Google Git
Sign in
apache / ws-wss4j / refs/heads/2_0_x-fixes / . / policy / rampart-project.patch
blob: 4576e76c0e91f676cc061a54b8da5dc58836251e [file] [log] [blame]
Index: modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
===================================================================
--- modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java (revision 1207051)
+++ modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java (working copy)
@@ -43,8 +43,8 @@
import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
+import org.apache.ws.secpolicy.model.AbstractBinding;
import org.apache.ws.secpolicy.model.AlgorithmSuite;
-import org.apache.ws.secpolicy.model.Binding;
import org.apache.ws.secpolicy.model.Trust10;
import org.apache.ws.secpolicy.model.Trust13;
import org.apache.ws.security.WSConstants;
@@ -58,6 +58,8 @@
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -511,8 +513,8 @@
P_SHA1 p_sha1 = new P_SHA1();
int length = (this.keySize > 0) ? keySize
- : this.algorithmSuite
- .getMaximumSymmetricKeyLength();
+ : this.algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength();
+
try {
secret = p_sha1.createKey(this.requestorEntropy, serviceEntr, 0, length/8);
} catch (ConversationException e) {
@@ -618,11 +620,11 @@
for (Iterator iter = issuerAssertions.iterator(); iter.hasNext();) {
Assertion tempAssertion = (Assertion) iter.next();
//find the AlgorithmSuite assertion
- if (tempAssertion instanceof Binding) {
+ if (tempAssertion instanceof AbstractBinding) {
log.debug("Extracting algo suite from issuer policy binding");
- this.algorithmSuite = ((Binding) tempAssertion)
+ this.algorithmSuite = ((AbstractBinding) tempAssertion)
.getAlgorithmSuite();
}
}
@@ -718,8 +720,7 @@
ent,
RahasConstants.BIN_SEC_TYPE_NONCE);
this.requestorEntropy =
- WSSecurityUtil.generateNonce(this.algorithmSuite.
- getMaximumSymmetricKeyLength()/8);
+ WSSecurityUtil.generateNonce(this.algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength()/8);
binSec.setText(Base64.encode(this.requestorEntropy));
if (log.isDebugEnabled()) {
@@ -744,8 +745,7 @@
ent,
RahasConstants.BIN_SEC_TYPE_NONCE);
this.requestorEntropy =
- WSSecurityUtil.generateNonce(this.algorithmSuite.
- getMaximumSymmetricKeyLength()/8);
+ WSSecurityUtil.generateNonce(this.algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength()/8);
binSec.setText(Base64.encode(this.requestorEntropy));
if (log.isDebugEnabled()) {
Index: modules/rampart-trust/pom.xml
===================================================================
--- modules/rampart-trust/pom.xml (revision 1207051)
+++ modules/rampart-trust/pom.xml (working copy)
@@ -63,9 +63,35 @@
<version>${project.version}</version>
</dependency>
<dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-kernel</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>mex</artifactId>
+ <classifier>impl</classifier>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-mtompolicy</artifactId>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.security</groupId>
+ <artifactId>wss4j</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.apache.ws.commons.axiom</groupId>
<artifactId>axiom-dom</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml1</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ </dependency>
</dependencies>
<reporting>
Index: modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
===================================================================
--- modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java (revision 1207051)
+++ modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java (working copy)
@@ -30,10 +30,9 @@
import org.apache.neethi.PolicyEngine;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
-import org.apache.rampart.util.HandlerParameterDecoder;
import org.apache.rampart.util.RampartUtil;
-import org.apache.ws.secpolicy.model.Binding;
-import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.AbstractBinding;
+import org.apache.ws.secpolicy.model.SupportingTokens;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;
@@ -130,11 +129,11 @@
for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
Assertion assertion = (Assertion) iterator.next();
//Check for any *Binding assertion
- if (assertion instanceof Binding) {
+ if (assertion instanceof AbstractBinding) {
securityPolicyPresent = true;
break;
// There can be security policies containing only supporting tokens
- } else if (assertion instanceof SupportingToken) {
+ } else if (assertion instanceof SupportingTokens) {
securityPolicyPresent = true;
break;
}
Index: modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
===================================================================
--- modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java (revision 1207051)
+++ modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java (working copy)
@@ -19,6 +19,9 @@
import org.apache.axiom.om.OMElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.neethi.builders.xml.XmlPrimitiveAssertion;
import org.apache.rahas.TrustException;
import org.apache.rampart.RampartConstants;
import org.apache.rampart.RampartException;
@@ -28,10 +31,7 @@
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.SPConstants;
-import org.apache.ws.secpolicy.model.AlgorithmSuite;
-import org.apache.ws.secpolicy.model.SupportingToken;
-import org.apache.ws.secpolicy.model.Token;
-import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.secpolicy.model.*;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import WSSecurityException;
@@ -45,8 +45,10 @@
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import javax.xml.namespace.QName;
import java.util.HashMap;
import java.util.Iterator;
+import java.util.List;
import java.util.Vector;
public class AsymmetricBindingBuilder extends BindingBuilder {
@@ -54,7 +56,7 @@
private static Log log = LogFactory.getLog(AsymmetricBindingBuilder.class);
private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
- private Token sigToken;
+ private AbstractToken sigToken;
private WSSecSignature sig;
@@ -84,7 +86,7 @@
this.addTimestamp(rmd);
}
- if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ if (AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning == rpd.getProtectionOrder()) {
this.doEncryptBeforeSig(rmd);
} else {
this.doSignBeforeEncrypt(rmd);
@@ -116,7 +118,7 @@
/*
* We MUST use keys derived from the same token
*/
- Token encryptionToken = null;
+ AbstractToken encryptionToken = null;
if(rmd.isInitiator()) {
encryptionToken = rpd.getRecipientToken();
} else {
@@ -140,7 +142,7 @@
throw new RampartException("rampartConigMissing");
}
- if (encryptionToken.isDerivedKeys()) {
+ if (encryptionToken.getDerivedKeys() != null) {
try {
this.setupEncryptedKey(rmd, encryptionToken);
// Create the DK encryption builder
@@ -148,7 +150,7 @@
dkEncr.setParts(encrParts);
dkEncr.setExternalKey(this.encryptedKeyValue,
this.encryptedKeyId);
- dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength()/8);
+ dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getEncryptionDerivedKeyLength()/8);
dkEncr.prepare(doc);
// Get and add the DKT element
@@ -169,9 +171,9 @@
encr.setWsConfig(rmd.getConfig());
encr.setDocument(doc);
RampartUtil.setEncryptionUser(rmd, encr);
- encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption());
RampartUtil.setKeyIdentifierType(rmd, encr, encryptionToken);
- encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+ encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricKeyWrap());
encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader()));
Element bstElem = encr.getBinarySecurityTokenElement();
@@ -215,30 +217,30 @@
if (rmd.isInitiator()) {
// Now add the supporting tokens
- SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+ SupportingTokens sgndSuppTokens = rpd.getSignedSupportingTokens();
sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
- SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+ SupportingTokens endSuppTokens = rpd.getEndorsingSupportingTokens();
endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
- SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ SupportingTokens sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
- SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
+ SupportingTokens sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
- SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
+ SupportingTokens endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
- SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
+ SupportingTokens sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
Vector supportingToks = rpd.getSupportingTokensList();
for (int i = 0; i < supportingToks.size(); i++) {
- this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ this.handleSupportingTokens(rmd, (SupportingTokens)supportingToks.get(i));
}
- SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
+ SupportingTokens encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
this.handleSupportingTokens(rmd, encryptedSupportingToks);
//Setup signature parts
@@ -302,7 +304,7 @@
Element secondRefList = null;
- if (encryptionToken.isDerivedKeys()) {
+ if (encryptionToken.getDerivedKeys() != null) {
try {
secondRefList = dkEncr.encryptForExternalRef(null,
@@ -371,30 +373,30 @@
if (rmd.isInitiator()) {
// Now add the supporting tokens
- SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+ SupportingTokens sgndSuppTokens = rpd.getSignedSupportingTokens();
sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
- SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+ SupportingTokens endSuppTokens = rpd.getEndorsingSupportingTokens();
endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
- SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ SupportingTokens sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
- SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
+ SupportingTokens sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
- SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
+ SupportingTokens endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
- SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
+ SupportingTokens sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
Vector supportingToks = rpd.getSupportingTokensList();
for (int i = 0; i < supportingToks.size(); i++) {
- this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ this.handleSupportingTokens(rmd, (SupportingTokens)supportingToks.get(i));
}
- SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
+ SupportingTokens encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
this.handleSupportingTokens(rmd, encryptedSupportingToks);
//Setup signature parts
@@ -472,7 +474,7 @@
}
//Do encryption
- Token encrToken;
+ AbstractToken encrToken;
if (rmd.isInitiator()) {
encrToken = rpd.getRecipientToken();
} else {
@@ -482,7 +484,7 @@
if(encrToken != null && encrParts.size() > 0) {
Element refList = null;
AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
- if(encrToken.isDerivedKeys()) {
+ if(encrToken.getDerivedKeys() != null) {
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
@@ -494,8 +496,8 @@
dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ WSConstants.ENC_KEY_VALUE_TYPE);
- dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
- dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()/8);
+ dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
+ dkEncr.setDerivedKeyLength(algorithmSuite.getAlgorithmSuiteType().getEncryptionDerivedKeyLength()/8);
dkEncr.prepare(doc);
@@ -529,8 +531,8 @@
encr.setDocument(doc);
RampartUtil.setEncryptionUser(rmd, encr);
- encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
- encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
+ encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
+ encr.setKeyEncAlgo(algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap());
encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()));
@@ -575,7 +577,7 @@
SupportingPolicyData policyData = null;
if (supportingTokens.get(i) != null) {
policyData = (SupportingPolicyData) supportingTokens.get(i);
- Token supportingEncrToken = policyData.getEncryptionToken();
+ AbstractToken supportingEncrToken = policyData.getEncryptionToken();
Vector supoortingEncrParts = RampartUtil.getSupportingEncryptedParts(rmd,
policyData);
@@ -597,7 +599,7 @@
private void doSupportingSignature(RampartMessageData rmd, Vector supportingSigParts,
SupportingPolicyData supportingData) throws RampartException {
- Token supportingSigToken;
+ AbstractToken supportingSigToken;
WSSecSignature supportingSig;
