ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1050460 [1/2] - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/ main/java/org/apache/ws/security/message/token/ main/java/org/apache/ws/security/processor/ main/java/org/apache/ws/security/saml/ main/java/org/apache/ws/s...
Date Fri, 17 Dec 2010 18:01:30 GMT
Author: coheigea
Date: Fri Dec 17 18:01:29 2010
New Revision: 1050460

URL: http://svn.apache.org/viewvc?rev=1050460&view=rev
Log:
[WSS-232] - Largish merge to remove state from the processors
 - WSDocInfo now stores WSSecurityEngineResults instead of processors.

Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/DerivedKeyToken.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/Processor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/UsernameTokenProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/transform/STRTransformUtil.java
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/CustomProcessor.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSDocInfo.java Fri Dec 17 18:01:29 2010
@@ -33,7 +33,6 @@ package org.apache.ws.security;
  */
 
 import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.processor.Processor;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -46,7 +45,7 @@ public class WSDocInfo {
     Crypto crypto = null;
     List<Element> tokenList = null;
     List<Element> elementList = null;
-    List<Processor> processors = null;
+    List<WSSecurityEngineResult> resultsList = null;
 
     public WSDocInfo(Document doc) {
         //
@@ -65,16 +64,16 @@ public class WSDocInfo {
         if (tokenList != null && tokenList.size() > 0) {
             tokenList.clear();
         }
-        if (processors != null && processors.size() > 0) {
-            processors.clear();
-        }
         if (elementList != null && elementList.size() > 0) {
             elementList.clear();
         }
+        if (resultsList != null && resultsList.size() > 0) {
+            resultsList.clear();
+        }
         
         tokenList = null;
-        processors = null;
         elementList = null;
+        resultsList = null;
     }
     
     /**
@@ -82,6 +81,9 @@ public class WSDocInfo {
      *  - SecurityTokenReference element
      *  - BinarySecurityToken element
      *  - SAML Assertion element
+     *  - SecurityContextToken element
+     *  - UsernameToken element
+     *  - DerivedKeyToken element
      * @param elem is the token element to store
      */
     public void addTokenElement(Element elem) {
@@ -153,41 +155,43 @@ public class WSDocInfo {
         }
         return null;
     }
-
+    
     /**
-     * Get a Processor for the given Id
-     *
-     * @param id is the Id to look for
-     * @return the Security processor identified with this Id or null if nothing found
+     * Store a WSSecurityEngineResult for later retrieval. 
+     * @param result is the WSSecurityEngineResult to store
      */
-    public Processor getProcessor(String id) {
+    public void addResult(WSSecurityEngineResult result) {
+        if (resultsList == null) {
+            resultsList = new ArrayList<WSSecurityEngineResult>();
+        }
+        resultsList.add(result);
+    }
+    
+    /**
+     * Get a WSSecurityEngineResult for the given Id.
+     * @param uri is the (relative) uri of the id
+     * @return the WSSecurityEngineResult or null if nothing found
+     */
+    public WSSecurityEngineResult getResult(String uri) {
+        String id = uri;
         if (id == null) {
             return null;
+        } else if (id.charAt(0) == '#') {
+            id = id.substring(1);
         }
-
-        if (processors != null) {
-            for (Processor p : processors) {
-                String cId = p.getId();
-                if (id.equals(cId)) {
-                    return p;
+        if (resultsList != null) {
+            for (WSSecurityEngineResult result : resultsList) {
+                if (result != null) {
+                    String cId = (String)result.get(WSSecurityEngineResult.TAG_ID);
+                    if (id.equals(cId)) {
+                        return result;
+                    }
                 }
             }
         }
         return null;
     }
-    
-    /**
-     * Store a Processor for later access.
-     * 
-     * @param p is the Processor to store
-     */
-    public void setProcessor(Processor p) {
-        if (processors == null) {
-            processors = new ArrayList<Processor>();
-        }
-        processors.add(p);
-    }
-    
+
     /**
      * @return the signature crypto class used to process
      *         the signature/verify

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngine.java Fri Dec 17 18:01:29 2010
@@ -44,7 +44,6 @@ import java.util.List;
  * @author Werner Dittmann (Werner.Dittmann@t-online.de).
  */
 public class WSSecurityEngine {
-    public static final String VALUE_TYPE = "ValueType";
     private static Log log = LogFactory.getLog(WSSecurityEngine.class.getName());
 
     /**
@@ -294,8 +293,9 @@ public class WSSecurityEngine {
                 // information about the processed token
                 //
                 if (p != null) {
-                    p.handleToken((Element) node, sigCrypto, decCrypto, cb, wsDocInfo, returnResults, cfg);
-                    wsDocInfo.setProcessor(p);
+                    List<WSSecurityEngineResult> results = 
+                        p.handleToken((Element) node, sigCrypto, decCrypto, cb, wsDocInfo, cfg);
+                    returnResults.addAll(0, results);
                 } else {
                     //
                     // Add check for a BinarySecurityToken, add info to WSDocInfo. If BST is

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSSecurityEngineResult.java Fri Dec 17 18:01:29 2010
@@ -23,6 +23,7 @@ import org.apache.ws.security.message.to
 import org.apache.ws.security.message.token.SecurityContextToken;
 import org.apache.ws.security.message.token.SignatureConfirmation;
 import org.apache.ws.security.message.token.Timestamp;
+import org.apache.ws.security.message.token.UsernameToken;
 
 import java.security.Principal;
 import java.security.cert.X509Certificate;
@@ -32,35 +33,18 @@ import java.util.List;
  * @author Werner Dittmann (Werner.Dittmann@t-online.de)
  */
 public class WSSecurityEngineResult extends java.util.HashMap<String, Object> {
-
-    /**
-     * Tag denoting the cryptographic operation performed
-     *
-     * The value under this tag is of type java.lang.Integer
-     */
-    public static final String TAG_ACTION = "action";
-
-    /**
-     * Tag denoting the security principal found, if applicable.
-     *
-     * The value under this tag is of type java.security.Principal.
-     */
-    public static final String TAG_PRINCIPAL = "principal";
-
-    /**
-     * Tag denoting the X.509 certificate found, if applicable.
-     *
-     * The value under this tag is of type java.security.cert.X509Certificate.
-     */
-    public static final String TAG_X509_CERTIFICATE = "x509-certificate";
-
+    
+    //
+    // Tokens
+    //
+    
     /**
      * Tag denoting the SAML Assertion found, if applicable.
      *
      * The value under this tag is of type org.opensaml.SAMLAssertion.
      */
     public static final String TAG_SAML_ASSERTION = "saml-assertion";
-
+    
     /**
      * Tag denoting the timestamp found, if applicable.
      *
@@ -70,12 +54,23 @@ public class WSSecurityEngineResult exte
     public static final String TAG_TIMESTAMP = "timestamp";
 
