access" , e);
+ }
+ }
+
+
+ }
+
+ /**
+ * Generate an Axis2 parameter for this configuration
+ * @return An Axis2 Parameter instance with configuration information
+ */
+ public Parameter getParameter() {
+ Parameter param = new Parameter();
+
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+
+ OMElement paramElem = fac.createOMElement("Parameter", null);
+ paramElem.addAttribute("name", SAML_ISSUER_CONFIG.getLocalPart(), null);
+
+ OMElement configElem = fac.createOMElement(SAML_ISSUER_CONFIG, paramElem);
+
+ OMElement issuerNameElem = fac.createOMElement(ISSUER_NAME, configElem);
+ issuerNameElem.setText(this.issuerName);
+
+ OMElement issuerKeyAliasElem = fac.createOMElement(ISSUER_KEY_ALIAS, configElem);
+ issuerKeyAliasElem.setText(this.issuerKeyAlias);
+
+ OMElement issuerKeyPasswd = fac.createOMElement(ISSUER_KEY_PASSWD, configElem);
+ issuerKeyPasswd.setText(this.issuerKeyPassword);
+
+ OMElement callbackHandlerName = fac.createOMElement(ATTR_CALLBACK_HANDLER_NAME, configElem);
+ callbackHandlerName.setText(this.callbackHandlerName);
+
+ configElem.addChild(this.cryptoPropertiesElement);
+
+ OMElement keySizeElem = fac.createOMElement(KEY_SIZE, configElem);
+ keySizeElem.setText(Integer.toString(this.keySize));
+
+ if(this.addRequestedAttachedRef) {
+ fac.createOMElement(ADD_REQUESTED_ATTACHED_REF, configElem);
+ }
+ if(this.addRequestedUnattachedRef) {
+ fac.createOMElement(ADD_REQUESTED_UNATTACHED_REF, configElem);
+ }
+
+ OMElement keyCompElem = fac.createOMElement(KeyComputation.KEY_COMPUTATION, configElem);
+ keyCompElem.setText(Integer.toString(this.keyComputation));
+
+ OMElement proofKeyTypeElem = fac.createOMElement(PROOF_KEY_TYPE, configElem);
+ proofKeyTypeElem.setText(this.proofKeyType);
+
+ OMElement trustedServicesElem = fac.createOMElement(TRUSTED_SERVICES, configElem);
+ for (Iterator iterator = this.trustedServices.keySet().iterator(); iterator.hasNext();) {
+ String service = (String) iterator.next();
+ OMElement serviceElem = fac.createOMElement(SERVICE, trustedServicesElem);
+ serviceElem.setText(service);
+ serviceElem.addAttribute("alias", (String)this.trustedServices.get(service), null);
+
+ }
+
+ param.setName(SAML_ISSUER_CONFIG.getLocalPart());
+ param.setParameterElement(paramElem);
+ param.setValue(paramElem);
+ param.setParameterType(Parameter.OM_PARAMETER);
+
+ return param;
+ }
+
+ public void setIssuerKeyAlias(String issuerKeyAlias) {
+ this.issuerKeyAlias = issuerKeyAlias;
+ }
+
+ public String getIssuerKeyAlias() {
+ return issuerKeyAlias;
+ }
+
+ public void setIssuerKeyPassword(String issuerKeyPassword) {
+ this.issuerKeyPassword = issuerKeyPassword;
+ }
+
+ public String getIssuerKeyPassword() {
+ return issuerKeyPassword;
+ }
+
+ public void setIssuerName(String issuerName) {
+ this.issuerName = issuerName;
+ }
+
+ public void setTrustedServices(Map trustedServices) {
+ this.trustedServices = trustedServices;
+ }
+
+ public void setTrustStorePropFile(String trustStorePropFile) {
+ this.trustStorePropFile = trustStorePropFile;
+ }
+
+ /**
+ * Add a new trusted service endpoint address with its certificate
+ * @param address Service endpoint address
+ * @param alias certificate alias
+ */
+ public void addTrustedServiceEndpointAddress(String address, String alias) {
+ this.trustedServices.put(address, alias);
+ }
+
+ /**
+ * Set crypto information using WSS4J mechanisms
+ *
+ * @param providerClassName
+ * Provider class - an implementation of
+ * org.apache.ws.security.components.crypto.Crypto
+ * @param props Configuration properties
+ */
+ public void setCryptoProperties(String providerClassName, Properties props) {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ this.cryptoPropertiesElement= fac.createOMElement(CRYPTO_PROPERTIES);
+ OMElement cryptoElem = fac.createOMElement(CRYPTO, this.cryptoPropertiesElement);
+ cryptoElem.addAttribute(PROVIDER.getLocalPart(), providerClassName, null);
+ Enumeration keys = props.keys();
+ while (keys.hasMoreElements()) {
+ String prop = (String) keys.nextElement();
+ String value = (String)props.get(prop);
+ OMElement propElem = fac.createOMElement(PROPERTY, cryptoElem);
+ propElem.setText(value);
+ propElem.addAttribute("name", prop, null);
+ }
+ }
+
+ /**
+ * Return the list of trusted services as a <code>java.util.Map</code>.
+ * The services addresses are the keys and cert aliases available under
+ * those keys.
+ * @return
+ */
+ public Map getTrustedServices() {
+ return trustedServices;
+ }
+
+ public SAMLCallbackHandler getCallbackHander() {
+ return callbackHander;
+ }
+
+ public void setCallbackHander(SAMLCallbackHandler callbackHander) {
+ this.callbackHander = callbackHander;
+ }
+
+ public String getCallbackHandlerName() {
+ return callbackHandlerName;
+ }
+
+ public void setCallbackHandlerName(String callbackHandlerName) {
+ this.callbackHandlerName = callbackHandlerName;
+ }
+
+ /**
+ * Uses the <code>wst:AppliesTo</code> to figure out the certificate to
+ * encrypt the secret in the SAML token
+ *
+ * @param crypto
+ * @param serviceAddress
+ * The address of the service
+ * @return
+ * @throws org.apache.ws.security.WSSecurityException
+ */
+ public X509Certificate getServiceCert(Crypto crypto, String serviceAddress) throws WSSecurityException {
+
+ if (serviceAddress != null && !"".equals(serviceAddress)) {
+ String alias = (String) this.trustedServices.get(serviceAddress);
+ if (alias != null) {
+ return crypto.getCertificates(alias)[0];
+ } else {
+ alias = (String) this.trustedServices.get("*");
+ return crypto.getCertificates(alias)[0];
+ }
+ } else {
+ String alias = (String) this.trustedServices.get("*");
+ return crypto.getCertificates(alias)[0];
+ }
+
+ }
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
new file mode 100644
index 0000000..5184a88
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
@@ -0,0 +1,199 @@
+package org.apache.rahas.impl;
+
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.text.DateFormat;
+import java.util.Arrays;
+import java.util.Date;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenRenewer;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.apache.xml.security.signature.XMLSignature;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLException;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+public class SAMLTokenRenewer implements TokenRenewer {
+
+ private String configParamName;
+
+ private OMElement configElement;
+
+ private String configFile;
+
+ public SOAPEnvelope renew(RahasData data) throws TrustException {
+
+ // retrieve the message context
+ MessageContext inMsgCtx = data.getInMessageContext();
+
+ SAMLTokenIssuerConfig config = null;
+ if (this.configElement != null) {
+ config = new SAMLTokenIssuerConfig(configElement
+ .getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ }
+
+ // Look for the file
+ if (config == null && this.configFile != null) {
+ config = new SAMLTokenIssuerConfig(this.configFile);
+ }
+
+ // Look for the param
+ if (config == null && this.configParamName != null) {
+ Parameter param = inMsgCtx.getParameter(this.configParamName);
+ if (param != null && param.getParameterElement() != null) {
+ config = new SAMLTokenIssuerConfig(param
+ .getParameterElement().getFirstChildWithName(
+ SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ } else {
+ throw new TrustException("expectedParameterMissing",
+ new String[] { this.configParamName });
+ }
+ }
+
+ if (config == null) {
+ throw new TrustException("configurationIsNull");
+ }
+
+ // retrieve the list of tokens from the message context
+ TokenStorage tkStorage = TrustUtil.getTokenStore(inMsgCtx);
+
+ try {
+ // Set the DOM impl to DOOM
+ DocumentBuilderFactoryImpl.setDOOMRequired(true);
+
+ // Create envelope
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
+ .getEnvelope().getNamespace().getNamespaceURI());
+
+ // Create RSTR element, with respective version
+ OMElement rstrElem;
+ int wstVersion = data.getVersion();
+ if (RahasConstants.VERSION_05_02 == wstVersion) {
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, env.getBody());
+ } else {
+ OMElement rstrcElem = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(
+ wstVersion, env.getBody());
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, rstrcElem);
+ }
+
+ Crypto crypto;
+ if (config.cryptoElement != null) {
+ // crypto props defined as elements
+ crypto = CryptoFactory.getInstance(TrustUtil
+ .toProperties(config.cryptoElement), inMsgCtx
+ .getAxisService().getClassLoader());
+ } else {
+ // crypto props defined in a properties file
+ crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+ inMsgCtx.getAxisService().getClassLoader());
+ }
+
+ // Create TokenType element
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ RahasConstants.TOK_TYPE_SAML_10);
+
+ // Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+ expirationTime.setTime(creationTime.getTime() + config.ttl);
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
+ .format(creationTime), zulu.format(expirationTime));
+
+ // Obtain the token
+ Token tk = tkStorage.getToken(data.getTokenId());
+
+ OMElement assertionOMElement = tk.getToken();
+ SAMLAssertion samlAssertion = null;
+
+ try {
+ samlAssertion = new SAMLAssertion((Element) assertionOMElement);
+ samlAssertion.unsign();
+ samlAssertion.setNotBefore(creationTime);
+ samlAssertion.setNotOnOrAfter(expirationTime);
+
+ // sign the assertion
+ X509Certificate[] issuerCerts = crypto
+ .getCertificates(config.issuerKeyAlias);
+
+ String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ }
+ java.security.Key issuerPK = crypto.getPrivateKey(
+ config.issuerKeyAlias, config.issuerKeyPassword);
+
+ samlAssertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts));
+
+ // Create the RequestedSecurityToken element and add the SAML token
+ // to it
+ OMElement reqSecTokenElem = TrustUtil
+ .createRequestedSecurityTokenElement(wstVersion, rstrElem);
+
+ Node tempNode = samlAssertion.toDOM();
+ reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
+ .getOwnerDocument().importNode(tempNode, true));
+
+
+ } catch (SAMLException e) {
+ throw new TrustException("Cannot create SAML Assertion",e);
+ } catch (WSSecurityException e) {
+ throw new TrustException("Cannot create SAML Assertion",e);
+ } catch (Exception e) {
+ throw new TrustException("Cannot create SAML Assertion",e);
+ }
+ return env;
+ } finally {
+ DocumentBuilderFactoryImpl.setDOOMRequired(false);
+ }
+
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setConfigurationFile(String configFile) {
+ this.configFile = configFile;
+
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ this.configElement = configElement;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setConfigurationParamName(String configParamName) {
+ this.configParamName = configParamName;
+ }
+
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
new file mode 100644
index 0000000..7293d31
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
@@ -0,0 +1,250 @@
+package org.apache.rahas.impl;
+
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TokenValidator;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLException;
+import org.w3c.dom.Element;
+
+/**
+ * Implementation of a SAML Token Validator for the Security Token Service.