Element supportingSignatureElement;
@@ -611,8 +613,23 @@
if (!(supportingSigToken instanceof X509Token)) {
return;
}
+
+ String userCertAlias = null;
+ QName USER_CERT_ALIAS_QNAME = new QName("http://ws.apache.org/rampart/policy", "userCertAlias");
+ Policy nestedPolicy = supportingSigToken.getPolicy();
+ Iterator<List<Assertion>> assertionListIterator = nestedPolicy.getAlternatives();
+ while (assertionListIterator.hasNext()) {
+ List<Assertion> assertionList = assertionListIterator.next();
+ for (int i = 0; i < assertionList.size(); i++) {
+ Assertion assertion = assertionList.get(i);
+ if (USER_CERT_ALIAS_QNAME.equals(assertion.getName())) {
+ userCertAlias = ((XmlPrimitiveAssertion)assertion).getTextValue();
+ break;
+ }
+ }
+ }
supportingSig = this.getSignatureBuilder(rmd, supportingSigToken,
- ((X509Token) supportingSigToken).getUserCertAlias());
+ userCertAlias);
Element bstElem = supportingSig.getBinarySecurityTokenElement();
if (bstElem != null) {
bstElem = RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), bstElem);
@@ -624,7 +641,7 @@
}
try {
- supportingSig.setDigestAlgo(rmd.getPolicyData().getAlgorithmSuite().getDigest());
+ supportingSig.setDigestAlgo(rmd.getPolicyData().getAlgorithmSuite().getAlgorithmSuiteType().getDigest());
supportingSig.addReferencesToSign(supportingSigParts, rmd.getSecHeader());
supportingSig.computeSignature();
@@ -661,7 +678,7 @@
sigToken = rpd.getRecipientToken();
}
- if (sigToken.isDerivedKeys()) {
+ if (sigToken.getDerivedKeys() != null) {
// Set up the encrypted key to use
if(this.encrKey == null) {
setupEncryptedKey(rmd, sigToken);
@@ -674,7 +691,7 @@
dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite()
.getSymmetricSignature());
dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite()
- .getSignatureDerivedKeyLength() / 8);
+ .getAlgorithmSuiteType().getSignatureDerivedKeyLength() / 8);
dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+ WSConstants.ENC_KEY_VALUE_TYPE);
try {
@@ -729,7 +746,7 @@
}
try {
- sig.setDigestAlgo(rpd.getAlgorithmSuite().getDigest());
+ sig.setDigestAlgo(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getDigest());
sig.addReferencesToSign(sigParts, rmd.getSecHeader());
sig.computeSignature();
@@ -753,7 +770,7 @@
}
private void doEncryptionWithSupportingToken(RampartPolicyData rpd, RampartMessageData rmd,
- Token encrToken, Document doc, Vector encrParts) throws RampartException {
+ AbstractToken encrToken, Document doc, Vector encrParts) throws RampartException {
Element refList = null;
try {
if (!(encrToken instanceof X509Token)) {
@@ -767,9 +784,25 @@
encr.setWsConfig(rmd.getConfig());
encr.setDocument(doc);
- RampartUtil.setEncryptionUser(rmd, encr, ((X509Token) encrToken).getEncryptionUser());
- encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
- encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+
+ String encryptionUser = null;
+ QName ENCRYPTION_USER_QNAME = new QName("http://ws.apache.org/rampart/policy", "encryptionUser");
+ Policy nestedPolicy = encrToken.getPolicy();
+ Iterator<List<Assertion>> assertionListIterator = nestedPolicy.getAlternatives();
+ while (assertionListIterator.hasNext()) {
+ List<Assertion> assertionList = assertionListIterator.next();
+ for (int i = 0; i < assertionList.size(); i++) {
+ Assertion assertion = assertionList.get(i);
+ if (ENCRYPTION_USER_QNAME.equals(assertion.getName())) {
+ encryptionUser = ((XmlPrimitiveAssertion)assertion).getTextValue();
+ break;
+ }
+ }
+ }
+
+ RampartUtil.setEncryptionUser(rmd, encr, encryptionUser);
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption());
+ encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricKeyWrap());
encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd
.getCustomClassLoader()));
@@ -805,9 +838,9 @@
* @param rmd
* @throws RampartException
*/
- private void setupEncryptedKey(RampartMessageData rmd, Token token)
+ private void setupEncryptedKey(RampartMessageData rmd, AbstractToken token)
throws RampartException {
- if(!rmd.isInitiator() && token.isDerivedKeys()) {
+ if(!rmd.isInitiator() && token.getDerivedKeys() != null) {
//If we already have them, simply return
if(this.encryptedKeyId != null && this.encryptedKeyValue != null) {
@@ -843,7 +876,7 @@
* @param token
* @throws RampartException
*/
- private void createEncryptedKey(RampartMessageData rmd, Token token) throws RampartException {
+ private void createEncryptedKey(RampartMessageData rmd, AbstractToken token) throws RampartException {
//Set up the encrypted key to use
encrKey = this.getEncryptedKeyBuilder(rmd, token);
Index: modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
===================================================================
--- modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java (revision 1207051)
+++ modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java (working copy)
@@ -28,15 +28,8 @@
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.SupportingPolicyData;
import org.apache.rampart.util.RampartUtil;
-import org.apache.ws.secpolicy.Constants;
import org.apache.ws.secpolicy.SPConstants;
-import org.apache.ws.secpolicy.model.AlgorithmSuite;
-import org.apache.ws.secpolicy.model.IssuedToken;
-import org.apache.ws.secpolicy.model.SecureConversationToken;
-import org.apache.ws.secpolicy.model.SupportingToken;
-import org.apache.ws.secpolicy.model.Token;
-import org.apache.ws.secpolicy.model.UsernameToken;
-import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.secpolicy.model.*;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
@@ -61,12 +54,7 @@
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Set;
-import java.util.Vector;
+import java.util.*;
import java.util.Map.Entry;
public abstract class BindingBuilder {
@@ -137,7 +125,7 @@
}
// If NoPassword property is set we don't need to set the password
- if (token.isNoPassword()) {
+ if (token.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
WSSecUsernameToken utBuilder = new WSSecUsernameToken();
utBuilder.setUserInfo(user, null);
utBuilder.setPasswordType(null);
@@ -186,7 +174,7 @@
if(rmd.getConfig() != null) {
utBuilder.setWsConfig(rmd.getConfig());
}
- if (token.isHashPassword()) {
+ if (token.getPasswordType() == UsernameToken.PasswordType.HashPassword) {
utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
} else {
utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
@@ -216,7 +204,7 @@
* @throws WSSecurityException
* @throws RampartException
*/
- protected WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rmd, Token token) throws RampartException {
+ protected WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rmd, AbstractToken token) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
Document doc = rmd.getDocument();
@@ -226,8 +214,8 @@
try {
RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
RampartUtil.setEncryptionUser(rmd, encrKey);
- encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
- encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+ encrKey.setKeySize(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getMaximumSymmetricKeyLength());
+ encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricKeyWrap());
encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));
@@ -240,23 +228,23 @@
//Deprecated after 1.5 release
@Deprecated
protected WSSecSignature getSignatureBuider(RampartMessageData rmd,
- Token token) throws RampartException {
+ AbstractToken token) throws RampartException {
return getSignatureBuilder(rmd, token, null);
}
//Deprecated after 1.5 release
@Deprecated
- protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token token,
+ protected WSSecSignature getSignatureBuider(RampartMessageData rmd, AbstractToken token,
String userCertAlias) throws RampartException {
return getSignatureBuilder(rmd, token, userCertAlias);
}
protected WSSecSignature getSignatureBuilder(RampartMessageData rmd,
- Token token)throws RampartException {
+ AbstractToken token)throws RampartException {
return getSignatureBuilder(rmd, token, null);
}
- protected WSSecSignature getSignatureBuilder(RampartMessageData rmd, Token token,
+ protected WSSecSignature getSignatureBuilder(RampartMessageData rmd, AbstractToken token,
String userCertAlias) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
@@ -266,7 +254,7 @@
sig.setWsConfig(rmd.getConfig());
if (log.isDebugEnabled()) {
- log.debug("Token inclusion: " + token.getInclusion());
+ log.debug("Token inclusion: " + token.getIncludeTokenType());
}
RampartUtil.setKeyIdentifierType(rmd, sig, token);
@@ -334,8 +322,8 @@
sig.setUserInfo(user, password);
AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
- sig.setSigCanonicalization(algorithmSuite.getInclusiveC14n());
- sig.setDigestAlgo(algorithmSuite.getDigest());
+ sig.setSigCanonicalization(algorithmSuite.getC14n().getValue());
+ sig.setDigestAlgo(algorithmSuite.getAlgorithmSuiteType().getDigest());
try {
sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
@@ -353,7 +341,7 @@
* @param suppTokens
* @throws RampartException
*/
- protected HashMap handleSupportingTokens(RampartMessageData rmd, SupportingToken suppTokens)
+ protected HashMap handleSupportingTokens(RampartMessageData rmd, SupportingTokens suppTokens)
throws RampartException {
//Create the list to hold the tokens
@@ -363,9 +351,9 @@
suppTokens.getTokens().size() > 0) {
log.debug("Processing supporting tokens");
- ArrayList tokens = suppTokens.getTokens();
- for (Iterator iter = tokens.iterator(); iter.hasNext();) {
- Token token = (Token) iter.next();
+ List<AbstractToken> tokens = suppTokens.getTokens();
+ for (Iterator<AbstractToken> iter = tokens.iterator(); iter.hasNext();) {
+ AbstractToken token = iter.next();
org.apache.rahas.Token endSuppTok = null;
if(token instanceof IssuedToken && rmd.isInitiator()){
String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token);
@@ -387,7 +375,7 @@
(Element) endSuppTok.getToken());
this.setInsertionLocation(siblingElem);
- if (suppTokens.isEncryptedToken()) {
+ if (suppTokens.getSupportingTokenType().getName().getLocalPart().equals(SPConstants.ENCRYPTION_TOKEN)) {
this.encryptedTokensIdList.add(endSuppTok.getId());
}
@@ -411,7 +399,7 @@
supportingPolcy.setEncryptionToken(token);
rmd.getPolicyData().addSupportingPolicyData(supportingPolcy);
- if (suppTokens.isEncryptedToken()) {
+ if (suppTokens.getSupportingTokenType().getName().getLocalPart().equals(SPConstants.ENCRYPTION_TOKEN)) {
this.encryptedTokensIdList.add(sig.getBSTTokenId());
}
}
@@ -496,7 +484,7 @@
for (Iterator iter = tokenSet.iterator(); iter.hasNext();) {
- Token token = (Token)iter.next();
+ AbstractToken token = (AbstractToken)iter.next();
Object tempTok = tokenMap.get(token);
@@ -539,29 +527,29 @@
}
- protected byte[] doSymmSignature(RampartMessageData rmd, Token policyToken, org.apache.rahas.Token tok, Vector sigParts) throws RampartException {
+ protected byte[] doSymmSignature(RampartMessageData rmd, AbstractToken policyToken, org.apache.rahas.Token tok, Vector sigParts) throws RampartException {
Document doc = rmd.getDocument();
RampartPolicyData rpd = rmd.getPolicyData();
AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
- if(policyToken.isDerivedKeys()) {
+ if(policyToken.getDerivedKeys() != null) {
try {
WSSecDKSign dkSign = new WSSecDKSign();
//Check whether it is security policy 1.2 and use the secure conversation accordingly
- if (SPConstants.SP_V12 == policyToken.getVersion()) {
+ if (SPConstants.SPVersion.SP12 == policyToken.getVersion()) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_12);
}
//Check for whether the token is attached in the message or not
boolean attached = false;
- if (SPConstants.INCLUDE_TOEKN_ALWAYS == policyToken.getInclusion() ||
- SPConstants.INCLUDE_TOKEN_ONCE == policyToken.getInclusion() ||
- (rmd.isInitiator() && SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT
- == policyToken.getInclusion())) {
+ if (SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == policyToken.getIncludeTokenType() ||
+ SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == policyToken.getIncludeTokenType() ||
+ (rmd.isInitiator() && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
+ == policyToken.getIncludeTokenType())) {
attached = true;
}
@@ -576,7 +564,7 @@
if(ref != null) {
dkSign.setExternalKey(tok.getSecret(), (Element)
doc.importNode((Element) ref, true));
- } else if (!rmd.isInitiator() && policyToken.isDerivedKeys()) {
+ } else if (!rmd.isInitiator() && policyToken.getDerivedKeys() != null) {
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
