Author: giger
Date: Sat Jun 8 13:20:18 2013
New Revision: 1490977
URL: http://svn.apache.org/r1490977
Log:
- WSS-442
- Cleanup KeyIdentifier
- SecurityToken refactorings
Added:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509IssuerSerialTokenImpl.java
- copied, changed from r1485168,
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509DataSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SKISecurityTokenImpl.java
- copied, changed from r1485168,
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SubjectKeyIdentifierSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509ThumbprintSHA1SecurityTokenImpl.java
- copied, changed from r1485168,
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ThumbprintSHA1SecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509V3SecurityTokenImpl.java
- copied, changed from r1485168,
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509_V3SecurityTokenImpl.java
Removed:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ThumbprintSHA1SecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509DataSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SubjectKeyIdentifierSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509_V3SecurityTokenImpl.java
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecureConversationTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/IssuedTokenTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/KerberosTokenTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/SamlTokenTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/SupportingTokensTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/SymmetricBindingTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/UsernameTokenTest.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DerivedKeyTokenInputHandler.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/DsaKeyValueSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ECKeyValueSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/HttpsSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/RsaKeyValueSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecureConversationSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenReferenceImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509DefaultSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509PKIPathv1SecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/BinarySecurityTokenValidatorImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SecurityContextTokenValidatorImpl.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
Sat Jun 8 13:20:18 2013
@@ -126,6 +126,7 @@ public class PolicyEnforcer implements S
public PolicyEnforcer(List<OperationPolicy> operationPolicies, String
soapAction, boolean initiator) throws WSSPolicyException {
this.operationPolicies = operationPolicies;
+ this.initiator = initiator;
assertionStateMap = new LinkedList<Map<SecurityEventConstants.Event,
Map<Assertion, List<Assertable>>>>();
failedAssertionStateMap = new
LinkedList<Map<SecurityEventConstants.Event, Map<Assertion,
List<Assertable>>>>();
@@ -135,7 +136,6 @@ public class PolicyEnforcer implements S
buildAssertionStateMap(effectivePolicy.getPolicy(),
assertionStateMap);
}
}
- this.initiator = initiator;
}
private OperationPolicy findPolicyBySOAPAction(List<OperationPolicy>
operationPolicies, String soapAction) {
@@ -268,27 +268,27 @@ public class PolicyEnforcer implements S
} else if (abstractSecurityAssertion instanceof RequiredParts) {
assertableList.add(new
RequiredPartsAssertionState(abstractSecurityAssertion, false));
} else if (abstractSecurityAssertion instanceof UsernameToken) {
- assertableList.add(new
UsernameTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new
UsernameTokenAssertionState(abstractSecurityAssertion, false, initiator));
} else if (abstractSecurityAssertion instanceof IssuedToken) {
- assertableList.add(new
IssuedTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new
IssuedTokenAssertionState(abstractSecurityAssertion, false, initiator));
} else if (abstractSecurityAssertion instanceof X509Token) {
- assertableList.add(new
X509TokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new
X509TokenAssertionState(abstractSecurityAssertion, false, initiator));
} else if (abstractSecurityAssertion instanceof KerberosToken) {
- assertableList.add(new
KerberosTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new
KerberosTokenAssertionState(abstractSecurityAssertion, false, initiator));
} else if (abstractSecurityAssertion instanceof SpnegoContextToken) {
- assertableList.add(new
SpnegoContextTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new
SpnegoContextTokenAssertionState(abstractSecurityAssertion, false, initiator));
} else if (abstractSecurityAssertion instanceof
SecureConversationToken) {
- assertableList.add(new
SecureConversationTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new
SecureConversationTokenAssertionState(abstractSecurityAssertion, false,