+ */
+public class SAMLTokenValidator implements TokenValidator {
+
+ Log log = LogFactory.getLog(SAMLTokenValidator.class);
+
+ private String configFile;
+ private OMElement configElement;
+ private String configParamName;
+
+ /**
+ * Returns a SOAPEnvelope with the result of the validation.
+ *
+ * @param data
+ * the RahasData object, containing information about the
+ * request.
+ */
+ public SOAPEnvelope validate(RahasData data) throws TrustException {
+ // retrieve the message context
+ MessageContext inMsgCtx = data.getInMessageContext();
+
+ // retrieve the list of tokens from the message context
+ TokenStorage tkStorage = TrustUtil.getTokenStore(inMsgCtx);
+
+ try {
+ // Set the DOM impl to DOOM
+ DocumentBuilderFactoryImpl.setDOOMRequired(true);
+
+ // Create envelope
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
+ .getEnvelope().getNamespace().getNamespaceURI());
+
+ // Create RSTR element, with respective version
+ OMElement rstrElem;
+ int wstVersion = data.getVersion();
+ if (RahasConstants.VERSION_05_02 == wstVersion) {
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, env.getBody());
+ } else {
+ OMElement rstrcElem = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(
+ wstVersion, env.getBody());
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, rstrcElem);
+ }
+
+ // Create TokenType element, set to RSTR/Status
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ TrustUtil.getWSTNamespace(wstVersion)
+ + RahasConstants.TOK_TYPE_STATUS);
+
+ // Create Status element
+ OMElement statusElement = createMessageElement(wstVersion,
+ rstrElem, RahasConstants.LocalNames.STATUS);
+
+ // Obtain the token
+ Token tk = tkStorage.getToken(data.getTokenId());
+
+ // create the crypto object
+ PublicKey issuerPBKey = getIssuerPublicKey(inMsgCtx);
+
+ boolean valid = isValid(tk, issuerPBKey);
+ String validityCode;
+
+ if (valid) {
+ validityCode = RahasConstants.STATUS_CODE_VALID;
+ } else {
+ validityCode = RahasConstants.STATUS_CODE_INVALID;
+ }
+
+ // Create Code element (inside Status) and set it to the
+ // correspondent value
+ createMessageElement(wstVersion, statusElement,
+ RahasConstants.LocalNames.CODE).setText(
+ TrustUtil.getWSTNamespace(wstVersion) + validityCode);
+
+ return env;
+ } finally {
+ DocumentBuilderFactoryImpl.setDOOMRequired(false);
+ }
+ }
+
+ /**
+ * Checks whether the token is valid or not, by verifying the issuer's own
+ * signature. If it has been signed by the token issuer, then it is a valid
+ * token.
+ *
+ * @param token
+ * the token to validate.
+ * @return true if the token has been signed by the issuer.
+ */
+ private boolean isValid(Token token, PublicKey issuerPBKey) {
+ // extract SAMLAssertion object from token
+ OMElement assertionOMElement = token.getToken();
+ SAMLAssertion samlAssertion = null;
+
+ try {
+ samlAssertion = new SAMLAssertion((Element) assertionOMElement);
+
+ log.info("Verifying token validity...");
+
+ // check if the token has been signed by the issuer.
+ samlAssertion.verify(issuerPBKey);
+
+ } catch (SAMLException e) {
+ log.error("Could not verify signature", e);
+ return false;
+ }
+
+ // if there was no exception, then the token is valid
+ return true;
+ }
+
+ //here we basically reuse the SAMLTokenIssuer config
+ // to create the crypto object, so we can load the issuer's certificates
+ private PublicKey getIssuerPublicKey(MessageContext inMsgCtx) {
+ PublicKey issuerPBKey = null;
+ SAMLTokenIssuerConfig config = null;
+
+ try {
+ if (configElement != null) {
+ config = new SAMLTokenIssuerConfig(
+ configElement
+ .getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ }
+
+ // Look for the file
+ if ((config == null) && (configFile != null)) {
+ config = new SAMLTokenIssuerConfig(configFile);
+ }
+
+ // Look for the param
+ if ((config == null) && (configParamName != null)) {
+ Parameter param = inMsgCtx.getParameter(configParamName);
+ if ((param != null) && (param.getParameterElement() != null)) {
+ config = new SAMLTokenIssuerConfig(param
+ .getParameterElement().getFirstChildWithName(
+ SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ } else {
+ throw new TrustException("expectedParameterMissing",
+ new String[] { configParamName });
+ }
+ }
+
+ if (config == null) {
+ throw new TrustException("configurationIsNull");
+ }
+
+ Crypto crypto;
+ if (config.cryptoElement != null) { // crypto props
+ // defined as
+ // elements
+ crypto = CryptoFactory.getInstance(TrustUtil
+ .toProperties(config.cryptoElement), inMsgCtx
+ .getAxisService().getClassLoader());
+ } else { // crypto props defined in a properties file
+ crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+ inMsgCtx.getAxisService().getClassLoader());
+ }
+
+ X509Certificate[] issuerCerts = crypto
+ .getCertificates(config.issuerKeyAlias);
+
+ issuerPBKey = issuerCerts[0].getPublicKey();
+
+ } catch (Exception e) {
+ log.error("Could not retrieve issuer public key", e);
+ }
+ return issuerPBKey;
+ }
+
+ /**
+ * Returns the <wst:Status> element.
+ *
+ * @param version
+ * WS-Trust version.
+ * @param parent
+ * the parent OMElement.
+ */
+ private static OMElement createMessageElement(int version,
+ OMElement parent, String elementName) throws TrustException {
+ return createOMElement(parent, TrustUtil.getWSTNamespace(version),
+ elementName, RahasConstants.WST_PREFIX);
+ }
+
+ private static OMElement createOMElement(OMElement parent, String ns,
+ String ln, String prefix) {
+ return parent.getOMFactory().createOMElement(new QName(ns, ln, prefix),
+ parent);
+ }
+
+ // ========================================================================
+
+ /**
+ * Set the configuration file of this TokenValidator. <p/> This is the text
+ * value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ public void setConfigurationFile(String configFile) {
+ this.configFile = configFile;
+ }
+
+ /**
+ * Set the name of the configuration parameter. <p/> If this is used then
+ * there must be a <code>org.apache.axis2.description.Parameter</code>
+ * object available in the via the messageContext when the
+ * <code>TokenValidator</code> is called.
+ *
+ * @param configParamName
+ * @see org.apache.axis2.description.Parameter
+ */
+ public void setConfigurationParamName(String configParamName) {
+ this.configParamName = configParamName;
+ }
+
+ public void setConfigurationElement(OMElement configElement) {
+ this.configElement = configElement;
+ }
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
new file mode 100644
index 0000000..27aefd0
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
@@ -0,0 +1,220 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.description.Parameter;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenIssuer;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.text.DateFormat;
+import java.util.Date;
+
+public class SCTIssuer implements TokenIssuer {
+
+ public final static String COMPUTED_KEY = "ComputedKey";
+
+ private String configFile;
+
+ private OMElement configElement;
+
+ private String configParamName;
+
+ /**
+ * Issue a {@link SecurityContextToken} based on the wsse:Signature or
+ * wsse:UsernameToken
+ * <p/>
+ * This will support returning the SecurityContextToken with the following
+ * types of wst:RequestedProof tokens:
+ * <ul>
+ * <li>xenc:EncryptedKey</li>
+ * <li>wst:ComputedKey</li>
+ * <li>wst:BinarySecret (for secure transport)</li>
+ * </ul>
+ */
+ public SOAPEnvelope issue(RahasData data) throws TrustException {
+
+ SCTIssuerConfig config = null;
+ if (this.configElement != null) {
+ config = SCTIssuerConfig
+ .load(configElement
+ .getFirstChildWithName(SCTIssuerConfig.SCT_ISSUER_CONFIG));
+ }
+
+ // Look for the file
+ if (config == null && this.configFile != null) {
+ config = SCTIssuerConfig.load(this.configFile);
+ }
+
+ // Look for the param
+ if (config == null && this.configParamName != null) {
+ Parameter param = data.getInMessageContext().getParameter(this.configParamName);
+ if (param != null && param.getParameterElement() != null) {
+ config = SCTIssuerConfig.load(param.getParameterElement()
+ .getFirstChildWithName(
+ SCTIssuerConfig.SCT_ISSUER_CONFIG));
+ } else {
+ throw new TrustException("expectedParameterMissing",
+ new String[]{this.configParamName});
+ }
+ }
+
+ if (config == null) {
+ throw new TrustException("missingConfiguration",
+ new String[]{SCTIssuerConfig.SCT_ISSUER_CONFIG
+ .getLocalPart()});
+ }
+
+ // Env
+ return createEnvelope(data, config);
+ }
+
+ private SOAPEnvelope createEnvelope(RahasData data,
+ SCTIssuerConfig config) throws TrustException {
+ try {
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(data.getSoapNs());
+ int wstVersion = data.getVersion();
+
+ // Get the document
+ Document doc = ((Element) env).getOwnerDocument();
+
+ SecurityContextToken sct =
+ new SecurityContextToken(this.getWSCVersion(data.getTokenType()), doc);
+
+ OMElement rstrElem =
+ TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,
+ env.getBody());
+
+ OMElement rstElem =
+ TrustUtil.createRequestedSecurityTokenElement(wstVersion, rstrElem);
+
+ rstElem.addChild((OMElement) sct.getElement());
+
+ String tokenType = data.getTokenType();
+
+ OMElement reqAttachedRef = null;
+ OMElement reqUnattachedRef = null;
+ if (config.addRequestedAttachedRef) {
+ reqAttachedRef = TrustUtil.createRequestedAttachedRef(wstVersion,
+ rstrElem,
+ "#" + sct.getID(),
+ tokenType);
+ }
+
+ if (config.addRequestedUnattachedRef) {
+ reqUnattachedRef = TrustUtil.createRequestedUnattachedRef(wstVersion,
+ rstrElem,
+ sct.getIdentifier(),
+ tokenType);
+ }
+
+ //Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+
+ expirationTime.setTime(creationTime.getTime() + config.ttl);
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion,
+ rstrElem,
+ zulu.format(creationTime),
+ zulu.format(expirationTime));
+
+ // Store the tokens
+ Token sctToken = new Token(sct.getIdentifier(),
+ (OMElement) sct.getElement(),
+ creationTime,
+ expirationTime);
+
+ if(config.addRequestedAttachedRef) {
+ sctToken.setAttachedReference(reqAttachedRef.getFirstElement());
+ }
+
+ if(config.addRequestedUnattachedRef) {
+ sctToken.setUnattachedReference(reqUnattachedRef.getFirstElement());
+ }
+
+ byte[] secret = TokenIssuerUtil.getSharedSecret(data, config.keyComputation, config.keySize);
+ sctToken.setSecret(secret);
+
+ //Add the RequestedProofToken
+ TokenIssuerUtil.handleRequestedProofToken(data,
+ wstVersion,
+ config,
+ rstrElem,
+ sctToken,
+ doc);
+
+ sctToken.setState(Token.ISSUED);
+ TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
+ return env;
+ } catch (ConversationException e) {