@@ -593,7 +581,7 @@
//Set the algo info
dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
- dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength()/8);
+ dkSign.setDerivedKeyLength(algorithmSuite.getAlgorithmSuiteType().getSignatureDerivedKeyLength()/8);
// dkSign.setDigestAlgorithm(algorithmSuite.getDigest()); //uncomment when wss4j version is updated
if(tok instanceof EncryptedKeyToken) {
//Set the value type of the reference
@@ -709,7 +697,7 @@
sig.setSecretKey(tok.getSecret());
sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
- sig.setDigestAlgo(algorithmSuite.getDigest());
+ sig.setDigestAlgo(algorithmSuite.getAlgorithmSuiteType().getDigest());
sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()),
rmd.getSecHeader());
@@ -823,11 +811,11 @@
}
}
}
- private void checkForX509PkiPath(WSSecSignature sig, Token token){
+ private void checkForX509PkiPath(WSSecSignature sig, AbstractToken token){
if (token instanceof X509Token) {
X509Token x509Token = (X509Token) token;
- if (x509Token.getTokenVersionAndType().equals(Constants.WSS_X509_PKI_PATH_V1_TOKEN10)
- || x509Token.getTokenVersionAndType().equals(Constants.WSS_X509_PKI_PATH_V1_TOKEN11)) {
+ if (x509Token.getTokenType() == X509Token.TokenType.WssX509PkiPathV1Token10
+ || x509Token.getTokenType() == X509Token.TokenType.WssX509PkiPathV1Token11) {
sig.setUseSingleCertificate(false);
}
}
Index: modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
===================================================================
--- modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java (revision 1207051)
+++ modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java (working copy)
@@ -29,12 +29,7 @@
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.SPConstants;
-import org.apache.ws.secpolicy.model.AlgorithmSuite;
-import org.apache.ws.secpolicy.model.IssuedToken;
-import org.apache.ws.secpolicy.model.SecureConversationToken;
-import org.apache.ws.secpolicy.model.SupportingToken;
-import org.apache.ws.secpolicy.model.Token;
-import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.secpolicy.model.*;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityEngineResult;
@@ -79,7 +74,7 @@
}
- if(SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ if(AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning == rpd.getProtectionOrder()) {
this.doEncryptBeforeSig(rmd);
} else {
this.doSignBeforeEncrypt(rmd);
@@ -101,7 +96,7 @@
t0 = System.currentTimeMillis();
}
- Token encryptionToken = rpd.getEncryptionToken();
+ AbstractToken encryptionToken = rpd.getEncryptionToken();
Vector encrParts = RampartUtil.getEncryptedParts(rmd);
Vector sigParts = RampartUtil.getSignedParts(rmd);
@@ -160,9 +155,9 @@
WSSecEncrypt encr = null;
Element encrDKTokenElem = null;
- if(SPConstants.INCLUDE_TOEKN_ALWAYS == encryptionToken.getInclusion() ||
- SPConstants.INCLUDE_TOKEN_ONCE == encryptionToken.getInclusion() ||
- (rmd.isInitiator() && SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == encryptionToken.getInclusion())) {
+ if(SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == encryptionToken.getIncludeTokenType() ||
+ SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == encryptionToken.getIncludeTokenType() ||
+ (rmd.isInitiator() && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == encryptionToken.getIncludeTokenType())) {
encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, tok.getToken());
attached = true;
} else if(encryptionToken instanceof X509Token && rmd.isInitiator()) {
@@ -172,7 +167,7 @@
Document doc = rmd.getDocument();
AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
- if(encryptionToken.isDerivedKeys()) {
+ if(encryptionToken.getDerivedKeys() != null) {
log.debug("Use drived keys");
dkEncr = new WSSecDKEncrypt();
@@ -191,8 +186,8 @@
dkEncr.setExternalKey(tok.getSecret(), tok.getId());
}
try {
- dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
- dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()/8);
+ dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
+ dkEncr.setDerivedKeyLength(algorithmSuite.getAlgorithmSuiteType().getEncryptionDerivedKeyLength()/8);
dkEncr.prepare(doc);
encrDKTokenElem = dkEncr.getdktElement();
RampartUtil.appendChildToSecHeader(rmd, encrDKTokenElem);
@@ -213,7 +208,7 @@
RampartUtil.setEncryptionUser(rmd, encr);
encr.setEphemeralKey(tok.getSecret());
encr.setDocument(doc);
- encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
+ encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
// SymmKey is already encrypted, no need to do it again
encr.setEncryptSymmKey(false);
if (!rmd.isInitiator() && tok instanceof EncryptedKeyToken) {
@@ -264,30 +259,30 @@
if(rmd.isInitiator()) {
// Now add the supporting tokens
- SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+ SupportingTokens sgndSuppTokens = rpd.getSignedSupportingTokens();
sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
- SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+ SupportingTokens endSuppTokens = rpd.getEndorsingSupportingTokens();
endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
- SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ SupportingTokens sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
- SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
+ SupportingTokens sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
- SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
+ SupportingTokens endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
- SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
+ SupportingTokens sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
Vector supportingToks = rpd.getSupportingTokensList();
for (int i = 0; i < supportingToks.size(); i++) {
- this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ this.handleSupportingTokens(rmd, (SupportingTokens)supportingToks.get(i));
}
- SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
+ SupportingTokens encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
this.handleSupportingTokens(rmd, encryptedSupportingToks);
//Setup signature parts
@@ -354,7 +349,7 @@
Element secondRefList = null;
- if(encryptionToken.isDerivedKeys()) {
+ if(encryptionToken.getDerivedKeys() != null) {
try {
secondRefList = dkEncr.encryptForExternalRef(null,
secondEncrParts);
@@ -400,7 +395,7 @@
if(tlog.isDebugEnabled()){
t0 = System.currentTimeMillis();
}
- Token sigToken = rpd.getSignatureToken();
+ AbstractToken sigToken = rpd.getSignatureToken();
String encrTokId = null;
String sigTokId = null;
@@ -434,10 +429,10 @@
sigTok = this.getToken(rmd, sigTokId);
- if(SPConstants.INCLUDE_TOEKN_ALWAYS == sigToken.getInclusion() ||
- SPConstants.INCLUDE_TOKEN_ONCE == sigToken.getInclusion() ||
+ if(SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == sigToken.getIncludeTokenType() ||
+ SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == sigToken.getIncludeTokenType() ||
(rmd.isInitiator() &&
- SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == sigToken.getInclusion())) {
+ SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == sigToken.getIncludeTokenType())) {
sigTokElem = RampartUtil.appendChildToSecHeader(rmd,
sigTok.getToken());
this.setInsertionLocation(sigTokElem);
@@ -466,30 +461,30 @@
if(rmd.isInitiator()) {
// Now add the supporting tokens
- SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+ SupportingTokens sgndSuppTokens = rpd.getSignedSupportingTokens();
sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
- SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+ SupportingTokens endSuppTokens = rpd.getEndorsingSupportingTokens();
endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
- SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ SupportingTokens sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
- SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
+ SupportingTokens sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens();
sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens);
- SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
+ SupportingTokens endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens();
endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens);
- SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
+ SupportingTokens sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
Vector supportingToks = rpd.getSupportingTokensList();
for (int i = 0; i < supportingToks.size(); i++) {
- this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ this.handleSupportingTokens(rmd, (SupportingTokens)supportingToks.get(i));
}
- SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
+ SupportingTokens encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
this.handleSupportingTokens(rmd, encryptedSupportingToks);
//Setup signature parts
@@ -534,7 +529,7 @@
}
//Encryption
- Token encrToken = rpd.getEncryptionToken();
+ AbstractToken encrToken = rpd.getEncryptionToken();
Element encrTokElem = null;
if(sigToken.equals(encrToken)) {
//Use the same token
@@ -545,9 +540,9 @@
encrTokId = rmd.getIssuedEncryptionTokenId();
encrTok = this.getToken(rmd, encrTokId);
- if(SPConstants.INCLUDE_TOEKN_ALWAYS == encrToken.getInclusion() ||
- SPConstants.INCLUDE_TOKEN_ONCE == encrToken.getInclusion() ||
- (rmd.isInitiator() && SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == encrToken.getInclusion())) {
+ if(SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == encrToken.getIncludeTokenType() ||
+ SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == encrToken.getIncludeTokenType() ||
+ (rmd.isInitiator() && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == encrToken.getIncludeTokenType())) {
encrTokElem = (Element)encrTok.getToken();
//Add the encrToken element before the sigToken element
@@ -573,13 +568,13 @@
Element refList = null;
if(encrParts.size() > 0) {
//The sec conv token can be used without derived keys
- if(encrToken.isDerivedKeys()) {
+ if(encrToken.getDerivedKeys() != null) {
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
//Check whether it is security policy 1.2 and use the secure conversation accordingly
- if (SPConstants.SP_V12 == encrToken.getVersion()) {
+ if (SPConstants.SPVersion.SP12 == encrToken.getVersion()) {
dkEncr.setWscVersion(ConversationConstants.VERSION_05_12);
}
@@ -592,7 +587,7 @@
dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc
.importNode((Element) encrTok.getUnattachedReference(),
true));
- } else if (!rmd.isInitiator() && encrToken.isDerivedKeys()) {
+ } else if (!rmd.isInitiator() && encrToken.getDerivedKeys() != null) {
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
@@ -612,8 +607,8 @@
+ WSConstants.ENC_KEY_VALUE_TYPE);
}
- dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
- dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength()/8);
+ dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption());
+ dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getEncryptionDerivedKeyLength()/8);
dkEncr.prepare(doc);
Element encrDKTokenElem = null;
encrDKTokenElem = dkEncr.getdktElement();
@@ -653,7 +648,7 @@
RampartUtil.setEncryptionUser(rmd, encr);
encr.setDocument(doc);
encr.setEncryptSymmKey(false);
- encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption());
// Use key identifier in the KeyInfo in server side
if (!rmd.isInitiator()) {
if(encrTok instanceof EncryptedKeyToken) {
@@ -699,7 +694,7 @@
* @return
* @throws RampartException
*/
- private String setupEncryptedKey(RampartMessageData rmd, Token sigToken)
+ private String setupEncryptedKey(RampartMessageData rmd, AbstractToken sigToken)
throws RampartException {
try {
WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(rmd,
@@ -820,8 +815,8 @@
}
//Setting up encryption token and signature token
- Token sigTok = rpd.getSignatureToken();
- Token encrTok = rpd.getEncryptionToken();
+ AbstractToken sigTok = rpd.getSignatureToken();
+ AbstractToken encrTok = rpd.getEncryptionToken();
if(sigTok instanceof IssuedToken) {
log.debug("SignatureToken is an IssuedToken");
if(rmd.getIssuedSignatureTokenId() == null) {
Index: modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
===================================================================
--- modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java (revision 1207051)
+++ modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java (working copy)
@@ -29,15 +29,7 @@
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.SPConstants;
-import org.apache.ws.secpolicy.model.AlgorithmSuite;
-import org.apache.ws.secpolicy.model.Header;
