| Index: modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java |
| =================================================================== |
| --- modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java (revision 1207051) |
| +++ modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java (working copy) |
| @@ -43,8 +43,8 @@ |
| import org.apache.rahas.TokenStorage; |
| import org.apache.rahas.TrustException; |
| import org.apache.rahas.TrustUtil; |
| +import org.apache.ws.secpolicy.model.AbstractBinding; |
| import org.apache.ws.secpolicy.model.AlgorithmSuite; |
| -import org.apache.ws.secpolicy.model.Binding; |
| import org.apache.ws.secpolicy.model.Trust10; |
| import org.apache.ws.secpolicy.model.Trust13; |
| import org.apache.ws.security.WSConstants; |
| @@ -58,6 +58,8 @@ |
| import org.apache.ws.security.util.WSSecurityUtil; |
| import org.apache.ws.security.util.XmlSchemaDateFormat; |
| import org.w3c.dom.Element; |
| +import org.w3c.dom.Node; |
| +import org.w3c.dom.NodeList; |
| |
| import javax.security.auth.callback.Callback; |
| import javax.security.auth.callback.CallbackHandler; |
| @@ -511,8 +513,8 @@ |
| P_SHA1 p_sha1 = new P_SHA1(); |
| |
| int length = (this.keySize > 0) ? keySize |
| - : this.algorithmSuite |
| - .getMaximumSymmetricKeyLength(); |
| + : this.algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength(); |
| + |
| try { |
| secret = p_sha1.createKey(this.requestorEntropy, serviceEntr, 0, length/8); |
| } catch (ConversationException e) { |
| @@ -618,11 +620,11 @@ |
| for (Iterator iter = issuerAssertions.iterator(); iter.hasNext();) { |
| Assertion tempAssertion = (Assertion) iter.next(); |
| //find the AlgorithmSuite assertion |
| - if (tempAssertion instanceof Binding) { |
| + if (tempAssertion instanceof AbstractBinding) { |
| |
| log.debug("Extracting algo suite from issuer policy binding"); |
| |
| - this.algorithmSuite = ((Binding) tempAssertion) |
| + this.algorithmSuite = ((AbstractBinding) tempAssertion) |
| .getAlgorithmSuite(); |
| } |
| } |
| @@ -718,8 +720,7 @@ |
| ent, |
| RahasConstants.BIN_SEC_TYPE_NONCE); |
| this.requestorEntropy = |
| - WSSecurityUtil.generateNonce(this.algorithmSuite. |
| - getMaximumSymmetricKeyLength()/8); |
| + WSSecurityUtil.generateNonce(this.algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength()/8); |
| binSec.setText(Base64.encode(this.requestorEntropy)); |
| |
| if (log.isDebugEnabled()) { |
| @@ -744,8 +745,7 @@ |
| ent, |
| RahasConstants.BIN_SEC_TYPE_NONCE); |
| this.requestorEntropy = |
| - WSSecurityUtil.generateNonce(this.algorithmSuite. |
| - getMaximumSymmetricKeyLength()/8); |
| + WSSecurityUtil.generateNonce(this.algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength()/8); |
| binSec.setText(Base64.encode(this.requestorEntropy)); |
| |
| if (log.isDebugEnabled()) { |
| Index: modules/rampart-trust/pom.xml |
| =================================================================== |
| --- modules/rampart-trust/pom.xml (revision 1207051) |
| +++ modules/rampart-trust/pom.xml (working copy) |
| @@ -63,9 +63,35 @@ |
| <version>${project.version}</version> |
| </dependency> |
| <dependency> |
| + <groupId>org.apache.axis2</groupId> |
| + <artifactId>axis2-kernel</artifactId> |
| + </dependency> |
| + <dependency> |
| + <groupId>org.apache.axis2</groupId> |
| + <artifactId>mex</artifactId> |
| + <classifier>impl</classifier> |
| + </dependency> |
| + <dependency> |
| + <groupId>org.apache.axis2</groupId> |
| + <artifactId>axis2-mtompolicy</artifactId> |
| + <scope>compile</scope> |
| + </dependency> |
| + <dependency> |
| + <groupId>org.apache.ws.security</groupId> |
| + <artifactId>wss4j</artifactId> |
| + </dependency> |
| + <dependency> |
| <groupId>org.apache.ws.commons.axiom</groupId> |
| <artifactId>axiom-dom</artifactId> |
| </dependency> |
| + <dependency> |
| + <groupId>org.opensaml</groupId> |
| + <artifactId>opensaml1</artifactId> |
| + </dependency> |
| + <dependency> |
| + <groupId>org.opensaml</groupId> |
| + <artifactId>opensaml</artifactId> |
| + </dependency> |
| </dependencies> |
| |
| <reporting> |
| Index: modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java |
| =================================================================== |
| --- modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java (revision 1207051) |
| +++ modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java (working copy) |
| @@ -30,10 +30,9 @@ |
| import org.apache.neethi.PolicyEngine; |
| import org.apache.rampart.RampartMessageData; |
| import org.apache.rampart.policy.RampartPolicyData; |
| -import org.apache.rampart.util.HandlerParameterDecoder; |
| import org.apache.rampart.util.RampartUtil; |
| -import org.apache.ws.secpolicy.model.Binding; |
| -import org.apache.ws.secpolicy.model.SupportingToken; |
| +import org.apache.ws.secpolicy.model.AbstractBinding; |
| +import org.apache.ws.secpolicy.model.SupportingTokens; |
| import org.apache.ws.security.WSConstants; |
| import org.apache.ws.security.handler.WSHandlerConstants; |
| |
| @@ -130,11 +129,11 @@ |
| for (Iterator iterator = assertions.iterator(); iterator.hasNext();) { |
| Assertion assertion = (Assertion) iterator.next(); |
| //Check for any *Binding assertion |
| - if (assertion instanceof Binding) { |
| + if (assertion instanceof AbstractBinding) { |
| securityPolicyPresent = true; |
| break; |
| // There can be security policies containing only supporting tokens |
| - } else if (assertion instanceof SupportingToken) { |
| + } else if (assertion instanceof SupportingTokens) { |
| securityPolicyPresent = true; |
| break; |
| } |
| Index: modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java |
| =================================================================== |
| --- modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java (revision 1207051) |
| +++ modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java (working copy) |
| @@ -19,6 +19,9 @@ |
| import org.apache.axiom.om.OMElement; |
| import org.apache.commons.logging.Log; |
| import org.apache.commons.logging.LogFactory; |
| +import org.apache.neethi.Assertion; |
| +import org.apache.neethi.Policy; |
| +import org.apache.neethi.builders.xml.XmlPrimitiveAssertion; |
| import org.apache.rahas.TrustException; |
| import org.apache.rampart.RampartConstants; |
| import org.apache.rampart.RampartException; |
| @@ -28,10 +31,7 @@ |
| import org.apache.rampart.policy.model.RampartConfig; |
| import org.apache.rampart.util.RampartUtil; |
| import org.apache.ws.secpolicy.SPConstants; |
| -import org.apache.ws.secpolicy.model.AlgorithmSuite; |
| -import org.apache.ws.secpolicy.model.SupportingToken; |
| -import org.apache.ws.secpolicy.model.Token; |
| -import org.apache.ws.secpolicy.model.X509Token; |
| +import org.apache.ws.secpolicy.model.*; |
| import org.apache.ws.security.WSConstants; |
| import org.apache.ws.security.WSEncryptionPart; |
| import WSSecurityException; |
| @@ -45,8 +45,10 @@ |
| import org.w3c.dom.Document; |
| import org.w3c.dom.Element; |
| |
| +import javax.xml.namespace.QName; |
| import java.util.HashMap; |
| import java.util.Iterator; |
| +import java.util.List; |
| import java.util.Vector; |
| |
| public class AsymmetricBindingBuilder extends BindingBuilder { |
| @@ -54,7 +56,7 @@ |
| private static Log log = LogFactory.getLog(AsymmetricBindingBuilder.class); |
| private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG); |
| |
| - private Token sigToken; |
| + private AbstractToken sigToken; |
| |
| private WSSecSignature sig; |
| |
| @@ -84,7 +86,7 @@ |
| this.addTimestamp(rmd); |
| } |
| |
| - if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) { |
| + if (AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning == rpd.getProtectionOrder()) { |
| this.doEncryptBeforeSig(rmd); |
| } else { |
| this.doSignBeforeEncrypt(rmd); |
| @@ -116,7 +118,7 @@ |
| /* |
| * We MUST use keys derived from the same token |
| */ |
| - Token encryptionToken = null; |
| + AbstractToken encryptionToken = null; |
| if(rmd.isInitiator()) { |
| encryptionToken = rpd.getRecipientToken(); |
| } else { |
| @@ -140,7 +142,7 @@ |
| throw new RampartException("rampartConigMissing"); |
| } |
| |
| - if (encryptionToken.isDerivedKeys()) { |
| + if (encryptionToken.getDerivedKeys() != null) { |
| try { |
| this.setupEncryptedKey(rmd, encryptionToken); |
| // Create the DK encryption builder |
| @@ -148,7 +150,7 @@ |
| dkEncr.setParts(encrParts); |
| dkEncr.setExternalKey(this.encryptedKeyValue, |
| this.encryptedKeyId); |
| - dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength()/8); |
| + dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getEncryptionDerivedKeyLength()/8); |
| dkEncr.prepare(doc); |
| |
| // Get and add the DKT element |
| @@ -169,9 +171,9 @@ |
| encr.setWsConfig(rmd.getConfig()); |
| encr.setDocument(doc); |
| RampartUtil.setEncryptionUser(rmd, encr); |
| - encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption()); |
| + encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption()); |
| RampartUtil.setKeyIdentifierType(rmd, encr, encryptionToken); |
| - encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap()); |
| + encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricKeyWrap()); |
| encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader())); |
| |
| Element bstElem = encr.getBinarySecurityTokenElement(); |
| @@ -215,30 +217,30 @@ |
| if (rmd.isInitiator()) { |
| |
| // Now add the supporting tokens |
| - SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens(); |
| + SupportingTokens sgndSuppTokens = rpd.getSignedSupportingTokens(); |
| sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens); |
| |
| - SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens(); |
| + SupportingTokens endSuppTokens = rpd.getEndorsingSupportingTokens(); |
| endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens); |
| |
| - SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); |
| + SupportingTokens sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); |
| sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens); |
| |
| - SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens(); |
| + SupportingTokens sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens(); |
| sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens); |
| |
| - SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens(); |
| + SupportingTokens endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens(); |
| endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens); |
| |
| - SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); |
| + SupportingTokens sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); |
| sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens); |
| |
| Vector supportingToks = rpd.getSupportingTokensList(); |
| for (int i = 0; i < supportingToks.size(); i++) { |
| - this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i)); |
| + this.handleSupportingTokens(rmd, (SupportingTokens)supportingToks.get(i)); |
| } |
| |
| - SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens(); |
| + SupportingTokens encryptedSupportingToks = rpd.getEncryptedSupportingTokens(); |
| this.handleSupportingTokens(rmd, encryptedSupportingToks); |
| |
| //Setup signature parts |
| @@ -302,7 +304,7 @@ |
| |
| Element secondRefList = null; |
| |
| - if (encryptionToken.isDerivedKeys()) { |
| + if (encryptionToken.getDerivedKeys() != null) { |
| try { |
| |
| secondRefList = dkEncr.encryptForExternalRef(null, |
| @@ -371,30 +373,30 @@ |
| if (rmd.isInitiator()) { |
| |
| // Now add the supporting tokens |
| - SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens(); |
| + SupportingTokens sgndSuppTokens = rpd.getSignedSupportingTokens(); |
| sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens); |
| |
| - SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens(); |
| + SupportingTokens endSuppTokens = rpd.getEndorsingSupportingTokens(); |
| endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens); |
| |
| - SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); |
| + SupportingTokens sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); |
| sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens); |
| |
| - SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens(); |
| + SupportingTokens sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens(); |
| sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens); |
| |
| - SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens(); |
| + SupportingTokens endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens(); |
| endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens); |
| |
| - SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); |
| + SupportingTokens sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); |
| sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens); |
| |
| Vector supportingToks = rpd.getSupportingTokensList(); |
| for (int i = 0; i < supportingToks.size(); i++) { |
| - this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i)); |
| + this.handleSupportingTokens(rmd, (SupportingTokens)supportingToks.get(i)); |
| } |
| |
| - SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens(); |
| + SupportingTokens encryptedSupportingToks = rpd.getEncryptedSupportingTokens(); |
| this.handleSupportingTokens(rmd, encryptedSupportingToks); |
| |
| //Setup signature parts |
| @@ -472,7 +474,7 @@ |
| } |
| |
| //Do encryption |
| - Token encrToken; |
| + AbstractToken encrToken; |
| if (rmd.isInitiator()) { |