initiator));
} else if (abstractSecurityAssertion instanceof SecurityContextToken) {
- assertableList.add(new
SecurityContextTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new
SecurityContextTokenAssertionState(abstractSecurityAssertion, false,
initiator));
} else if (abstractSecurityAssertion instanceof SamlToken) {
- assertableList.add(new
SamlTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new
SamlTokenAssertionState(abstractSecurityAssertion, false, initiator));
} else if (abstractSecurityAssertion instanceof RelToken) {
- assertableList.add(new
RelTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new
RelTokenAssertionState(abstractSecurityAssertion, false, initiator));
} else if (abstractSecurityAssertion instanceof HttpsToken) {
- assertableList.add(new
HttpsTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new
HttpsTokenAssertionState(abstractSecurityAssertion, false, initiator));
} else if (abstractSecurityAssertion instanceof KeyValueToken) {
- assertableList.add(new
KeyValueTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new
KeyValueTokenAssertionState(abstractSecurityAssertion, false, initiator));
} else if (abstractSecurityAssertion instanceof AlgorithmSuite) {
//initialized with asserted=true because we do negative matching
assertableList.add(new
AlgorithmSuiteAssertionState(abstractSecurityAssertion, true));
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -34,8 +34,8 @@ import org.apache.wss4j.stax.securityEve
public class HttpsTokenAssertionState extends TokenAssertionState {
- public HttpsTokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted) {
- super(assertion, asserted);
+ public HttpsTokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -51,8 +51,8 @@ import java.util.Map;
public class IssuedTokenAssertionState extends TokenAssertionState {
- public IssuedTokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted) {
- super(assertion, asserted);
+ public IssuedTokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -36,8 +36,8 @@ import org.apache.wss4j.stax.securityEve
public class KerberosTokenAssertionState extends TokenAssertionState {
- public KerberosTokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted) {
- super(assertion, asserted);
+ public KerberosTokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -35,8 +35,8 @@ import org.apache.wss4j.stax.securityEve
public class KeyValueTokenAssertionState extends TokenAssertionState {
- public KeyValueTokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted) {
- super(assertion, asserted);
+ public KeyValueTokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -34,8 +34,8 @@ import org.apache.wss4j.stax.securityEve
public class RelTokenAssertionState extends TokenAssertionState {
- public RelTokenAssertionState(AbstractSecurityAssertion assertion, boolean
asserted) {
- super(assertion, asserted);
+ public RelTokenAssertionState(AbstractSecurityAssertion assertion, boolean
asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -38,8 +38,8 @@ import org.apache.xml.security.stax.secu
public class SamlTokenAssertionState extends TokenAssertionState {
- public SamlTokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted) {
- super(assertion, asserted);
+ public SamlTokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecureConversationTokenAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecureConversationTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecureConversationTokenAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecureConversationTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -34,8 +34,8 @@ import org.apache.wss4j.stax.securityEve
public class SecureConversationTokenAssertionState extends TokenAssertionState
{
- public SecureConversationTokenAssertionState(AbstractSecurityAssertion
assertion, boolean asserted) {
- super(assertion, asserted);
+ public SecureConversationTokenAssertionState(AbstractSecurityAssertion
assertion, boolean asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -34,8 +34,8 @@ import org.apache.wss4j.stax.securityEve
public class SecurityContextTokenAssertionState extends TokenAssertionState {
- public SecurityContextTokenAssertionState(AbstractSecurityAssertion
assertion, boolean asserted) {
- super(assertion, asserted);
+ public SecurityContextTokenAssertionState(AbstractSecurityAssertion
assertion, boolean asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -34,8 +34,8 @@ import org.apache.wss4j.stax.securityEve
public class SpnegoContextTokenAssertionState extends TokenAssertionState {
- public SpnegoContextTokenAssertionState(AbstractSecurityAssertion
assertion, boolean asserted) {
- super(assertion, asserted);
+ public SpnegoContextTokenAssertionState(AbstractSecurityAssertion
assertion, boolean asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -41,8 +41,11 @@ public abstract class TokenAssertionStat
//todo? WSP1.3 5.2.3 Required Claims
//todo derived keys?