     /**
-     * Tag denoting the signature value of a signed element, if applicable.
+     * Tag denoting references to the DOM elements that have been
+     * cryptographically protected.
      *
-     * The value under this tag is of type byte[].
+     * The value under this tag is of type SecurityContextToken.
      */
-    public static final String TAG_SIGNATURE_VALUE = "signature-value";
-
+    public static final String TAG_SECURITY_CONTEXT_TOKEN = "security-context-token";
+    
+    /**
+     * Tag denoting a UsernameToken object
+     */
+    public static final String TAG_USERNAME_TOKEN = "username-token";
+    
+    /**
+     * Tag denoting a DerivedKeyToken object
+     */
+    public static final String TAG_DERIVED_KEY_TOKEN = "derived-key-token";
+    
     /**
      * Tag denoting the signature confirmation of a signed element,
      * if applicable.
@@ -86,55 +81,81 @@ public class WSSecurityEngineResult exte
     public static final java.lang.String TAG_SIGNATURE_CONFIRMATION = "signature-confirmation";
 
     /**
-     * Tag denoting references to the DOM elements that have been
-     * cryptographically protected.
+     * Tag denoting the X.509 certificate found, if applicable.
      *
-     * The value under this tag is of type SecurityContextToken.
+     * The value under this tag is of type java.security.cert.X509Certificate.
      */
-    public static final String TAG_SECURITY_CONTEXT_TOKEN = "security-context-token";
+    public static final String TAG_BINARY_SECURITY_TOKEN = "binary-security-token";
+    
+    //
+    // Keys and certs
+    //
+    
+    /**
+     * Tag denoting the X.509 certificate found, if applicable.
+     *
+     * The value under this tag is of type java.security.cert.X509Certificate.
+     */
+    public static final String TAG_X509_CERTIFICATE = "x509-certificate";
 
     /**
-     * Tag denoting a reference to the decrypted key
+     * Tag denoting the signature value of a signed element, if applicable.
      *
      * The value under this tag is of type byte[].
      */
-    public static final String TAG_DECRYPTED_KEY = "decrypted-key";
-
+    public static final String TAG_SIGNATURE_VALUE = "signature-value";
+    
     /**
-     * Tag denoting references to the encrypted key id.
+     * Tag denoting the X.509 certificate chain found, if applicable.
      *
-     * The value under this tag is of type String.
+     * The value under this tag is of type java.security.cert.X509Certificate[].
      */
-    public static final String TAG_ENCRYPTED_KEY_ID = "encrypted-key-id";
+    public static final String TAG_X509_CERTIFICATES = "x509-certificates";
 
     /**
-     * Tag denoting references to a List of Data ref URIs.
+     * Tag denoting the encrypted key bytes
      *
-     * The value under this tag is of type List.
+     * The value under this tag is a byte array 
      */
-    public static final String TAG_DATA_REF_URIS = "data-ref-uris";
+    public static final String TAG_ENCRYPTED_EPHEMERAL_KEY = "encrypted-ephemeral-key-bytes";
+    
+    /**
+     * Tag denoting a byte[] secret associated with this token
+     */
+    public static final String TAG_SECRET = "secret";
+    
+    /**
+     * Tag denoting a reference to the decrypted key
+     *
+     * The value under this tag is of type byte[].
+     */
+    public static final String TAG_DECRYPTED_KEY = "decrypted-key";
+    
+    //
+    // General tags
+    //
 
     /**
-     * Tag denoting the X.509 certificate chain found, if applicable.
+     * Tag denoting the cryptographic operation performed
      *
-     * The value under this tag is of type java.security.cert.X509Certificate[].
+     * The value under this tag is of type java.lang.Integer
      */
-    public static final String TAG_X509_CERTIFICATES = "x509-certificates";
+    public static final String TAG_ACTION = "action";
 
     /**
-     * Tag denoting the X.509 certificate found, if applicable.
+     * Tag denoting the security principal found, if applicable.
      *
-     * The value under this tag is of type java.security.cert.X509Certificate.
+     * The value under this tag is of type java.security.Principal.
      */
-    public static final String TAG_BINARY_SECURITY_TOKEN = "binary-security-token";
+    public static final String TAG_PRINCIPAL = "principal";
 
     /**
-     * Tag denoting the encrypted key bytes
+     * Tag denoting references to a List of Data ref URIs.
      *
-     * The value under this tag is a byte array 
+     * The value under this tag is of type List.
      */
-    public static final String TAG_ENCRYPTED_EPHEMERAL_KEY = "encrypted-ephemeral-key-bytes";
-    
+    public static final String TAG_DATA_REF_URIS = "data-ref-uris";
+
     /**
      * Tag denoting the encrypted key transport algorithm.
      *
@@ -155,7 +176,12 @@ public class WSSecurityEngineResult exte
      * The value under this tag is of type String.
      */
     public static final String TAG_CANONICALIZATION_METHOD = "canonicalization-method";
-
+    
+    /**
+     * The (wsu) Id of the token corresponding to this result.
+     */
+    public static final String TAG_ID = "id";
+    
     public WSSecurityEngineResult(
         int act, 
         Object ass
@@ -195,13 +221,11 @@ public class WSSecurityEngineResult exte
         int act, 
         byte[] decryptedKey, 
         byte[] encryptedKeyBytes,
-        String encyptedKeyId, 
         List<WSDataRef> dataRefUris
     ) {
         put(TAG_ACTION, new Integer(act));
         put(TAG_DECRYPTED_KEY, decryptedKey);
         put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
-        put(TAG_ENCRYPTED_KEY_ID, encyptedKeyId);
         put(TAG_DATA_REF_URIS, dataRefUris);
     }
     