+ throw new TrustException(e.getMessage(), e);
+ }
+ }
+
+ public String getResponseAction(RahasData data) throws TrustException {
+ return TrustUtil.getActionValue(data.getVersion(), RahasConstants.RSTR_ACTION_SCT);
+ }
+
+ /**
+ * @see org.apache.rahas.TokenIssuer#setConfigurationFile(java.lang.String)
+ */
+ public void setConfigurationFile(String configFile) {
+ this.configFile = configFile;
+ }
+
+ /**
+ * @see org.apache.rahas.TokenIssuer#setConfigurationElement(OMElement)
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ this.configElement = configElement;
+ }
+
+ public void setConfigurationParamName(String configParamName) {
+ this.configParamName = configParamName;
+ }
+
+ private int getWSCVersion(String tokenTypeValue) throws ConversationException {
+
+ if (tokenTypeValue == null) {
+ return ConversationConstants.DEFAULT_VERSION;
+ }
+
+ if (tokenTypeValue.startsWith(ConversationConstants.WSC_NS_05_02)) {
+ return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_02);
+ } else if (tokenTypeValue.startsWith(ConversationConstants.WSC_NS_05_12)) {
+ return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_12);
+ } else {
+ throw new ConversationException("unsupportedSecConvVersion");
+ }
+ }
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuerConfig.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuerConfig.java
new file mode 100644
index 0000000..5d0f231
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuerConfig.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.rahas.TrustException;
+
+import javax.xml.namespace.QName;
+
+import java.io.FileInputStream;
+
+/**
+ * SCTIssuer Configuration processor
+ */
+public class SCTIssuerConfig extends AbstractIssuerConfig{
+
+ public final static QName SCT_ISSUER_CONFIG = new QName("sct-issuer-config");
+ protected byte[] requesterEntropy;
+
+ private SCTIssuerConfig(OMElement elem) throws TrustException {
+ OMElement proofKeyElem = elem.getFirstChildWithName(PROOF_KEY_TYPE);
+ if (proofKeyElem != null) {
+ this.proofKeyType = proofKeyElem.getText().trim();
+ }
+
+ OMElement cryptoPropertiesElem = elem
+ .getFirstChildWithName(new QName("cryptoProperties"));
+
+ if (!TokenIssuerUtil.BINARY_SECRET.equals(proofKeyType) && cryptoPropertiesElem == null) {
+ throw new TrustException("sctIssuerCryptoPropertiesMissing");
+ }
+
+ this.addRequestedAttachedRef =
+ elem.getFirstChildWithName(ADD_REQUESTED_ATTACHED_REF) != null;
+ this.addRequestedUnattachedRef =
+ elem.getFirstChildWithName(ADD_REQUESTED_UNATTACHED_REF) != null;
+ if ((cryptoElement =
+ cryptoPropertiesElem.getFirstChildWithName(CRYPTO)) == null) { // no children. Hence, prop file should have been defined
+ this.cryptoPropertiesFile = cryptoPropertiesElem.getText().trim();
+ }
+ // else Props should be defined as children of a crypto element
+
+ OMElement keyCompElem = elem.getFirstChildWithName(KeyComputation.KEY_COMPUTATION);
+ if (keyCompElem != null && keyCompElem.getText() != null && !"".equals(keyCompElem.getText())) {
+ this.keyComputation = Integer.parseInt(keyCompElem.getText());
+ }
+ }
+
+ public static SCTIssuerConfig load(OMElement elem) throws TrustException {
+ return new SCTIssuerConfig(elem);
+ }
+
+ public static SCTIssuerConfig load(String configFilePath)
+ throws TrustException {
+ FileInputStream fis;
+ StAXOMBuilder builder;
+ try {
+ fis = new FileInputStream(configFilePath);
+ builder = new StAXOMBuilder(fis);
+ } catch (Exception e) {
+ throw new TrustException("errorLoadingConfigFile",
+ new String[] { configFilePath });
+ }
+
+ return load(builder.getDocumentElement());
+ }
+}
\ No newline at end of file
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerConfig.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerConfig.java
new file mode 100644
index 0000000..820cf6b
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerConfig.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.rahas.TrustException;
+
+import javax.xml.namespace.QName;
+import java.io.FileInputStream;
+
+/**
+ *
+ */
+public class TokenCancelerConfig {
+
+ /*
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <proofToken>EncryptedKey</proofToken>
+ <cryptoProperties>sctIssuer.properties</cryptoProperties>
+ <addRequestedAttachedRef />
+ </stoken-canceler-config>
+ </parameter>
+ */
+ public final static QName TOKEN_CANCELER_CONFIG = new QName("token-canceler-config");
+
+ private TokenCancelerConfig(OMElement elem) throws TrustException {
+ /*OMElement proofTokenElem =
+ elem.getFirstChildWithName(new QName("proofToken"));
+ if (proofTokenElem != null) {
+ this.proofTokenType = proofTokenElem.getText().trim();
+ }
+
+ OMElement cryptoPropertiesElem = elem
+ .getFirstChildWithName(new QName("cryptoProperties"));
+
+ if (!SCTIssuer.BINARY_SECRET.equals(proofTokenType)
+ && cryptoPropertiesElem == null) {
+ throw new TrustException("sctIssuerCryptoPropertiesMissing");
+ }
+
+ this.addRequestedAttachedRef = elem
+ .getFirstChildWithName(ADD_REQUESTED_ATTACHED_REF) != null;
+ this.addRequestedUnattachedRef = elem
+ .getFirstChildWithName(ADD_REQUESTED_UNATTACHED_REF) != null;
+
+ this.cryptoPropertiesFile = cryptoPropertiesElem.getText().trim();*/
+ }
+
+ public static TokenCancelerConfig load(OMElement elem) throws TrustException {
+ return new TokenCancelerConfig(elem);
+ }
+
+ public static TokenCancelerConfig load(String configFilePath)
+ throws TrustException {
+ FileInputStream fis;
+ StAXOMBuilder builder;
+ try {
+ fis = new FileInputStream(configFilePath);
+ builder = new StAXOMBuilder(fis);
+ } catch (Exception e) {
+ throw new TrustException("errorLoadingConfigFile", new String[] { configFilePath });
+ }
+ return load(builder.getDocumentElement());
+ }
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerImpl.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerImpl.java
new file mode 100644
index 0000000..7ca2ab5
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerImpl.java
@@ -0,0 +1,204 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import org.apache.rahas.TokenCanceler;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.context.MessageContext;
+
+import javax.xml.namespace.QName;
+
+/**
+ *
+ */
+public class TokenCancelerImpl implements TokenCanceler {
+
+ private String configFile;
+ private OMElement configElement;
+ private String configParamName;
+
+ /**
+ * Cancel the token specified in the request.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Response SOAPEnveloper
+ * @throws org.apache.rahas.TrustException
+ *
+ */
+ public SOAPEnvelope cancel(RahasData data) throws TrustException {
+ TokenCancelerConfig config = null;
+ if (this.configElement != null) {
+ config = TokenCancelerConfig.load(configElement.
+ getFirstChildWithName(SCTIssuerConfig.SCT_ISSUER_CONFIG));
+ }
+
+ // Look for the file
+ if (config == null && this.configFile != null) {
+ config = TokenCancelerConfig.load(this.configFile);
+ }
+
+ // Look for the param
+ if (config == null && this.configParamName != null) {
+ Parameter param = data.getInMessageContext().getParameter(this.configParamName);
+ if (param != null && param.getParameterElement() != null) {
+ config = TokenCancelerConfig.load(param.getParameterElement()
+ .getFirstChildWithName(SCTIssuerConfig.SCT_ISSUER_CONFIG));
+ } else {
+ throw new TrustException("expectedParameterMissing",
+ new String[]{this.configParamName});
+ }
+ }
+
+ if (config == null) {
+ throw new TrustException("missingConfiguration",
+ new String[]{SCTIssuerConfig.SCT_ISSUER_CONFIG
+ .getLocalPart()});
+ }
+
+ OMElement rstEle = data.getRstElement();
+ QName cancelTagetQName = new QName(data.getWstNs(), RahasConstants.CancelBindingLocalNames.CANCEL_TARGET);
+ OMElement cancelTargetEle = rstEle.getFirstChildWithName(cancelTagetQName);
+ if (cancelTargetEle == null) {
+ throw new TrustException("requiredElementNotFound",
+ new String[]{cancelTagetQName.toString()});
+ }
+ OMElement secTokenRefEle = cancelTargetEle
+ .getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ SecurityTokenReference.SECURITY_TOKEN_REFERENCE));
+ String tokenId;
+ if (secTokenRefEle != null) {
+
+ /*
+ <o:SecurityTokenReference
+ xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <o:Reference URI="urn:uuid:8e6a3a95-fd1b-4c24-96d4-28e875025ff7"
+ ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </o:SecurityTokenReference>
+ */
+ OMElement referenceEle = secTokenRefEle.getFirstChildWithName(Reference.TOKEN);
+ if (referenceEle != null) {
+ OMAttribute uri = referenceEle.getAttribute(new QName(
+ RahasConstants.CancelBindingLocalNames.URI));
+ if (uri != null) {
+
+ tokenId = uri.getAttributeValue();
+ if (tokenId.charAt(0) == '#') {
+ tokenId = tokenId.substring(1);
+ }
+ } else {
+ throw new TrustException("cannotDetermineTokenId");
+ }
+ } else {
+ throw new TrustException("cannotDetermineTokenId");
+ }
+ } else {
+ // TODO: we need to handle situation where the token itself is contained within the
+ // TODO: <wst:CancelTarget> element
+ throw new TrustException("cannotDetermineTokenId");
+ }
+
+ // Cancel the token
+ MessageContext inMsgCtx = data.getInMessageContext();
+ TokenStorage tokenStore = TrustUtil.getTokenStore(inMsgCtx);
+ Token token = tokenStore.getToken(tokenId);
+ if (token == null) {
+ throw new TrustException("tokenNotFound", new String[]{tokenId});
+ }
+ token.setState(Token.CANCELLED);
+ tokenStore.update(token);
+
+ // Create the response SOAP Envelope
+ SOAPEnvelope responseEnv =
+ TrustUtil.
+ createSOAPEnvelope(inMsgCtx.getEnvelope().getNamespace().getNamespaceURI());
+ OMElement rstrElem;
+ int version = data.getVersion();
+ if (RahasConstants.VERSION_05_02 == version) {
+ rstrElem = TrustUtil
+ .createRequestSecurityTokenResponseElement(version, responseEnv.getBody());
+ } else {
+ OMElement rstrcElem = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(
+ version, responseEnv.getBody());
+
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(version, rstrcElem);
+ }
+ TrustUtil.createRequestedTokenCanceledElement(version, rstrElem);
+ return responseEnv;
+ }
+
+ /**
+ * Set the configuration file of this TokenCanceller.
+ * <p/>
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ public void setConfigurationFile(String configFile) {
+ this.configFile = configFile;
+ }
+
+ /**
+ * Set the configuration element of this TokenCanceller.
+ * <p/>
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement <code>OMElement</code> representing the configuation
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ this.configElement = configElement;
+ }
+
+ /**
+ * Set the name of the configuration parameter.