-import org.apache.ws.secpolicy.model.IssuedToken;
-import org.apache.ws.secpolicy.model.SecureConversationToken;
-import org.apache.ws.secpolicy.model.SignedEncryptedParts;
-import org.apache.ws.secpolicy.model.SupportingToken;
-import org.apache.ws.secpolicy.model.Token;
-import org.apache.ws.secpolicy.model.UsernameToken;
-import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.secpolicy.model.*;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import WSSecurityException;
@@ -52,6 +44,7 @@
import java.util.ArrayList;
import java.util.Iterator;
+import java.util.List;
import java.util.Vector;
public class TransportBindingBuilder extends BindingBuilder {
@@ -80,17 +73,17 @@
if(rmd.isInitiator()) {
Vector signatureValues = new Vector();
- SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+ SupportingTokens sgndSuppTokens = rpd.getSignedSupportingTokens();
if(sgndSuppTokens != null && sgndSuppTokens.getTokens() != null &&
sgndSuppTokens.getTokens().size() > 0) {
log.debug("Processing signed supporting tokens");
- ArrayList tokens = sgndSuppTokens.getTokens();
+ List tokens = sgndSuppTokens.getTokens();
for (Iterator iter = tokens.iterator(); iter.hasNext();) {
- Token token = (Token) iter.next();
+ AbstractToken token = (AbstractToken) iter.next();
if(token instanceof UsernameToken) {
WSSecUsernameToken utBuilder = addUsernameToken(rmd,(UsernameToken)token);
@@ -107,16 +100,16 @@
}
}
- SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ SupportingTokens sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
if(sgndEndSuppTokens != null && sgndEndSuppTokens.getTokens() != null &&
sgndEndSuppTokens.getTokens().size() > 0) {
log.debug("Processing endorsing signed supporting tokens");
- ArrayList tokens = sgndEndSuppTokens.getTokens();
- SignedEncryptedParts signdParts = sgndEndSuppTokens.getSignedParts();
+ List tokens = sgndEndSuppTokens.getTokens();
+ SignedParts signdParts = sgndEndSuppTokens.getSignedParts();
for (Iterator iter = tokens.iterator(); iter.hasNext();) {
- Token token = (Token) iter.next();
+ AbstractToken token = (AbstractToken) iter.next();
if(token instanceof IssuedToken && rmd.isInitiator()) {
signatureValues.add(doIssuedTokenSignature(rmd, token, signdParts));
} else if(token instanceof X509Token) {
@@ -125,14 +118,14 @@
}
}
- SupportingToken endSupptokens = rpd.getEndorsingSupportingTokens();
+ SupportingTokens endSupptokens = rpd.getEndorsingSupportingTokens();
if(endSupptokens != null && endSupptokens.getTokens() != null &&
endSupptokens.getTokens().size() > 0) {
log.debug("Processing endorsing supporting tokens");
- ArrayList tokens = endSupptokens.getTokens();
- SignedEncryptedParts signdParts = endSupptokens.getSignedParts();
+ List tokens = endSupptokens.getTokens();
+ SignedParts signdParts = endSupptokens.getSignedParts();
for (Iterator iter = tokens.iterator(); iter.hasNext();) {
- Token token = (Token) iter.next();
+ AbstractToken token = (AbstractToken) iter.next();
if(token instanceof IssuedToken && rmd.isInitiator()){
signatureValues.add(doIssuedTokenSignature(rmd, token, signdParts));
} else if(token instanceof X509Token) {
@@ -147,7 +140,7 @@
Vector supportingToks = rpd.getSupportingTokensList();
for (int i = 0; i < supportingToks.size(); i++) {
- this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ this.handleSupportingTokens(rmd, (SupportingTokens)supportingToks.get(i));
}
@@ -171,7 +164,7 @@
* @param token
* @param signdParts
*/
- private byte[] doX509TokenSignature(RampartMessageData rmd, Token token, SignedEncryptedParts signdParts) throws RampartException {
+ private byte[] doX509TokenSignature(RampartMessageData rmd, AbstractToken token, SignedParts signdParts) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
Document doc = rmd.getDocument();
@@ -188,7 +181,7 @@
sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody())));
}
- ArrayList headers = signdParts.getHeaders();
+ List headers = signdParts.getHeaders();
for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
Header header = (Header) iterator.next();
WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
@@ -197,7 +190,7 @@
sigParts.add(wep);
}
}
- if(token.isDerivedKeys()) {
+ if(token.getDerivedKeys() != null) {
//In this case we will have to encrypt the ephmeral key with the
//other party's key and then use it as the parent key of the
// derived keys
@@ -216,9 +209,9 @@
dkSig.setWsConfig(rmd.getConfig());
- dkSig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
+ dkSig.setSigCanonicalization(rpd.getAlgorithmSuite().getC14n().getValue());
dkSig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
- dkSig.setDerivedKeyLength(rpd.getAlgorithmSuite().getSignatureDerivedKeyLength()/8);
+ dkSig.setDerivedKeyLength(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getSignatureDerivedKeyLength()/8);
dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
@@ -257,7 +250,7 @@
sig.appendBSTElementToHeader(rmd.getSecHeader());
if (rpd.isTokenProtection()
- && !(SPConstants.INCLUDE_TOKEN_NEVER == token.getInclusion())) {
+ && !(SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER == token.getIncludeTokenType())) {
sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
}
@@ -285,7 +278,7 @@
* @param signdParts
* @throws RampartException
*/
- private byte[] doIssuedTokenSignature(RampartMessageData rmd, Token token, SignedEncryptedParts signdParts) throws RampartException {
+ private byte[] doIssuedTokenSignature(RampartMessageData rmd, AbstractToken token, SignedParts signdParts) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
Document doc= rmd.getDocument();
@@ -293,7 +286,7 @@
//Get the issued token
String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token);
- int inclusion = token.getInclusion();
+ SPConstants.IncludeTokenType inclusion = token.getIncludeTokenType();
org.apache.rahas.Token tok = null;
try {
tok = rmd.getTokenStorage().getToken(id);
@@ -304,9 +297,9 @@
boolean tokenIncluded = false;
- if(inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS ||
- ((inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT
- || inclusion == SPConstants.INCLUDE_TOKEN_ONCE)
+ if(inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS ||
+ ((inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
+ || inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE)
&& rmd.isInitiator())) {
//Add the token
@@ -333,7 +326,7 @@
sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody())));
}
- ArrayList headers = signdParts.getHeaders();
+ List headers = signdParts.getHeaders();
for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
Header header = (Header) iterator.next();
WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
@@ -345,7 +338,7 @@
//check for derived keys
AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
- if(token.isDerivedKeys()) {
+ if(token.getDerivedKeys() != null) {
//Create a derived key and add
try {
@@ -369,7 +362,7 @@
//Set the algo info
dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
- dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength());
+ dkSign.setDerivedKeyLength(algorithmSuite.getAlgorithmSuiteType().getSignatureDerivedKeyLength());
dkSign.prepare(doc);
@@ -433,7 +426,7 @@
}
}
- private byte[] doSecureConversationSignature(RampartMessageData rmd, Token token, SignedEncryptedParts signdParts) throws RampartException {
+ private byte[] doSecureConversationSignature(RampartMessageData rmd, AbstractToken token, SignedParts signdParts) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
Document doc= rmd.getDocument();
@@ -441,7 +434,7 @@
//Get the issued token
String id = rmd.getSecConvTokenId();
- int inclusion = token.getInclusion();
+ SPConstants.IncludeTokenType inclusion = token.getIncludeTokenType();
org.apache.rahas.Token tok = null;
try {
tok = rmd.getTokenStorage().getToken(id);
@@ -452,9 +445,9 @@
boolean tokenIncluded = false;
- if(inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS ||
- ((inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT
- || inclusion == SPConstants.INCLUDE_TOKEN_ONCE)
+ if(inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS ||
+ ((inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
+ || inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE)
&& rmd.isInitiator())) {
//Add the token
@@ -481,7 +474,7 @@
sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody())));
}
- ArrayList headers = signdParts.getHeaders();
+ List headers = signdParts.getHeaders();
for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
Header header = (Header) iterator.next();
WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
@@ -493,7 +486,7 @@
//check for derived keys
AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
- if(token.isDerivedKeys()) {
+ if(token.getDerivedKeys() != null) {
//Create a derived key and add
try {
@@ -517,7 +510,7 @@
//Set the algo info
dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
- dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength());
+ dkSign.setDerivedKeyLength(algorithmSuite.getAlgorithmSuiteType().getSignatureDerivedKeyLength());
dkSign.prepare(doc);
Index: modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
===================================================================
--- modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java (revision 1207051)
+++ modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java (working copy)
@@ -23,16 +23,11 @@
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.SPConstants;
import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AlgorithmSuite;
-import org.apache.ws.secpolicy.model.SecureConversationToken;
-import org.apache.ws.secpolicy.model.SupportingToken;
-import org.apache.ws.secpolicy.model.Token;
-import org.apache.ws.secpolicy.model.Trust10;
-import org.apache.ws.secpolicy.model.Wss10;
-import org.apache.ws.secpolicy.model.Wss11;
+import org.apache.ws.secpolicy.model.*;
import org.apache.ws.security.WSEncryptionPart;
import java.util.HashMap;
+import java.util.Map;
import java.util.Vector;
public class RampartPolicyData {
@@ -46,7 +41,7 @@
private boolean asymmetricBinding;
- private String layout;
+ private Layout.LayoutType layout;
private boolean includeTimestamp;
@@ -54,7 +49,7 @@
private boolean entireHeadersAndBodySignatures;
- private String protectionOrder;
+ private AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder;
private boolean signatureProtection;
@@ -68,24 +63,24 @@
/*
* Message tokens for symmetrical binding
*/
- private Token encryptionToken;
+ private AbstractToken encryptionToken;
- private Token signatureToken;
+ private AbstractToken signatureToken;
/*
* Message token for transport binding
*/
- private Token transportToken;
+ private AbstractToken transportToken;
/*
* Message tokens for asymmetrical binding
*/
- private Token recipientToken; // used to encrypt data to
+ private AbstractToken recipientToken; // used to encrypt data to
// receipient
- private Token initiatorToken; // used to sign data by
+ private AbstractToken initiatorToken; // used to sign data by
// initiator
@@ -131,19 +126,19 @@
*/
//private SupportingToken supportingTokens;
- private SupportingToken signedSupportingTokens;
+ private SupportingTokens signedSupportingTokens;
- private SupportingToken endorsingSupportingTokens;
+ private SupportingTokens endorsingSupportingTokens;
- private SupportingToken signedEndorsingSupportingTokens;
+ private SupportingTokens signedEndorsingSupportingTokens;
- private SupportingToken encryptedSupportingTokens;
+ private SupportingTokens encryptedSupportingTokens;
- private SupportingToken signedEncryptedSupportingTokens;
+ private SupportingTokens signedEncryptedSupportingTokens;
- private SupportingToken endorsingEncryptedSupportingTokens;
+ private SupportingTokens endorsingEncryptedSupportingTokens;
- private SupportingToken signedEndorsingEncryptedSupportingTokens;
+ private SupportingTokens signedEndorsingEncryptedSupportingTokens;
private AlgorithmSuite algorithmSuite;
@@ -288,7 +283,7 @@
/**
* @return Returns the layout.
*/
- public String getLayout() {
+ public Layout.LayoutType getLayout() {
return layout;
}
@@ -296,14 +291,14 @@
* @param layout
* The layout to set.
*/
- public void setLayout(String layout) {
+ public void setLayout(Layout.LayoutType layout) {
this.layout = layout;
}
/**
* @return Returns the protectionOrder.
*/
- public String getProtectionOrder() {
+ public AbstractSymmetricAsymmetricBinding.ProtectionOrder getProtectionOrder() {
return protectionOrder;
}
@@ -311,7 +306,7 @@
* @param protectionOrder
* The protectionOrder to set.