@@ -209,14 +233,12 @@ public class WSSecurityEngineResult exte
         int act, 
         byte[] decryptedKey, 
         byte[] encryptedKeyBytes,
-        String encyptedKeyId, 
         List<WSDataRef> dataRefUris,
         X509Certificate[] certs
     ) {
         put(TAG_ACTION, new Integer(act));
         put(TAG_DECRYPTED_KEY, decryptedKey);
         put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
-        put(TAG_ENCRYPTED_KEY_ID, encyptedKeyId);
         put(TAG_DATA_REF_URIS, dataRefUris);
         put(TAG_X509_CERTIFICATES, certs);
         if (certs != null) {
@@ -243,6 +265,12 @@ public class WSSecurityEngineResult exte
         put(TAG_ACTION, new Integer(act));
         put(TAG_SIGNATURE_CONFIRMATION, sc);
     }
+    
+    public WSSecurityEngineResult(int act, UsernameToken usernameToken, Principal principal) {
+        put(TAG_ACTION, new Integer(act));
+        put(TAG_USERNAME_TOKEN, usernameToken);
+        put(TAG_PRINCIPAL, principal);
+    }
 
     public WSSecurityEngineResult(int act, BinarySecurity token, X509Certificate[] certs) {
         put(TAG_ACTION, new Integer(act));

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/DerivedKeyToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/DerivedKeyToken.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/DerivedKeyToken.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/DerivedKeyToken.java Fri Dec 17 18:01:29 2010
@@ -32,6 +32,9 @@ import org.apache.ws.security.WSDerivedK
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.conversation.ConversationConstants;
 import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.conversation.dkalgo.AlgoFactory;
+import org.apache.ws.security.conversation.dkalgo.DerivationAlgorithm;
+import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.DOM2Writer;
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.w3c.dom.Document;
@@ -499,5 +502,41 @@ public class DerivedKeyToken {
     public void setAlgorithm(String algo) {
         element.setAttributeNS(ns, "Algorithm", algo);
     }
+    
+    /**
+     * Derive a key from this DerivedKeyToken instance
+     * @param length
+     * @param secret
+     * @throws WSSecurityException
+     */
+    public byte[] deriveKey(int length, byte[] secret) throws WSSecurityException {
+        try {
+            DerivationAlgorithm algo = AlgoFactory.getInstance(getAlgorithm());
+            byte[] labelBytes = null;
+            String label = getLabel();
+            if (label == null || label.length() == 0) {
+                labelBytes = 
+                    (ConversationConstants.DEFAULT_LABEL 
+                        + ConversationConstants.DEFAULT_LABEL).getBytes("UTF-8");
+            } else {
+                labelBytes = label.getBytes("UTF-8");
+            }
+            
+            byte[] nonce = Base64.decode(getNonce());
+            byte[] seed = new byte[labelBytes.length + nonce.length];
+            System.arraycopy(labelBytes, 0, seed, 0, labelBytes.length);
+            System.arraycopy(nonce, 0, seed, labelBytes.length, nonce.length);
+            
+            if (length <= 0) {
+                length = getLength();
+            }
+            return algo.createKey(secret, seed, getOffset(), length);
+            
+        } catch (Exception e) {
+            throw new WSSecurityException(
+                WSSecurityException.FAILURE, null, null, e
+            );
+        }
+    }
 
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java Fri Dec 17 18:01:29 2010
@@ -232,12 +232,7 @@ public class SecurityTokenReference {
         // If the token type is a SAML Token or BinarySecurityToken, try to find it from the
         // WSDocInfo instance first, to avoid searching the DOM element for it
         //
-        String assertionStr = WSConstants.WSS_SAML_NS + WSConstants.ASSERTION_LN;
-        if (docInfo != null &&
-            (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(type)
-            || assertionStr.equals(type)
-            || X509Security.X509_V3_TYPE.equals(type) 
-            || PKIPathSecurity.getType().equals(type))) {
+        if (docInfo != null) {
             Element token = docInfo.getTokenElement(id);
             if (token != null) {
                 return token;
@@ -247,6 +242,7 @@ public class SecurityTokenReference {
         //
         // Try to find a SAML Assertion by searching the DOM tree
         //
+        String assertionStr = WSConstants.WSS_SAML_NS + WSConstants.ASSERTION_LN;
         if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(type) || assertionStr.equals(type)) {
             Element assertion = 
                 WSSecurityUtil.findSAMLAssertionElementById(

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/BinarySecurityTokenProcessor.java Fri Dec 17 18:01:29 2010
@@ -30,11 +30,9 @@ import org.apache.ws.security.message.to
 import org.apache.ws.security.message.token.X509Security;
 import org.w3c.dom.Element;
 
-import javax.security.auth.callback.CallbackHandler;
-
 import java.security.cert.X509Certificate;
 import java.util.List;
-
+import javax.security.auth.callback.CallbackHandler;
 
 /**
  * Processor implementation to handle wsse:BinarySecurityToken elements
@@ -42,73 +40,50 @@ import java.util.List;
 public class BinarySecurityTokenProcessor implements Processor {
 