| encrToken = rpd.getRecipientToken(); |
| } else { |
| @@ -482,7 +484,7 @@ |
| if(encrToken != null && encrParts.size() > 0) { |
| Element refList = null; |
| AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite(); |
| - if(encrToken.isDerivedKeys()) { |
| + if(encrToken.getDerivedKeys() != null) { |
| |
| try { |
| WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(); |
| @@ -494,8 +496,8 @@ |
| dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId); |
| dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#" |
| + WSConstants.ENC_KEY_VALUE_TYPE); |
| - dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption()); |
| - dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()/8); |
| + dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption()); |
| + dkEncr.setDerivedKeyLength(algorithmSuite.getAlgorithmSuiteType().getEncryptionDerivedKeyLength()/8); |
| dkEncr.prepare(doc); |
| |
| |
| @@ -529,8 +531,8 @@ |
| |
| encr.setDocument(doc); |
| RampartUtil.setEncryptionUser(rmd, encr); |
| - encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption()); |
| - encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap()); |
| + encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption()); |
| + encr.setKeyEncAlgo(algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap()); |
| encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd |
| .getRampartConfig(), rmd.getCustomClassLoader())); |
| |
| @@ -575,7 +577,7 @@ |
| SupportingPolicyData policyData = null; |
| if (supportingTokens.get(i) != null) { |
| policyData = (SupportingPolicyData) supportingTokens.get(i); |
| - Token supportingEncrToken = policyData.getEncryptionToken(); |
| + AbstractToken supportingEncrToken = policyData.getEncryptionToken(); |
| Vector supoortingEncrParts = RampartUtil.getSupportingEncryptedParts(rmd, |
| policyData); |
| |
| @@ -597,7 +599,7 @@ |
| private void doSupportingSignature(RampartMessageData rmd, Vector supportingSigParts, |
| SupportingPolicyData supportingData) throws RampartException { |
| |
| - Token supportingSigToken; |
| + AbstractToken supportingSigToken; |
| WSSecSignature supportingSig; |
| Element supportingSignatureElement; |
| |
| @@ -611,8 +613,23 @@ |
| if (!(supportingSigToken instanceof X509Token)) { |
| return; |
| } |
| + |
| + String userCertAlias = null; |
| + QName USER_CERT_ALIAS_QNAME = new QName("http://ws.apache.org/rampart/policy", "userCertAlias"); |
| + Policy nestedPolicy = supportingSigToken.getPolicy(); |
| + Iterator<List<Assertion>> assertionListIterator = nestedPolicy.getAlternatives(); |
| + while (assertionListIterator.hasNext()) { |
| + List<Assertion> assertionList = assertionListIterator.next(); |
| + for (int i = 0; i < assertionList.size(); i++) { |
| + Assertion assertion = assertionList.get(i); |
| + if (USER_CERT_ALIAS_QNAME.equals(assertion.getName())) { |
| + userCertAlias = ((XmlPrimitiveAssertion)assertion).getTextValue(); |
| + break; |
| + } |
| + } |
| + } |
| supportingSig = this.getSignatureBuilder(rmd, supportingSigToken, |
| - ((X509Token) supportingSigToken).getUserCertAlias()); |
| + userCertAlias); |
| Element bstElem = supportingSig.getBinarySecurityTokenElement(); |
| if (bstElem != null) { |
| bstElem = RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), bstElem); |
| @@ -624,7 +641,7 @@ |
| } |
| |
| try { |
| - supportingSig.setDigestAlgo(rmd.getPolicyData().getAlgorithmSuite().getDigest()); |
| + supportingSig.setDigestAlgo(rmd.getPolicyData().getAlgorithmSuite().getAlgorithmSuiteType().getDigest()); |
| supportingSig.addReferencesToSign(supportingSigParts, rmd.getSecHeader()); |
| supportingSig.computeSignature(); |
| |
| @@ -661,7 +678,7 @@ |
| sigToken = rpd.getRecipientToken(); |
| } |
| |
| - if (sigToken.isDerivedKeys()) { |
| + if (sigToken.getDerivedKeys() != null) { |
| // Set up the encrypted key to use |
| if(this.encrKey == null) { |
| setupEncryptedKey(rmd, sigToken); |
| @@ -674,7 +691,7 @@ |
| dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite() |
| .getSymmetricSignature()); |
| dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite() |
| - .getSignatureDerivedKeyLength() / 8); |
| + .getAlgorithmSuiteType().getSignatureDerivedKeyLength() / 8); |
| dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#" |
| + WSConstants.ENC_KEY_VALUE_TYPE); |
| try { |
| @@ -729,7 +746,7 @@ |
| } |
| |
| try { |
| - sig.setDigestAlgo(rpd.getAlgorithmSuite().getDigest()); |
| + sig.setDigestAlgo(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getDigest()); |
| sig.addReferencesToSign(sigParts, rmd.getSecHeader()); |
| sig.computeSignature(); |
| |
| @@ -753,7 +770,7 @@ |
| } |
| |
| private void doEncryptionWithSupportingToken(RampartPolicyData rpd, RampartMessageData rmd, |
| - Token encrToken, Document doc, Vector encrParts) throws RampartException { |
| + AbstractToken encrToken, Document doc, Vector encrParts) throws RampartException { |
| Element refList = null; |
| try { |
| if (!(encrToken instanceof X509Token)) { |
| @@ -767,9 +784,25 @@ |
| encr.setWsConfig(rmd.getConfig()); |
| |
| encr.setDocument(doc); |
| - RampartUtil.setEncryptionUser(rmd, encr, ((X509Token) encrToken).getEncryptionUser()); |
| - encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption()); |
| - encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap()); |
| + |
| + String encryptionUser = null; |
| + QName ENCRYPTION_USER_QNAME = new QName("http://ws.apache.org/rampart/policy", "encryptionUser"); |
| + Policy nestedPolicy = encrToken.getPolicy(); |
| + Iterator<List<Assertion>> assertionListIterator = nestedPolicy.getAlternatives(); |
| + while (assertionListIterator.hasNext()) { |
| + List<Assertion> assertionList = assertionListIterator.next(); |
| + for (int i = 0; i < assertionList.size(); i++) { |
| + Assertion assertion = assertionList.get(i); |
| + if (ENCRYPTION_USER_QNAME.equals(assertion.getName())) { |
| + encryptionUser = ((XmlPrimitiveAssertion)assertion).getTextValue(); |
| + break; |
| + } |
| + } |
| + } |
| + |
| + RampartUtil.setEncryptionUser(rmd, encr, encryptionUser); |
| + encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption()); |
| + encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricKeyWrap()); |
| encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd |
| .getCustomClassLoader())); |
| |
| @@ -805,9 +838,9 @@ |
| * @param rmd |
| * @throws RampartException |
| */ |
| - private void setupEncryptedKey(RampartMessageData rmd, Token token) |
| + private void setupEncryptedKey(RampartMessageData rmd, AbstractToken token) |
| throws RampartException { |
| - if(!rmd.isInitiator() && token.isDerivedKeys()) { |
| + if(!rmd.isInitiator() && token.getDerivedKeys() != null) { |
| |
| //If we already have them, simply return |
| if(this.encryptedKeyId != null && this.encryptedKeyValue != null) { |
| @@ -843,7 +876,7 @@ |
| * @param token |
| * @throws RampartException |
| */ |
| - private void createEncryptedKey(RampartMessageData rmd, Token token) throws RampartException { |
| + private void createEncryptedKey(RampartMessageData rmd, AbstractToken token) throws RampartException { |
| //Set up the encrypted key to use |
| encrKey = this.getEncryptedKeyBuilder(rmd, token); |
| |
| Index: modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java |
| =================================================================== |
| --- modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java (revision 1207051) |
| +++ modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java (working copy) |
| @@ -28,15 +28,8 @@ |
| import org.apache.rampart.policy.RampartPolicyData; |
| import org.apache.rampart.policy.SupportingPolicyData; |
| import org.apache.rampart.util.RampartUtil; |
| -import org.apache.ws.secpolicy.Constants; |
| import org.apache.ws.secpolicy.SPConstants; |
| -import org.apache.ws.secpolicy.model.AlgorithmSuite; |
| -import org.apache.ws.secpolicy.model.IssuedToken; |
| -import org.apache.ws.secpolicy.model.SecureConversationToken; |
| -import org.apache.ws.secpolicy.model.SupportingToken; |
| -import org.apache.ws.secpolicy.model.Token; |
| -import org.apache.ws.secpolicy.model.UsernameToken; |
| -import org.apache.ws.secpolicy.model.X509Token; |
| +import org.apache.ws.secpolicy.model.*; |
| import org.apache.ws.security.WSConstants; |
| import org.apache.ws.security.WSEncryptionPart; |
| import org.apache.ws.security.WSPasswordCallback; |
| @@ -61,12 +54,7 @@ |
| import javax.security.auth.callback.UnsupportedCallbackException; |
| |
| import java.io.IOException; |
| -import java.util.ArrayList; |
| -import java.util.Date; |
| -import java.util.HashMap; |
| -import java.util.Iterator; |
| -import java.util.Set; |
| -import java.util.Vector; |
| +import java.util.*; |
| import java.util.Map.Entry; |
| |
| public abstract class BindingBuilder { |
| @@ -137,7 +125,7 @@ |
| } |
| |
| // If NoPassword property is set we don't need to set the password |
| - if (token.isNoPassword()) { |
| + if (token.getPasswordType() == UsernameToken.PasswordType.NoPassword) { |
| WSSecUsernameToken utBuilder = new WSSecUsernameToken(); |
| utBuilder.setUserInfo(user, null); |
| utBuilder.setPasswordType(null); |
| @@ -186,7 +174,7 @@ |
| if(rmd.getConfig() != null) { |
| utBuilder.setWsConfig(rmd.getConfig()); |
| } |
| - if (token.isHashPassword()) { |
| + if (token.getPasswordType() == UsernameToken.PasswordType.HashPassword) { |
| utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST); |
| } else { |
| utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT); |
| @@ -216,7 +204,7 @@ |
| * @throws WSSecurityException |
| * @throws RampartException |
| */ |
| - protected WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rmd, Token token) throws RampartException { |
| + protected WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rmd, AbstractToken token) throws RampartException { |
| |
| RampartPolicyData rpd = rmd.getPolicyData(); |
| Document doc = rmd.getDocument(); |
| @@ -226,8 +214,8 @@ |
| try { |
| RampartUtil.setKeyIdentifierType(rmd, encrKey, token); |
| RampartUtil.setEncryptionUser(rmd, encrKey); |
| - encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength()); |
| - encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap()); |
| + encrKey.setKeySize(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getMaximumSymmetricKeyLength()); |
| + encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricKeyWrap()); |
| |
| encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader())); |
| |
| @@ -240,23 +228,23 @@ |
| //Deprecated after 1.5 release |
| @Deprecated |
| protected WSSecSignature getSignatureBuider(RampartMessageData rmd, |
| - Token token) throws RampartException { |
| + AbstractToken token) throws RampartException { |
| return getSignatureBuilder(rmd, token, null); |
| } |
| |
| //Deprecated after 1.5 release |
| @Deprecated |
| - protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token token, |
| + protected WSSecSignature getSignatureBuider(RampartMessageData rmd, AbstractToken token, |
| String userCertAlias) throws RampartException { |
| return getSignatureBuilder(rmd, token, userCertAlias); |
| } |
| |
| protected WSSecSignature getSignatureBuilder(RampartMessageData rmd, |
| - Token token)throws RampartException { |
| + AbstractToken token)throws RampartException { |
| return getSignatureBuilder(rmd, token, null); |
| } |
| |
| - protected WSSecSignature getSignatureBuilder(RampartMessageData rmd, Token token, |
| + protected WSSecSignature getSignatureBuilder(RampartMessageData rmd, AbstractToken token, |
| String userCertAlias) throws RampartException { |
| |
| RampartPolicyData rpd = rmd.getPolicyData(); |
| @@ -266,7 +254,7 @@ |
| sig.setWsConfig(rmd.getConfig()); |
| |
| if (log.isDebugEnabled()) { |
| - log.debug("Token inclusion: " + token.getInclusion()); |
| + log.debug("Token inclusion: " + token.getIncludeTokenType()); |
| } |
| |
| RampartUtil.setKeyIdentifierType(rmd, sig, token); |
| @@ -334,8 +322,8 @@ |
| sig.setUserInfo(user, password); |
| AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite(); |
| sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature()); |
| - sig.setSigCanonicalization(algorithmSuite.getInclusiveC14n()); |
| - sig.setDigestAlgo(algorithmSuite.getDigest()); |
| + sig.setSigCanonicalization(algorithmSuite.getC14n().getValue()); |
| + sig.setDigestAlgo(algorithmSuite.getAlgorithmSuiteType().getDigest()); |
| |
| try { |
| sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd |
| @@ -353,7 +341,7 @@ |
| * @param suppTokens |
| * @throws RampartException |
| */ |
| - protected HashMap handleSupportingTokens(RampartMessageData rmd, SupportingToken suppTokens) |
| + protected HashMap handleSupportingTokens(RampartMessageData rmd, SupportingTokens suppTokens) |
| throws RampartException { |
| |
| //Create the list to hold the tokens |
| @@ -363,9 +351,9 @@ |
| suppTokens.getTokens().size() > 0) { |
| log.debug("Processing supporting tokens"); |
| |
| - ArrayList tokens = suppTokens.getTokens(); |
| - for (Iterator iter = tokens.iterator(); iter.hasNext();) { |
| - Token token = (Token) iter.next(); |
| + List<AbstractToken> tokens = suppTokens.getTokens(); |
| + for (Iterator<AbstractToken> iter = tokens.iterator(); iter.hasNext();) { |
| + AbstractToken token = iter.next(); |
| org.apache.rahas.Token endSuppTok = null; |
| if(token instanceof IssuedToken && rmd.isInitiator()){ |
| String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token); |
| @@ -387,7 +375,7 @@ |
| (Element) endSuppTok.getToken()); |