- public TokenAssertionState(AbstractSecurityAssertion assertion, boolean
asserted) {
+ private boolean initiator;
+
+ public TokenAssertionState(AbstractSecurityAssertion assertion, boolean
asserted, boolean initiator) {
super(assertion, asserted);
+ this.initiator = initiator;
}
@Override
@@ -65,7 +68,15 @@ public abstract class TokenAssertionStat
while (tokenUsageIterator.hasNext()) {
WSSecurityTokenConstants.TokenUsage tokenUsage =
tokenUsageIterator.next();
if
(WSSecurityTokenConstants.TokenUsage_MainSignature.equals(tokenUsage)) {
- if (!(parentAssertion instanceof InitiatorToken)
+ if (initiator && !(parentAssertion instanceof RecipientToken)
+ && !(parentAssertion instanceof
RecipientSignatureToken)
+ && !(parentAssertion instanceof SignatureToken)
+ && !(parentAssertion instanceof ProtectionToken)
+ && !(parentAssertion instanceof TransportToken)) {
+ ignoreToken++;
+ continue loop;
+ }
+ else if (!initiator && !(parentAssertion instanceof
InitiatorToken)
&& !(parentAssertion instanceof
InitiatorSignatureToken)
&& !(parentAssertion instanceof SignatureToken)
&& !(parentAssertion instanceof ProtectionToken)
@@ -76,7 +87,15 @@ public abstract class TokenAssertionStat
} else if
(WSSecurityTokenConstants.TokenUsage_Signature.equals(tokenUsage)) {
throw new WSSPolicyException("Illegal token usage!");
} else if
(WSSecurityTokenConstants.TokenUsage_MainEncryption.equals(tokenUsage)) {
- if (!(parentAssertion instanceof RecipientToken)
+ if (initiator && !(parentAssertion instanceof InitiatorToken)
+ && !(parentAssertion instanceof
InitiatorEncryptionToken)
+ && !(parentAssertion instanceof EncryptionToken)
+ && !(parentAssertion instanceof ProtectionToken)
+ && !(parentAssertion instanceof TransportToken)) {
+ ignoreToken++;
+ continue loop;
+ }
+ else if (!initiator && !(parentAssertion instanceof
RecipientToken)
&& !(parentAssertion instanceof
RecipientEncryptionToken)
&& !(parentAssertion instanceof EncryptionToken)
&& !(parentAssertion instanceof ProtectionToken)
@@ -130,9 +149,40 @@ public abstract class TokenAssertionStat
//WSP1.3, 5.1 Token Inclusion
//todo do we need a global token cache to fullfill
".../IncludeToken/Once" ?
SPConstants.IncludeTokenType includeTokenType =
abstractToken.getIncludeTokenType();
- if (includeTokenType ==
SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER) {
- setErrorMessage("Token must not be included");
- asserted = false;
+ boolean isIncludedInMessage =
tokenSecurityEvent.getSecurityToken().isIncludedInMessage();
+ switch (includeTokenType) {
+ case INCLUDE_TOKEN_NEVER:
+ if (isIncludedInMessage) {
+ setErrorMessage("Token must not be included");
+ asserted = false;
+ }
+ break;
+ case INCLUDE_TOKEN_ONCE:
+ break;
+ case INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT:
+ if (initiator && isIncludedInMessage) {
+ setErrorMessage("Token must not be included");
+ asserted = false;
+ } else if (!initiator && !isIncludedInMessage) {
+ setErrorMessage("Token must be included");
+ asserted = false;
+ }
+ break;
+ case INCLUDE_TOKEN_ALWAYS_TO_INITIATOR:
+ if (initiator && !isIncludedInMessage) {
+ setErrorMessage("Token must be included");
+ asserted = false;
+ } else if (!initiator && isIncludedInMessage) {
+ setErrorMessage("Token must not be included");
+ asserted = false;
+ }
+ break;
+ case INCLUDE_TOKEN_ALWAYS:
+ if (!isIncludedInMessage) {
+ setErrorMessage("Token must be included");
+ asserted = false;
+ }
+ break;
}
//WSP1.3, 5.3 Token Properties
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -96,7 +96,8 @@ public class TokenProtectionAssertionSta
securityToken = securityToken.getKeyWrappingToken();
}
- if (isSignatureToken(securityToken)) {
+ //a token can only be signed if it is included in the message:
+ if (securityToken.isIncludedInMessage() &&
isSignatureToken(securityToken)) {
//[WSP1.3_8.9]
boolean signsItsSignatureToken =
signsItsSignatureToken(securityToken);
if (protectTokens && !signsItsSignatureToken) {
@@ -183,7 +184,7 @@ public class TokenProtectionAssertionSta
signingSecurityToken =
signingSecurityToken.getKeyWrappingToken();
}
//todo ATM me just check if the token signs a signature but we
don't know if it's the main signature
- if (signingSecurityToken == securityToken) {
+ if (signingSecurityToken != null &&
signingSecurityToken.getId().equals(securityToken.getId())) {