*/
- public void setProtectionOrder(String protectionOrder) {
+ public void setProtectionOrder(AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder) {
this.protectionOrder = protectionOrder;
}
@@ -530,7 +525,7 @@
return declaredNamespaces;
}
- public void addDeclaredNamespaces(HashMap namespaces) {
+ public void addDeclaredNamespaces(Map namespaces) {
declaredNamespaces.putAll(namespaces);
}
@@ -554,26 +549,26 @@
public void setSignedParts(Vector signedParts) {
this.signedParts = signedParts;
}
-
- public void setSupportingTokens(SupportingToken suppTokens)
+
+ public void setSupportingTokens(SupportingTokens suppTokens)
throws WSSPolicyException {
- int tokenType = suppTokens.getTokenType();
- if (tokenType == SPConstants.SUPPORTING_TOKEN_SUPPORTING) {
+ SupportingTokenType supportingTokenType = suppTokens.getSupportingTokenType();
+ if (supportingTokenType.getName().getLocalPart().equals(SPConstants.SUPPORTING_TOKENS)) {
supportingTokens.add(suppTokens);
- } else if (tokenType == SPConstants.SUPPORTING_TOKEN_SIGNED) {
+ } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.SIGNED_SUPPORTING_TOKENS)) {
signedSupportingTokens = suppTokens;
- } else if (tokenType == SPConstants.SUPPORTING_TOKEN_ENDORSING) {
+ } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.ENDORSING_SUPPORTING_TOKENS)) {
endorsingSupportingTokens = suppTokens;
- } else if (tokenType == SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING) {
+ } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS)) {
signedEndorsingSupportingTokens = suppTokens;
- } else if (tokenType == SPConstants.SUPPORTING_TOKEN_ENCRYPTED) {
+ } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.ENCRYPTED_SUPPORTING_TOKENS)) {
encryptedSupportingTokens = suppTokens;
- } else if (tokenType == SPConstants.SUPPORTING_TOKEN_SIGNED_ENCRYPTED) {
+ } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS)) {
signedEncryptedSupportingTokens = suppTokens;
- } else if (tokenType == SPConstants.SUPPORTING_TOKEN_ENDORSING_ENCRYPTED) {
+ } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS)) {
endorsingEncryptedSupportingTokens = suppTokens;
- } else if (tokenType == SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING_ENCRYPTED) {
+ } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS)) {
signedEndorsingEncryptedSupportingTokens = suppTokens;
}
}
@@ -590,14 +585,14 @@
/**
* @return Returns the encryptionToken.
*/
- public Token getEncryptionToken() {
+ public AbstractToken getEncryptionToken() {
return encryptionToken;
}
/**
* @param encryptionToken The encryptionToken to set.
*/
- public void setEncryptionToken(Token encryptionToken) {
+ public void setEncryptionToken(AbstractToken encryptionToken) {
this.encryptionToken = encryptionToken;
this.extractIssuerPolicy(encryptionToken);
}
@@ -605,46 +600,46 @@
/**
* @return Returns the initiatorToken.
*/
- public Token getInitiatorToken() {
+ public AbstractToken getInitiatorToken() {
return initiatorToken;
}
/**
* @param initiatorToken The initiatorToken to set.
*/
- public void setInitiatorToken(Token initiatorToken) {
+ public void setInitiatorToken(AbstractToken initiatorToken) {
this.initiatorToken = initiatorToken;
}
/**
* @return Returns the TransportToken.
*/
- public Token getTransportToken() {
+ public AbstractToken getTransportToken() {
return transportToken;
}
/**
* @param transportToken The TransportToken to set.
*/
- public void setTransportToken(Token transportToken) {
+ public void setTransportToken(AbstractToken transportToken) {
this.transportToken = transportToken;
}
/**
* @return Returns the recipientToken.
*/
- public Token getRecipientToken() {
+ public AbstractToken getRecipientToken() {
return recipientToken;
}
/**
* @param recipientToken The recipientToken to set.
*/
- public void setRecipientToken(Token recipientToken) {
+ public void setRecipientToken(AbstractToken recipientToken) {
this.recipientToken = recipientToken;
}
- public void setProtectionToken(Token protectionToken) {
+ public void setProtectionToken(AbstractToken protectionToken) {
this.setEncryptionToken(protectionToken);
this.setSignatureToken(protectionToken);
this.extractIssuerPolicy(protectionToken);
@@ -653,14 +648,14 @@
/**
* @return Returns the signatureToken.
*/
- public Token getSignatureToken() {
+ public AbstractToken getSignatureToken() {
return signatureToken;
}
/**
* @param signatureToken The signatureToken to set.
*/
- public void setSignatureToken(Token signatureToken) {
+ public void setSignatureToken(AbstractToken signatureToken) {
this.signatureToken = signatureToken;
this.extractIssuerPolicy(signatureToken);
}
@@ -668,7 +663,7 @@
/**
* @return Returns the signedEndorsingSupportingToken.
*/
- public SupportingToken getSignedEndorsingSupportingTokens() {
+ public SupportingTokens getSignedEndorsingSupportingTokens() {
return signedEndorsingSupportingTokens;
}
@@ -676,14 +671,14 @@
* @param signedEndorsingSupportingTokens The signedEndorsingSupportingToken to set.
*/
public void setSignedEndorsingSupportingTokens(
- SupportingToken signedEndorsingSupportingTokens) {
+ SupportingTokens signedEndorsingSupportingTokens) {
this.signedEndorsingSupportingTokens = signedEndorsingSupportingTokens;
}
/**
* @return Returns the signedEndorsingEncryptedSupportingToken.
*/
- public SupportingToken getSignedEndorsingEncryptedSupportingTokens() {
+ public SupportingTokens getSignedEndorsingEncryptedSupportingTokens() {
return signedEndorsingEncryptedSupportingTokens;
}
@@ -691,35 +686,35 @@
* @param signedEndorsingEncryptedSupportingTokens The signedEndorsingEncryptedSupportingToken to set.
*/
public void setSignedEndorsingEncryptedSupportingTokens(
- SupportingToken signedEndorsingEncryptedSupportingTokens) {
+ SupportingTokens signedEndorsingEncryptedSupportingTokens) {
this.signedEndorsingEncryptedSupportingTokens = signedEndorsingEncryptedSupportingTokens;
}
/**
* @return Returns the signedSupportingToken.
*/
- public SupportingToken getSignedSupportingTokens() {
+ public SupportingTokens getSignedSupportingTokens() {
return signedSupportingTokens;
}
/**
* @param signedSupportingTokens The signedSupportingToken to set.
*/
- public void setSignedSupportingTokens(SupportingToken signedSupportingTokens) {
+ public void setSignedSupportingTokens(SupportingTokens signedSupportingTokens) {
this.signedSupportingTokens = signedSupportingTokens;
}
/**
* @return Returns the signedEncryptedSupportingToken.
*/
- public SupportingToken getSignedEncryptedSupportingTokens() {
+ public SupportingTokens getSignedEncryptedSupportingTokens() {
return signedEncryptedSupportingTokens;
}
/**
* @param signedEncryptedSupportingTokens The signedEncryptedSupportingToken to set.
*/
- public void setSignedEncryptedSupportingTokens(SupportingToken signedEncryptedSupportingTokens) {
+ public void setSignedEncryptedSupportingTokens(SupportingTokens signedEncryptedSupportingTokens) {
this.signedEncryptedSupportingTokens = signedEncryptedSupportingTokens;
}
@@ -730,9 +725,9 @@
return supportingTokens;
}
- public SupportingToken getSupportingTokens() {
+ public SupportingTokens getSupportingTokens() {
if (supportingTokens.size() > 0) {
- return (SupportingToken) supportingTokens.get(0);
+ return (SupportingTokens) supportingTokens.get(0);
} else {
return null;
}
@@ -741,42 +736,42 @@
/**
* @param encryptedSupportingTokens The encryptedSupportingToken to set.
*/
- public void setEncryptedSupportingTokens(SupportingToken encryptedSupportingTokens) {
+ public void setEncryptedSupportingTokens(SupportingTokens encryptedSupportingTokens) {
this.encryptedSupportingTokens = encryptedSupportingTokens;
}
/**
* @return Returns the encryptedSupportingToken.
*/
- public SupportingToken getEncryptedSupportingTokens() {
+ public SupportingTokens getEncryptedSupportingTokens() {
return encryptedSupportingTokens;
}
/**
* @param endorsingSupportingTokens The endorsingSupportingToken to set.
*/
- public void setEndorsingSupportingTokens(SupportingToken endorsingSupportingTokens) {
+ public void setEndorsingSupportingTokens(SupportingTokens endorsingSupportingTokens) {
this.endorsingSupportingTokens = endorsingSupportingTokens;
}
/**
* @return Returns the endorsingSupportingToken.
*/
- public SupportingToken getEndorsingSupportingTokens() {
+ public SupportingTokens getEndorsingSupportingTokens() {
return endorsingSupportingTokens;
}
/**
* @param endorsingEncryptedSupportingTokens The endorsingEncryptedSupportingToken to set.
*/
- public void setEndorsingEncryptedSupportingTokens(SupportingToken endorsingEncryptedSupportingTokens) {
+ public void setEndorsingEncryptedSupportingTokens(SupportingTokens endorsingEncryptedSupportingTokens) {
this.endorsingEncryptedSupportingTokens = endorsingEncryptedSupportingTokens;
}
/**
* @return Returns the endorsingEncryptedSupportingToken.
*/
- public SupportingToken getEndorsingEncryptedSupportingTokens() {
+ public SupportingTokens getEndorsingEncryptedSupportingTokens() {
return endorsingEncryptedSupportingTokens;
}
@@ -835,7 +830,9 @@
* @param token
* @param id
*/
- public void setSupporttingtokenId(Token token, String id, int type) throws RampartException {
+ /* TODO still in use??