| this.setInsertionLocation(siblingElem); |
| |
| - if (suppTokens.isEncryptedToken()) { |
| + if (suppTokens.getSupportingTokenType().getName().getLocalPart().equals(SPConstants.ENCRYPTION_TOKEN)) { |
| this.encryptedTokensIdList.add(endSuppTok.getId()); |
| } |
| |
| @@ -411,7 +399,7 @@ |
| supportingPolcy.setEncryptionToken(token); |
| rmd.getPolicyData().addSupportingPolicyData(supportingPolcy); |
| |
| - if (suppTokens.isEncryptedToken()) { |
| + if (suppTokens.getSupportingTokenType().getName().getLocalPart().equals(SPConstants.ENCRYPTION_TOKEN)) { |
| this.encryptedTokensIdList.add(sig.getBSTTokenId()); |
| } |
| } |
| @@ -496,7 +484,7 @@ |
| |
| for (Iterator iter = tokenSet.iterator(); iter.hasNext();) { |
| |
| - Token token = (Token)iter.next(); |
| + AbstractToken token = (AbstractToken)iter.next(); |
| |
| Object tempTok = tokenMap.get(token); |
| |
| @@ -539,29 +527,29 @@ |
| } |
| |
| |
| - protected byte[] doSymmSignature(RampartMessageData rmd, Token policyToken, org.apache.rahas.Token tok, Vector sigParts) throws RampartException { |
| + protected byte[] doSymmSignature(RampartMessageData rmd, AbstractToken policyToken, org.apache.rahas.Token tok, Vector sigParts) throws RampartException { |
| |
| Document doc = rmd.getDocument(); |
| |
| RampartPolicyData rpd = rmd.getPolicyData(); |
| |
| AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite(); |
| - if(policyToken.isDerivedKeys()) { |
| + if(policyToken.getDerivedKeys() != null) { |
| try { |
| WSSecDKSign dkSign = new WSSecDKSign(); |
| |
| //Check whether it is security policy 1.2 and use the secure conversation accordingly |
| - if (SPConstants.SP_V12 == policyToken.getVersion()) { |
| + if (SPConstants.SPVersion.SP12 == policyToken.getVersion()) { |
| dkSign.setWscVersion(ConversationConstants.VERSION_05_12); |
| } |
| |
| //Check for whether the token is attached in the message or not |
| boolean attached = false; |
| |
| - if (SPConstants.INCLUDE_TOEKN_ALWAYS == policyToken.getInclusion() || |
| - SPConstants.INCLUDE_TOKEN_ONCE == policyToken.getInclusion() || |
| - (rmd.isInitiator() && SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT |
| - == policyToken.getInclusion())) { |
| + if (SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == policyToken.getIncludeTokenType() || |
| + SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == policyToken.getIncludeTokenType() || |
| + (rmd.isInitiator() && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT |
| + == policyToken.getIncludeTokenType())) { |
| attached = true; |
| } |
| |
| @@ -576,7 +564,7 @@ |
| if(ref != null) { |
| dkSign.setExternalKey(tok.getSecret(), (Element) |
| doc.importNode((Element) ref, true)); |
| - } else if (!rmd.isInitiator() && policyToken.isDerivedKeys()) { |
| + } else if (!rmd.isInitiator() && policyToken.getDerivedKeys() != null) { |
| |
| // If the Encrypted key used to create the derived key is not |
| // attached use key identifier as defined in WSS1.1 section |
| @@ -593,7 +581,7 @@ |
| |
| //Set the algo info |
| dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); |
| - dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength()/8); |
| + dkSign.setDerivedKeyLength(algorithmSuite.getAlgorithmSuiteType().getSignatureDerivedKeyLength()/8); |
| // dkSign.setDigestAlgorithm(algorithmSuite.getDigest()); //uncomment when wss4j version is updated |
| if(tok instanceof EncryptedKeyToken) { |
| //Set the value type of the reference |
| @@ -709,7 +697,7 @@ |
| sig.setSecretKey(tok.getSecret()); |
| sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature()); |
| sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); |
| - sig.setDigestAlgo(algorithmSuite.getDigest()); |
| + sig.setDigestAlgo(algorithmSuite.getAlgorithmSuiteType().getDigest()); |
| sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd |
| .getRampartConfig(), rmd.getCustomClassLoader()), |
| rmd.getSecHeader()); |
| @@ -823,11 +811,11 @@ |
| } |
| } |
| } |
| - private void checkForX509PkiPath(WSSecSignature sig, Token token){ |
| + private void checkForX509PkiPath(WSSecSignature sig, AbstractToken token){ |
| if (token instanceof X509Token) { |
| X509Token x509Token = (X509Token) token; |
| - if (x509Token.getTokenVersionAndType().equals(Constants.WSS_X509_PKI_PATH_V1_TOKEN10) |
| - || x509Token.getTokenVersionAndType().equals(Constants.WSS_X509_PKI_PATH_V1_TOKEN11)) { |
| + if (x509Token.getTokenType() == X509Token.TokenType.WssX509PkiPathV1Token10 |
| + || x509Token.getTokenType() == X509Token.TokenType.WssX509PkiPathV1Token11) { |
| sig.setUseSingleCertificate(false); |
| } |
| } |
| Index: modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java |
| =================================================================== |
| --- modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java (revision 1207051) |
| +++ modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java (working copy) |
| @@ -29,12 +29,7 @@ |
| import org.apache.rampart.policy.RampartPolicyData; |
| import org.apache.rampart.util.RampartUtil; |
| import org.apache.ws.secpolicy.SPConstants; |
| -import org.apache.ws.secpolicy.model.AlgorithmSuite; |
| -import org.apache.ws.secpolicy.model.IssuedToken; |
| -import org.apache.ws.secpolicy.model.SecureConversationToken; |
| -import org.apache.ws.secpolicy.model.SupportingToken; |
| -import org.apache.ws.secpolicy.model.Token; |
| -import org.apache.ws.secpolicy.model.X509Token; |
| +import org.apache.ws.secpolicy.model.*; |
| import org.apache.ws.security.WSConstants; |
| import org.apache.ws.security.WSEncryptionPart; |
| import org.apache.ws.security.WSSecurityEngineResult; |
| @@ -79,7 +74,7 @@ |
| } |
| |
| |
| - if(SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) { |
| + if(AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning == rpd.getProtectionOrder()) { |
| this.doEncryptBeforeSig(rmd); |
| } else { |
| this.doSignBeforeEncrypt(rmd); |
| @@ -101,7 +96,7 @@ |
| t0 = System.currentTimeMillis(); |
| } |
| |
| - Token encryptionToken = rpd.getEncryptionToken(); |
| + AbstractToken encryptionToken = rpd.getEncryptionToken(); |
| Vector encrParts = RampartUtil.getEncryptedParts(rmd); |
| |
| Vector sigParts = RampartUtil.getSignedParts(rmd); |
| @@ -160,9 +155,9 @@ |
| WSSecEncrypt encr = null; |
| Element encrDKTokenElem = null; |
| |
| - if(SPConstants.INCLUDE_TOEKN_ALWAYS == encryptionToken.getInclusion() || |
| - SPConstants.INCLUDE_TOKEN_ONCE == encryptionToken.getInclusion() || |
| - (rmd.isInitiator() && SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == encryptionToken.getInclusion())) { |
| + if(SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == encryptionToken.getIncludeTokenType() || |
| + SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == encryptionToken.getIncludeTokenType() || |
| + (rmd.isInitiator() && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == encryptionToken.getIncludeTokenType())) { |
| encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, tok.getToken()); |
| attached = true; |
| } else if(encryptionToken instanceof X509Token && rmd.isInitiator()) { |
| @@ -172,7 +167,7 @@ |
| Document doc = rmd.getDocument(); |
| |
| AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite(); |
| - if(encryptionToken.isDerivedKeys()) { |
| + if(encryptionToken.getDerivedKeys() != null) { |
| log.debug("Use drived keys"); |
| |
| dkEncr = new WSSecDKEncrypt(); |
| @@ -191,8 +186,8 @@ |
| dkEncr.setExternalKey(tok.getSecret(), tok.getId()); |
| } |
| try { |
| - dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption()); |
| - dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength()/8); |
| + dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption()); |
| + dkEncr.setDerivedKeyLength(algorithmSuite.getAlgorithmSuiteType().getEncryptionDerivedKeyLength()/8); |
| dkEncr.prepare(doc); |
| encrDKTokenElem = dkEncr.getdktElement(); |
| RampartUtil.appendChildToSecHeader(rmd, encrDKTokenElem); |
| @@ -213,7 +208,7 @@ |
| RampartUtil.setEncryptionUser(rmd, encr); |
| encr.setEphemeralKey(tok.getSecret()); |
| encr.setDocument(doc); |
| - encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption()); |
| + encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption()); |
| // SymmKey is already encrypted, no need to do it again |
| encr.setEncryptSymmKey(false); |
| if (!rmd.isInitiator() && tok instanceof EncryptedKeyToken) { |
| @@ -264,30 +259,30 @@ |
| if(rmd.isInitiator()) { |
| |
| // Now add the supporting tokens |
| - SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens(); |
| + SupportingTokens sgndSuppTokens = rpd.getSignedSupportingTokens(); |
| sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens); |
| |
| - SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens(); |
| + SupportingTokens endSuppTokens = rpd.getEndorsingSupportingTokens(); |
| endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens); |
| |
| - SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); |
| + SupportingTokens sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); |
| sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens); |
| |
| - SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens(); |
| + SupportingTokens sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens(); |
| sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens); |
| |
| - SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens(); |
| + SupportingTokens endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens(); |
| endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens); |
| |
| - SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); |
| + SupportingTokens sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); |
| sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens); |
| |
| Vector supportingToks = rpd.getSupportingTokensList(); |
| for (int i = 0; i < supportingToks.size(); i++) { |
| - this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i)); |
| + this.handleSupportingTokens(rmd, (SupportingTokens)supportingToks.get(i)); |
| } |
| |
| - SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens(); |
| + SupportingTokens encryptedSupportingToks = rpd.getEncryptedSupportingTokens(); |
| this.handleSupportingTokens(rmd, encryptedSupportingToks); |
| |
| //Setup signature parts |
| @@ -354,7 +349,7 @@ |
| |
| Element secondRefList = null; |
| |
| - if(encryptionToken.isDerivedKeys()) { |
| + if(encryptionToken.getDerivedKeys() != null) { |
| try { |
| secondRefList = dkEncr.encryptForExternalRef(null, |
| secondEncrParts); |
| @@ -400,7 +395,7 @@ |
| if(tlog.isDebugEnabled()){ |
| t0 = System.currentTimeMillis(); |
| } |
| - Token sigToken = rpd.getSignatureToken(); |
| + AbstractToken sigToken = rpd.getSignatureToken(); |
| |
| String encrTokId = null; |
| String sigTokId = null; |
| @@ -434,10 +429,10 @@ |
| |
| sigTok = this.getToken(rmd, sigTokId); |
| |
| - if(SPConstants.INCLUDE_TOEKN_ALWAYS == sigToken.getInclusion() || |
| - SPConstants.INCLUDE_TOKEN_ONCE == sigToken.getInclusion() || |
| + if(SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == sigToken.getIncludeTokenType() || |
| + SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == sigToken.getIncludeTokenType() || |
| (rmd.isInitiator() && |
| - SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == sigToken.getInclusion())) { |
| + SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == sigToken.getIncludeTokenType())) { |
| sigTokElem = RampartUtil.appendChildToSecHeader(rmd, |
| sigTok.getToken()); |
| this.setInsertionLocation(sigTokElem); |
| @@ -466,30 +461,30 @@ |
| |
| if(rmd.isInitiator()) { |
| // Now add the supporting tokens |
| - SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens(); |
| + SupportingTokens sgndSuppTokens = rpd.getSignedSupportingTokens(); |
| sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens); |
| |
| - SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens(); |
| + SupportingTokens endSuppTokens = rpd.getEndorsingSupportingTokens(); |
| endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens); |
| |
| - SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); |
| + SupportingTokens sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); |
| sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens); |
| |
| - SupportingToken sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens(); |
| + SupportingTokens sgndEncryptedSuppTokens = rpd.getSignedEncryptedSupportingTokens(); |
| sgndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEncryptedSuppTokens); |
| |
| - SupportingToken endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens(); |
| + SupportingTokens endorsingEncryptedSuppTokens = rpd.getEndorsingEncryptedSupportingTokens(); |
| endEncSuppTokMap = this.handleSupportingTokens(rmd, endorsingEncryptedSuppTokens); |
| |
| - SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); |
| + SupportingTokens sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens(); |
| sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens); |
| |
| Vector supportingToks = rpd.getSupportingTokensList(); |
| for (int i = 0; i < supportingToks.size(); i++) { |
| - this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i)); |
| + this.handleSupportingTokens(rmd, (SupportingTokens)supportingToks.get(i)); |
| } |
| |
| - SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens(); |
| + SupportingTokens encryptedSupportingToks = rpd.getEncryptedSupportingTokens(); |
| this.handleSupportingTokens(rmd, encryptedSupportingToks); |
| |