+ * <p/>
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @param configParamName
+ * @see org.apache.axis2.description.Parameter
+ */
+ public void setConfigurationParamName(String configParamName) {
+ this.configParamName = configParamName;
+ }
+
+ /**
+ * Returns the <code>wsa:Action</code> of the response.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Returns the <code>wsa:Action</code> of the response
+ * @throws org.apache.rahas.TrustException
+ *
+ */
+ public String getResponseAction(RahasData data) throws TrustException {
+ return TrustUtil.getActionValue(data.getVersion(), RahasConstants.RSTR_ACTION_CANCEL);
+ }
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java
new file mode 100644
index 0000000..b901592
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import java.security.SecureRandom;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.util.Base64;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.conversation.dkalgo.P_SHA1;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ *
+ */
+public class TokenIssuerUtil {
+
+ public final static String ENCRYPTED_KEY = "EncryptedKey";
+ public final static String BINARY_SECRET = "BinarySecret";
+
+ public static byte[] getSharedSecret(RahasData data,
+ int keyComputation,
+ int keySize) throws TrustException {
+
+ boolean reqEntrPresent = data.getRequestEntropy() != null;
+
+ try {
+ if (reqEntrPresent &&
+ keyComputation != SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_OWN_KEY) {
+ //If there is requester entropy and if the issuer is not
+ //configured to use its own key
+
+ if (keyComputation ==
+ SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_PROVIDE_ENT) {
+ data.setResponseEntropy(WSSecurityUtil.generateNonce(keySize / 8));
+ P_SHA1 p_sha1 = new P_SHA1();
+ return p_sha1.createKey(data.getRequestEntropy(),
+ data.getResponseEntropy(),
+ 0,
+ keySize / 8);
+ } else {
+ //If we reach this its expected to use the requestor's
+ //entropy
+ return data.getRequestEntropy();
+ }
+ } else { // need to use a generated key
+ return generateEphemeralKey(keySize);
+ }
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorCreatingSymmKey", e);
+ } catch (ConversationException e) {
+ throw new TrustException("errorCreatingSymmKey", e);
+ }
+ }
+
+ public static void handleRequestedProofToken(RahasData data,
+ int wstVersion,
+ AbstractIssuerConfig config,
+ OMElement rstrElem,
+ Token token,
+ Document doc) throws TrustException {
+ OMElement reqProofTokElem =
+ TrustUtil.createRequestedProofTokenElement(wstVersion, rstrElem);
+
+ if (config.keyComputation == AbstractIssuerConfig.KeyComputation.KEY_COMP_PROVIDE_ENT
+ && data.getRequestEntropy() != null) {
+ //If we there's requester entropy and its configured to provide
+ //entropy then we have to set the entropy value and
+ //set the RPT to include a ComputedKey element
+
+ OMElement respEntrElem = TrustUtil.createEntropyElement(wstVersion, rstrElem);
+ String entr = Base64.encode(data.getResponseEntropy());
+ OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
+ respEntrElem,
+ RahasConstants.BIN_SEC_TYPE_NONCE);
+ binSecElem.setText(entr);
+
+ OMElement compKeyElem =
+ TrustUtil.createComputedKeyElement(wstVersion, reqProofTokElem);
+ compKeyElem.setText(data.getWstNs() + RahasConstants.COMPUTED_KEY_PSHA1);
+ } else {
+ if (TokenIssuerUtil.ENCRYPTED_KEY.equals(config.proofKeyType)) {
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+ Crypto crypto;
+ if (config.cryptoElement != null) { // crypto props defined as elements
+ crypto = CryptoFactory.getInstance(TrustUtil.toProperties(config.cryptoElement),
+ data.getInMessageContext().
+ getAxisService().getClassLoader());
+ } else { // crypto props defined in a properties file
+ crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+ data.getInMessageContext().
+ getAxisService().getClassLoader());
+ }
+
+ encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ try {
+ encrKeyBuilder.setUseThisCert(data.getClientCert());
+ encrKeyBuilder.prepare(doc, crypto);
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[]{data.
+ getClientCert().getSubjectDN().getName()});
+ }
+ Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+ Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ reqProofTokElem.addChild((OMElement) bstElem);
+ }
+
+ reqProofTokElem.addChild((OMElement) encryptedKeyElem);
+
+ token.setSecret(encrKeyBuilder.getEphemeralKey());
+ } else if (TokenIssuerUtil.BINARY_SECRET.equals(config.proofKeyType)) {
+ byte[] secret = TokenIssuerUtil.getSharedSecret(data,
+ config.keyComputation,
+ config.keySize);
+ OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
+ reqProofTokElem,
+ null);
+ binSecElem.setText(Base64.encode(secret));
+ token.setSecret(secret);
+ } else {
+ throw new IllegalArgumentException(config.proofKeyType);
+ }
+ }
+ }
+
+ private static byte[] generateEphemeralKey(int keySize) throws TrustException {
+ try {
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] temp = new byte[keySize / 8];
+ random.nextBytes(temp);
+ return temp;
+ } catch (Exception e) {
+ throw new TrustException("errorCreatingSymmKey", e);
+ }
+ }
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2KeyInfo.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2KeyInfo.java
new file mode 100644
index 0000000..b94e003
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2KeyInfo.java
@@ -0,0 +1,62 @@
+package org.apache.rahas.impl.util;
+
+import org.opensaml.saml2.core.Assertion;
+
+import java.security.cert.X509Certificate;/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * TODO : This class should be moved to WSS4J once a new version of it is avaliable
+ * This class holds the secrets contained in a SAML2 token.
+ */
+public class SAML2KeyInfo {
+ /**
+ * Certificates
+ */
+ private X509Certificate[] certs;
+
+ /**
+ * Key bytes (e.g.: held in an encrypted key)
+ */
+ private byte[] secret;
+
+ /**
+ * SAMLAssertion
+ */
+ Assertion assertion;
+
+ public SAML2KeyInfo(Assertion assertions, X509Certificate[] certs) {
+ this.certs = certs;
+ this.assertion = assertions;
+ }
+
+ public SAML2KeyInfo(Assertion assertions, byte[] secret) {
+ this.secret = secret;
+ this.assertion = assertions;
+ }
+
+ public X509Certificate[] getCerts() {
+ return certs;
+ }
+
+ public byte[] getSecret() {
+ return secret;
+ }
+
+ public Assertion getAssertion() {
+ return assertion;
+ }
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
new file mode 100644
index 0000000..d9d93da
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
@@ -0,0 +1,309 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package org.apache.rahas.impl.util;
+
+import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.processor.EncryptedKeyProcessor;
+import org.apache.ws.security.util.Base64;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.keys.content.X509Data;
+import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
+import org.opensaml.Configuration;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.saml2.core.*;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.*;
+import org.w3c.dom.*;
+import org.w3c.dom.bootstrap.DOMImplementationRegistry;
+import org.w3c.dom.ls.DOMImplementationLS;
+import org.w3c.dom.ls.LSOutput;
+import org.w3c.dom.ls.LSSerializer;
+import org.xml.sax.SAXException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.security.cert.X509Certificate;
+
+public class SAML2Utils {
+
+ private static final Log log = LogFactory.getLog(SAML2Utils.class);
+
+ public static Element getElementFromAssertion(XMLObject xmlObj) throws TrustException {
+ try {
+
+ String jaxpProperty = System.getProperty("javax.xml.parsers.DocumentBuilderFactory");
+ System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
+
+ MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
+ Marshaller marshaller = marshallerFactory.getMarshaller(xmlObj);
+ Element element = marshaller.marshall(xmlObj);
+
+ // Reset the sys. property to its previous value.
+ if (jaxpProperty == null) {
+ System.getProperties().remove("javax.xml.parsers.DocumentBuilderFactory");
+ } else {
+ System.setProperty("javax.xml.parsers.DocumentBuilderFactory", jaxpProperty);
+ }
+
+ ByteArrayOutputStream byteArrayOutputStrm = new ByteArrayOutputStream();
+
+ DOMImplementationRegistry registry = DOMImplementationRegistry.newInstance();
+
+ DOMImplementationLS impl =
+ (DOMImplementationLS) registry.getDOMImplementation("LS");
+
+ LSSerializer writer = impl.createLSSerializer();
+ LSOutput output = impl.createLSOutput();
+ output.setByteStream(byteArrayOutputStrm);
+ writer.write(element, output);
+ String elementString = byteArrayOutputStrm.toString();
+
+ DocumentBuilderFactoryImpl.setDOOMRequired(true);
+
+ DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+ documentBuilderFactory.setNamespaceAware(true);
+ DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
+ Document document = docBuilder.parse(new ByteArrayInputStream(elementString.trim().getBytes()));
+ Element assertionElement = document.getDocumentElement();
+ DocumentBuilderFactoryImpl.setDOOMRequired(false);
+
+ if (log.isDebugEnabled()) {
+ log.debug("DOM element is created successfully from the OpenSAML2 XMLObject");
+ }
+ return assertionElement;
+
+ } catch (Exception e) {
+ throw new TrustException("Error creating DOM object from the assertion", e);
+ }
+ }
+
+ /**
+ * Extract certificates or the key available in the SAMLAssertion
+ *
+ * @param elem
+ * @return the SAML2 Key Info
+ * @throws org.apache.ws.security.WSSecurityException
+ *
+ */
+ public static SAML2KeyInfo getSAML2KeyInfo(Element elem, Crypto crypto,
+ CallbackHandler cb) throws WSSecurityException {
+ Assertion assertion;
+
+ //build the assertion by unmarhalling the DOM element.
+ try {
+ DefaultBootstrap.bootstrap();
+
+ String keyInfoElementString = elem.toString();
+ DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+ documentBuilderFactory.setNamespaceAware(true);
+ DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
+ Document document = docBuilder.parse(new ByteArrayInputStream(keyInfoElementString.trim().getBytes()));
+ Element element = document.getDocumentElement();
+ UnmarshallerFactory unmarshallerFactory = Configuration
+ .getUnmarshallerFactory();
+ Unmarshaller unmarshaller = unmarshallerFactory
+ .getUnmarshaller(element);
+ assertion = (Assertion) unmarshaller
+ .unmarshall(element);
+ }
+ catch (ConfigurationException e) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "Failure in bootstrapping", null, e);
+ } catch (UnmarshallingException e) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "Failure in unmarshelling the assertion", null, e);
+ } catch (IOException e) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "Failure in unmarshelling the assertion", null, e);
+ } catch (SAXException e) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "Failure in unmarshelling the assertion", null, e);
+ } catch (ParserConfigurationException e) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILURE, "Failure in unmarshelling the assertion", null, e);
+ }
+ return getSAML2KeyInfo(assertion, crypto, cb);
+
+ }
+
+ public static SAML2KeyInfo getSAML2KeyInfo(Assertion assertion, Crypto crypto,
+ CallbackHandler cb) throws WSSecurityException {
+
+ //First ask the cb whether it can provide the secret
+ WSPasswordCallback pwcb = new WSPasswordCallback(assertion.getID(), WSPasswordCallback.CUSTOM_TOKEN);
+ if (cb != null) {
+ try {
+ cb.handle(new Callback[]{pwcb});
+ } catch (Exception e1) {
+ throw new WSSecurityException(WSSecurityException.FAILURE, "noKey",
+ new Object[]{assertion.getID()}, e1);
+ }
+ }
+
+ byte[] key = pwcb.getKey();
+
+ if (key != null) {
+ return new SAML2KeyInfo(assertion, key);
+ } else {
+ // if the cb fails to provide the secret.
+ try {
+ // extract the subject
+ Subject samlSubject = assertion.getSubject();
+ if (samlSubject == null) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "invalidSAML2Token", new Object[]{"for Signature (no Subject)"});
+ }
+
+ // extract the subject confirmation element from the subject
+ SubjectConfirmation subjectConf = (SubjectConfirmation) samlSubject.getSubjectConfirmations().get(0);
+ if (subjectConf == null) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "invalidSAML2Token", new Object[]{"for Signature (no Subject Confirmation)"});
+ }
+
+ // Get the subject confirmation data, KeyInfoConfirmationDataType extends SubjectConfirmationData.