     /**
-     * Token Id
-     */
-    private String id;
-    
-    /**
-     * Token type
-     */
-    private String type;
-    
-    /**
-     * Certificates carried in this token
-     */
-    private X509Certificate[] certificates;
-    
-    /**
-     * Token object representing the token
-     */
-    private BinarySecurity token;
-    
-    /**
      * {@inheritDoc}
      */
-    public String getId() {
-        return id;
-    }
-    
-    /**
-     * {@inheritDoc}
-     */
-    public void handleToken(
+    public List<WSSecurityEngineResult> handleToken(
         Element elem, 
         Crypto crypto, 
         Crypto decCrypto,
         CallbackHandler cb, 
-        WSDocInfo wsDocInfo, 
-        List<WSSecurityEngineResult> returnResults,
+        WSDocInfo wsDocInfo,
         WSSConfig config
     ) throws WSSecurityException {
+        
+        BinarySecurity token = createSecurityToken(elem);
+        X509Certificate[] certs = null;
         if (crypto == null) {
-            getCertificatesTokenReference(elem, decCrypto);
+            certs = getCertificatesTokenReference(token, decCrypto);
         } else {
-            getCertificatesTokenReference(elem, crypto);
+            certs = getCertificatesTokenReference(token, crypto);
         }
-        returnResults.add(
-            0, 
-            new WSSecurityEngineResult(WSConstants.BST, token, certificates)
-        );
-        id = elem.getAttributeNS(WSConstants.WSU_NS, "Id");
+        WSSecurityEngineResult result = 
+            new WSSecurityEngineResult(WSConstants.BST, token, certs);
+        wsDocInfo.addTokenElement(elem);
+        String id = elem.getAttributeNS(WSConstants.WSU_NS, "Id");
+        result.put(WSSecurityEngineResult.TAG_ID, id);
+        wsDocInfo.addResult(result);
+        return java.util.Collections.singletonList(result);
     }
     
     /**
      * Extracts the certificate(s) from the Binary Security token reference.
      *
-     * @param elem The element containing the binary security token. This is
-     *             either X509 certificate(s) or a PKIPath. Any other token type
-     *             is ignored.
+     * @param token The BinarySecurity instance corrresponding to either X509Security or 
+     *              PKIPathSecurity
+     * @return The X509Certificates associated with this reference
      * @throws WSSecurityException
      */
-    private void getCertificatesTokenReference(Element elem, Crypto crypto)
+    private X509Certificate[] getCertificatesTokenReference(BinarySecurity token, Crypto crypto)
         throws WSSecurityException {
-        createSecurityToken(elem);
         if (token instanceof PKIPathSecurity) {
-            certificates = ((PKIPathSecurity) token).getX509Certificates(crypto);
+            return ((PKIPathSecurity) token).getX509Certificates(crypto);
         } else if (token instanceof X509Security) {
             X509Certificate cert = ((X509Security) token).getX509Certificate(crypto);
-            certificates = new X509Certificate[]{cert};
+            return new X509Certificate[]{cert};
         }
+        return null;
     }
 
     /**
@@ -116,11 +91,12 @@ public class BinarySecurityTokenProcesso
      *
      * @param element The XML element that contains either a <code>BinarySecurityToken
      *                </code> or a <code>PKIPath</code> element.
+     * @return a BinarySecurity token element
      * @throws WSSecurityException
      */
-    private void createSecurityToken(Element element) throws WSSecurityException {
-        
-        type = element.getAttribute("ValueType");
+    private BinarySecurity createSecurityToken(Element element) throws WSSecurityException {
+        String type = element.getAttribute("ValueType");
+        BinarySecurity token = null;
         if (X509Security.X509_V3_TYPE.equals(type)) {
             token = new X509Security(element);
         } else if (PKIPathSecurity.getType().equals(type)) {
@@ -128,17 +104,6 @@ public class BinarySecurityTokenProcesso
         } else {
             token = new BinarySecurity(element);
         }
-    }
-
-    public String getType() {
-        return type;
-    }
-
-    public X509Certificate[] getCertificates() {
-        return certificates;
-    }
-
-    public BinarySecurity getToken() {
         return token;
     }
 

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java Fri Dec 17 18:01:29 2010
@@ -26,15 +26,12 @@ import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.conversation.ConversationConstants;
-import org.apache.ws.security.conversation.dkalgo.AlgoFactory;
-import org.apache.ws.security.conversation.dkalgo.DerivationAlgorithm;
 import org.apache.ws.security.message.token.DerivedKeyToken;
 import org.apache.ws.security.message.token.Reference;
 import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.message.token.UsernameToken;
 import org.apache.ws.security.saml.SAMLKeyInfo;
 import org.apache.ws.security.saml.SAMLUtil;
-import org.apache.ws.security.util.Base64;
 import org.w3c.dom.Element;
 
 import javax.security.auth.callback.Callback;
@@ -52,82 +49,47 @@ import java.util.List;
  */
 public class DerivedKeyTokenProcessor implements Processor {
 
-    private String id;
-    private byte[] keyBytes;
-    private DerivedKeyToken dkt;
-    
-    private byte[] secret;
-    private int length;
-    private int offset;
-    private byte[] nonce;
-    private String label;
-    private String algorithm;
-    
-    public void handleToken(
+    public List<WSSecurityEngineResult> handleToken(
         Element elem, 
         Crypto crypto, 
         Crypto decCrypto,
         CallbackHandler cb, 
         WSDocInfo wsDocInfo, 
-        List<WSSecurityEngineResult> returnResults,
         WSSConfig config
     ) throws WSSecurityException {
         
         // Deserialize the DKT
-        dkt = new DerivedKeyToken(elem);
-        extractSecret(wsDocInfo, dkt, cb, crypto);
+        DerivedKeyToken dkt = new DerivedKeyToken(elem);
+        byte[] secret = extractSecret(wsDocInfo, dkt, cb, crypto);
         