| //Setup signature parts |
| @@ -534,7 +529,7 @@ |
| } |
| |
| //Encryption |
| - Token encrToken = rpd.getEncryptionToken(); |
| + AbstractToken encrToken = rpd.getEncryptionToken(); |
| Element encrTokElem = null; |
| if(sigToken.equals(encrToken)) { |
| //Use the same token |
| @@ -545,9 +540,9 @@ |
| encrTokId = rmd.getIssuedEncryptionTokenId(); |
| encrTok = this.getToken(rmd, encrTokId); |
| |
| - if(SPConstants.INCLUDE_TOEKN_ALWAYS == encrToken.getInclusion() || |
| - SPConstants.INCLUDE_TOKEN_ONCE == encrToken.getInclusion() || |
| - (rmd.isInitiator() && SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == encrToken.getInclusion())) { |
| + if(SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == encrToken.getIncludeTokenType() || |
| + SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == encrToken.getIncludeTokenType() || |
| + (rmd.isInitiator() && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == encrToken.getIncludeTokenType())) { |
| encrTokElem = (Element)encrTok.getToken(); |
| |
| //Add the encrToken element before the sigToken element |
| @@ -573,13 +568,13 @@ |
| Element refList = null; |
| if(encrParts.size() > 0) { |
| //The sec conv token can be used without derived keys |
| - if(encrToken.isDerivedKeys()) { |
| + if(encrToken.getDerivedKeys() != null) { |
| |
| try { |
| WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(); |
| |
| //Check whether it is security policy 1.2 and use the secure conversation accordingly |
| - if (SPConstants.SP_V12 == encrToken.getVersion()) { |
| + if (SPConstants.SPVersion.SP12 == encrToken.getVersion()) { |
| dkEncr.setWscVersion(ConversationConstants.VERSION_05_12); |
| } |
| |
| @@ -592,7 +587,7 @@ |
| dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc |
| .importNode((Element) encrTok.getUnattachedReference(), |
| true)); |
| - } else if (!rmd.isInitiator() && encrToken.isDerivedKeys()) { |
| + } else if (!rmd.isInitiator() && encrToken.getDerivedKeys() != null) { |
| |
| // If the Encrypted key used to create the derived key is not |
| // attached use key identifier as defined in WSS1.1 section |
| @@ -612,8 +607,8 @@ |
| + WSConstants.ENC_KEY_VALUE_TYPE); |
| } |
| |
| - dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption()); |
| - dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getEncryptionDerivedKeyLength()/8); |
| + dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption()); |
| + dkEncr.setDerivedKeyLength(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getEncryptionDerivedKeyLength()/8); |
| dkEncr.prepare(doc); |
| Element encrDKTokenElem = null; |
| encrDKTokenElem = dkEncr.getdktElement(); |
| @@ -653,7 +648,7 @@ |
| RampartUtil.setEncryptionUser(rmd, encr); |
| encr.setDocument(doc); |
| encr.setEncryptSymmKey(false); |
| - encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption()); |
| + encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption()); |
| // Use key identifier in the KeyInfo in server side |
| if (!rmd.isInitiator()) { |
| if(encrTok instanceof EncryptedKeyToken) { |
| @@ -699,7 +694,7 @@ |
| * @return |
| * @throws RampartException |
| */ |
| - private String setupEncryptedKey(RampartMessageData rmd, Token sigToken) |
| + private String setupEncryptedKey(RampartMessageData rmd, AbstractToken sigToken) |
| throws RampartException { |
| try { |
| WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(rmd, |
| @@ -820,8 +815,8 @@ |
| } |
| //Setting up encryption token and signature token |
| |
| - Token sigTok = rpd.getSignatureToken(); |
| - Token encrTok = rpd.getEncryptionToken(); |
| + AbstractToken sigTok = rpd.getSignatureToken(); |
| + AbstractToken encrTok = rpd.getEncryptionToken(); |
| if(sigTok instanceof IssuedToken) { |
| log.debug("SignatureToken is an IssuedToken"); |
| if(rmd.getIssuedSignatureTokenId() == null) { |
| Index: modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java |
| =================================================================== |
| --- modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java (revision 1207051) |
| +++ modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java (working copy) |
| @@ -29,15 +29,7 @@ |
| import org.apache.rampart.policy.RampartPolicyData; |
| import org.apache.rampart.util.RampartUtil; |
| import org.apache.ws.secpolicy.SPConstants; |
| -import org.apache.ws.secpolicy.model.AlgorithmSuite; |
| -import org.apache.ws.secpolicy.model.Header; |
| -import org.apache.ws.secpolicy.model.IssuedToken; |
| -import org.apache.ws.secpolicy.model.SecureConversationToken; |
| -import org.apache.ws.secpolicy.model.SignedEncryptedParts; |
| -import org.apache.ws.secpolicy.model.SupportingToken; |
| -import org.apache.ws.secpolicy.model.Token; |
| -import org.apache.ws.secpolicy.model.UsernameToken; |
| -import org.apache.ws.secpolicy.model.X509Token; |
| +import org.apache.ws.secpolicy.model.*; |
| import org.apache.ws.security.WSConstants; |
| import org.apache.ws.security.WSEncryptionPart; |
| import WSSecurityException; |
| @@ -52,6 +44,7 @@ |
| |
| import java.util.ArrayList; |
| import java.util.Iterator; |
| +import java.util.List; |
| import java.util.Vector; |
| |
| public class TransportBindingBuilder extends BindingBuilder { |
| @@ -80,17 +73,17 @@ |
| if(rmd.isInitiator()) { |
| Vector signatureValues = new Vector(); |
| |
| - SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens(); |
| + SupportingTokens sgndSuppTokens = rpd.getSignedSupportingTokens(); |
| |
| if(sgndSuppTokens != null && sgndSuppTokens.getTokens() != null && |
| sgndSuppTokens.getTokens().size() > 0) { |
| |
| log.debug("Processing signed supporting tokens"); |
| |
| - ArrayList tokens = sgndSuppTokens.getTokens(); |
| + List tokens = sgndSuppTokens.getTokens(); |
| for (Iterator iter = tokens.iterator(); iter.hasNext();) { |
| |
| - Token token = (Token) iter.next(); |
| + AbstractToken token = (AbstractToken) iter.next(); |
| if(token instanceof UsernameToken) { |
| WSSecUsernameToken utBuilder = addUsernameToken(rmd,(UsernameToken)token); |
| |
| @@ -107,16 +100,16 @@ |
| } |
| } |
| |
| - SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); |
| + SupportingTokens sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens(); |
| if(sgndEndSuppTokens != null && sgndEndSuppTokens.getTokens() != null && |
| sgndEndSuppTokens.getTokens().size() > 0) { |
| |
| log.debug("Processing endorsing signed supporting tokens"); |
| |
| - ArrayList tokens = sgndEndSuppTokens.getTokens(); |
| - SignedEncryptedParts signdParts = sgndEndSuppTokens.getSignedParts(); |
| + List tokens = sgndEndSuppTokens.getTokens(); |
| + SignedParts signdParts = sgndEndSuppTokens.getSignedParts(); |
| for (Iterator iter = tokens.iterator(); iter.hasNext();) { |
| - Token token = (Token) iter.next(); |
| + AbstractToken token = (AbstractToken) iter.next(); |
| if(token instanceof IssuedToken && rmd.isInitiator()) { |
| signatureValues.add(doIssuedTokenSignature(rmd, token, signdParts)); |
| } else if(token instanceof X509Token) { |
| @@ -125,14 +118,14 @@ |
| } |
| } |
| |
| - SupportingToken endSupptokens = rpd.getEndorsingSupportingTokens(); |
| + SupportingTokens endSupptokens = rpd.getEndorsingSupportingTokens(); |
| if(endSupptokens != null && endSupptokens.getTokens() != null && |
| endSupptokens.getTokens().size() > 0) { |
| log.debug("Processing endorsing supporting tokens"); |
| - ArrayList tokens = endSupptokens.getTokens(); |
| - SignedEncryptedParts signdParts = endSupptokens.getSignedParts(); |
| + List tokens = endSupptokens.getTokens(); |
| + SignedParts signdParts = endSupptokens.getSignedParts(); |
| for (Iterator iter = tokens.iterator(); iter.hasNext();) { |
| - Token token = (Token) iter.next(); |
| + AbstractToken token = (AbstractToken) iter.next(); |
| if(token instanceof IssuedToken && rmd.isInitiator()){ |
| signatureValues.add(doIssuedTokenSignature(rmd, token, signdParts)); |
| } else if(token instanceof X509Token) { |
| @@ -147,7 +140,7 @@ |
| |
| Vector supportingToks = rpd.getSupportingTokensList(); |
| for (int i = 0; i < supportingToks.size(); i++) { |
| - this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i)); |
| + this.handleSupportingTokens(rmd, (SupportingTokens)supportingToks.get(i)); |
| } |
| |
| |
| @@ -171,7 +164,7 @@ |
| * @param token |
| * @param signdParts |
| */ |
| - private byte[] doX509TokenSignature(RampartMessageData rmd, Token token, SignedEncryptedParts signdParts) throws RampartException { |
| + private byte[] doX509TokenSignature(RampartMessageData rmd, AbstractToken token, SignedParts signdParts) throws RampartException { |
| |
| RampartPolicyData rpd = rmd.getPolicyData(); |
| Document doc = rmd.getDocument(); |
| @@ -188,7 +181,7 @@ |
| sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody()))); |
| } |
| |
| - ArrayList headers = signdParts.getHeaders(); |
| + List headers = signdParts.getHeaders(); |
| for (Iterator iterator = headers.iterator(); iterator.hasNext();) { |
| Header header = (Header) iterator.next(); |
| WSEncryptionPart wep = new WSEncryptionPart(header.getName(), |
| @@ -197,7 +190,7 @@ |
| sigParts.add(wep); |
| } |
| } |
| - if(token.isDerivedKeys()) { |
| + if(token.getDerivedKeys() != null) { |
| //In this case we will have to encrypt the ephmeral key with the |
| //other party's key and then use it as the parent key of the |
| // derived keys |
| @@ -216,9 +209,9 @@ |
| |
| dkSig.setWsConfig(rmd.getConfig()); |
| |
| - dkSig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n()); |
| + dkSig.setSigCanonicalization(rpd.getAlgorithmSuite().getC14n().getValue()); |
| dkSig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature()); |
| - dkSig.setDerivedKeyLength(rpd.getAlgorithmSuite().getSignatureDerivedKeyLength()/8); |
| + dkSig.setDerivedKeyLength(rpd.getAlgorithmSuite().getAlgorithmSuiteType().getSignatureDerivedKeyLength()/8); |
| |
| dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId()); |
| |
| @@ -257,7 +250,7 @@ |
| sig.appendBSTElementToHeader(rmd.getSecHeader()); |
| |
| if (rpd.isTokenProtection() |
| - && !(SPConstants.INCLUDE_TOKEN_NEVER == token.getInclusion())) { |
| + && !(SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER == token.getIncludeTokenType())) { |
| sigParts.add(new WSEncryptionPart(sig.getBSTTokenId())); |
| } |
| |
| @@ -285,7 +278,7 @@ |
| * @param signdParts |
| * @throws RampartException |
| */ |
| - private byte[] doIssuedTokenSignature(RampartMessageData rmd, Token token, SignedEncryptedParts signdParts) throws RampartException { |
| + private byte[] doIssuedTokenSignature(RampartMessageData rmd, AbstractToken token, SignedParts signdParts) throws RampartException { |
| |
| RampartPolicyData rpd = rmd.getPolicyData(); |
| Document doc= rmd.getDocument(); |
| @@ -293,7 +286,7 @@ |
| //Get the issued token |
| String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token); |
| |
| - int inclusion = token.getInclusion(); |
| + SPConstants.IncludeTokenType inclusion = token.getIncludeTokenType(); |
| org.apache.rahas.Token tok = null; |
| try { |
| tok = rmd.getTokenStorage().getToken(id); |
| @@ -304,9 +297,9 @@ |
| |
| boolean tokenIncluded = false; |
| |
| - if(inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS || |
| - ((inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT |
| - || inclusion == SPConstants.INCLUDE_TOKEN_ONCE) |
| + if(inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS || |
| + ((inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT |
| + || inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE) |
| && rmd.isInitiator())) { |
| |
| //Add the token |
| @@ -333,7 +326,7 @@ |
| sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody()))); |
| } |
| |
| - ArrayList headers = signdParts.getHeaders(); |
| + List headers = signdParts.getHeaders(); |
| for (Iterator iterator = headers.iterator(); iterator.hasNext();) { |
| Header header = (Header) iterator.next(); |
| WSEncryptionPart wep = new WSEncryptionPart(header.getName(), |
| @@ -345,7 +338,7 @@ |
| |
| //check for derived keys |
| AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite(); |
| - if(token.isDerivedKeys()) { |
| + if(token.getDerivedKeys() != null) { |
| //Create a derived key and add |
| try { |
| |
| @@ -369,7 +362,7 @@ |
| |
| //Set the algo info |
| dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); |
| - dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength()); |
| + dkSign.setDerivedKeyLength(algorithmSuite.getAlgorithmSuiteType().getSignatureDerivedKeyLength()); |
| |
| dkSign.prepare(doc); |
| |
| @@ -433,7 +426,7 @@ |
| } |
| } |
| |
| - private byte[] doSecureConversationSignature(RampartMessageData rmd, Token token, SignedEncryptedParts signdParts) throws RampartException { |
| + private byte[] doSecureConversationSignature(RampartMessageData rmd, AbstractToken token, SignedParts signdParts) throws RampartException { |
| |
| RampartPolicyData rpd = rmd.getPolicyData(); |
| Document doc= rmd.getDocument(); |
| @@ -441,7 +434,7 @@ |
| //Get the issued token |
| String id = rmd.getSecConvTokenId(); |
| |
| - int inclusion = token.getInclusion(); |
| + SPConstants.IncludeTokenType inclusion = token.getIncludeTokenType(); |
| org.apache.rahas.Token tok = null; |
| try { |
| tok = rmd.getTokenStorage().getToken(id); |
| @@ -452,9 +445,9 @@ |
| |
| boolean tokenIncluded = false; |
| |
| - if(inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS || |
| - ((inclusion == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT |
| - || inclusion == SPConstants.INCLUDE_TOKEN_ONCE) |