+ KeyInfoConfirmationDataType scData = (KeyInfoConfirmationDataType) subjectConf.getSubjectConfirmationData();
+ if (scData == null) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "invalidSAML2Token", new Object[]{"for Signature (no Subject Confirmation Data)"});
+ }
+
+ // Get the SAML specific XML representation of the keyInfo object
+ XMLObject KIElem = scData.getKeyInfos() != null ? (XMLObject) scData.getKeyInfos().get(0) : null;
+
+ Element keyInfoElement;
+
+ // Generate a DOM element from the XMLObject.
+ if (KIElem != null) {
+
+ // Set the "javax.xml.parsers.DocumentBuilderFactory" system property to make sure the endorsed JAXP
+ // implementation is picked over the default jaxp impl shipped with the JDK.
+ String jaxpProperty = System.getProperty("javax.xml.parsers.DocumentBuilderFactory");
+ System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
+
+ MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
+ Marshaller marshaller = marshallerFactory.getMarshaller(KIElem);
+ keyInfoElement = marshaller.marshall(KIElem);
+
+ // Reset the sys. property to its previous value.
+ if (jaxpProperty == null) {
+ System.getProperties().remove("javax.xml.parsers.DocumentBuilderFactory");
+ } else {
+ System.setProperty("javax.xml.parsers.DocumentBuilderFactory", jaxpProperty);
+ }
+
+ } else {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "invalidSAML2Token", new Object[]{"for Signature (no key info element)"});
+ }
+
+ AttributeStatement attrStmt = assertion.getAttributeStatements().size() != 0 ?
+ (AttributeStatement) assertion.getAttributeStatements().get(0) : null;
+ AuthnStatement authnStmt = assertion.getAuthnStatements().size() != 0 ?
+ (AuthnStatement) assertion.getAuthnStatements().get(0) : null;
+
+ // if an attr stmt is present, then it has a symmetric key.
+ if (attrStmt != null) {
+ NodeList children = keyInfoElement.getChildNodes();
+ int len = children.getLength();
+
+ for (int i = 0; i < len; i++) {
+ Node child = children.item(i);
+ if (child.getNodeType() != Node.ELEMENT_NODE) {
+ continue;
+ }
+ QName el = new QName(child.getNamespaceURI(), child.getLocalName());
+ if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)) {
+
+ EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
+ proc.handleEncryptedKey((Element) child, cb, crypto, null);
+
+ return new SAML2KeyInfo(assertion, proc.getDecryptedBytes());
+ } else if (el.equals(new QName(WSConstants.WST_NS, "BinarySecret"))) {
+ Text txt = (Text) child.getFirstChild();
+ return new SAML2KeyInfo(assertion, Base64.decode(txt.getData()));
+ }
+ }
+
+ }
+
+ // If an authn stmt is presentm then it has a public key.
+ else if (authnStmt != null) {
+
+ X509Certificate[] certs = null;
+ try {
+ KeyInfo ki = new KeyInfo(keyInfoElement, null);
+
+ if (ki.containsX509Data()) {
+ X509Data data = ki.itemX509Data(0);
+ XMLX509Certificate certElem = null;
+ if (data != null && data.containsCertificate()) {
+ certElem = data.itemCertificate(0);
+ }
+ if (certElem != null) {
+ X509Certificate cert = certElem.getX509Certificate();
+ certs = new X509Certificate[1];
+ certs[0] = cert;
+ return new SAML2KeyInfo(assertion, certs);
+ }
+ }
+
+ } catch (XMLSecurityException e3) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "invalidSAMLsecurity",
+ new Object[]{"cannot get certificate (key holder)"}, e3);
+ }
+
+ } else {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "invalidSAMLsecurity",
+ new Object[]{"cannot get certificate or key "});
+ }
+
+
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "invalidSAMLsecurity",
+ new Object[]{"cannot get certificate or key "});
+
+ } catch (MarshallingException e) {
+ throw new WSSecurityException(WSSecurityException.FAILURE,
+ "Failed marshalling the SAML Assertion", null, e);
+ }
+ }
+ }
+
+}
+
+
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
new file mode 100644
index 0000000..9da8ce4
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
@@ -0,0 +1,53 @@
+package org.apache.rahas.impl.util;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.rahas.RahasData;
+import org.opensaml.SAMLAttribute;
+import org.opensaml.saml2.core.Attribute;
+
+public class SAMLAttributeCallback implements SAMLCallback{
+
+ private List attributes = null;
+ private RahasData data = null;
+
+ public SAMLAttributeCallback(RahasData data){
+ attributes = new ArrayList();
+ this.data = data;
+ }
+
+ public int getCallbackType(){
+ return SAMLCallback.ATTR_CALLBACK;
+ }
+
+ public void addAttributes(SAMLAttribute attribute){
+ attributes.add(attribute);
+ }
+
+ /**
+ * Overloaded method to support SAML2
+ * @param attr
+ */
+ public void addAttributes(Attribute attr){
+ attributes.add(attr);
+ }
+
+ /**
+ * Get the array of SAML2 attributes.
+ * @return
+ */
+ public Attribute[] getSAML2Attributes(){
+ return (Attribute[])attributes.toArray(new Attribute[attributes.size()]);
+ }
+
+ public SAMLAttribute[] getAttributes(){
+ return (SAMLAttribute[])attributes.toArray(new SAMLAttribute[attributes.size()]);
+
+ }
+
+ public RahasData getData() {
+ return data;
+ }
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java
new file mode 100644
index 0000000..358842d
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java
@@ -0,0 +1,25 @@
+package org.apache.rahas.impl.util;
+
+/**
+ * All SAML data retrieving call backs will implement this interface
+ *
+ */
+public interface SAMLCallback {
+
+ /**
+ * Attribute callback
+ */
+ public static final int ATTR_CALLBACK = 1;
+
+ /**
+ * Subject name identifier
+ */
+ public static final int NAME_IDENTIFIER_CALLBACK = 2;
+
+ /**
+ * Returns the type of callback
+ * @return
+ */
+ int getCallbackType();
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java
new file mode 100644
index 0000000..e3e1439
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java
@@ -0,0 +1,28 @@
+package org.apache.rahas.impl.util;
+
+import org.opensaml.SAMLException;
+
+/**
+ * SAMLCallback Handler enables you to add data to the
+ * to the SAMLAssertion.
+ *
+ * For example Assertions, NameIdentifiers.
+ *
+ */
+public interface SAMLCallbackHandler {
+
+ /**
+ * SAMLCallback object has indicates what kind of data is required.
+ * if(callback.getCallbackType() == SAMLCallback.ATTR_CALLBACK)
+ * {
+ * SAMLAttributeCallback attrCallback = (SAMLAttributeCallback)callback;
+ * \//Retrieve required data from the RahasData inside SAMLAttributeCallback
+ * \//Add your SAMLAttributes to the attrCallback here.
+ *
+ * }
+ * @param callback
+ * @throws SAMLException
+ */
+ public void handle(SAMLCallback callback) throws SAMLException;
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java
new file mode 100644
index 0000000..185283f
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java
@@ -0,0 +1,47 @@
+package org.apache.rahas.impl.util;
+
+import org.apache.rahas.RahasData;
+import org.opensaml.SAMLNameIdentifier;
+
+/**
+ * This is used retrieve data for the SAMLNameIdentifier.
+ * SAMLNameIdentifier can have different formats.
+ * Depending on it, NameIdentifier must have different values.
+ * It should be implementation specific.
+ *
+ */
+public class SAMLNameIdentifierCallback implements SAMLCallback{
+
+ private SAMLNameIdentifier nameId = null;
+ private String userId = null;
+ private RahasData data = null;
+
+ public SAMLNameIdentifierCallback(RahasData data){
+ this.data = data;
+ }
+
+ public int getCallbackType(){
+ return SAMLCallback.NAME_IDENTIFIER_CALLBACK;
+ }
+
+ public SAMLNameIdentifier getNameId() {
+ return nameId;
+ }
+
+ public void setNameId(SAMLNameIdentifier nameId) {
+ this.nameId = nameId;
+ }
+
+ public void setUserId(String userId) {
+ this.userId = userId;
+ }
+
+ public String getUserId() {
+ return userId;
+ }
+
+ public RahasData getData() {
+ return data;
+ }
+
+}
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java
new file mode 100644
index 0000000..32f1cc0
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java
@@ -0,0 +1,30 @@
+package org.apache.rahas.impl.util;
+
+import org.apache.rahas.impl.SAMLTokenIssuerConfig;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.WSSecurityException;
+
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.ArrayList;
+
+public class SAMLUtils {
+
+
+ public static Collection<X509Certificate> getCertChainCollection(X509Certificate[] issuerCerts){
+
+ ArrayList<X509Certificate> certCollection = new ArrayList<X509Certificate>();
+
+ if (issuerCerts == null) {
+ return certCollection;
+ } else {
+ for (X509Certificate cert : issuerCerts) {
+ certCollection.add(cert);
+ }
+ }
+
+ return certCollection;
+
+ }
+}
+
diff --git a/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SignKeyHolder.java b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SignKeyHolder.java
new file mode 100644
index 0000000..9472986
--- /dev/null
+++ b/1_5/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SignKeyHolder.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl.util;
+
+
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.CredentialContextSet;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.x509.X509Credential;
+
+import javax.crypto.SecretKey;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.X509CRL;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
+
+/**
+ * This class is used to store the signing credentials.