return true;
}
}
@@ -202,7 +203,7 @@ public class TokenProtectionAssertionSta
signingSecurityToken =
signingSecurityToken.getKeyWrappingToken();
}
- if (signingSecurityToken == securityToken) {
+ if (signingSecurityToken != null &&
signingSecurityToken.getId().equals(securityToken.getId())) {
return true;
}
}
@@ -234,7 +235,7 @@ public class TokenProtectionAssertionSta
while (elementSignatureToken != null &&
elementSignatureToken.getKeyWrappingToken() != null) {
elementSignatureToken =
elementSignatureToken.getKeyWrappingToken();
}
- if (signedElementSecurityEvent.getSecurityToken() ==
securityToken) {
+ if (elementSignatureToken != null &&
elementSignatureToken.getId().equals(securityToken.getId())) {
if
(!signedElements.contains(signedElementSecurityEvent)) {
signedElements.add(signedElementSecurityEvent);
}
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -37,8 +37,8 @@ import org.apache.xml.security.stax.secu
public class UsernameTokenAssertionState extends TokenAssertionState {
- public UsernameTokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted) {
- super(assertion, asserted);
+ public UsernameTokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -37,8 +37,8 @@ import java.security.cert.X509Certificat
public class X509TokenAssertionState extends TokenAssertionState {
- public X509TokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted) {
- super(assertion, asserted);
+ public X509TokenAssertionState(AbstractSecurityAssertion assertion,
boolean asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
---
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
(original)
+++
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
Sat Jun 8 13:20:18 2013
@@ -35,6 +35,7 @@ import org.apache.xml.security.binding.x
import org.apache.xml.security.binding.xmldsig11.NamedCurveType;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.Init;
+import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.testng.annotations.BeforeClass;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -105,7 +106,10 @@ public class AbstractPolicyTestBase exte
final KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"),
"default".toCharArray());
- X509SecurityTokenImpl x509SecurityToken = new
X509SecurityTokenImpl(tokenType, null, null, null, "",
WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier, null) {
+ X509SecurityTokenImpl x509SecurityToken =
+ new X509SecurityTokenImpl(
+ tokenType, null, null, null,
IDGenerator.generateID(null),
+
WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier, null, true) {
@Override
protected String getAlias() throws XMLSecurityException {
return keyAlias;
@@ -131,7 +135,9 @@ public class AbstractPolicyTestBase exte
}
public KerberosServiceSecurityTokenImpl
getKerberosServiceSecurityToken(WSSecurityTokenConstants.TokenType tokenType)
throws Exception {
- return new KerberosServiceSecurityTokenImpl(null, null, null, null,
"", WSSecurityTokenConstants.KeyIdentifier_SecurityTokenReference);
+ return new KerberosServiceSecurityTokenImpl(
+ null, null, null, null, IDGenerator.generateID(null),
+
WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
}
public HttpsSecurityTokenImpl
getHttpsSecurityToken(WSSecurityTokenConstants.TokenType tokenType) throws
Exception {
@@ -139,17 +145,17 @@ public class AbstractPolicyTestBase exte
}
public RsaKeyValueSecurityTokenImpl getRsaKeyValueSecurityToken() throws
Exception {
- return new RsaKeyValueSecurityTokenImpl(null, null,
WSSecurityTokenConstants.KeyIdentifier_EmbeddedKeyIdentifierRef);
+ return new RsaKeyValueSecurityTokenImpl(null, null);
}
public DsaKeyValueSecurityTokenImpl getDsaKeyValueSecurityToken() throws
Exception {
- return new DsaKeyValueSecurityTokenImpl(null, null,
WSSecurityTokenConstants.KeyIdentifier_EmbeddedKeyIdentifierRef);
+ return new DsaKeyValueSecurityTokenImpl(null, null);
}
public ECKeyValueSecurityTokenImpl getECKeyValueSecurityToken() throws
Exception {
ECKeyValueType ecKeyValueType = new ECKeyValueType();
ecKeyValueType.setNamedCurve(new NamedCurveType());
- return new ECKeyValueSecurityTokenImpl(ecKeyValueType, null,
WSSecurityTokenConstants.KeyIdentifier_EmbeddedKeyIdentifierRef);
+ return new ECKeyValueSecurityTokenImpl(ecKeyValueType, null);
}
protected String loadResourceAsString(String resource, String encoding)
throws IOException {