| + if(inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS || |
| + ((inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT |
| + || inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE) |
| && rmd.isInitiator())) { |
| |
| //Add the token |
| @@ -481,7 +474,7 @@ |
| sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody()))); |
| } |
| |
| - ArrayList headers = signdParts.getHeaders(); |
| + List headers = signdParts.getHeaders(); |
| for (Iterator iterator = headers.iterator(); iterator.hasNext();) { |
| Header header = (Header) iterator.next(); |
| WSEncryptionPart wep = new WSEncryptionPart(header.getName(), |
| @@ -493,7 +486,7 @@ |
| |
| //check for derived keys |
| AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite(); |
| - if(token.isDerivedKeys()) { |
| + if(token.getDerivedKeys() != null) { |
| //Create a derived key and add |
| try { |
| |
| @@ -517,7 +510,7 @@ |
| |
| //Set the algo info |
| dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature()); |
| - dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength()); |
| + dkSign.setDerivedKeyLength(algorithmSuite.getAlgorithmSuiteType().getSignatureDerivedKeyLength()); |
| |
| dkSign.prepare(doc); |
| |
| Index: modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java |
| =================================================================== |
| --- modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java (revision 1207051) |
| +++ modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java (working copy) |
| @@ -23,16 +23,11 @@ |
| import org.apache.rampart.policy.model.RampartConfig; |
| import org.apache.ws.secpolicy.SPConstants; |
| import org.apache.ws.secpolicy.WSSPolicyException; |
| -import org.apache.ws.secpolicy.model.AlgorithmSuite; |
| -import org.apache.ws.secpolicy.model.SecureConversationToken; |
| -import org.apache.ws.secpolicy.model.SupportingToken; |
| -import org.apache.ws.secpolicy.model.Token; |
| -import org.apache.ws.secpolicy.model.Trust10; |
| -import org.apache.ws.secpolicy.model.Wss10; |
| -import org.apache.ws.secpolicy.model.Wss11; |
| +import org.apache.ws.secpolicy.model.*; |
| import org.apache.ws.security.WSEncryptionPart; |
| |
| import java.util.HashMap; |
| +import java.util.Map; |
| import java.util.Vector; |
| |
| public class RampartPolicyData { |
| @@ -46,7 +41,7 @@ |
| |
| private boolean asymmetricBinding; |
| |
| - private String layout; |
| + private Layout.LayoutType layout; |
| |
| private boolean includeTimestamp; |
| |
| @@ -54,7 +49,7 @@ |
| |
| private boolean entireHeadersAndBodySignatures; |
| |
| - private String protectionOrder; |
| + private AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder; |
| |
| private boolean signatureProtection; |
| |
| @@ -68,24 +63,24 @@ |
| /* |
| * Message tokens for symmetrical binding |
| */ |
| - private Token encryptionToken; |
| + private AbstractToken encryptionToken; |
| |
| - private Token signatureToken; |
| + private AbstractToken signatureToken; |
| |
| |
| /* |
| * Message token for transport binding |
| */ |
| - private Token transportToken; |
| + private AbstractToken transportToken; |
| |
| /* |
| * Message tokens for asymmetrical binding |
| */ |
| - private Token recipientToken; // used to encrypt data to |
| + private AbstractToken recipientToken; // used to encrypt data to |
| |
| // receipient |
| |
| - private Token initiatorToken; // used to sign data by |
| + private AbstractToken initiatorToken; // used to sign data by |
| |
| // initiator |
| |
| @@ -131,19 +126,19 @@ |
| */ |
| //private SupportingToken supportingTokens; |
| |
| - private SupportingToken signedSupportingTokens; |
| + private SupportingTokens signedSupportingTokens; |
| |
| - private SupportingToken endorsingSupportingTokens; |
| + private SupportingTokens endorsingSupportingTokens; |
| |
| - private SupportingToken signedEndorsingSupportingTokens; |
| + private SupportingTokens signedEndorsingSupportingTokens; |
| |
| - private SupportingToken encryptedSupportingTokens; |
| + private SupportingTokens encryptedSupportingTokens; |
| |
| - private SupportingToken signedEncryptedSupportingTokens; |
| + private SupportingTokens signedEncryptedSupportingTokens; |
| |
| - private SupportingToken endorsingEncryptedSupportingTokens; |
| + private SupportingTokens endorsingEncryptedSupportingTokens; |
| |
| - private SupportingToken signedEndorsingEncryptedSupportingTokens; |
| + private SupportingTokens signedEndorsingEncryptedSupportingTokens; |
| |
| private AlgorithmSuite algorithmSuite; |
| |
| @@ -288,7 +283,7 @@ |
| /** |
| * @return Returns the layout. |
| */ |
| - public String getLayout() { |
| + public Layout.LayoutType getLayout() { |
| return layout; |
| } |
| |
| @@ -296,14 +291,14 @@ |
| * @param layout |
| * The layout to set. |
| */ |
| - public void setLayout(String layout) { |
| + public void setLayout(Layout.LayoutType layout) { |
| this.layout = layout; |
| } |
| |
| /** |
| * @return Returns the protectionOrder. |
| */ |
| - public String getProtectionOrder() { |
| + public AbstractSymmetricAsymmetricBinding.ProtectionOrder getProtectionOrder() { |
| return protectionOrder; |
| } |
| |
| @@ -311,7 +306,7 @@ |
| * @param protectionOrder |
| * The protectionOrder to set. |
| */ |
| - public void setProtectionOrder(String protectionOrder) { |
| + public void setProtectionOrder(AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder) { |
| this.protectionOrder = protectionOrder; |
| } |
| |
| @@ -530,7 +525,7 @@ |
| return declaredNamespaces; |
| } |
| |
| - public void addDeclaredNamespaces(HashMap namespaces) { |
| + public void addDeclaredNamespaces(Map namespaces) { |
| declaredNamespaces.putAll(namespaces); |
| } |
| |
| @@ -554,26 +549,26 @@ |
| public void setSignedParts(Vector signedParts) { |
| this.signedParts = signedParts; |
| } |
| - |
| - public void setSupportingTokens(SupportingToken suppTokens) |
| + |
| + public void setSupportingTokens(SupportingTokens suppTokens) |
| throws WSSPolicyException { |
| |
| - int tokenType = suppTokens.getTokenType(); |
| - if (tokenType == SPConstants.SUPPORTING_TOKEN_SUPPORTING) { |
| + SupportingTokenType supportingTokenType = suppTokens.getSupportingTokenType(); |
| + if (supportingTokenType.getName().getLocalPart().equals(SPConstants.SUPPORTING_TOKENS)) { |
| supportingTokens.add(suppTokens); |
| - } else if (tokenType == SPConstants.SUPPORTING_TOKEN_SIGNED) { |
| + } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.SIGNED_SUPPORTING_TOKENS)) { |
| signedSupportingTokens = suppTokens; |
| - } else if (tokenType == SPConstants.SUPPORTING_TOKEN_ENDORSING) { |
| + } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.ENDORSING_SUPPORTING_TOKENS)) { |
| endorsingSupportingTokens = suppTokens; |
| - } else if (tokenType == SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING) { |
| + } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS)) { |
| signedEndorsingSupportingTokens = suppTokens; |
| - } else if (tokenType == SPConstants.SUPPORTING_TOKEN_ENCRYPTED) { |
| + } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.ENCRYPTED_SUPPORTING_TOKENS)) { |
| encryptedSupportingTokens = suppTokens; |
| - } else if (tokenType == SPConstants.SUPPORTING_TOKEN_SIGNED_ENCRYPTED) { |
| + } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS)) { |
| signedEncryptedSupportingTokens = suppTokens; |
| - } else if (tokenType == SPConstants.SUPPORTING_TOKEN_ENDORSING_ENCRYPTED) { |
| + } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS)) { |
| endorsingEncryptedSupportingTokens = suppTokens; |
| - } else if (tokenType == SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING_ENCRYPTED) { |
| + } else if (supportingTokenType.getName().getLocalPart().equals(SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS)) { |
| signedEndorsingEncryptedSupportingTokens = suppTokens; |
| } |
| } |
| @@ -590,14 +585,14 @@ |
| /** |
| * @return Returns the encryptionToken. |
| */ |
| - public Token getEncryptionToken() { |
| + public AbstractToken getEncryptionToken() { |
| return encryptionToken; |
| } |
| |
| /** |
| * @param encryptionToken The encryptionToken to set. |
| */ |
| - public void setEncryptionToken(Token encryptionToken) { |
| + public void setEncryptionToken(AbstractToken encryptionToken) { |
| this.encryptionToken = encryptionToken; |
| this.extractIssuerPolicy(encryptionToken); |
| } |
| @@ -605,46 +600,46 @@ |
| /** |
| * @return Returns the initiatorToken. |
| */ |
| - public Token getInitiatorToken() { |
| + public AbstractToken getInitiatorToken() { |
| return initiatorToken; |
| } |
| |
| /** |
| * @param initiatorToken The initiatorToken to set. |
| */ |
| - public void setInitiatorToken(Token initiatorToken) { |
| + public void setInitiatorToken(AbstractToken initiatorToken) { |
| this.initiatorToken = initiatorToken; |
| } |
| |
| /** |
| * @return Returns the TransportToken. |
| */ |
| - public Token getTransportToken() { |
| + public AbstractToken getTransportToken() { |
| return transportToken; |
| } |
| |
| /** |
| * @param transportToken The TransportToken to set. |
| */ |
| - public void setTransportToken(Token transportToken) { |
| + public void setTransportToken(AbstractToken transportToken) { |
| this.transportToken = transportToken; |
| } |
| |
| /** |
| * @return Returns the recipientToken. |
| */ |
| - public Token getRecipientToken() { |
| + public AbstractToken getRecipientToken() { |
| return recipientToken; |
| } |
| |
| /** |
| * @param recipientToken The recipientToken to set. |
| */ |
| - public void setRecipientToken(Token recipientToken) { |
| + public void setRecipientToken(AbstractToken recipientToken) { |
| this.recipientToken = recipientToken; |
| } |
| |
| - public void setProtectionToken(Token protectionToken) { |
| + public void setProtectionToken(AbstractToken protectionToken) { |
| this.setEncryptionToken(protectionToken); |
| this.setSignatureToken(protectionToken); |
| this.extractIssuerPolicy(protectionToken); |
| @@ -653,14 +648,14 @@ |
| /** |
| * @return Returns the signatureToken. |
| */ |
| - public Token getSignatureToken() { |
| + public AbstractToken getSignatureToken() { |
| return signatureToken; |
| } |
| |
| /** |
| * @param signatureToken The signatureToken to set. |
| */ |
| - public void setSignatureToken(Token signatureToken) { |
| + public void setSignatureToken(AbstractToken signatureToken) { |
| this.signatureToken = signatureToken; |
| this.extractIssuerPolicy(signatureToken); |
| } |
| @@ -668,7 +663,7 @@ |
| /** |
| * @return Returns the signedEndorsingSupportingToken. |
| */ |
| - public SupportingToken getSignedEndorsingSupportingTokens() { |
| + public SupportingTokens getSignedEndorsingSupportingTokens() { |
| return signedEndorsingSupportingTokens; |
| } |
| |
| @@ -676,14 +671,14 @@ |
| * @param signedEndorsingSupportingTokens The signedEndorsingSupportingToken to set. |
| */ |
| public void setSignedEndorsingSupportingTokens( |
| - SupportingToken signedEndorsingSupportingTokens) { |
| + SupportingTokens signedEndorsingSupportingTokens) { |
| this.signedEndorsingSupportingTokens = signedEndorsingSupportingTokens; |
| } |
| |
| /** |
| * @return Returns the signedEndorsingEncryptedSupportingToken. |
| */ |
| - public SupportingToken getSignedEndorsingEncryptedSupportingTokens() { |
| + public SupportingTokens getSignedEndorsingEncryptedSupportingTokens() { |
| return signedEndorsingEncryptedSupportingTokens; |
| } |
| |
| @@ -691,35 +686,35 @@ |
| * @param signedEndorsingEncryptedSupportingTokens The signedEndorsingEncryptedSupportingToken to set. |
| */ |
| public void setSignedEndorsingEncryptedSupportingTokens( |
| - SupportingToken signedEndorsingEncryptedSupportingTokens) { |
| + SupportingTokens signedEndorsingEncryptedSupportingTokens) { |
| this.signedEndorsingEncryptedSupportingTokens = signedEndorsingEncryptedSupportingTokens; |
| } |
| |
| /** |
| * @return Returns the signedSupportingToken. |
| */ |
| - public SupportingToken getSignedSupportingTokens() { |
| + public SupportingTokens getSignedSupportingTokens() { |
| return signedSupportingTokens; |
| } |
| |
| /** |
| * @param signedSupportingTokens The signedSupportingToken to set. |
| */ |
| - public void setSignedSupportingTokens(SupportingToken signedSupportingTokens) { |
| + public void setSignedSupportingTokens(SupportingTokens signedSupportingTokens) { |
| this.signedSupportingTokens = signedSupportingTokens; |
| } |
| |
| /** |
| * @return Returns the signedEncryptedSupportingToken. |
| */ |
| - public SupportingToken getSignedEncryptedSupportingTokens() { |
| + public SupportingTokens getSignedEncryptedSupportingTokens() { |
| return signedEncryptedSupportingTokens; |
| } |
| |
| /** |
| * @param signedEncryptedSupportingTokens The signedEncryptedSupportingToken to set. |
| */ |
| - public void setSignedEncryptedSupportingTokens(SupportingToken signedEncryptedSupportingTokens) { |
| + public void setSignedEncryptedSupportingTokens(SupportingTokens signedEncryptedSupportingTokens) { |
| this.signedEncryptedSupportingTokens = signedEncryptedSupportingTokens; |
| } |
| |
| @@ -730,9 +725,9 @@ |
| return supportingTokens; |
| } |
| |
| - public SupportingToken getSupportingTokens() { |
| + public SupportingTokens getSupportingTokens() { |
| if (supportingTokens.size() > 0) { |
| - return (SupportingToken) supportingTokens.get(0); |
| + return (SupportingTokens) supportingTokens.get(0); |
| } else { |
| return null; |
| } |
| @@ -741,42 +736,42 @@ |
| /** |
| * @param encryptedSupportingTokens The encryptedSupportingToken to set. |