+
+ public void setSupporttingtokenId(AbstractToken token, String id, int type) throws RampartException {
HashMap tokenMap = null;
switch (type) {
@@ -875,7 +872,7 @@
tokenMap.put(token, id);
}
- public String getSupportingTokenID(Token token, int type)
+ public String getSupportingTokenID(AbstractToken token, int type)
throws RampartException {
switch (type) {
case SPConstants.SUPPORTING_TOKEN_SUPPORTING:
@@ -906,7 +903,7 @@
throw new RampartException("invalidSupportingVersionType",
new String[] { Integer.toString(type) });
}
- }
+ }*/
public Wss10 getWss10() {
return wss10;
@@ -924,7 +921,7 @@
this.wss11 = wss11;
}
- private void extractIssuerPolicy(Token token) {
+ private void extractIssuerPolicy(AbstractToken token) {
if(token instanceof SecureConversationToken && this.issuerPolicy == null) {
this.issuerPolicy = ((SecureConversationToken)token).getBootstrapPolicy();
}
Index: modules/rampart-core/src/main/java/org/apache/rampart/policy/SupportingPolicyData.java
===================================================================
--- modules/rampart-core/src/main/java/org/apache/rampart/policy/SupportingPolicyData.java (revision 1207051)
+++ modules/rampart-core/src/main/java/org/apache/rampart/policy/SupportingPolicyData.java (working copy)
@@ -3,11 +3,12 @@
import java.util.Iterator;
import org.apache.ws.secpolicy.model.Header;
-import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.SupportingTokens;
+import org.apache.ws.secpolicy.model.XPath;
public class SupportingPolicyData extends RampartPolicyData {
- public void build(SupportingToken token) {
+ public void build(SupportingTokens token) {
if (token.getSignedParts() != null && !token.getSignedParts().isOptional()) {
Iterator it = token.getSignedParts().getHeaders().iterator();
@@ -29,25 +30,23 @@
}
if (token.getSignedElements() != null && !token.getSignedElements().isOptional()) {
- Iterator it = token.getSignedElements().getXPathExpressions()
+ Iterator<XPath> it = token.getSignedElements().getXPaths()
.iterator();
while (it.hasNext()) {
- this.setSignedElements((String) it.next());
+ XPath xPath = it.next();
+ this.setSignedElements(xPath.getXPath());
+ this.addDeclaredNamespaces(xPath.getPrefixNamespaceMap());
}
- this.addDeclaredNamespaces(token.getSignedElements()
- .getDeclaredNamespaces());
}
if (token.getEncryptedElements() != null && !token.getEncryptedElements().isOptional()) {
- Iterator it = token.getEncryptedElements().getXPathExpressions()
+ Iterator<XPath> it = token.getEncryptedElements().getXPaths()
.iterator();
while (it.hasNext()) {
- this.setEncryptedElements((String) it.next());
+ XPath xPath = it.next();
+ this.setEncryptedElements(xPath.getXPath());
+ this.addDeclaredNamespaces(xPath.getPrefixNamespaceMap());
}
- if (token.getSignedElements() == null) {
- this.addDeclaredNamespaces(token.getEncryptedElements()
- .getDeclaredNamespaces());
- }
}
}
}
Index: modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
===================================================================
--- modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java (revision 1207051)
+++ modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java (working copy)
@@ -21,27 +21,7 @@
import org.apache.neethi.Assertion;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.secpolicy.model.AsymmetricBinding;
-import org.apache.ws.secpolicy.model.Binding;
-import org.apache.ws.secpolicy.model.ContentEncryptedElements;
-import org.apache.ws.secpolicy.model.EncryptionToken;
-import org.apache.ws.secpolicy.model.Header;
-import org.apache.ws.secpolicy.model.InitiatorToken;
-import org.apache.ws.secpolicy.model.ProtectionToken;
-import org.apache.ws.secpolicy.model.RecipientToken;
-import org.apache.ws.secpolicy.model.RequiredElements;
-import org.apache.ws.secpolicy.model.SignatureToken;
-import org.apache.ws.secpolicy.model.SignedEncryptedElements;
-import org.apache.ws.secpolicy.model.SignedEncryptedParts;
-import org.apache.ws.secpolicy.model.SupportingToken;
-import org.apache.ws.secpolicy.model.SymmetricAsymmetricBindingBase;
-import org.apache.ws.secpolicy.model.SymmetricBinding;
-import org.apache.ws.secpolicy.model.TokenWrapper;
-import org.apache.ws.secpolicy.model.TransportBinding;
-import org.apache.ws.secpolicy.model.TransportToken;
-import org.apache.ws.secpolicy.model.Trust10;
-import org.apache.ws.secpolicy.model.Wss10;
-import org.apache.ws.secpolicy.model.Wss11;
+import org.apache.ws.secpolicy.model.*;
import java.util.Iterator;
import java.util.List;
@@ -75,7 +55,7 @@
for (Iterator iter = topLevelAssertions.iterator(); iter.hasNext();) {
Assertion assertion = (Assertion) iter.next();
- if (assertion instanceof Binding) {
+ if (assertion instanceof AbstractBinding) {
setWebServiceSecurityPolicyNS(assertion, rpd);
@@ -95,25 +75,30 @@
processWSS11((Wss11) assertion, rpd);
} else if (assertion instanceof Wss10) {
processWSS10((Wss10) assertion, rpd);
- } else if (assertion instanceof SignedEncryptedElements) {
- processSignedEncryptedElements((SignedEncryptedElements) assertion,
+ } else if (assertion instanceof SignedElements) {
+ processSignedElements((SignedElements) assertion,
rpd);
- } else if (assertion instanceof SignedEncryptedParts) {
- processSignedEncryptedParts((SignedEncryptedParts) assertion, rpd);
- } else if ( assertion instanceof RequiredElements) {
- processRequiredElements((RequiredElements)assertion, rpd);
- } else if (assertion instanceof ContentEncryptedElements) {
+ } else if (assertion instanceof ContentEncryptedElements) {
processContentEncryptedElements((ContentEncryptedElements) assertion, rpd);
- }else if (assertion instanceof SupportingToken) {
+ } else if (assertion instanceof EncryptedElements) {
+ processEncryptedElements((EncryptedElements) assertion,
+ rpd);
+ } else if ( assertion instanceof RequiredElements) {
+ processRequiredElements((RequiredElements) assertion, rpd);
+ } else if (assertion instanceof EncryptedParts) {
+ processEncryptedParts((EncryptedParts) assertion, rpd);
+ } else if (assertion instanceof SignedParts) {
+ processSignedParts((SignedParts) assertion, rpd);
+ } else if (assertion instanceof SupportingTokens) {
//Set policy version. Cos a supporting token can appear along without a binding
setWebServiceSecurityPolicyNS(assertion, rpd);
- processSupportingTokens((SupportingToken) assertion, rpd);
+ processSupportingTokens((SupportingTokens) assertion, rpd);
} else if (assertion instanceof Trust10) {
- processTrust10((Trust10)assertion, rpd);
+ processTrust10((Trust10) assertion, rpd);
} else if (assertion instanceof RampartConfig) {
- processRampartConfig((RampartConfig)assertion, rpd);
+ processRampartConfig((RampartConfig) assertion, rpd);
} else if (assertion instanceof MTOMAssertion){
processMTOMSerialization((MTOMAssertion)assertion, rpd);
} else {
@@ -148,10 +133,10 @@
private static void processTransportBinding(TransportBinding binding, RampartPolicyData rpd) {
binding(binding, rpd);
rpd.setTransportBinding(true);
- rpd.setTokenProtection(binding.isTokenProtection());
+ rpd.setTokenProtection(false); //always false since we have a transport binding and the tokens are protected by transport layer security
TransportToken transportToken = binding.getTransportToken();
if ( transportToken != null ) {
- rpd.setTransportToken(transportToken.getTransportToken());
+ rpd.setTransportToken(transportToken.getToken());
}
}
@@ -226,21 +211,26 @@
* @param rpd
* The WSS4J data to initialize
*/
- private static void processSignedEncryptedElements(
- SignedEncryptedElements see, RampartPolicyData rpd) {
- Iterator it = see.getXPathExpressions().iterator();
- if (see.isSignedElemets()) {
- while (it.hasNext()) {
- rpd.setSignedElements((String) it.next());
- }
- } else {
- while (it.hasNext()) {
- rpd.setEncryptedElements((String) it.next());
- }
+ private static void processSignedElements(
+ SignedElements see, RampartPolicyData rpd) {
+ Iterator<XPath> it = see.getXPaths().iterator();
+ while (it.hasNext()) {
+ XPath xPath = it.next();
+ rpd.setSignedElements(xPath.getXPath());
+ rpd.addDeclaredNamespaces(xPath.getPrefixNamespaceMap());
}
- rpd.addDeclaredNamespaces(see.getDeclaredNamespaces());
}
+ private static void processEncryptedElements(
+ EncryptedElements see, RampartPolicyData rpd) {
+ Iterator<XPath> it = see.getXPaths().iterator();
+ while (it.hasNext()) {
+ XPath xPath = it.next();
+ rpd.setEncryptedElements(xPath.getXPath());
+ rpd.addDeclaredNamespaces(xPath.getPrefixNamespaceMap());
+ }
+ }
+
/**
* Populate parts to sign and/or encrypt with the message tokens.
*
@@ -249,49 +239,53 @@
* @param rpd
* The WSS4J data to initialize
*/
- private static void processSignedEncryptedParts(SignedEncryptedParts sep,
+ private static void processSignedParts(SignedParts sep,
RampartPolicyData rpd) {
Iterator it = sep.getHeaders().iterator();
- if (sep.isSignedParts()) {
- rpd.setSignBody(sep.isBody());
- rpd.setSignAttachments(sep.isAttachments());
- rpd.setSignAllHeaders(sep.isSignAllHeaders());
- rpd.setSignBodyOptional(sep.isOptional());
- rpd.setSignAttachmentsOptional(sep.isOptional());
- while (it.hasNext()) {
- Header header = (Header) it.next();
- rpd.addSignedPart(header.getNamespace(), header.getName());
- }
- } else {
- rpd.setEncryptBody(sep.isBody());
- rpd.setEncryptAttachments(sep.isAttachments());
- rpd.setEncryptBodyOptional(sep.isOptional());
- rpd.setEncryptAttachmentsOptional(sep.isOptional());
- while (it.hasNext()) {
- Header header = (Header) it.next();
- rpd.setEncryptedParts(header.getNamespace(), header.getName(),"Header");
- }
+ rpd.setSignBody(sep.isBody());
+ rpd.setSignAttachments(sep.getAttachments() != null);
+ rpd.setSignAllHeaders(sep.isSignAllHeaders());
+ rpd.setSignBodyOptional(sep.isOptional());
+ rpd.setSignAttachmentsOptional(sep.isOptional());
+ while (it.hasNext()) {
+ Header header = (Header) it.next();
+ rpd.addSignedPart(header.getNamespace(), header.getName());
}
}
+
+ private static void processEncryptedParts(EncryptedParts sep,
+ RampartPolicyData rpd) {
+ Iterator it = sep.getHeaders().iterator();
+ rpd.setEncryptBody(sep.isBody());
+ rpd.setEncryptAttachments(sep.getAttachments() != null);
+ rpd.setEncryptBodyOptional(sep.isOptional());
+ rpd.setEncryptAttachmentsOptional(sep.isOptional());
+ while (it.hasNext()) {
+ Header header = (Header) it.next();
+ rpd.setEncryptedParts(header.getNamespace(), header.getName(),"Header");
+ }
+ }
private static void processContentEncryptedElements(ContentEncryptedElements cee,
RampartPolicyData rpd) {
- Iterator it = cee.getXPathExpressions().iterator();
+ Iterator<XPath> it = cee.getXPaths().iterator();
while (it.hasNext()) {
- rpd.setContentEncryptedElements((String) it.next());
+ XPath xPath = it.next();
+ rpd.setContentEncryptedElements(xPath.getXPath());
+ rpd.addDeclaredNamespaces(xPath.getPrefixNamespaceMap());
}
- rpd.addDeclaredNamespaces(cee.getDeclaredNamespaces());
}
private static void processRequiredElements(RequiredElements req,
RampartPolicyData rpd) {
- Iterator it = req.getXPathExpressions().iterator();
+ Iterator<XPath> it = req.getXPaths().iterator();
while (it.hasNext()) {
- rpd.setRequiredElements((String) it.next());
+ XPath xPath = it.next();
+ rpd.setRequiredElements(xPath.getXPath());
+ rpd.addDeclaredNamespaces(xPath.getPrefixNamespaceMap());
}
- rpd.addDeclaredNamespaces(req.getDeclaredNamespaces());
}
/**
* Evaluate policy data that is common to all bindings.