         String tempNonce = dkt.getNonce();
         if (tempNonce == null) {
             throw new WSSecurityException("Missing wsc:Nonce value");
         }
-        nonce = Base64.decode(tempNonce);
-        length = dkt.getLength();
-        label = dkt.getLabel();
-        algorithm = dkt.getAlgorithm();
-        id = dkt.getID();
+        int length = dkt.getLength();
         if (length > 0) {
-            deriveKey();
-            returnResults.add(
-                0, 
+            byte[] keyBytes = dkt.deriveKey(length, secret);
+            WSSecurityEngineResult result =
                 new WSSecurityEngineResult(
-                    WSConstants.DKT, secret, keyBytes, id, null
-                )
-            );
-        }
-    }
-
-    private void deriveKey() throws WSSecurityException{
-        try {
-            DerivationAlgorithm algo = AlgoFactory.getInstance(algorithm);
-            byte[] labelBytes = null;
-            if (label == null || label.length() == 0) {
-                labelBytes = 
-                    (ConversationConstants.DEFAULT_LABEL 
-                        + ConversationConstants.DEFAULT_LABEL).getBytes("UTF-8");
-            } else {
-                labelBytes = label.getBytes("UTF-8");
-            }
-            
-            byte[] seed = new byte[labelBytes.length + nonce.length];
-            System.arraycopy(labelBytes, 0, seed, 0, labelBytes.length);
-            System.arraycopy(nonce, 0, seed, labelBytes.length, nonce.length);
-            
-            keyBytes = algo.createKey(secret, seed, offset, length);
-            
-        } catch (Exception e) {
-            throw new WSSecurityException(
-                WSSecurityException.FAILURE, null, null, e
-            );
+                    WSConstants.DKT, null, keyBytes, null
+                );
+            wsDocInfo.addTokenElement(elem);
+            result.put(WSSecurityEngineResult.TAG_ID, dkt.getID());
+            result.put(WSSecurityEngineResult.TAG_DERIVED_KEY_TOKEN, dkt);
+            result.put(WSSecurityEngineResult.TAG_SECRET, secret);
+            wsDocInfo.addResult(result);
+            return java.util.Collections.singletonList(result);
         }
+        return new java.util.ArrayList<WSSecurityEngineResult>(0);
     }
 
     /**
      * @param wsDocInfo
      * @param dkt
+     * @return the secret, as an array of bytes
      * @throws WSSecurityException
      */
-    private void extractSecret(
+    private byte[] extractSecret(
         WSDocInfo wsDocInfo, 
         DerivedKeyToken dkt, 
         CallbackHandler cb, 
@@ -135,50 +97,57 @@ public class DerivedKeyTokenProcessor im
     ) throws WSSecurityException {
         SecurityTokenReference str = dkt.getSecurityTokenReference();
         if (str != null) {
-            Processor processor;
             String uri = null;
             String keyIdentifierValueType = null;
             String keyIdentifierValue = null;
             
+            WSSecurityEngineResult result = null;
             if (str.containsReference()) {
                 Reference ref = str.getReference();
-                
                 uri = ref.getURI();
                 if (uri.charAt(0) == '#') {
                     uri = uri.substring(1);
                 }
-                processor = wsDocInfo.getProcessor(uri);
+                result = wsDocInfo.getResult(uri);
             } else {
                 // Contains key identifier
                 keyIdentifierValue = str.getKeyIdentifierValue();
                 keyIdentifierValueType = str.getKeyIdentifierValueType();
-                processor = wsDocInfo.getProcessor(keyIdentifierValue);
+                result = wsDocInfo.getResult(keyIdentifierValue);
             }
             
-            if (processor == null && uri != null) {
+            if (result != null) {
+                int action = ((Integer)result.get(WSSecurityEngineResult.TAG_ACTION)).intValue();
+                if (WSConstants.UT == action) {
+                    UsernameToken usernameToken = 
+                        (UsernameToken)result.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
+                    return usernameToken.getDerivedKey();
+                } else if (WSConstants.ENCR == action) {
+                    return (byte[])result.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
+                } else if (WSConstants.SCT == action) {
+                    return (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
+                } else if (WSConstants.ST_UNSIGNED == action) {
+                    Element samlElement = wsDocInfo.getTokenElement(uri);
+                    SAMLKeyInfo keyInfo = 
+                        SAMLUtil.getSAMLKeyInfo(samlElement, crypto, cb);
+                    // TODO Handle malformed SAML tokens where they don't have the 
+                    // secret in them
+                    return keyInfo.getSecret();
+                } else {
+                    throw new WSSecurityException(
+                        WSSecurityException.FAILED_CHECK, "unsupportedKeyId"
+                    );
+                }
+            } else if (result == null && uri != null) {
                 // Now use the callback and get it
-                secret = getSecret(cb, uri);
-            } else if (processor == null && keyIdentifierValue != null
-                && keyIdentifierValueType != null) {
+                return getSecret(cb, uri);
+            } else if (keyIdentifierValue != null && keyIdentifierValueType != null) {
                 X509Certificate[] certs = str.getKeyIdentifier(crypto);
                 if (certs == null || certs.length < 1 || certs[0] == null) {
-                    this.secret = this.getSecret(cb, keyIdentifierValue, keyIdentifierValueType); 
+                    return this.getSecret(cb, keyIdentifierValue, keyIdentifierValueType); 
                 } else {
-                    this.secret = this.getSecret(cb, crypto, certs);
+                    return this.getSecret(cb, crypto, certs);
                 }
-            } else if (processor instanceof UsernameTokenProcessor) {
-                secret = ((UsernameTokenProcessor) processor).getDerivedKey(cb);
-            } else if (processor instanceof EncryptedKeyProcessor) {
-                secret = ((EncryptedKeyProcessor) processor).getDecryptedBytes();
-            } else if (processor instanceof SecurityContextTokenProcessor) {
-                secret = ((SecurityContextTokenProcessor) processor).getSecret();
-            } else if (processor instanceof SAMLTokenProcessor) {
-                SAMLTokenProcessor samlp = (SAMLTokenProcessor) processor;
-                SAMLKeyInfo keyInfo = 
-                    SAMLUtil.getSAMLKeyInfo(samlp.getSamlTokenElement(), crypto, cb);
-                // TODO Handle malformed SAML tokens where they don't have the 
-                // secret in them
-                secret = keyInfo.getSecret();
             } else {
                 throw new WSSecurityException(
                     WSSecurityException.FAILED_CHECK, "unsupportedKeyId"
@@ -238,14 +207,14 @@ public class DerivedKeyTokenProcessor im
             throw new WSSecurityException(
                 WSSecurityException.FAILURE, 
                 "noKey",
-                new Object[] {id}, 
+                new Object[] {keyIdentifierValue}, 
                 e
             );
         } catch (UnsupportedCallbackException e) {
             throw new WSSecurityException(
                 WSSecurityException.FAILURE, 
                 "noKey",
-                new Object[] {id}, 
+                new Object[] {keyIdentifierValue}, 
                 e
             );
         }
@@ -300,38 +269,6 @@ public class DerivedKeyTokenProcessor im
             throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, e);
         }
     }
-    
-    
-    /**
-     * Returns the wsu:Id of the DerivedKeyToken
-     * @see org.apache.ws.security.processor.Processor#getId()
-     */
-    public String getId() {
-        return id;
-    }
 