| */ |
| - public void setEncryptedSupportingTokens(SupportingToken encryptedSupportingTokens) { |
| + public void setEncryptedSupportingTokens(SupportingTokens encryptedSupportingTokens) { |
| this.encryptedSupportingTokens = encryptedSupportingTokens; |
| } |
| |
| /** |
| * @return Returns the encryptedSupportingToken. |
| */ |
| - public SupportingToken getEncryptedSupportingTokens() { |
| + public SupportingTokens getEncryptedSupportingTokens() { |
| return encryptedSupportingTokens; |
| } |
| |
| /** |
| * @param endorsingSupportingTokens The endorsingSupportingToken to set. |
| */ |
| - public void setEndorsingSupportingTokens(SupportingToken endorsingSupportingTokens) { |
| + public void setEndorsingSupportingTokens(SupportingTokens endorsingSupportingTokens) { |
| this.endorsingSupportingTokens = endorsingSupportingTokens; |
| } |
| |
| /** |
| * @return Returns the endorsingSupportingToken. |
| */ |
| - public SupportingToken getEndorsingSupportingTokens() { |
| + public SupportingTokens getEndorsingSupportingTokens() { |
| return endorsingSupportingTokens; |
| } |
| |
| /** |
| * @param endorsingEncryptedSupportingTokens The endorsingEncryptedSupportingToken to set. |
| */ |
| - public void setEndorsingEncryptedSupportingTokens(SupportingToken endorsingEncryptedSupportingTokens) { |
| + public void setEndorsingEncryptedSupportingTokens(SupportingTokens endorsingEncryptedSupportingTokens) { |
| this.endorsingEncryptedSupportingTokens = endorsingEncryptedSupportingTokens; |
| } |
| |
| /** |
| * @return Returns the endorsingEncryptedSupportingToken. |
| */ |
| - public SupportingToken getEndorsingEncryptedSupportingTokens() { |
| + public SupportingTokens getEndorsingEncryptedSupportingTokens() { |
| return endorsingEncryptedSupportingTokens; |
| } |
| |
| @@ -835,7 +830,9 @@ |
| * @param token |
| * @param id |
| */ |
| - public void setSupporttingtokenId(Token token, String id, int type) throws RampartException { |
| + /* TODO still in use?? |
| + |
| + public void setSupporttingtokenId(AbstractToken token, String id, int type) throws RampartException { |
| |
| HashMap tokenMap = null; |
| switch (type) { |
| @@ -875,7 +872,7 @@ |
| tokenMap.put(token, id); |
| } |
| |
| - public String getSupportingTokenID(Token token, int type) |
| + public String getSupportingTokenID(AbstractToken token, int type) |
| throws RampartException { |
| switch (type) { |
| case SPConstants.SUPPORTING_TOKEN_SUPPORTING: |
| @@ -906,7 +903,7 @@ |
| throw new RampartException("invalidSupportingVersionType", |
| new String[] { Integer.toString(type) }); |
| } |
| - } |
| + }*/ |
| |
| public Wss10 getWss10() { |
| return wss10; |
| @@ -924,7 +921,7 @@ |
| this.wss11 = wss11; |
| } |
| |
| - private void extractIssuerPolicy(Token token) { |
| + private void extractIssuerPolicy(AbstractToken token) { |
| if(token instanceof SecureConversationToken && this.issuerPolicy == null) { |
| this.issuerPolicy = ((SecureConversationToken)token).getBootstrapPolicy(); |
| } |
| Index: modules/rampart-core/src/main/java/org/apache/rampart/policy/SupportingPolicyData.java |
| =================================================================== |
| --- modules/rampart-core/src/main/java/org/apache/rampart/policy/SupportingPolicyData.java (revision 1207051) |
| +++ modules/rampart-core/src/main/java/org/apache/rampart/policy/SupportingPolicyData.java (working copy) |
| @@ -3,11 +3,12 @@ |
| import java.util.Iterator; |
| |
| import org.apache.ws.secpolicy.model.Header; |
| -import org.apache.ws.secpolicy.model.SupportingToken; |
| +import org.apache.ws.secpolicy.model.SupportingTokens; |
| +import org.apache.ws.secpolicy.model.XPath; |
| |
| public class SupportingPolicyData extends RampartPolicyData { |
| |
| - public void build(SupportingToken token) { |
| + public void build(SupportingTokens token) { |
| |
| if (token.getSignedParts() != null && !token.getSignedParts().isOptional()) { |
| Iterator it = token.getSignedParts().getHeaders().iterator(); |
| @@ -29,25 +30,23 @@ |
| } |
| |
| if (token.getSignedElements() != null && !token.getSignedElements().isOptional()) { |
| - Iterator it = token.getSignedElements().getXPathExpressions() |
| + Iterator<XPath> it = token.getSignedElements().getXPaths() |
| .iterator(); |
| while (it.hasNext()) { |
| - this.setSignedElements((String) it.next()); |
| + XPath xPath = it.next(); |
| + this.setSignedElements(xPath.getXPath()); |
| + this.addDeclaredNamespaces(xPath.getPrefixNamespaceMap()); |
| } |
| - this.addDeclaredNamespaces(token.getSignedElements() |
| - .getDeclaredNamespaces()); |
| } |
| |
| if (token.getEncryptedElements() != null && !token.getEncryptedElements().isOptional()) { |
| - Iterator it = token.getEncryptedElements().getXPathExpressions() |
| + Iterator<XPath> it = token.getEncryptedElements().getXPaths() |
| .iterator(); |
| while (it.hasNext()) { |
| - this.setEncryptedElements((String) it.next()); |
| + XPath xPath = it.next(); |
| + this.setEncryptedElements(xPath.getXPath()); |
| + this.addDeclaredNamespaces(xPath.getPrefixNamespaceMap()); |
| } |
| - if (token.getSignedElements() == null) { |
| - this.addDeclaredNamespaces(token.getEncryptedElements() |
| - .getDeclaredNamespaces()); |
| - } |
| } |
| } |
| } |
| Index: modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java |
| =================================================================== |
| --- modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java (revision 1207051) |
| +++ modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java (working copy) |
| @@ -21,27 +21,7 @@ |
| import org.apache.neethi.Assertion; |
| import org.apache.rampart.policy.model.RampartConfig; |
| import org.apache.ws.secpolicy.WSSPolicyException; |
| -import org.apache.ws.secpolicy.model.AsymmetricBinding; |
| -import org.apache.ws.secpolicy.model.Binding; |
| -import org.apache.ws.secpolicy.model.ContentEncryptedElements; |
| -import org.apache.ws.secpolicy.model.EncryptionToken; |
| -import org.apache.ws.secpolicy.model.Header; |
| -import org.apache.ws.secpolicy.model.InitiatorToken; |
| -import org.apache.ws.secpolicy.model.ProtectionToken; |
| -import org.apache.ws.secpolicy.model.RecipientToken; |
| -import org.apache.ws.secpolicy.model.RequiredElements; |
| -import org.apache.ws.secpolicy.model.SignatureToken; |
| -import org.apache.ws.secpolicy.model.SignedEncryptedElements; |
| -import org.apache.ws.secpolicy.model.SignedEncryptedParts; |
| -import org.apache.ws.secpolicy.model.SupportingToken; |
| -import org.apache.ws.secpolicy.model.SymmetricAsymmetricBindingBase; |
| -import org.apache.ws.secpolicy.model.SymmetricBinding; |
| -import org.apache.ws.secpolicy.model.TokenWrapper; |
| -import org.apache.ws.secpolicy.model.TransportBinding; |
| -import org.apache.ws.secpolicy.model.TransportToken; |
| -import org.apache.ws.secpolicy.model.Trust10; |
| -import org.apache.ws.secpolicy.model.Wss10; |
| -import org.apache.ws.secpolicy.model.Wss11; |
| +import org.apache.ws.secpolicy.model.*; |
| |
| import java.util.Iterator; |
| import java.util.List; |
| @@ -75,7 +55,7 @@ |
| |
| for (Iterator iter = topLevelAssertions.iterator(); iter.hasNext();) { |
| Assertion assertion = (Assertion) iter.next(); |
| - if (assertion instanceof Binding) { |
| + if (assertion instanceof AbstractBinding) { |
| |
| setWebServiceSecurityPolicyNS(assertion, rpd); |
| |
| @@ -95,25 +75,30 @@ |
| processWSS11((Wss11) assertion, rpd); |
| } else if (assertion instanceof Wss10) { |
| processWSS10((Wss10) assertion, rpd); |
| - } else if (assertion instanceof SignedEncryptedElements) { |
| - processSignedEncryptedElements((SignedEncryptedElements) assertion, |
| + } else if (assertion instanceof SignedElements) { |
| + processSignedElements((SignedElements) assertion, |
| rpd); |
| - } else if (assertion instanceof SignedEncryptedParts) { |
| - processSignedEncryptedParts((SignedEncryptedParts) assertion, rpd); |
| - } else if ( assertion instanceof RequiredElements) { |
| - processRequiredElements((RequiredElements)assertion, rpd); |
| - } else if (assertion instanceof ContentEncryptedElements) { |
| + } else if (assertion instanceof ContentEncryptedElements) { |
| processContentEncryptedElements((ContentEncryptedElements) assertion, rpd); |
| - }else if (assertion instanceof SupportingToken) { |
| + } else if (assertion instanceof EncryptedElements) { |
| + processEncryptedElements((EncryptedElements) assertion, |
| + rpd); |
| + } else if ( assertion instanceof RequiredElements) { |
| + processRequiredElements((RequiredElements) assertion, rpd); |
| + } else if (assertion instanceof EncryptedParts) { |
| + processEncryptedParts((EncryptedParts) assertion, rpd); |
| + } else if (assertion instanceof SignedParts) { |
| + processSignedParts((SignedParts) assertion, rpd); |
| + } else if (assertion instanceof SupportingTokens) { |
| |
| //Set policy version. Cos a supporting token can appear along without a binding |
| setWebServiceSecurityPolicyNS(assertion, rpd); |
| |
| - processSupportingTokens((SupportingToken) assertion, rpd); |
| + processSupportingTokens((SupportingTokens) assertion, rpd); |
| } else if (assertion instanceof Trust10) { |
| - processTrust10((Trust10)assertion, rpd); |
| + processTrust10((Trust10) assertion, rpd); |
| } else if (assertion instanceof RampartConfig) { |
| - processRampartConfig((RampartConfig)assertion, rpd); |
| + processRampartConfig((RampartConfig) assertion, rpd); |
| } else if (assertion instanceof MTOMAssertion){ |
| processMTOMSerialization((MTOMAssertion)assertion, rpd); |
| } else { |
| @@ -148,10 +133,10 @@ |
| private static void processTransportBinding(TransportBinding binding, RampartPolicyData rpd) { |
| binding(binding, rpd); |
| rpd.setTransportBinding(true); |
| - rpd.setTokenProtection(binding.isTokenProtection()); |
| + rpd.setTokenProtection(false); //always false since we have a transport binding and the tokens are protected by transport layer security |
| TransportToken transportToken = binding.getTransportToken(); |
| if ( transportToken != null ) { |
| - rpd.setTransportToken(transportToken.getTransportToken()); |
| + rpd.setTransportToken(transportToken.getToken()); |
| } |
| } |
| |
| @@ -226,21 +211,26 @@ |
| * @param rpd |
| * The WSS4J data to initialize |
| */ |
| - private static void processSignedEncryptedElements( |
| - SignedEncryptedElements see, RampartPolicyData rpd) { |
| - Iterator it = see.getXPathExpressions().iterator(); |
| - if (see.isSignedElemets()) { |
| - while (it.hasNext()) { |
| - rpd.setSignedElements((String) it.next()); |
| - } |
| - } else { |
| - while (it.hasNext()) { |
| - rpd.setEncryptedElements((String) it.next()); |
| - } |
| + private static void processSignedElements( |
| + SignedElements see, RampartPolicyData rpd) { |
| + Iterator<XPath> it = see.getXPaths().iterator(); |
| + while (it.hasNext()) { |
| + XPath xPath = it.next(); |
| + rpd.setSignedElements(xPath.getXPath()); |
| + rpd.addDeclaredNamespaces(xPath.getPrefixNamespaceMap()); |
| } |
| - rpd.addDeclaredNamespaces(see.getDeclaredNamespaces()); |
| } |
| |
| + private static void processEncryptedElements( |
| + EncryptedElements see, RampartPolicyData rpd) { |
| + Iterator<XPath> it = see.getXPaths().iterator(); |
| + while (it.hasNext()) { |
| + XPath xPath = it.next(); |
| + rpd.setEncryptedElements(xPath.getXPath()); |
| + rpd.addDeclaredNamespaces(xPath.getPrefixNamespaceMap()); |
| + } |
| + } |
| + |
| /** |
| * Populate parts to sign and/or encrypt with the message tokens. |
| * |
| @@ -249,49 +239,53 @@ |
| * @param rpd |
| * The WSS4J data to initialize |
| */ |
| - private static void processSignedEncryptedParts(SignedEncryptedParts sep, |
| + private static void processSignedParts(SignedParts sep, |
| RampartPolicyData rpd) { |
| Iterator it = sep.getHeaders().iterator(); |
| - if (sep.isSignedParts()) { |
| - rpd.setSignBody(sep.isBody()); |
| - rpd.setSignAttachments(sep.isAttachments()); |
| - rpd.setSignAllHeaders(sep.isSignAllHeaders()); |
| - rpd.setSignBodyOptional(sep.isOptional()); |
| - rpd.setSignAttachmentsOptional(sep.isOptional()); |
| - while (it.hasNext()) { |
| - Header header = (Header) it.next(); |
| - rpd.addSignedPart(header.getNamespace(), header.getName()); |
| - } |
| - } else { |
| - rpd.setEncryptBody(sep.isBody()); |
| - rpd.setEncryptAttachments(sep.isAttachments()); |
| - rpd.setEncryptBodyOptional(sep.isOptional()); |
| - rpd.setEncryptAttachmentsOptional(sep.isOptional()); |
| - while (it.hasNext()) { |
| - Header header = (Header) it.next(); |
| - rpd.setEncryptedParts(header.getNamespace(), header.getName(),"Header"); |
| - } |
| + rpd.setSignBody(sep.isBody()); |
| + rpd.setSignAttachments(sep.getAttachments() != null); |
| + rpd.setSignAllHeaders(sep.isSignAllHeaders()); |
| + rpd.setSignBodyOptional(sep.isOptional()); |
| + rpd.setSignAttachmentsOptional(sep.isOptional()); |
| + while (it.hasNext()) { |
| + Header header = (Header) it.next(); |
| + rpd.addSignedPart(header.getNamespace(), header.getName()); |
| } |
| } |
| + |
| + private static void processEncryptedParts(EncryptedParts sep, |
| + RampartPolicyData rpd) { |
| + Iterator it = sep.getHeaders().iterator(); |
| + rpd.setEncryptBody(sep.isBody()); |
| + rpd.setEncryptAttachments(sep.getAttachments() != null); |
| + rpd.setEncryptBodyOptional(sep.isOptional()); |
| + rpd.setEncryptAttachmentsOptional(sep.isOptional()); |
| + while (it.hasNext()) { |
| + Header header = (Header) it.next(); |
| + rpd.setEncryptedParts(header.getNamespace(), header.getName(),"Header"); |