@@ -301,10 +295,10 @@
* @param rpd
* The WSS4J data to initialize
*/
- private static void binding(Binding binding, RampartPolicyData rpd) {
- rpd.setLayout(binding.getLayout().getValue());
+ private static void binding(AbstractBinding binding, RampartPolicyData rpd) {
+ rpd.setLayout(binding.getLayout() != null ? binding.getLayout().getLayoutType() : Layout.LayoutType.Lax);
rpd.setIncludeTimestamp(binding.isIncludeTimestamp());
- rpd.setIncludeTimestampOptional(binding.isIncludeTimestampOptional());
+ rpd.setIncludeTimestampOptional(binding.isIncludeTimestamp());
rpd.setAlgorithmSuite(binding.getAlgorithmSuite());
}
@@ -317,12 +311,12 @@
* The WSS4J data to initialize
*/
private static void symmAsymmBinding(
- SymmetricAsymmetricBindingBase binding, RampartPolicyData rpd) {
+ AbstractSymmetricAsymmetricBinding binding, RampartPolicyData rpd) {
rpd.setEntireHeadersAndBodySignatures(binding
- .isEntireHeadersAndBodySignatures());
+ .isOnlySignEntireHeadersAndBody());
rpd.setProtectionOrder(binding.getProtectionOrder());
- rpd.setSignatureProtection(binding.isSignatureProtection());
- rpd.setTokenProtection(binding.isTokenProtection());
+ rpd.setSignatureProtection(binding.isEncryptSignature());
+ rpd.setTokenProtection(binding.isProtectTokens());
rpd.setAlgorithmSuite(binding.getAlgorithmSuite());
}
@@ -336,20 +330,19 @@
*/
private static void symmetricBinding(SymmetricBinding binding,
RampartPolicyData rpd) throws WSSPolicyException {
- Assertion token = binding.getProtectionToken();
+ ProtectionToken token = binding.getProtectionToken();
if (token != null) {
- rpd.setProtectionToken(((ProtectionToken)token).getProtectionToken());
+ rpd.setProtectionToken(token.getToken());
} else {
- Assertion encrToken = binding.getEncryptionToken();
- Assertion sigToken = binding.getSignatureToken();
+ EncryptionToken encrToken = binding.getEncryptionToken();
+ SignatureToken sigToken = binding.getSignatureToken();
if (token == null && sigToken == null) {
throw new WSSPolicyException("Symmetric binding should have a Protection token or" +
" both Signature and Encryption tokens defined");
}
- rpd.setEncryptionToken(
- ((EncryptionToken) encrToken).getEncryptionToken());
- rpd.setSignatureToken(((SignatureToken) sigToken).getSignatureToken());
+ rpd.setEncryptionToken(encrToken.getToken());
+ rpd.setSignatureToken(sigToken.getToken());
}
}
@@ -363,17 +356,17 @@
*/
private static void asymmetricBinding(AsymmetricBinding binding,
RampartPolicyData rpd) throws WSSPolicyException {
- TokenWrapper tokWrapper = binding.getRecipientToken();
- TokenWrapper tokWrapper1 = binding.getInitiatorToken();
+ RecipientToken tokWrapper = binding.getRecipientToken();
+ InitiatorToken tokWrapper1 = binding.getInitiatorToken();
if (tokWrapper == null || tokWrapper1 == null) {
throw new WSSPolicyException("Asymmetric binding should have both Initiator and " +
"Recipient tokens defined");
}
- rpd.setRecipientToken(((RecipientToken) tokWrapper).getReceipientToken());
- rpd.setInitiatorToken(((InitiatorToken) tokWrapper1).getInitiatorToken());
+ rpd.setRecipientToken(tokWrapper.getToken());
+ rpd.setInitiatorToken(tokWrapper1.getToken());
}
- private static void processSupportingTokens(SupportingToken token,
+ private static void processSupportingTokens(SupportingTokens token,
RampartPolicyData rpd) throws WSSPolicyException {
rpd.setSupportingTokens(token);
}
Index: modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
===================================================================
--- modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java (revision 1207051)
+++ modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java (working copy)
@@ -94,9 +94,9 @@
if(!rmd.isInitiator()) {
//Just an indicator for EndorsingSupportingToken signature
- SupportingToken endSupportingToken = rpd.getEndorsingSupportingTokens();
+ SupportingTokens endSupportingToken = rpd.getEndorsingSupportingTokens();
if(endSupportingToken != null && !endSupportingToken.isOptional()) {
- SignedEncryptedParts endSignedParts = endSupportingToken.getSignedParts();
+ SignedParts endSignedParts = endSupportingToken.getSignedParts();
if((endSignedParts != null && !endSignedParts.isOptional() &&
(endSignedParts.isBody() ||
endSignedParts.getHeaders().size() > 0)) ||
@@ -106,9 +106,9 @@
}
}
//Just an indicator for SignedEndorsingSupportingToken signature
- SupportingToken sgndEndSupportingToken = rpd.getSignedEndorsingSupportingTokens();
+ SupportingTokens sgndEndSupportingToken = rpd.getSignedEndorsingSupportingTokens();
if(sgndEndSupportingToken != null && !sgndEndSupportingToken.isOptional()) {
- SignedEncryptedParts sgndEndSignedParts = sgndEndSupportingToken.getSignedParts();
+ SignedParts sgndEndSignedParts = sgndEndSupportingToken.getSignedParts();
if((sgndEndSignedParts != null && !sgndEndSignedParts.isOptional() &&
(sgndEndSignedParts.isBody() ||
sgndEndSignedParts.getHeaders().size() > 0)) ||
@@ -120,7 +120,7 @@
Vector supportingToks = rpd.getSupportingTokensList();
for (int i = 0; i < supportingToks.size(); i++) {
- SupportingToken supportingToken = (SupportingToken) supportingToks.get(i);
+ SupportingTokens supportingToken = (SupportingTokens) supportingToks.get(i);
if (supportingToken != null && !supportingToken.isOptional()) {
SupportingPolicyData policyData = new SupportingPolicyData();
policyData.build(supportingToken);
@@ -216,8 +216,8 @@
RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
- SupportingToken sgndSupTokens = rpd.getSignedSupportingTokens();
- SupportingToken sgndEndorSupTokens = rpd.getSignedEndorsingSupportingTokens();
+ SupportingTokens sgndSupTokens = rpd.getSignedSupportingTokens();
+ SupportingTokens sgndEndorSupTokens = rpd.getSignedEndorsingSupportingTokens();
if(sig && signatureParts.size() == 0
&& (sgndSupTokens == null || sgndSupTokens.getTokens().size() == 0)
@@ -266,14 +266,14 @@
RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
Vector supportingToks = rpd.getSupportingTokensList();
for (int i = 0; i < supportingToks.size(); i++) {
- SupportingToken suppTok = (SupportingToken) supportingToks.get(i);
+ SupportingTokens suppTok = (SupportingTokens) supportingToks.get(i);
handleSupportingTokens(results, suppTok);
}
- SupportingToken signedSuppToken = rpd.getSignedSupportingTokens();
+ SupportingTokens signedSuppToken = rpd.getSignedSupportingTokens();
handleSupportingTokens(results, signedSuppToken);
- SupportingToken signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens();
+ SupportingTokens signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens();
handleSupportingTokens(results, signedEndSuppToken);
- SupportingToken endSuppToken = rpd.getEndorsingSupportingTokens();
+ SupportingTokens endSuppToken = rpd.getEndorsingSupportingTokens();
handleSupportingTokens(results, endSuppToken);
}
@@ -282,15 +282,15 @@
* @param suppTok
* @throws RampartException
*/
- protected void handleSupportingTokens(Vector results, SupportingToken suppTok) throws RampartException {
+ protected void handleSupportingTokens(Vector results, SupportingTokens suppTok) throws RampartException {
if(suppTok == null) {
return;
}
- ArrayList tokens = suppTok.getTokens();
+ List tokens = suppTok.getTokens();
for (Iterator iter = tokens.iterator(); iter.hasNext();) {
- Token token = (Token) iter.next();
+ AbstractToken token = (AbstractToken) iter.next();
if(token instanceof UsernameToken) {
UsernameToken ut = (UsernameToken) token;
//Check presence of a UsernameToken
@@ -325,7 +325,7 @@
protected void validateProtectionOrder(ValidatorData data, Vector results)
throws RampartException {
- String protectionOrder = data.getRampartMessageData().getPolicyData().getProtectionOrder();
+ AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder = data.getRampartMessageData().getPolicyData().getProtectionOrder();
ArrayList sigEncrActions = this.getSigEncrActions(results);
if(sigEncrActions.size() < 2) {
@@ -352,7 +352,7 @@
boolean done = false;
- if(SPConstants.SIGN_BEFORE_ENCRYPTING.equals(protectionOrder)) {
+ if(AbstractSymmetricAsymmetricBinding.ProtectionOrder.SignBeforeEncrypting == protectionOrder) {
boolean sigFound = false;
for (Iterator iter = sigEncrActions.iterator();
@@ -876,23 +876,23 @@
Vector supportingToks = rpd.getSupportingTokensList();
for (int i = 0; i < supportingToks.size(); i++) {
- SupportingToken suppTok = (SupportingToken) supportingToks.get(i);
+ SupportingTokens suppTok = (SupportingTokens) supportingToks.get(i);
if (isUsernameTokenPresent(suppTok)) {
return true;
}
}
- SupportingToken signedSuppToken = rpd.getSignedSupportingTokens();
+ SupportingTokens signedSuppToken = rpd.getSignedSupportingTokens();
if(isUsernameTokenPresent(signedSuppToken)) {
return true;
}
- SupportingToken signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens();
+ SupportingTokens signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens();
if(isUsernameTokenPresent(signedEndSuppToken)) {
return true;
}
- SupportingToken endSuppToken = rpd.getEndorsingSupportingTokens();
+ SupportingTokens endSuppToken = rpd.getEndorsingSupportingTokens();
if(isUsernameTokenPresent(endSuppToken)){
return true;
}
@@ -902,15 +902,15 @@
}
- protected boolean isUsernameTokenPresent(SupportingToken suppTok) {
+ protected boolean isUsernameTokenPresent(SupportingTokens suppTok) {
if(suppTok == null) {
return false;
}
- ArrayList tokens = suppTok.getTokens();
+ List tokens = suppTok.getTokens();
for (Iterator iter = tokens.iterator(); iter.hasNext();) {
- Token token = (Token) iter.next();
+ AbstractToken token = (AbstractToken) iter.next();
if(token instanceof UsernameToken) {
return true;
}
Index: modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
===================================================================
--- modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java (revision 1207051)
+++ modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java (working copy)
@@ -36,6 +36,7 @@
import org.apache.axis2.mex.om.MetadataReference;
import org.apache.axis2.mex.om.MetadataSection;
import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.axis2.util.*;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -424,7 +425,7 @@
* @return The address of an issuer address element
* @throws RampartException If the issuer address element is malformed.