-    /**
-     * @return Returns the keyBytes.
-     */
-    public byte[] getKeyBytes() {
-        return keyBytes;
-    }
-    
-    /**
-     * Get the derived key bytes for a given length
-     * @return Returns the keyBytes.
-     */
-    public byte[] getKeyBytes(int len) throws WSSecurityException {
-        length = len;
-        deriveKey();
-        return keyBytes;
-    }
-    
-    /**
-     * Return the DerivedKeyToken object
-     */
-    public DerivedKeyToken getDerivedKeyToken() {
-        return dkt;
-    }
 
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedDataProcessor.java Fri Dec 17 18:01:29 2010
@@ -44,17 +44,12 @@ import java.util.List;
  */
 public class EncryptedDataProcessor implements Processor {
     
-    public String getId() {
-        return null;
-    }
-
-    public void handleToken(
+    public List<WSSecurityEngineResult> handleToken(
         Element elem, 
         Crypto crypto, 
         Crypto decCrypto,
         CallbackHandler cb, 
         WSDocInfo wsDocInfo, 
-        List<WSSecurityEngineResult> returnResults,
         WSSConfig config
     ) throws WSSecurityException {
         Element kiElem = 
@@ -75,10 +70,11 @@ public class EncryptedDataProcessor impl
             );
         }
         EncryptedKeyProcessor encrKeyProc = new EncryptedKeyProcessor();
-        encrKeyProc.handleToken(
-            encryptedKeyElement, crypto, decCrypto, cb, wsDocInfo, returnResults, config
+        List<WSSecurityEngineResult> encrKeyResults = encrKeyProc.handleToken(
+            encryptedKeyElement, crypto, decCrypto, cb, wsDocInfo, config
         );
-        byte[] symmKey = encrKeyProc.getDecryptedBytes();
+        byte[] symmKey = 
+            (byte[])encrKeyResults.get(0).get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
         String encAlgo = X509Util.getEncAlgo(elem);
         SecretKey key = WSSecurityUtil.prepareSecretKey(encAlgo, symmKey);
         
@@ -113,12 +109,14 @@ public class EncryptedDataProcessor impl
             QName el = new QName(decryptedElem.getNamespaceURI(), decryptedElem.getLocalName());
             Processor proc = config.getProcessor(el);
             if (proc != null) {
-                proc.handleToken(
-                    decryptedElem, crypto, decCrypto, cb, wsDocInfo, returnResults, config
-                );
-                wsDocInfo.setProcessor(proc);
+                List<WSSecurityEngineResult> results = 
+                    proc.handleToken(
+                        decryptedElem, crypto, decCrypto, cb, wsDocInfo, config
+                    );
+                encrKeyResults.addAll(0, results);
             }
         }
+        return encrKeyResults;
     }
 
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java Fri Dec 17 18:01:29 2010
@@ -58,100 +58,36 @@ import java.util.List;
 
 public class EncryptedKeyProcessor implements Processor {
     private static Log log = LogFactory.getLog(EncryptedKeyProcessor.class.getName());
-    private static Log tlog =
-            LogFactory.getLog("org.apache.ws.security.TIME");
-    private byte[] encryptedEphemeralKey;
     
-    private byte[] decryptedBytes = null;
-    
-    private String encryptedKeyId = null;
-    private X509Certificate[] certs;
-    
-    private String encryptedKeyTransportMethod = null;
-    
-    private WSDocInfo docInfo = null;
-
-    public void handleToken(
+    public List<WSSecurityEngineResult> handleToken(
         Element elem, 
         Crypto crypto, 
         Crypto decCrypto, 
         CallbackHandler cb, 
         WSDocInfo wsDocInfo,
-        List<WSSecurityEngineResult> returnResults, 
         WSSConfig wsc
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
             log.debug("Found encrypted key element");
         }
-        certs = null;
         if (decCrypto == null) {
             throw new WSSecurityException(WSSecurityException.FAILURE, "noDecCryptoFile");
         }
         if (cb == null) {
             throw new WSSecurityException(WSSecurityException.FAILURE, "noCallback");
         }
-        docInfo = wsDocInfo;
-        List<WSDataRef> dataRefs = handleEncryptedKey(elem, cb, decCrypto, null);
-        encryptedKeyId = elem.getAttribute("Id");
-        
-        WSSecurityEngineResult result = new WSSecurityEngineResult(
-                WSConstants.ENCR, 
-                decryptedBytes,
-                encryptedEphemeralKey,
-                encryptedKeyId, 
-                dataRefs,
-                certs
-            );
-        
-        result.put(
-            WSSecurityEngineResult.TAG_ENCRYPTED_KEY_TRANSPORT_METHOD, 
-            this.encryptedKeyTransportMethod
-        );
-        
-        returnResults.add(
-            0, 
-            result
-        );
-    }
-
-    public List<WSDataRef> handleEncryptedKey(
-        Element xencEncryptedKey,
-        CallbackHandler cb, 
-        Crypto crypto
-    ) throws WSSecurityException {
-        return handleEncryptedKey(xencEncryptedKey, cb, crypto, null);
-    }
-
-    public List<WSDataRef> handleEncryptedKey(
-        Element xencEncryptedKey,
-        PrivateKey privatekey
-    ) throws WSSecurityException {
-        return handleEncryptedKey(xencEncryptedKey, null, null, privatekey);
-    }
-
-    public List<WSDataRef> handleEncryptedKey(
-        Element xencEncryptedKey,
-        CallbackHandler cb, 
-        Crypto crypto, 
-        PrivateKey privateKey
-    ) throws WSSecurityException {
-        long t0 = 0, t1 = 0, t2 = 0;
-        if (tlog.isDebugEnabled()) {
-            t0 = System.currentTimeMillis();
-        }
-        Document doc = xencEncryptedKey.getOwnerDocument();
         //
         // lookup xenc:EncryptionMethod, get the Algorithm attribute to determine
         // how the key was encrypted. Then check if we support the algorithm
         //
-        this.encryptedKeyTransportMethod = X509Util.getEncAlgo(xencEncryptedKey);
-        Cipher cipher = WSSecurityUtil.getCipherInstance(this.encryptedKeyTransportMethod);
+        String encryptedKeyTransportMethod = X509Util.getEncAlgo(elem);
+        Cipher cipher = WSSecurityUtil.getCipherInstance(encryptedKeyTransportMethod);
         //
         // Now lookup CipherValue.
         //
         Element tmpE = 
             WSSecurityUtil.getDirectChildElement(
-                xencEncryptedKey, "CipherData", WSConstants.ENC_NS
+                elem, "CipherData", WSConstants.ENC_NS
             );
         Element xencCipherValue = null;
         if (tmpE != null) {
@@ -161,17 +97,20 @@ public class EncryptedKeyProcessor imple
         if (xencCipherValue == null) {
             throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noCipher");
         }
-
-        if (privateKey == null) {
-            privateKey = getPrivateKeyFromKeyInfo(xencEncryptedKey, crypto, doc, cb);
-        }
+        
+        String alias = 
+            getAliasFromEncryptedKey(elem, decCrypto, elem.getOwnerDocument(), cb, wsDocInfo);
+        PrivateKey privateKey = getPrivateKeyFromKeyInfo(decCrypto, cb, alias);
+        X509Certificate[] certs = decCrypto.getCertificates(alias);
 