| + } |
| + } |
| |
| private static void processContentEncryptedElements(ContentEncryptedElements cee, |
| RampartPolicyData rpd) { |
| |
| - Iterator it = cee.getXPathExpressions().iterator(); |
| + Iterator<XPath> it = cee.getXPaths().iterator(); |
| while (it.hasNext()) { |
| - rpd.setContentEncryptedElements((String) it.next()); |
| + XPath xPath = it.next(); |
| + rpd.setContentEncryptedElements(xPath.getXPath()); |
| + rpd.addDeclaredNamespaces(xPath.getPrefixNamespaceMap()); |
| } |
| - rpd.addDeclaredNamespaces(cee.getDeclaredNamespaces()); |
| } |
| |
| private static void processRequiredElements(RequiredElements req, |
| RampartPolicyData rpd) { |
| |
| - Iterator it = req.getXPathExpressions().iterator(); |
| + Iterator<XPath> it = req.getXPaths().iterator(); |
| while (it.hasNext()) { |
| - rpd.setRequiredElements((String) it.next()); |
| + XPath xPath = it.next(); |
| + rpd.setRequiredElements(xPath.getXPath()); |
| + rpd.addDeclaredNamespaces(xPath.getPrefixNamespaceMap()); |
| } |
| - rpd.addDeclaredNamespaces(req.getDeclaredNamespaces()); |
| } |
| /** |
| * Evaluate policy data that is common to all bindings. |
| @@ -301,10 +295,10 @@ |
| * @param rpd |
| * The WSS4J data to initialize |
| */ |
| - private static void binding(Binding binding, RampartPolicyData rpd) { |
| - rpd.setLayout(binding.getLayout().getValue()); |
| + private static void binding(AbstractBinding binding, RampartPolicyData rpd) { |
| + rpd.setLayout(binding.getLayout() != null ? binding.getLayout().getLayoutType() : Layout.LayoutType.Lax); |
| rpd.setIncludeTimestamp(binding.isIncludeTimestamp()); |
| - rpd.setIncludeTimestampOptional(binding.isIncludeTimestampOptional()); |
| + rpd.setIncludeTimestampOptional(binding.isIncludeTimestamp()); |
| rpd.setAlgorithmSuite(binding.getAlgorithmSuite()); |
| } |
| |
| @@ -317,12 +311,12 @@ |
| * The WSS4J data to initialize |
| */ |
| private static void symmAsymmBinding( |
| - SymmetricAsymmetricBindingBase binding, RampartPolicyData rpd) { |
| + AbstractSymmetricAsymmetricBinding binding, RampartPolicyData rpd) { |
| rpd.setEntireHeadersAndBodySignatures(binding |
| - .isEntireHeadersAndBodySignatures()); |
| + .isOnlySignEntireHeadersAndBody()); |
| rpd.setProtectionOrder(binding.getProtectionOrder()); |
| - rpd.setSignatureProtection(binding.isSignatureProtection()); |
| - rpd.setTokenProtection(binding.isTokenProtection()); |
| + rpd.setSignatureProtection(binding.isEncryptSignature()); |
| + rpd.setTokenProtection(binding.isProtectTokens()); |
| rpd.setAlgorithmSuite(binding.getAlgorithmSuite()); |
| } |
| |
| @@ -336,20 +330,19 @@ |
| */ |
| private static void symmetricBinding(SymmetricBinding binding, |
| RampartPolicyData rpd) throws WSSPolicyException { |
| - Assertion token = binding.getProtectionToken(); |
| + ProtectionToken token = binding.getProtectionToken(); |
| |
| if (token != null) { |
| - rpd.setProtectionToken(((ProtectionToken)token).getProtectionToken()); |
| + rpd.setProtectionToken(token.getToken()); |
| } else { |
| - Assertion encrToken = binding.getEncryptionToken(); |
| - Assertion sigToken = binding.getSignatureToken(); |
| + EncryptionToken encrToken = binding.getEncryptionToken(); |
| + SignatureToken sigToken = binding.getSignatureToken(); |
| if (token == null && sigToken == null) { |
| throw new WSSPolicyException("Symmetric binding should have a Protection token or" + |
| " both Signature and Encryption tokens defined"); |
| } |
| - rpd.setEncryptionToken( |
| - ((EncryptionToken) encrToken).getEncryptionToken()); |
| - rpd.setSignatureToken(((SignatureToken) sigToken).getSignatureToken()); |
| + rpd.setEncryptionToken(encrToken.getToken()); |
| + rpd.setSignatureToken(sigToken.getToken()); |
| } |
| } |
| |
| @@ -363,17 +356,17 @@ |
| */ |
| private static void asymmetricBinding(AsymmetricBinding binding, |
| RampartPolicyData rpd) throws WSSPolicyException { |
| - TokenWrapper tokWrapper = binding.getRecipientToken(); |
| - TokenWrapper tokWrapper1 = binding.getInitiatorToken(); |
| + RecipientToken tokWrapper = binding.getRecipientToken(); |
| + InitiatorToken tokWrapper1 = binding.getInitiatorToken(); |
| if (tokWrapper == null || tokWrapper1 == null) { |
| throw new WSSPolicyException("Asymmetric binding should have both Initiator and " + |
| "Recipient tokens defined"); |
| } |
| - rpd.setRecipientToken(((RecipientToken) tokWrapper).getReceipientToken()); |
| - rpd.setInitiatorToken(((InitiatorToken) tokWrapper1).getInitiatorToken()); |
| + rpd.setRecipientToken(tokWrapper.getToken()); |
| + rpd.setInitiatorToken(tokWrapper1.getToken()); |
| } |
| |
| - private static void processSupportingTokens(SupportingToken token, |
| + private static void processSupportingTokens(SupportingTokens token, |
| RampartPolicyData rpd) throws WSSPolicyException { |
| rpd.setSupportingTokens(token); |
| } |
| Index: modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java |
| =================================================================== |
| --- modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java (revision 1207051) |
| +++ modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java (working copy) |
| @@ -94,9 +94,9 @@ |
| if(!rmd.isInitiator()) { |
| |
| //Just an indicator for EndorsingSupportingToken signature |
| - SupportingToken endSupportingToken = rpd.getEndorsingSupportingTokens(); |
| + SupportingTokens endSupportingToken = rpd.getEndorsingSupportingTokens(); |
| if(endSupportingToken != null && !endSupportingToken.isOptional()) { |
| - SignedEncryptedParts endSignedParts = endSupportingToken.getSignedParts(); |
| + SignedParts endSignedParts = endSupportingToken.getSignedParts(); |
| if((endSignedParts != null && !endSignedParts.isOptional() && |
| (endSignedParts.isBody() || |
| endSignedParts.getHeaders().size() > 0)) || |
| @@ -106,9 +106,9 @@ |
| } |
| } |
| //Just an indicator for SignedEndorsingSupportingToken signature |
| - SupportingToken sgndEndSupportingToken = rpd.getSignedEndorsingSupportingTokens(); |
| + SupportingTokens sgndEndSupportingToken = rpd.getSignedEndorsingSupportingTokens(); |
| if(sgndEndSupportingToken != null && !sgndEndSupportingToken.isOptional()) { |
| - SignedEncryptedParts sgndEndSignedParts = sgndEndSupportingToken.getSignedParts(); |
| + SignedParts sgndEndSignedParts = sgndEndSupportingToken.getSignedParts(); |
| if((sgndEndSignedParts != null && !sgndEndSignedParts.isOptional() && |
| (sgndEndSignedParts.isBody() || |
| sgndEndSignedParts.getHeaders().size() > 0)) || |
| @@ -120,7 +120,7 @@ |
| |
| Vector supportingToks = rpd.getSupportingTokensList(); |
| for (int i = 0; i < supportingToks.size(); i++) { |
| - SupportingToken supportingToken = (SupportingToken) supportingToks.get(i); |
| + SupportingTokens supportingToken = (SupportingTokens) supportingToks.get(i); |
| if (supportingToken != null && !supportingToken.isOptional()) { |
| SupportingPolicyData policyData = new SupportingPolicyData(); |
| policyData.build(supportingToken); |
| @@ -216,8 +216,8 @@ |
| |
| RampartPolicyData rpd = data.getRampartMessageData().getPolicyData(); |
| |
| - SupportingToken sgndSupTokens = rpd.getSignedSupportingTokens(); |
| - SupportingToken sgndEndorSupTokens = rpd.getSignedEndorsingSupportingTokens(); |
| + SupportingTokens sgndSupTokens = rpd.getSignedSupportingTokens(); |
| + SupportingTokens sgndEndorSupTokens = rpd.getSignedEndorsingSupportingTokens(); |
| |
| if(sig && signatureParts.size() == 0 |
| && (sgndSupTokens == null || sgndSupTokens.getTokens().size() == 0) |
| @@ -266,14 +266,14 @@ |
| RampartPolicyData rpd = data.getRampartMessageData().getPolicyData(); |
| Vector supportingToks = rpd.getSupportingTokensList(); |
| for (int i = 0; i < supportingToks.size(); i++) { |
| - SupportingToken suppTok = (SupportingToken) supportingToks.get(i); |
| + SupportingTokens suppTok = (SupportingTokens) supportingToks.get(i); |
| handleSupportingTokens(results, suppTok); |
| } |
| - SupportingToken signedSuppToken = rpd.getSignedSupportingTokens(); |
| + SupportingTokens signedSuppToken = rpd.getSignedSupportingTokens(); |
| handleSupportingTokens(results, signedSuppToken); |
| - SupportingToken signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens(); |
| + SupportingTokens signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens(); |
| handleSupportingTokens(results, signedEndSuppToken); |
| - SupportingToken endSuppToken = rpd.getEndorsingSupportingTokens(); |
| + SupportingTokens endSuppToken = rpd.getEndorsingSupportingTokens(); |
| handleSupportingTokens(results, endSuppToken); |
| } |
| |
| @@ -282,15 +282,15 @@ |
| * @param suppTok |
| * @throws RampartException |
| */ |
| - protected void handleSupportingTokens(Vector results, SupportingToken suppTok) throws RampartException { |
| + protected void handleSupportingTokens(Vector results, SupportingTokens suppTok) throws RampartException { |
| |
| if(suppTok == null) { |
| return; |
| } |
| |
| - ArrayList tokens = suppTok.getTokens(); |
| + List tokens = suppTok.getTokens(); |
| for (Iterator iter = tokens.iterator(); iter.hasNext();) { |
| - Token token = (Token) iter.next(); |
| + AbstractToken token = (AbstractToken) iter.next(); |
| if(token instanceof UsernameToken) { |
| UsernameToken ut = (UsernameToken) token; |
| //Check presence of a UsernameToken |
| @@ -325,7 +325,7 @@ |
| protected void validateProtectionOrder(ValidatorData data, Vector results) |
| throws RampartException { |
| |
| - String protectionOrder = data.getRampartMessageData().getPolicyData().getProtectionOrder(); |
| + AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder = data.getRampartMessageData().getPolicyData().getProtectionOrder(); |
| ArrayList sigEncrActions = this.getSigEncrActions(results); |
| |
| if(sigEncrActions.size() < 2) { |
| @@ -352,7 +352,7 @@ |
| |
| |
| boolean done = false; |
| - if(SPConstants.SIGN_BEFORE_ENCRYPTING.equals(protectionOrder)) { |
| + if(AbstractSymmetricAsymmetricBinding.ProtectionOrder.SignBeforeEncrypting == protectionOrder) { |
| |
| boolean sigFound = false; |
| for (Iterator iter = sigEncrActions.iterator(); |
| @@ -876,23 +876,23 @@ |
| |
| Vector supportingToks = rpd.getSupportingTokensList(); |
| for (int i = 0; i < supportingToks.size(); i++) { |
| - SupportingToken suppTok = (SupportingToken) supportingToks.get(i); |
| + SupportingTokens suppTok = (SupportingTokens) supportingToks.get(i); |
| if (isUsernameTokenPresent(suppTok)) { |
| return true; |
| } |
| } |
| |
| - SupportingToken signedSuppToken = rpd.getSignedSupportingTokens(); |
| + SupportingTokens signedSuppToken = rpd.getSignedSupportingTokens(); |
| if(isUsernameTokenPresent(signedSuppToken)) { |
| return true; |
| } |
| |
| - SupportingToken signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens(); |
| + SupportingTokens signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens(); |
| if(isUsernameTokenPresent(signedEndSuppToken)) { |
| return true; |
| } |
| |
| - SupportingToken endSuppToken = rpd.getEndorsingSupportingTokens(); |
| + SupportingTokens endSuppToken = rpd.getEndorsingSupportingTokens(); |
| if(isUsernameTokenPresent(endSuppToken)){ |
| return true; |
| } |
| @@ -902,15 +902,15 @@ |
| |
| } |
| |
| - protected boolean isUsernameTokenPresent(SupportingToken suppTok) { |
| + protected boolean isUsernameTokenPresent(SupportingTokens suppTok) { |
| |
| if(suppTok == null) { |
| return false; |
| } |
| |
| - ArrayList tokens = suppTok.getTokens(); |
| + List tokens = suppTok.getTokens(); |
| for (Iterator iter = tokens.iterator(); iter.hasNext();) { |
| - Token token = (Token) iter.next(); |
| + AbstractToken token = (AbstractToken) iter.next(); |
| if(token instanceof UsernameToken) { |
| return true; |
| } |
| Index: modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java |
| =================================================================== |
| --- modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java (revision 1207051) |
| +++ modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java (working copy) |
| @@ -36,6 +36,7 @@ |
| import org.apache.axis2.mex.om.MetadataReference; |
| import org.apache.axis2.mex.om.MetadataSection; |
| import org.apache.axis2.transport.http.HTTPConstants; |
| +import org.apache.axis2.util.*; |
| import org.apache.commons.httpclient.protocol.Protocol; |
| import org.apache.commons.logging.Log; |
| import org.apache.commons.logging.LogFactory; |
| @@ -424,7 +425,7 @@ |
| * @return The address of an issuer address element |
| * @throws RampartException If the issuer address element is malformed. |
| */ |
| - public static String processIssuerAddress(OMElement issuerAddress) |
| + public static String processIssuerAddress(OMElement issuerAddress) |
| throws RampartException { |
| |
| if(issuerAddress == null){ |
| @@ -439,7 +440,7 @@ |
| |
| return issuerAddress.getText().trim(); |
| } |
| - |
| + |
| /** |
| * Retrieve policy using metadata reference |
| * <wsa:Metadata xmlns:wsa="http://www.w3.org/2005/08/addressing"> |
| @@ -516,7 +517,7 @@ |
| log.debug("Creating RSTTemplate for an SCT request"); |
| OMFactory fac = OMAbstractFactory.getOMFactory(); |
| |
| - OMNamespace wspNs = fac.createOMNamespace(SPConstants.P_NS, "wsp"); |
| + OMNamespace wspNs = fac.createOMNamespace(org.apache.neethi.Constants.URI_POLICY_15_NS, "wsp"); |
| OMElement rstTempl = fac.createOMElement( |
| SPConstants.REQUEST_SECURITY_TOKEN_TEMPLATE, |
| wspNs); |
| @@ -598,10 +599,17 @@ |
| RahasConstants.RST_ACTION_SCT); |
| |
| // Get sts epr |
| - OMElement issuerEpr = secConvTok.getIssuerEpr(); |