+ */
+public class SignKeyHolder implements X509Credential {
+
+ private String signatureAlgorithm = null;
+
+ private X509Certificate[] issuerCerts = null;
+
+ private PrivateKey issuerPK = null;
+
+
+ public String getSignatureAlgorithm() {
+ return signatureAlgorithm;
+ }
+
+ public void setSignatureAlgorithm(String signatureAlgorithm) {
+ this.signatureAlgorithm = signatureAlgorithm;
+ }
+
+
+ public X509Certificate[] getIssuerCerts() {
+ return issuerCerts;
+ }
+
+ public void setIssuerCerts(X509Certificate[] issuerCerts) {
+ this.issuerCerts = issuerCerts;
+ }
+
+ public PrivateKey getIssuerPK() {
+ return issuerPK;
+ }
+
+ public void setIssuerPK(PrivateKey issuerPK) {
+ this.issuerPK = issuerPK;
+ }
+
+ public SignKeyHolder(){
+ }
+
+
+ public X509Certificate getEntityCertificate() {
+ return issuerCerts[0];
+ }
+
+
+ public Collection<X509Certificate> getEntityCertificateChain() {
+ return Arrays.asList(issuerCerts);
+ }
+
+ public Collection<X509CRL> getCRLs() {
+ return null;
+ }
+
+ public String getEntityId() {
+ return null;
+ }
+
+ public UsageType getUsageType() {
+ return null;
+ }
+
+ public Collection<String> getKeyNames() {
+ return null;
+ }
+
+ public PublicKey getPublicKey() {
+ return null;
+ }
+
+ public PrivateKey getPrivateKey() {
+ return issuerPK;
+ }
+
+ public SecretKey getSecretKey() {
+ return null;
+ }
+
+ public CredentialContextSet getCredentalContextSet() {
+ return null;
+ }
+
+ public Class<? extends Credential> getCredentialType() {
+ return null;
+ }
+}
diff --git a/1_5/modules/rampart-trust/sts-aar-resources/rahas-sts.jks b/1_5/modules/rampart-trust/sts-aar-resources/rahas-sts.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/1_5/modules/rampart-trust/sts-aar-resources/rahas-sts.jks
Binary files differ
diff --git a/1_5/modules/rampart-trust/sts-aar-resources/saml-issuer-config.xml b/1_5/modules/rampart-trust/sts-aar-resources/saml-issuer-config.xml
new file mode 100644
index 0000000..9daecb3
--- /dev/null
+++ b/1_5/modules/rampart-trust/sts-aar-resources/saml-issuer-config.xml
@@ -0,0 +1,46 @@
+<saml-issuer-config>
+ <issuerName>Test_STS</issuerName>
+
+ <!-- alias of the issuer's private key -->
+ <issuerKeyAlias>ip</issuerKeyAlias>
+
+ <!-- password of the issuer's private key -->
+ <issuerKeyPassword>password</issuerKeyPassword>
+
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">META-INF/rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+
+ <timeToLive>300000</timeToLive>
+
+ <keySize>256</keySize>
+
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+
+ <trusted-services>
+ <!-- The service name and the alias of the trusted cert to use -->
+ <service alias="bob">http://localhost:8080/axis2/services/STS</service>
+ </trusted-services>
+
+</saml-issuer-config>
diff --git a/1_5/modules/rampart-trust/sts-aar-resources/sct-issuer-config.xml b/1_5/modules/rampart-trust/sts-aar-resources/sct-issuer-config.xml
new file mode 100644
index 0000000..412fbc3
--- /dev/null
+++ b/1_5/modules/rampart-trust/sts-aar-resources/sct-issuer-config.xml
@@ -0,0 +1,29 @@
+<sct-issuer-config>
+
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">META-INF/rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+</sct-issuer-config>
diff --git a/1_5/modules/rampart-trust/sts-aar-resources/services.xml b/1_5/modules/rampart-trust/sts-aar-resources/services.xml
new file mode 100644
index 0000000..4274a75
--- /dev/null
+++ b/1_5/modules/rampart-trust/sts-aar-resources/services.xml
@@ -0,0 +1,89 @@
+<!-- Security token service configuration -->
+<service name="STS">
+
+ <operation name="RequestSecurityToken">
+ <messageReceiver class="org.apache.rahas.STSMessageReceiver"/>
+
+ <!-- Action mapping to accept SCT requests -->
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
+
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
+
+ </operation>
+
+ <!-- Using the config file -->
+ <parameter name="token-dispatcher-configuration-file">META-INF/token-dispatcher-configuration.xml</parameter>
+
+ <!-- Configure Rampart to authenticate clients -->
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+
+ <ramp:user>ip</ramp:user>
+ <ramp:encryptionUser>useReqSigCert</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">META-INF/rahas-sts.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+
+ </ramp:RampartConfig>
+
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/1_5/modules/rampart-trust/sts-aar-resources/token-canceler-config.xml b/1_5/modules/rampart-trust/sts-aar-resources/token-canceler-config.xml
new file mode 100644
index 0000000..c19c2cd
--- /dev/null
+++ b/1_5/modules/rampart-trust/sts-aar-resources/token-canceler-config.xml
@@ -0,0 +1,3 @@
+<token-canceler-config>
+
+</token-canceler-config>
diff --git a/1_5/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml b/1_5/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml
new file mode 100644
index 0000000..128b65f
--- /dev/null
+++ b/1_5/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml
@@ -0,0 +1,20 @@
+<token-dispatcher-configuration>
+ <!-- Issuers. You may have many issuers. -->
+ <issuer class="org.apache.rahas.impl.SCTIssuer" default="true">
+ <configuration type="file">sct-issuer-config.xml</configuration>
+ <tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType>
+ </issuer>
+ <issuer class="org.apache.rahas.impl.SAMLTokenIssuer">
+ <configuration type="file">META-INF/saml-issuer-config.xml</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+ </issuer>
+ <issuer class="org.apache.rahas.impl.SAML2TokenIssuer">
+ <configuration type="file">META-INF/saml-issuer-config.xml</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</tokenType>
+ </issuer>
+
+ <!-- Only a single canceler is allowed -->
+ <canceler class="org.apache.rahas.impl.TokenCancelerImpl">
+ <configuration type="file">META-INF/token-canceler-config.xml</configuration>
+ </canceler>
+</token-dispatcher-configuration>
\ No newline at end of file
diff --git a/1_5/pom.xml b/1_5/pom.xml
new file mode 100644
index 0000000..a551901
--- /dev/null
+++ b/1_5/pom.xml
@@ -0,0 +1,463 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <packaging>pom</packaging>
+ <description>WS-Security, WS-Trust and WS-SecureConversation implementaion for Apache Axis2</description>
+ <version>1.5</version>
+ <name>Apache Rampart</name>
+ <url>http://ws.apache.org/rampart</url>
+
+ <licenses>
+ <license>
+ <name>Apache License Version 2.0</name>
+ <url>http://www.apache.org/licenses/LICENSE-2.0</url>
+ </license>
+ </licenses>
+
+ <organization>
+ <name>Apache Software Foundation</name>
+ <url>http://www.apache.org</url>
+ </organization>
+
+ <issueManagement>
+ <system>JIRA</system>
+ <url>http://issues.apache.org/jira/browse/RAMPART</url>
+ </issueManagement>
+
+ <mailingLists>
+ <mailingList>
+ <name>Rampart Developers</name>
+ <subscribe>rampart-dev-subscribe@ws.apache.org</subscribe>
+ <unsubscribe>rampart-dev-unsubscribe@ws.apache.org</unsubscribe>
+ <post>rampart-dev@ws.apache.org</post>
+ <archive>http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/</archive>
+ <otherArchives>
+ <otherArchive>http://markmail.org/search/list:org.apache.ws.rampart-dev</otherArchive>
+ </otherArchives>
+ </mailingList>
+ </mailingLists>
+
+ <inceptionYear>2005</inceptionYear>
+
+ <developers>
+ <developer>
+ <name>Afkham Azeez</name>
+ <id>azeez</id>
+ <email>azeez AT wso2.com</email>
+ <organization>WSO2</organization>
+ </developer>
+ <developer>
+ <name>Ruchith Fernando</name>
+ <id>ruchith</id>
+ <email>ruchithf AT apache.org</email>
+ <organization>Purdue University</organization>
+ </developer>
+ <developer>
+ <name>Sanka Samaranayake</name>
+ <id>sanka</id>
+ <organization>WSO2</organization>
+ <email>sanka AT wso2.com</email>
+ </developer>
+ <developer>
+ <name>Davanum Srinivas</name>
+ <id>dims</id>
+ <email>dims AT wso2.com</email>
+ <organization>WSO2</organization>
+ </developer>
+ <developer>
+ <name>Nandana Mihindukulasooriya</name>
+ <id>nandana</id>
+ <email>nandana AT wso2.com</email>
+ <organization>WSO2</organization>
+ </developer>
+ </developers>
+
+ <scm>
+ <connection>
+ scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java
+ </connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java
+ </developerConnection>
+ <url>https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</url>
+ </scm>
+
+
+ <repositories>
+
+ <repository>
+ <id>wso2-maven2-repository</id>
+ <name>WSO2 Maven2 Repository</name>
+ <url>http://dist.wso2.org/maven2</url>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>never</updatePolicy>
+ <checksumPolicy>fail</checksumPolicy>
+ </releases>
+ </repository>
+
+ <repository>
+ <releases>
+ <enabled>false</enabled>
+ <updatePolicy>always</updatePolicy>
+ <checksumPolicy>warn</checksumPolicy>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>never</updatePolicy>
+ <checksumPolicy>fail</checksumPolicy>
+ </snapshots>
+ <id>apache-snapshots</id>
+ <name>Apache Maven2 SNAPSHOTS</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+ <layout>default</layout>
+ </repository>
+
+ <repository>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ <checksumPolicy>warn</checksumPolicy>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>never</updatePolicy>
+ <checksumPolicy>warn</checksumPolicy>
+ </snapshots>
+ <id>apache-ws-zones2</id>
+ <name>Apache ws.zones - 2</name>
+ <url>http://ws.zones.apache.org/repository2</url>
+ </repository>
+
+ <repository>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ <checksumPolicy>warn</checksumPolicy>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>never</updatePolicy>
+ <checksumPolicy>warn</checksumPolicy>
+ </snapshots>
+ <id>open-saml</id>
+ <name>OpenSAML</name>
+ <url>http://shibboleth.internet2.edu/downloads/maven2/</url>
+ </repository>
+
+
+ </repositories>
+
+
+ <pluginRepositories>
+
+ <pluginRepository>
+ <id>snapshot-apache</id>
+ <name>Apache Snapshot repository</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+
+ <pluginRepository>
+ <id>snapshot</id>
+ <name>Snapshot repository</name>
+ <url>http://snapshots.maven.codehaus.org/maven2</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+
+ </pluginRepositories>
+
+
+ <build>
+ <plugins>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>2.0</version>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <artifactId>maven-site-plugin</artifactId>
+ <version>2.0-beta-5</version>
+ <inherited>false</inherited>
+ </plugin>
+ </plugins>
+ </build>
+
+
+ <dependencies>
+
+ <!-- Axis2 Dependencies -->
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-kernel</artifactId>
+ <version>${axis2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>mex</artifactId>
+ <version>${axis2.version}</version>
+ <classifier>impl</classifier>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-mtompolicy</artifactId>
+ <version>${axis2.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>addressing</artifactId>
+ <type>mar</type>
+ <version>${addressing.mar.version}</version>
+ <scope>compile</scope>
+ </dependency>
+
+ <!-- Other Rampart Dependencies -->
+ <dependency>
+ <groupId>org.apache.ws.security</groupId>
+ <artifactId>wss4j</artifactId>
+ <version>${wss4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.santuario</groupId>
+ <artifactId>xmlsec</artifactId>
+ <version>${xmlsec.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ <version>1.1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ <version>2.2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-jdk14</artifactId>
+ <version>1.5.2</version>
+ </dependency>
+
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>${log4j.version}</version>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>javax.jms</groupId>
+ <artifactId>jms</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.sun.jdmk</groupId>
+ <artifactId>jmxtools</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.sun.jmx</groupId>
+ <artifactId>jmxri</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>oro</groupId>
+ <artifactId>oro</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <!-- Junit Dependency -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ </dependencies>
+
+
+ <profiles>
+ <profile>
+ <id>jdk14</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ <jdk>1.4</jdk>
+ </activation>
+ <dependencies>
+ <dependency>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk14</artifactId>
+ <version>${bcprov.jdk14.version}</version>
+ </dependency>
+ </dependencies>
+ </profile>
+
+ <profile>
+ <id>jdk15</id>
+ <activation>
+ <jdk>1.5</jdk>
+ </activation>
+ <dependencies>
+ <dependency>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ <version>${bcprov.jdk15.version}</version>
+ </dependency>
+ </dependencies>
+ </profile>
+
+ <profile>
+ <id>distribution</id>
+ <activation>
+ <property>
+ <name>release</name>
+ </property>
+ </activation>
+ <modules>
+ <module>modules/documentation</module>
+ <module>modules/distribution</module>
+ </modules>
+ </profile>
+
+ <profile>
+ <id>axiom-managed</id>
+ <activation>
+ <property>
+ <name>axiom.version</name>
+ </property>
+ </activation>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-api</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-impl</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-dom</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+ </profile>
+ <profile>
+ <id>sign</id>
+ <activation>
+ <property>
+ <name>sign</name>
+ </property>
+ </activation>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-gpg-plugin</artifactId>
+ <version>1.0-alpha-3</version>
+ <executions>
+ <execution>
+ <id>sign-artifacts</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>sign</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+
+ <modules>
+ <module>modules/rampart-policy</module>
+ <module>modules/rampart-trust</module>
+ <module>modules/rampart-core</module>
+ <module>modules/rampart-tests</module>
+ <module>modules/rampart-mar</module>
+ <module>modules/rampart-trust-mar</module>
+ <module>modules/rampart-integration</module>
+ </modules>
+
+ <properties>
+
+ <rampart.version>${pom.version}</rampart.version>
+ <rampart.mar.version>1.5</rampart.mar.version>
+ <rahas.mar.version>1.5</rahas.mar.version>
+
+ <axis2.version>1.5.1</axis2.version>
+ <axis2.transport.version>1.0.0</axis2.transport.version>
+ <addressing.mar.version>1.5</addressing.mar.version>
+
+ <wss4j.version>1.5.8</wss4j.version>
+ <xmlsec.version>1.4.2</xmlsec.version>
+ <opensaml.version>1.1</opensaml.version>
+
+ <bcprov.jdk14.version>140</bcprov.jdk14.version>
+ <bcprov.jdk15.version>140</bcprov.jdk15.version>
+
+ <junit.version>3.8.2</junit.version>
+ <log4j.version>1.2.15</log4j.version>
+
+ <!-- distribution properties -->
+ <dist.dir>rampart-${pom.version}</dist.dir>
+ <failIfNoTests>false</failIfNoTests>
+
+ </properties>
+
+ <distributionManagement>
+ <repository>
+ <id>apache-repo</id>
+ <name>Maven Central Repository</name>
+ <url>
+ scpexe://people.apache.org//www/people.apache.org/repo/m2-ibiblio-rsync-repository
+ </url>
+ </repository>
+ <snapshotRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Development Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-snapshot-repository</url>
+ <uniqueVersion>false</uniqueVersion>
+ </snapshotRepository>
+ <site>
+ <id>website</id>
+ <url>scpexe://people.apache.org/www/ws.apache.org/rampart</url>
+ </site>
+ </distributionManagement>
+
+</project>
diff --git a/1_5/release-docs/ChangeLog.txt b/1_5/release-docs/ChangeLog.txt
new file mode 100644
index 0000000..5d25017
--- /dev/null
+++ b/1_5/release-docs/ChangeLog.txt
@@ -0,0 +1,169 @@
+This file contains a listing of all Jira issues that have been closed
+for a given release.