*/
- public static String processIssuerAddress(OMElement issuerAddress)
+ public static String processIssuerAddress(OMElement issuerAddress)
throws RampartException {
if(issuerAddress == null){
@@ -439,7 +440,7 @@
return issuerAddress.getText().trim();
}
-
+
/**
* Retrieve policy using metadata reference
* <wsa:Metadata xmlns:wsa="http://www.w3.org/2005/08/addressing">
@@ -516,7 +517,7 @@
log.debug("Creating RSTTemplate for an SCT request");
OMFactory fac = OMAbstractFactory.getOMFactory();
- OMNamespace wspNs = fac.createOMNamespace(SPConstants.P_NS, "wsp");
+ OMNamespace wspNs = fac.createOMNamespace(org.apache.neethi.Constants.URI_POLICY_15_NS, "wsp");
OMElement rstTempl = fac.createOMElement(
SPConstants.REQUEST_SECURITY_TOKEN_TEMPLATE,
wspNs);
@@ -598,10 +599,17 @@
RahasConstants.RST_ACTION_SCT);
// Get sts epr
- OMElement issuerEpr = secConvTok.getIssuerEpr();
+ Element issuerElement = secConvTok.getIssuer();
String issuerEprAddress = rmd.getMsgContext().getTo().getAddress();
- if(issuerEpr != null) {
- issuerEprAddress = RampartUtil.processIssuerAddress(issuerEpr);
+ if(issuerElement != null) {
+ OMElement issuer = null;
+ try {
+ issuer = XMLUtils.toOM(issuerElement);
+ } catch (Exception e) {
+ throw new TrustException(TrustException.INVALID_SECURITY_TOKEN, e);
+ }
+ OMElement issuerExp = issuer.getFirstElement();
+ issuerEprAddress = RampartUtil.processIssuerAddress(issuerExp);
}
//Find SC version
@@ -659,19 +667,36 @@
RahasConstants.RST_ACTION_ISSUE);
// Get sts epr
- String issuerEprAddress = RampartUtil.processIssuerAddress(issuedToken
- .getIssuerEpr());
+ String issuerEprAddress = null;
+ OMElement issuerMex = null;
+ final Element issuerElement = issuedToken.getIssuer();
+ if (issuerElement != null) {
+ final OMElement issuer = XMLUtils.toOM(issuerElement);
+ OMElement issuerEpr = issuer.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Address"));
+ //try the other addressing namespace
+ if (issuerEpr == null) {
+ issuerEpr = issuer.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Address"));
+ }
+ issuerEprAddress = RampartUtil.processIssuerAddress(issuerEpr);
- OMElement rstTemplate = issuedToken.getRstTemplate();
+ issuerMex = issuer.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Metadata"));
+ //try the other addressing namespace
+ if (issuerMex == null) {
+ issuerMex = issuer.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Metadata"));
+ }
+ }
+
+ Element rstTemplateElement = issuedToken.getRequestSecurityTokenTemplate();
+ OMElement rstTemplate = XMLUtils.toOM(rstTemplateElement);
+
// Get STS policy
Policy stsPolicy = (Policy)rmd.getMsgContext().getProperty(RampartMessageData.RAMPART_STS_POLICY);
-
- if( stsPolicy == null && issuedToken.getIssuerMex() != null) {
- stsPolicy = RampartUtil.getPolicyFromMetadataRef(issuedToken.getIssuerMex());
+
+ if( stsPolicy == null && issuerMex != null) {
+ stsPolicy = RampartUtil.getPolicyFromMetadataRef(issuerMex);
RampartUtil.addRampartConfig(rmd, stsPolicy);
}
-
String id = getToken(rmd, rstTemplate, issuerEprAddress, action,
stsPolicy);
@@ -681,7 +706,9 @@
return id;
} catch (TrustException e) {
throw new RampartException("errorInObtainingToken", e);
- }
+ } catch (Exception e) {
+ throw new RampartException("errorInObtainingToken", e);
+ }
}
/**
@@ -1314,14 +1341,14 @@
* the WSS11 and WSS10 assertions
*/
- public static void setKeyIdentifierType(RampartMessageData rmd, WSSecBase secBase,org.apache.ws.secpolicy.model.Token token) {
+ public static void setKeyIdentifierType(RampartMessageData rmd, WSSecBase secBase,AbstractToken token) {
// Use a reference rather than the binary security token if: the policy never allows the token to be
// included; or this is the recipient and the token should only be included in requests; or this is
// the initiator and the token should only be included in responses.
- final boolean useReference = token.getInclusion() == SPConstants.INCLUDE_TOKEN_NEVER
- || !rmd.isInitiator() && token.getInclusion() == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT
- || rmd.isInitiator() && token.getInclusion() == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_INITIATOR;
+ final boolean useReference = token.getIncludeTokenType() == SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER
+ || !rmd.isInitiator() && token.getIncludeTokenType() == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
+ || rmd.isInitiator() && token.getIncludeTokenType() == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR;
if (useReference) {
boolean tokenTypeSet = false;
@@ -1562,13 +1589,13 @@
}
// Checking for supporting tokens
- SupportingToken supportingTokens;
+ SupportingTokens supportingTokens;
if (!initiator && inflow || initiator && !inflow ) {
Vector supportingToks = rpd.getSupportingTokensList();
for (int i = 0; i < supportingToks.size(); i++) {
- supportingTokens = (SupportingToken) supportingToks.get(i);
+ supportingTokens = (SupportingTokens) supportingToks.get(i);
if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
return true;
}
@@ -1727,7 +1754,7 @@
throw new RampartException("invalidTransport",
new String[]{incomingTransport});
}
- if (((HttpsToken) rpd.getTransportToken()).isRequireClientCertificate()) {
+ if (((HttpsToken) rpd.getTransportToken()).getAuthenticationType() == HttpsToken.AuthenticationType.RequireClientCertificate) {
MessageContext messageContext = rmd.getMsgContext();
HttpServletRequest request = ((HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST));
Index: modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java
===================================================================
--- modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java (revision 1207051)
+++ modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java (working copy)
@@ -49,11 +49,11 @@
ProtectionToken protectionToken = binding.getProtectionToken();
assertNotNull("ProtectionToken missing", protectionToken);
- Token token = protectionToken.getProtectionToken();
+ AbstractToken token = protectionToken.getToken();
if(token instanceof X509Token) {
assertEquals("incorrect X509 token versin and type",
- SPConstants.WSS_X509_V3_TOKEN10,
- ((X509Token) token).getTokenVersionAndType());
+ X509Token.TokenType.WssX509V3Token10,
+ ((X509Token) token).getTokenType());
} else {
fail("ProtectionToken must contain a X509Token assertion");
}
Index: pom.xml
===================================================================
--- pom.xml (revision 1207051)
+++ pom.xml (working copy)
@@ -20,7 +20,8 @@
-->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.apache</groupId>
@@ -32,7 +33,7 @@
<modelVersion>4.0.0</modelVersion>
<artifactId>rampart-project</artifactId>
<packaging>pom</packaging>
- <description> WS-Security, WS-Trust and WS-SecureConversation implementaion for Apache Axis2 </description>
+ <description>WS-Security, WS-Trust and WS-SecureConversation implementaion for Apache Axis2</description>
<version>1.7.0-SNAPSHOT</version>
<name>Apache Rampart</name>
<url>http://axis.apache.org/axis2/java/rampart</url>
@@ -53,7 +54,7 @@
<system>JIRA</system>
<url>http://issues.apache.org/jira/browse/RAMPART</url>
</issueManagement>
-
+
<mailingLists>
<mailingList>
<name>Rampart Developers</name>
@@ -98,7 +99,7 @@
<name>Nandana Mihindukulasooriya</name>
<id>nandana</id>
<email>nandana AT apache.org</email>
- <organization />
+ <organization/>
</developer>
<developer>
<name>Thilina Buddhika</name>
@@ -181,86 +182,6 @@
<dependencies>
-
- <!-- Axis2 and Axiom Dependencies -->
- <dependency>
- <groupId>org.apache.axis2</groupId>
- <artifactId>axis2-kernel</artifactId>
- <version>${axis2.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.axis2</groupId>
- <artifactId>mex</artifactId>
- <version>${axis2.version}</version>
- <classifier>impl</classifier>
- </dependency>
- <dependency>
- <groupId>org.apache.axis2</groupId>
- <artifactId>axis2-mtompolicy</artifactId>
- <version>${axis2.version}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.axis2</groupId>
- <artifactId>addressing</artifactId>
- <type>mar</type>
- <version>${axis2.version}</version>
- <scope>compile</scope>
- </dependency>
-
- <!-- Other Rampart Dependencies -->
- <dependency>
- <groupId>org.apache.ws.security</groupId>
- <artifactId>wss4j</artifactId>
- <version>${wss4j.version}</version>
- <exclusions>
- <!-- We exclude xalan:xalan as a transitive dependency, but include
- org.apache.xalan:xalan as a direct dependency. This avoids
- conflicts with the dependencies of org.opensaml:opensaml
- (which uses org.apache.xalan:xalan). -->
- <exclusion>
- <artifactId>xalan</artifactId>
- <groupId>xalan</groupId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.apache.xalan</groupId>
- <artifactId>xalan</artifactId>
- <version>2.7.1</version>
- </dependency>
- <dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml1</artifactId>
- <version>1.1</version>
- </dependency>
- <dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml</artifactId>
- <version>2.2.3</version>
- <exclusions>
- <!-- Don't allow OpenSAML to impose a particular logging implementation -->
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>jcl-over-slf4j</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>log4j-over-slf4j</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>commons-lang</groupId>
- <artifactId>commons-lang</artifactId>
- <version>2.3</version>
- </dependency>
- <dependency>
- <groupId>bouncycastle</groupId>
- <artifactId>bcprov-jdk15</artifactId>
- <version>${bcprov.jdk15.version}</version>
- </dependency>
-
<!-- Junit Dependency -->
<dependency>
<groupId>junit</groupId>
@@ -273,6 +194,91 @@
<dependencyManagement>
<dependencies>
+ <!-- Axis2 and Axiom Dependencies -->
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-kernel</artifactId>
+ <version>${axis2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>mex</artifactId>
+ <version>${axis2.version}</version>
+ <classifier>impl</classifier>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-mtompolicy</artifactId>
+ <version>${axis2.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>addressing</artifactId>
+ <type>mar</type>
+ <version>${axis2.version}</version>
+ <scope>compile</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.neethi</groupId>
+ <artifactId>neethi</artifactId>
+ <version>${neethi.version}</version>
+ </dependency>
+
+ <!-- Other Rampart Dependencies -->
+ <dependency>
+ <groupId>org.apache.ws.security</groupId>
+ <artifactId>wss4j</artifactId>
+ <version>${wss4j.version}</version>
+ <exclusions>
+ <!-- We exclude xalan:xalan as a transitive dependency, but include
+ org.apache.xalan:xalan as a direct dependency. This avoids
+ conflicts with the dependencies of org.opensaml:opensaml
+ (which uses org.apache.xalan:xalan). -->
+ <exclusion>
+ <artifactId>xalan</artifactId>
+ <groupId>xalan</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>2.7.1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml1</artifactId>
+ <version>1.1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ <version>2.2.3</version>
+ <exclusions>
+ <!-- Don't allow OpenSAML to impose a particular logging implementation -->
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>commons-lang</groupId>
+ <artifactId>commons-lang</artifactId>
+ <version>2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ <version>${bcprov.jdk15.version}</version>
+ </dependency>
+
<!-- Since Rampart depends on DOOM, but axiom-dom is not a transitive
dependency, we need to manage the Axiom version. -->
<dependency>
@@ -365,7 +371,7 @@
</plugins>
</build>
</profile>
-
+
<profile>
<!-- Profile that includes all modules. This is handy when using maven-release-plugin
for anything else than doing a release. -->
@@ -391,6 +397,8 @@
<axis2.version>1.7.0-SNAPSHOT</axis2.version>
<axiom.version>1.2.13-SNAPSHOT</axiom.version>
+ <neethi.version>3.0.2-SNAPSHOT</neethi.version>
+
<wss4j.version>1.5.13-SNAPSHOT</wss4j.version>
<opensaml.version>1.1</opensaml.version>