         try {
             cipher.init(Cipher.DECRYPT_MODE, privateKey);
         } catch (Exception ex) {
             throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, ex);
         }
-
+        
+        byte[] encryptedEphemeralKey = null;
+        byte[] decryptedBytes = null;
         try {
             encryptedEphemeralKey = getDecodedBase64EncodedData(xencCipherValue);
             decryptedBytes = cipher.doFinal(encryptedEphemeralKey);
@@ -183,48 +122,22 @@ public class EncryptedKeyProcessor imple
             throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, ex);
         }
 
-        if (tlog.isDebugEnabled()) {
-            t1 = System.currentTimeMillis();
-        }
-        //
-        // At this point we have the decrypted session (symmetric) key. According
-        // to W3C XML-Enc this key is used to decrypt _any_ references contained in
-        // the reference list
-        // Now lookup the references that are encrypted with this key
-        //
-        Element refList = 
-            WSSecurityUtil.getDirectChildElement(
-                xencEncryptedKey, "ReferenceList", WSConstants.ENC_NS
-            );
-        List<WSDataRef> dataRefs = new ArrayList<WSDataRef>();
-        if (refList != null) {
-            for (Node node = refList.getFirstChild();
-                node != null; 
-                node = node.getNextSibling()
-            ) {
-                if (Node.ELEMENT_NODE == node.getNodeType()
-                    && WSConstants.ENC_NS.equals(node.getNamespaceURI())
-                    && "DataReference".equals(node.getLocalName())) {
-                    String dataRefURI = ((Element) node).getAttribute("URI");
-                    if (dataRefURI.charAt(0) == '#') {
-                        dataRefURI = dataRefURI.substring(1);
-                    }
-                    WSDataRef dataRef = decryptDataRef(doc, dataRefURI, decryptedBytes);
-                    dataRefs.add(dataRef);
-                }
-            }
-            return dataRefs;
-        }
-
-        if (tlog.isDebugEnabled()) {
-            t2 = System.currentTimeMillis();
-            tlog.debug(
-                "XMLDecrypt: total= " + (t2 - t0) + ", get-sym-key= " + (t1 - t0) 
-                + ", decrypt= " + (t2 - t1)
-            );
-        }
+        List<WSDataRef> dataRefs = decryptDataRefs(elem.getOwnerDocument(), elem, decryptedBytes);
         
-        return null;
+        WSSecurityEngineResult result = new WSSecurityEngineResult(
+                WSConstants.ENCR, 
+                decryptedBytes,
+                encryptedEphemeralKey,
+                dataRefs,
+                certs
+            );
+        result.put(
+            WSSecurityEngineResult.TAG_ENCRYPTED_KEY_TRANSPORT_METHOD, 
+            encryptedKeyTransportMethod
+        );
+        result.put(WSSecurityEngineResult.TAG_ID, elem.getAttribute("Id"));
+        wsDocInfo.addResult(result);
+        return java.util.Collections.singletonList(result);
     }
 