+
+Release 1.5
+===========
+
+** Bug
+ * [RAMPART-189] - WS-Security rampart uses wrong token in service response
+ * [RAMPART-191] - NullPointerException in AbstractHTTPSender.java:126 leading to "Unexpected number of certificates: 0"
+ * [RAMPART-193] - Missing signature in SOAP fault messages
+ * [RAMPART-209] - https urls are present in the src checkout page for both anonymous and developpers
+ * [RAMPART-230] - Rampart expands message object model unnecessarily
+ * [RAMPART-232] - Problem when body is signed and then an XPath is encrypted
+ * [RAMPART-244] - Invalid behavior when empty <sp:EncryptedParts/> element present in the policy
+ * [RAMPART-247] - Rampart fails to handle scenarios where password type is not set by default in UsernameToken [where 'type' is not included in the UsernameToken element]
+ * [RAMPART-249] - The way attached references and unattached references created incorrectly for SAML tokens and does not interop with WCF
+ * [RAMPART-250] - For SecureConversationToken key identifier type not set properly
+ * [RAMPART-251] - <EncryptedElements/> fails when the element is not namespce qualified
+ * [RAMPART-255] - Sample05 does not work correctly
+ * [RAMPART-257] - "build.xml" file inside the samples/policy does not copy the correct versions of the rampart, rahas, and addressing mar files.
+ * [RAMPART-259] - SAML2TokenIssuer calls DefaultBootstrap.bootstrap() per every request and attribute call back handler not being called
+ * [RAMPART-260] - Sample06 does not work correctly
+ * [RAMPART-262] - SymmetricBinding client can invoke the AsymmetricBinding service policy
+
+** Improvement
+ * [RAMPART-200] - Provide capability to configure x509 supporting token certificates different from the ones used for the assymetric binding
+ * [RAMPART-233] - Tests are required for negative scenario testing
+ * [RAMPART-242] - Test Cases are required for upcoming SAML2.0 support in Rampart
+ * [RAMPART-243] - Updating the README.txt and the contents of the binary distribution corresponding to SAML 2.0 support
+ * [RAMPART-245] - Supporting same type of multiple SupprtingToken
+ * [RAMPART-246] - Need to able to set a AttributeCallbackHandler class by name to the SAMLTokenIssuerConfig
+ * [RAMPART-248] - Caching crypto objects to improve the performance when using the same crypto for signing and encrypting.
+ * [RAMPART-256] - Sample for a policy having multiple supporting tokens - enabling to sign/encrypt with multiple keys
+ * [RAMPART-258] - A sample is required to demonstrate the SAML 2.0 Token issuing capability in Rampart
+
+** New Feature
+ * [RAMPART-231] - Implementing the SAML 2.0 support in Rampart
+
+Release 1.4 - 12/Jun/2008
+=========================
+
+** Bug
+ * [RAMPART-41] - "IncludeToken/Once" is not handled properly in Rampart
+ * [RAMPART-84] - "SupportingTokens" Token Inop for Asymetric Binding (Sign before Encrypt)
+ * [RAMPART-86] - Test the SymmetricBinding implementation
+ * [RAMPART-88] - Policy sample "sample-tomcat" incorrectly adds client.jks to Client's truststore
+ * [RAMPART-89] - License files missing in distribution
+ * [RAMPART-90] - Rampart must respond using the applicable WS-Policy even when returning a fault
+ * [RAMPART-91] - Wrong KeyIdentifierType in WSSecSignature and WSSecEncryptedKey
+ * [RAMPART-92] - Error in checking generated encrypted parts with the policy
+ * [RAMPART-93] - ValueType is not set correctly in the Signature when a encrypted key is used to sign
+ * [RAMPART-100] - Missing encrypted key token in response when Asymmetric Binding is used
+ * [RAMPART-101] - Rampart uses xmlsec-1.4.0
+ * [RAMPART-102] - Policy Validation Error
+ * [RAMPART-104] - Rampart generates empty reference lists
+ * [RAMPART-107] - Rampart ignores the MTOM assertion in the bootstrap policy in secure conversation
+ * [RAMPART-108] - Policy Validator doesn't check the transport when Transport binding is used with HttpsToken
+ * [RAMPART-109] - Error in placement of reference list in No-Timestamp scenarios
+ * [RAMPART-110] - Symmetric binding scenario: "Cannot find Reference in Manifest" Exception is thrown
+ * [RAMPART-114] - "Unexpected signature" exception thrown when using Signed/SupportingTokens Assertion
+ * [RAMPART-115] - Incrorrect reference URI in the soap response in Secure Conversation Scenarios
+ * [RAMPART-117] - 1.3 not available on download page
+ * [RAMPART-122] - /sp:EncryptedParts/sp:Header needs qualified attribute names
+ * [RAMPART-123] - client stub are not given the namespace declaration for <sp:EncryptedElements>
+ * [RAMPART-124] - /sp:SignedParts/sp:Header selects no elements if the Name attribute is unspecified
+ * [RAMPART-125] - Encryption of SOAP Headers broken
+ * [RAMPART-127] - Possible Security Hole
+ * [RAMPART-129] - Validation of supporting tokens according to a service's policy
+ * [RAMPART-130] - MTOM with WS-Security
+ * [RAMPART-131] - Rampart security header problem
+ * [RAMPART-132] - Issue with XPath configuration inside RampartUtil
+ * [RAMPART-133] - Supporting tokens are not added to the soap header
+ * [RAMPART-136] - Rampart doesn't support RequiredElements Assertion
+ * [RAMPART-138] - Created response of SymmetricBindingBuilder WITHOUT timestamp is incorrect
+ * [RAMPART-139] - SignatureToken doesn't work for Symetricbinding
+ * [RAMPART-140] - Processing of response fails if a security policy is set
+ * [RAMPART-141] - Issue of Rampart not supporting X509PKIPathv1 token
+ * [RAMPART-143] - Policy with 'Layout' 'Lax' having no subelements leads to a NullPointerException in PolicyEngine
+ * [RAMPART-145] - When we use an issued token for sig/encrypt we must use the attached reference or unattached reference as specified by policy
+ * [RAMPART-146] - The exact elements that are equired to be encrypted are not validated
+ * [RAMPART-147] - Header parts included in EncryptedParts are not processed by Rampart
+ * [RAMPART-148] - Release notes are not copied to source distribution
+ * [RAMPART-149] - Improvements to the documentation
+ * [RAMPART-151] - Rahas docs not being built
+ * [RAMPART-153] - Incorrect links given in source checkout page
+ * [RAMPART-157] - Duplicate namespace declaration in SingedEncryptedElements assertion
+ * [RAMPART-160] - Source files are also copied in to Rampart jars
+ * [RAMPART-161] - java.util.ConcurrentModificationException while a token is associated with a user when sevaral users are using a service
+ * [RAMPART-162] - NullPointerException thrown when a non-existing algorythm suite is used in a policy file when invoking a secured service
+ * [RAMPART-165] - Exception in Rampart Processing causes NPE
+ * [RAMPART-166] - Wrong SoapFault code accessing a Secure endpoint without security
+ * [RAMPART-167] - Remove bouncycastle from the distribution and add a note
+ * [RAMPART-168] - When SecureConversationTokens are used Rampart always try to use the attached reference
+ * [RAMPART-169] - HttpsToken serializer does not support ws-securitypolicy 1.2
+
+** Improvement
+ * [RAMPART-85] - Uncommented and fixed AsymmetricBindingBuilderTest
+ * [RAMPART-94] - Change rampart implementation to use same encrypted key in both request and response messages
+ * [RAMPART-99] - add userCertAlias parameter to Rampart Configuration
+ * [RAMPART-103] - include a note on adding bouncycastle as a security provider in the JRE
+ * [RAMPART-105] - Update RampartTest to include test scenarios for RAMPART-99, RAMPART-102 and RAMPART-104
+ * [RAMPART-106] - Encrypt the Username Token when it is used as a supporting token
+ * [RAMPART-113] - Enforce transport level security when Transport binding is used with Https Token
+ * [RAMPART-120] - sources unavailable in maven repository
+ * [RAMPART-134] - Add WS - Security Policy 1.2 support to Rampart
+ * [RAMPART-135] - Allow custom implementation of PolicyBasedResultsValidator using callback handler mechanism
+ * [RAMPART-137] - Add tests for encrypted supporting token scenarios
+ * [RAMPART-152] - Timestamp Precision In Milliseconds Configuration
+ * [RAMPART-163] - Update the WS wiki with Rampart information
+
+** New Feature
+ * [RAMPART-87] - Add renewal and validation support for issued token
+ * [RAMPART-95] - Support Encrypted Header
+
+
+
+** Task
+ * [RAMPART-158] - Create a FAQ
+ * [RAMPART-159] - Fix Releases/Versions in Rampart JIRA
+
+Release 1.3 - 06/Sep/07
+=======================
+
+** Bug
+ * [RAMPART-32] - Processing of <Issuer> and <RequestSecurityTokenTemplate> in class org.apache.ws.secpolicy.builders.IssuedTokenBuilder is wrong.
+ * [RAMPART-42] - TransportBinding does not encrypt the message payload
+ * [RAMPART-49] - RampartPolicyBuilder logs to console/System.out
+ * [RAMPART-52] - UsernameToken Builder Bug.