| + Element issuerElement = secConvTok.getIssuer(); |
| String issuerEprAddress = rmd.getMsgContext().getTo().getAddress(); |
| - if(issuerEpr != null) { |
| - issuerEprAddress = RampartUtil.processIssuerAddress(issuerEpr); |
| + if(issuerElement != null) { |
| + OMElement issuer = null; |
| + try { |
| + issuer = XMLUtils.toOM(issuerElement); |
| + } catch (Exception e) { |
| + throw new TrustException(TrustException.INVALID_SECURITY_TOKEN, e); |
| + } |
| + OMElement issuerExp = issuer.getFirstElement(); |
| + issuerEprAddress = RampartUtil.processIssuerAddress(issuerExp); |
| } |
| |
| //Find SC version |
| @@ -659,19 +667,36 @@ |
| RahasConstants.RST_ACTION_ISSUE); |
| |
| // Get sts epr |
| - String issuerEprAddress = RampartUtil.processIssuerAddress(issuedToken |
| - .getIssuerEpr()); |
| + String issuerEprAddress = null; |
| + OMElement issuerMex = null; |
| + final Element issuerElement = issuedToken.getIssuer(); |
| + if (issuerElement != null) { |
| + final OMElement issuer = XMLUtils.toOM(issuerElement); |
| + OMElement issuerEpr = issuer.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Address")); |
| + //try the other addressing namespace |
| + if (issuerEpr == null) { |
| + issuerEpr = issuer.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Address")); |
| + } |
| + issuerEprAddress = RampartUtil.processIssuerAddress(issuerEpr); |
| |
| - OMElement rstTemplate = issuedToken.getRstTemplate(); |
| + issuerMex = issuer.getFirstChildWithName(new QName(AddressingConstants.Final.WSA_NAMESPACE,"Metadata")); |
| + //try the other addressing namespace |
| + if (issuerMex == null) { |
| + issuerMex = issuer.getFirstChildWithName(new QName(AddressingConstants.Submission.WSA_NAMESPACE,"Metadata")); |
| + } |
| |
| + } |
| + |
| + Element rstTemplateElement = issuedToken.getRequestSecurityTokenTemplate(); |
| + OMElement rstTemplate = XMLUtils.toOM(rstTemplateElement); |
| + |
| // Get STS policy |
| Policy stsPolicy = (Policy)rmd.getMsgContext().getProperty(RampartMessageData.RAMPART_STS_POLICY); |
| - |
| - if( stsPolicy == null && issuedToken.getIssuerMex() != null) { |
| - stsPolicy = RampartUtil.getPolicyFromMetadataRef(issuedToken.getIssuerMex()); |
| + |
| + if( stsPolicy == null && issuerMex != null) { |
| + stsPolicy = RampartUtil.getPolicyFromMetadataRef(issuerMex); |
| RampartUtil.addRampartConfig(rmd, stsPolicy); |
| } |
| - |
| String id = getToken(rmd, rstTemplate, issuerEprAddress, action, |
| stsPolicy); |
| |
| @@ -681,7 +706,9 @@ |
| return id; |
| } catch (TrustException e) { |
| throw new RampartException("errorInObtainingToken", e); |
| - } |
| + } catch (Exception e) { |
| + throw new RampartException("errorInObtainingToken", e); |
| + } |
| } |
| |
| /** |
| @@ -1314,14 +1341,14 @@ |
| * the WSS11 and WSS10 assertions |
| */ |
| |
| - public static void setKeyIdentifierType(RampartMessageData rmd, WSSecBase secBase,org.apache.ws.secpolicy.model.Token token) { |
| + public static void setKeyIdentifierType(RampartMessageData rmd, WSSecBase secBase,AbstractToken token) { |
| |
| // Use a reference rather than the binary security token if: the policy never allows the token to be |
| // included; or this is the recipient and the token should only be included in requests; or this is |
| // the initiator and the token should only be included in responses. |
| - final boolean useReference = token.getInclusion() == SPConstants.INCLUDE_TOKEN_NEVER |
| - || !rmd.isInitiator() && token.getInclusion() == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT |
| - || rmd.isInitiator() && token.getInclusion() == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_INITIATOR; |
| + final boolean useReference = token.getIncludeTokenType() == SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER |
| + || !rmd.isInitiator() && token.getIncludeTokenType() == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT |
| + || rmd.isInitiator() && token.getIncludeTokenType() == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR; |
| if (useReference) { |
| |
| boolean tokenTypeSet = false; |
| @@ -1562,13 +1589,13 @@ |
| } |
| |
| // Checking for supporting tokens |
| - SupportingToken supportingTokens; |
| + SupportingTokens supportingTokens; |
| |
| if (!initiator && inflow || initiator && !inflow ) { |
| |
| Vector supportingToks = rpd.getSupportingTokensList(); |
| for (int i = 0; i < supportingToks.size(); i++) { |
| - supportingTokens = (SupportingToken) supportingToks.get(i); |
| + supportingTokens = (SupportingTokens) supportingToks.get(i); |
| if (supportingTokens != null && supportingTokens.getTokens().size() != 0) { |
| return true; |
| } |
| @@ -1727,7 +1754,7 @@ |
| throw new RampartException("invalidTransport", |
| new String[]{incomingTransport}); |
| } |
| - if (((HttpsToken) rpd.getTransportToken()).isRequireClientCertificate()) { |
| + if (((HttpsToken) rpd.getTransportToken()).getAuthenticationType() == HttpsToken.AuthenticationType.RequireClientCertificate) { |
| |
| MessageContext messageContext = rmd.getMsgContext(); |
| HttpServletRequest request = ((HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)); |
| Index: modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java |
| =================================================================== |
| --- modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java (revision 1207051) |
| +++ modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java (working copy) |
| @@ -49,11 +49,11 @@ |
| ProtectionToken protectionToken = binding.getProtectionToken(); |
| assertNotNull("ProtectionToken missing", protectionToken); |
| |
| - Token token = protectionToken.getProtectionToken(); |
| + AbstractToken token = protectionToken.getToken(); |
| if(token instanceof X509Token) { |
| assertEquals("incorrect X509 token versin and type", |
| - SPConstants.WSS_X509_V3_TOKEN10, |
| - ((X509Token) token).getTokenVersionAndType()); |
| + X509Token.TokenType.WssX509V3Token10, |
| + ((X509Token) token).getTokenType()); |
| } else { |
| fail("ProtectionToken must contain a X509Token assertion"); |
| } |
| Index: pom.xml |
| =================================================================== |
| --- pom.xml (revision 1207051) |
| +++ pom.xml (working copy) |
| @@ -20,7 +20,8 @@ |
| --> |
| |
| |
| -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> |
| +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> |
| |
| <parent> |
| <groupId>org.apache</groupId> |
| @@ -32,7 +33,7 @@ |
| <modelVersion>4.0.0</modelVersion> |
| <artifactId>rampart-project</artifactId> |
| <packaging>pom</packaging> |
| - <description> WS-Security, WS-Trust and WS-SecureConversation implementaion for Apache Axis2 </description> |
| + <description>WS-Security, WS-Trust and WS-SecureConversation implementaion for Apache Axis2</description> |
| <version>1.7.0-SNAPSHOT</version> |
| <name>Apache Rampart</name> |
| <url>http://axis.apache.org/axis2/java/rampart</url> |
| @@ -53,7 +54,7 @@ |
| <system>JIRA</system> |
| <url>http://issues.apache.org/jira/browse/RAMPART</url> |
| </issueManagement> |
| - |
| + |
| <mailingLists> |
| <mailingList> |
| <name>Rampart Developers</name> |
| @@ -98,7 +99,7 @@ |
| <name>Nandana Mihindukulasooriya</name> |
| <id>nandana</id> |
| <email>nandana AT apache.org</email> |
| - <organization /> |
| + <organization/> |
| </developer> |
| <developer> |
| <name>Thilina Buddhika</name> |
| @@ -181,86 +182,6 @@ |
| |
| |
| <dependencies> |
| - |
| - <!-- Axis2 and Axiom Dependencies --> |
| - <dependency> |
| - <groupId>org.apache.axis2</groupId> |
| - <artifactId>axis2-kernel</artifactId> |
| - <version>${axis2.version}</version> |
| - </dependency> |
| - <dependency> |
| - <groupId>org.apache.axis2</groupId> |
| - <artifactId>mex</artifactId> |
| - <version>${axis2.version}</version> |
| - <classifier>impl</classifier> |
| - </dependency> |
| - <dependency> |
| - <groupId>org.apache.axis2</groupId> |
| - <artifactId>axis2-mtompolicy</artifactId> |
| - <version>${axis2.version}</version> |
| - <scope>compile</scope> |
| - </dependency> |
| - <dependency> |
| - <groupId>org.apache.axis2</groupId> |
| - <artifactId>addressing</artifactId> |
| - <type>mar</type> |
| - <version>${axis2.version}</version> |
| - <scope>compile</scope> |
| - </dependency> |
| - |
| - <!-- Other Rampart Dependencies --> |
| - <dependency> |
| - <groupId>org.apache.ws.security</groupId> |
| - <artifactId>wss4j</artifactId> |
| - <version>${wss4j.version}</version> |
| - <exclusions> |
| - <!-- We exclude xalan:xalan as a transitive dependency, but include |
| - org.apache.xalan:xalan as a direct dependency. This avoids |
| - conflicts with the dependencies of org.opensaml:opensaml |
| - (which uses org.apache.xalan:xalan). --> |
| - <exclusion> |
| - <artifactId>xalan</artifactId> |
| - <groupId>xalan</groupId> |
| - </exclusion> |
| - </exclusions> |
| - </dependency> |
| - <dependency> |
| - <groupId>org.apache.xalan</groupId> |
| - <artifactId>xalan</artifactId> |
| - <version>2.7.1</version> |
| - </dependency> |
| - <dependency> |
| - <groupId>org.opensaml</groupId> |
| - <artifactId>opensaml1</artifactId> |
| - <version>1.1</version> |
| - </dependency> |
| - <dependency> |
| - <groupId>org.opensaml</groupId> |
| - <artifactId>opensaml</artifactId> |
| - <version>2.2.3</version> |
| - <exclusions> |
| - <!-- Don't allow OpenSAML to impose a particular logging implementation --> |
| - <exclusion> |
| - <groupId>org.slf4j</groupId> |
| - <artifactId>jcl-over-slf4j</artifactId> |
| - </exclusion> |
| - <exclusion> |
| - <groupId>org.slf4j</groupId> |
| - <artifactId>log4j-over-slf4j</artifactId> |
| - </exclusion> |
| - </exclusions> |
| - </dependency> |
| - <dependency> |
| - <groupId>commons-lang</groupId> |
| - <artifactId>commons-lang</artifactId> |
| - <version>2.3</version> |
| - </dependency> |
| - <dependency> |
| - <groupId>bouncycastle</groupId> |
| - <artifactId>bcprov-jdk15</artifactId> |
| - <version>${bcprov.jdk15.version}</version> |
| - </dependency> |
| - |
| <!-- Junit Dependency --> |
| <dependency> |
| <groupId>junit</groupId> |
| @@ -273,6 +194,91 @@ |
| |
| <dependencyManagement> |
| <dependencies> |
| + <!-- Axis2 and Axiom Dependencies --> |
| + <dependency> |
| + <groupId>org.apache.axis2</groupId> |
| + <artifactId>axis2-kernel</artifactId> |
| + <version>${axis2.version}</version> |
| + </dependency> |
| + <dependency> |
| + <groupId>org.apache.axis2</groupId> |
| + <artifactId>mex</artifactId> |
| + <version>${axis2.version}</version> |
| + <classifier>impl</classifier> |
| + </dependency> |
| + <dependency> |
| + <groupId>org.apache.axis2</groupId> |
| + <artifactId>axis2-mtompolicy</artifactId> |
| + <version>${axis2.version}</version> |
| + <scope>compile</scope> |
| + </dependency> |
| + <dependency> |
| + <groupId>org.apache.axis2</groupId> |
| + <artifactId>addressing</artifactId> |
| + <type>mar</type> |
| + <version>${axis2.version}</version> |
| + <scope>compile</scope> |
| + </dependency> |
| + |
| + <dependency> |
| + <groupId>org.apache.neethi</groupId> |
| + <artifactId>neethi</artifactId> |
| + <version>${neethi.version}</version> |
| + </dependency> |
| + |
| + <!-- Other Rampart Dependencies --> |
| + <dependency> |
| + <groupId>org.apache.ws.security</groupId> |
| + <artifactId>wss4j</artifactId> |
| + <version>${wss4j.version}</version> |
| + <exclusions> |
| + <!-- We exclude xalan:xalan as a transitive dependency, but include |
| + org.apache.xalan:xalan as a direct dependency. This avoids |
| + conflicts with the dependencies of org.opensaml:opensaml |
| + (which uses org.apache.xalan:xalan). --> |
| + <exclusion> |
| + <artifactId>xalan</artifactId> |
| + <groupId>xalan</groupId> |
| + </exclusion> |
| + </exclusions> |
| + </dependency> |
| + <dependency> |
| + <groupId>org.apache.xalan</groupId> |
| + <artifactId>xalan</artifactId> |
| + <version>2.7.1</version> |
| + </dependency> |
| + <dependency> |
| + <groupId>org.opensaml</groupId> |
| + <artifactId>opensaml1</artifactId> |
| + <version>1.1</version> |
| + </dependency> |
| + <dependency> |
| + <groupId>org.opensaml</groupId> |
| + <artifactId>opensaml</artifactId> |
| + <version>2.2.3</version> |
| + <exclusions> |
| + <!-- Don't allow OpenSAML to impose a particular logging implementation --> |
| + <exclusion> |
| + <groupId>org.slf4j</groupId> |
| + <artifactId>jcl-over-slf4j</artifactId> |
| + </exclusion> |
| + <exclusion> |
| + <groupId>org.slf4j</groupId> |
| + <artifactId>log4j-over-slf4j</artifactId> |
| + </exclusion> |
| + </exclusions> |
| + </dependency> |
| + <dependency> |
| + <groupId>commons-lang</groupId> |
| + <artifactId>commons-lang</artifactId> |
| + <version>2.3</version> |
| + </dependency> |
| + <dependency> |
| + <groupId>bouncycastle</groupId> |
| + <artifactId>bcprov-jdk15</artifactId> |
| + <version>${bcprov.jdk15.version}</version> |
| + </dependency> |
| + |
| <!-- Since Rampart depends on DOOM, but axiom-dom is not a transitive |
| dependency, we need to manage the Axiom version. --> |
| <dependency> |
| @@ -365,7 +371,7 @@ |
| </plugins> |
| </build> |
| </profile> |
| - |
| + |
| <profile> |
| <!-- Profile that includes all modules. This is handy when using maven-release-plugin |
| for anything else than doing a release. --> |
| @@ -391,6 +397,8 @@ |
| <axis2.version>1.7.0-SNAPSHOT</axis2.version> |
| <axiom.version>1.2.13-SNAPSHOT</axiom.version> |
| |
| + <neethi.version>3.0.2-SNAPSHOT</neethi.version> |
| + |
| <wss4j.version>1.5.13-SNAPSHOT</wss4j.version> |
| <opensaml.version>1.1</opensaml.version> |
| |