+ * [RAMPART-53] - rampart causes problems with hierarchies
+ * [RAMPART-57] - Move generated code into target directory in rampart-integration test
+ * [RAMPART-58] - problems engaging rampart per operation
+ * [RAMPART-62] - Build failure on Mac OS
+ * [RAMPART-76] - Rampart 1.3.mar throws error with Axis2 1.3
+ * [RAMPART-79] - setAction in Options does not create a non-null "Action" element in the SOAP Header
+
+** Improvement
+ * [RAMPART-17] - Create Apache Rampart website
+ * [RAMPART-20] - Improve logging
+ * [RAMPART-27] - The user in the configuration for UsernameToken and Signature should be different
+ * [RAMPART-48] - RampartMessageData class needs tightening
+ * [RAMPART-51] - Rampart developer guide
+ * [RAMPART-54] - Reviewed the Developer Guide
+
+Release 1.2 - 02/Jun/07
+=======================
+
+** Bug
+ * [RAMPART-12] - ClassCastException in fault parsing
+ * [RAMPART-28] - Cannot add parts of the header for encryption
+ * [RAMPART-34] - SignedEncryptedSupportingTokens assertion does not work
+ * [RAMPART-35] - SignedSupportingTokens does not sign the UsernameToken
+ * [RAMPART-36] - Using the "SupportingTokens" assertion throws exception
+ * [RAMPART-37] - SymmetricBinding is broken
+ * [RAMPART-43] - When IncludeTimestamp is commented in Sample03 service throws a Nullpointer exception.
+
+
+** New Feature
+ * [RAMPART-38] - AsymmetricBinding does not support UsernameToken as a supporting token
+ * [RAMPART-40] - implementation of the Xpath support
+
+
+
+
+
+
+
+
+
+
diff --git a/1_5/release-docs/LICENSE.txt b/1_5/release-docs/LICENSE.txt
new file mode 100755
index 0000000..6b0b127
--- /dev/null
+++ b/1_5/release-docs/LICENSE.txt
@@ -0,0 +1,203 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/1_5/release-docs/NOTICE.txt b/1_5/release-docs/NOTICE.txt
new file mode 100644
index 0000000..323c4b2
--- /dev/null
+++ b/1_5/release-docs/NOTICE.txt
@@ -0,0 +1,9 @@
+Apache Rampart
+Copyright 2010 The Apache Software Foundation
+
+This product includes software developed by
+The Apache Software Foundation (http://www.apache.org/).
+
+Please read the different LICENSE files present in the lib directory of
+this distribution.
+
diff --git a/1_5/release-docs/README.txt b/1_5/release-docs/README.txt
new file mode 100644
index 0000000..b20105b
--- /dev/null
+++ b/1_5/release-docs/README.txt
@@ -0,0 +1,133 @@
+======================================================
+Apache Rampart-1.5 build (Jan 3, 2010)
+
+http://ws.apache.org/rampart/
+------------------------------------------------------
+
+_______________________________
+Contents of Binary Distribution
+===============================
+
+lib - This directory contains all the libraries required by rampart
+ in addition to the libraries available in the axis2 standard binary
+ release.
+
+
+rampart-1.5.mar - WS-Security and WS-SecureConversation support for Axis2
+rahas-1.5.mar - STS module - to be used to add STS operations to a service
+
+samples - This contains samples on using Apache Rampart and configuring
+ different components to carryout different WS-Sec* operations.
+
+README.txt - This file
+
+build.xml - Setup file to copy all jars to required places
+____________
+Installation
+============
+
+Using Ant
+---------
+Run ant script on extracted binary distribution and it will copy the required files to Axis2. You have to set the AXIS2_HOME system variable to point to your Axis2 binary distribution.
+
+Manual Installation
+-------------------
+You can copy the required libraries and module files manually. You need copy all the libraries in the lib directory of Rampart binary distribution to Axis2 lib directory and all the module files to in the modules directory of Rampart binary distribution to Axis2 modules directory.
+
+Axis2 lib directory – AXIS2_HOME/lib (Standard binary distribution ) or axis2/WEB-INF/lib (WAR)
+
+Axis2 modules directory – AXIS2_HOME/repository/modules (Standard binary distribution ) or axis2/WEB-INF/modules (WAR)
+
+
+IMPORTANT:
+Before you build rampart from source distribution, you need provision for
+unlimited security jurisdiction as some of the test cases use key size of
+256. So you need to download jce_policy-x_y_z.zip (relevant to your JDK version)
+and replace the old jar files (local_policy.jar and US_export_policy.jar) in
+$JAVA_HOME/jre/lib/security. These files are listed in sun download site,
+under the your JDK version as Java(TM) Cryptography Extension (JCE) Unlimited
+Strength Jurisdiction Policy Files.
+
+Bouncy castle jars are no longer shipped with Rampart binary distribution
+due some patent issues.But as bouncy castle jars are necessary for Rampart, users
+will have to manually download and copy the bouncy castle jar corresponding the
+relevant JDK. Bouncy castle jars can be downloaded from
+http://www.bouncycastle.org/latest_releases.html
+
+Adding bouncycastle as a security provider
+
+1.) Download bouncycastle according to your java version. You can download
+bouncycastle from the following link.
+http://www.bouncycastle.org/latest_releases.html
+2.) Add the bcprov-jdkXX-139.jar to your service's / client's classpath.
+3.) Add the following line to java.security file which can be found in JRE's
+lib/security directory as the last line.
+security.provider.X=org.bouncycastle.jce.provider.BouncyCastleProvider
+
+Test cases written for SAML 2.0 support requires endorsing the JDK's default JAXP
+implementation with Xerces(http://xerces.apache.org/mirrors.cgi#binary) and
+Xalan(http://xml.apache.org/xalan-j/downloads.html#latest-release). So before building Rampart from the
+source distribution, you need to copy resolver-x.x.x.jar, serializer-x.x.x.jar, xercesImpl-x.x.x.jar
+and xml-apis-x.x.x.jar from the Xerces binary distribution and xalan-x.x.x.jar from the xalan binary
+distribution to the endorsed directory. If you are using Sun JDK, endorsed directory is located at
+$JAVA_HOME/jre/lib/endorsed.
+
+When Rampart is deployed in a particular application server, please refer to the endorsing mechanism
+recommended for that server and endorse the JAXP implementation using the set of jars mentioned above.
+
+Before you try any of the samples make sure you
+
+1.) Have the Axis2 standard binary distribution downloaded and extracted.
+2.) Set the AXIS2_HOME environment variable
+3.) Run ant from the "samples" directory to copy the required libraries and
+ modules to relevant directories in AXIS2_HOME.
+
+___________________
+Crypto Notice
+===================
+
+ This distribution includes cryptographic software. The country in
+ which you currently reside may have restrictions on the import,
+ possession, use, and/or re-export to another country, of
+ encryption software. BEFORE using any encryption software, please
+ check your country's laws, regulations and policies concerning the
+ import, possession, or use, and re-export of encryption software, to
+ see if this is permitted. See <http://www.wassenaar.org/> for more
+ information.
+
+ The U.S. Government Department of Commerce, Bureau of Industry and
+ Security (BIS), has classified this software as Export Commodity
+ Control Number (ECCN) 5D002.C.1, which includes information security
+ software using or performing cryptographic functions with asymmetric
+ algorithms. The form and manner of this Apache Software Foundation
+ distribution makes it eligible for export under the License Exception
+ ENC Technology Software Unrestricted (TSU) exception (see the BIS
+ Export Administration Regulations, Section 740.13) for both object
+ code and source code.
+
+ The following provides more details on the included cryptographic
+ software:
+
+ Apache Santuario : http://santuario.apache.org/
+ Apache WSS4J : http://ws.apache.org/wss4j/
+ Bouncycastle : http://www.bouncycastle.org/
+
+___________________
+Support
+===================
+
+Any problem with this release can be reported to Rampart mailing list
+or in the JIRA issue tracker.
+
+Mailing list subscription:
+ rampart-dev-subscribe@ws.apache.org
+
+Jira:
+ http://issues.apache.org/jira/browse/RAMPART
+
+
+Thank you for using Apache Rampart!
+
+The Apache Rampart team.
+
+[1] http://www.apache.org/dist/java-repository/xalan/jars/
diff --git a/1_5/release-docs/build.xml b/1_5/release-docs/build.xml
new file mode 100644
index 0000000..7a2dbd5
--- /dev/null
+++ b/1_5/release-docs/build.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<project basedir="." default="setup">
+
+ <property name="lib.dir" value="lib"/>
+ <property name="modules.dir" value="."/>
+
+ <property environment="env"/>
+
+ <target name="check.dependency" unless="env.AXIS2_HOME">
+ <echo message="AXIS2_HOME must be set"/>
+ </target>
+
+ <!-- Copy the required jars and mars appropriately -->
+ <target name="setup" if="env.AXIS2_HOME" depends="check.dependency">
+
+ <property name="axis2.modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="axis2.lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <copy todir="${axis2.lib.dir}">
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </copy>
+
+ <copy todir="${axis2.modules.dir}">
+ <fileset dir="${modules.dir}">
+ <include name="**/*.mar"/>
+ </fileset>
+ </copy>
+
+ </target>
+
+</project>
diff --git a/1_5/release-docs/release-notes.html b/1_5/release-docs/release-notes.html
new file mode 100644
index 0000000..ed6909b
--- /dev/null
+++ b/1_5/release-docs/release-notes.html
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+ <title>Apache Rampart - Release Notes</title>
+ <meta name="generator" content="amaya 9.2.2, see http://www.w3.org/Amaya/"
+ />
+</head>
+
+<body>
+<h1>Apache Rampart Release Notes</h1>
+
+<p>This is the 1.5 release of Apache Rampart.</p>
+
+<p>Apache Rampart 1.5 is a toolkit that provides implementations of the WS-Sec*
+specifications for Apache Axis2 1.5, based on Apache WSS4J 1.5.8 and
+the Apache AXIOM-DOOM 1.2.8 implementation.</p>
+
+<b>What is in this release</b>
+
+<p>There are two main Apache Axis2 modules provided with this release.</p>
+<ul>
+<li>rampart-1.5.mar</li>
+This provides support for WS-Security and WS-SecureConversation features.
+<li>rahas-1.5.mar</li>
+This module provides the necessary components to enable SecurityTokenService
+functionality on a service.
+</ul>
+
+<p>Apache Rampart 1.2 uses a configuration model based on WS-Policy
+and WS-Security Policy and it is important to note that Apache Rampart 1.0 style
+configuration is also available even though being marked as deprecated.
+</p>
+
+<p>Apache Rampart 1.5 can be successfully used with the next Apache Sandesha2
+release targeted towards Apache Axis2 1.5 to configure
+WS-SecureConversation + WS-ReliableMessaging scenarios.</p>
+<p>
+The rampart module was successfully tested for interoperability with other
+WS-Security implementations.</p>
+
+<p>WS - Sec* specifications supported by Apache Rampart are as follows:</p>
+
+<ul>
+<li>WS - Security 1.0</li>
+<li>WS - Secure Conversation - February 2005</li>
+<li>WS - Security Policy - 1.1 - July 2005</li>
+<li>WS - Trust - February 2005</li>
+<li>WS - Trust - WS-SX specification</li>
+<li>SAML Specification - 1.1 </li>
+<li>SAML Specification - 2.0 </li>
+</ul>
+
+
+
+
+<p>Thank you for using Apache Rampart.</p>
+
+<p></p>
+
+<p>Apache Rampart team</p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+</body>
+</html>