     /**
@@ -248,14 +161,15 @@ public class EncryptedKeyProcessor imple
     }
     
     /**
-     * @return the private key corresponding to the public key reference in the 
+     * @return the alias corresponding to the public key reference in the 
      * EncryptedKey Element
      */
-    private PrivateKey getPrivateKeyFromKeyInfo(
+    private String getAliasFromEncryptedKey(
         Element xencEncryptedKey,
         Crypto crypto,
         Document doc,
-        CallbackHandler cb
+        CallbackHandler cb,
+        WSDocInfo wsDocInfo
     ) throws WSSecurityException {
         Element keyInfo = 
             WSSecurityUtil.getDirectChildElement(
@@ -263,12 +177,24 @@ public class EncryptedKeyProcessor imple
             );
         String alias = null;
         if (keyInfo != null) {
-            alias = getAliasFromKeyInfo(keyInfo, crypto, doc, cb);
+            alias = getAliasFromKeyInfo(keyInfo, crypto, doc, cb, wsDocInfo);
         } else if (crypto.getDefaultX509Alias() != null) {
             alias = crypto.getDefaultX509Alias();
         } else {
             throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noKeyinfo");
         }
+        return alias;
+    }
+    
+    /**
+     * @return the private key corresponding to the public key reference in the 
+     * EncryptedKey Element
+     */
+    private PrivateKey getPrivateKeyFromKeyInfo(
+        Crypto crypto,
+        CallbackHandler cb,
+        String alias
+    ) throws WSSecurityException {
         //
         // If the alias is null then throw an Exception, as the private key doesn't exist
         // in our key store
@@ -326,7 +252,8 @@ public class EncryptedKeyProcessor imple
         Element keyInfo,
         Crypto crypto,
         Document doc,
-        CallbackHandler cb
+        CallbackHandler cb,
+        WSDocInfo wsDocInfo
     ) throws WSSecurityException {
         Element secRefToken = 
             WSSecurityUtil.getDirectChildElement(
@@ -351,6 +278,7 @@ public class EncryptedKeyProcessor imple
         // Try to handle all of them :-).
         //
         String alias = null;
+        X509Certificate[] certs = null;
         //
         // handle X509IssuerSerial here. First check if all elements are available,
         // get the appropriate data, check if all data is available.
@@ -373,7 +301,7 @@ public class EncryptedKeyProcessor imple
         else if (secRef.containsKeyIdentifier()) {
             if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) { 
                 Element token = 
-                    secRef.getKeyIdentifierTokenElement(doc, docInfo, cb);
+                    secRef.getKeyIdentifierTokenElement(doc, wsDocInfo, cb);
                 
                 if (crypto == null) {
                     throw new WSSecurityException(
@@ -402,20 +330,24 @@ public class EncryptedKeyProcessor imple
                 log.debug("KeyIdentifier Alias: " + alias);
             }
         } else if (secRef.containsReference()) {
-            if (docInfo != null) {
+            if (wsDocInfo != null) {
                 String uri = secRef.getReference().getURI();
-                if (uri.charAt(0) == '#') {
-                    uri = uri.substring(1);
-                }
-                Processor processor = docInfo.getProcessor(uri);
-                if (processor instanceof BinarySecurityTokenProcessor) {
-                    certs = ((BinarySecurityTokenProcessor)processor).getCertificates();
-                } else if (processor != null) {
-                    throw new WSSecurityException(
-                        WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
-                        "unsupportedBinaryTokenType",
-                        null
-                    );
+                WSSecurityEngineResult result = wsDocInfo.getResult(uri);
+                
+                if (result != null) {
+                    int action = ((Integer)result.get(WSSecurityEngineResult.TAG_ACTION)).intValue();
+                    if (WSConstants.BST == action) {
+                        certs = 
+                            (X509Certificate[])result.get(
+                                WSSecurityEngineResult.TAG_X509_CERTIFICATES
+                            );
+                    } else {
+                        throw new WSSecurityException(
+                            WSSecurityException.UNSUPPORTED_SECURITY_TOKEN,
+                            "unsupportedBinaryTokenType",
+                            null
+                        );
+                    }
                 }
             }
             if (certs == null) {
@@ -476,6 +408,45 @@ public class EncryptedKeyProcessor imple
         }
         return alias;
     }
+    
+    /**
+     * Decrypt all data references
+     */
+    private List<WSDataRef> decryptDataRefs(
+        Document doc, Element xencEncryptedKey, byte[] decryptedBytes
+    ) throws WSSecurityException {
+        //
+        // At this point we have the decrypted session (symmetric) key. According
+        // to W3C XML-Enc this key is used to decrypt _any_ references contained in
+        // the reference list
+        // Now lookup the references that are encrypted with this key
+        //
+        Element refList = 
+            WSSecurityUtil.getDirectChildElement(
+                    xencEncryptedKey, "ReferenceList", WSConstants.ENC_NS
+            );
+        List<WSDataRef> dataRefs = new ArrayList<WSDataRef>();
+        if (refList != null) {
+            for (Node node = refList.getFirstChild();
+            node != null; 
+            node = node.getNextSibling()
+            ) {
+                if (Node.ELEMENT_NODE == node.getNodeType()
+                        && WSConstants.ENC_NS.equals(node.getNamespaceURI())
+                        && "DataReference".equals(node.getLocalName())) {
+                    String dataRefURI = ((Element) node).getAttribute("URI");
+                    if (dataRefURI.charAt(0) == '#') {
+                        dataRefURI = dataRefURI.substring(1);
+                    }
+                    WSDataRef dataRef = decryptDataRef(doc, dataRefURI, decryptedBytes);
+                    dataRefs.add(dataRef);
+                }
+            }
+            return dataRefs;
+        }
+
+        return null;
+    }
 
     /**
      * Decrypt an EncryptedData element referenced by dataRefURI
@@ -504,32 +475,5 @@ public class EncryptedKeyProcessor imple
             doc, dataRefURI, encryptedDataElement, symmetricKey, symEncAlgo
         );
     }
-    
-    
-    /**
-     * Get the Id of the encrypted key element.
-     * 
-     * @return The Id string
-     */
-    public String getId() {
-        return encryptedKeyId;
-    }
-    
-    /**
-     * Get the decrypted key.
-     * 
-     * The encrypted key element contains an encrypted session key. The
-     * security functions use the session key to encrypt contents of the message
-     * with symmetrical encryption methods.
-     *  
-     * @return The decrypted key.
-     */
-    public byte[] getDecryptedBytes() {
-        return decryptedBytes;
-    }
-
-    public byte[] getEncryptedEphemeralKey() {
-        return encryptedEphemeralKey;
-    }
   
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/Processor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/Processor.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/Processor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/Processor.java Fri Dec 17 18:01:29 2010
@@ -26,25 +26,18 @@ import org.apache.ws.security.WSSecurity
 import org.apache.ws.security.components.crypto.Crypto;
 import org.w3c.dom.Element;
 
-import javax.security.auth.callback.CallbackHandler;
 import java.util.List;
+import javax.security.auth.callback.CallbackHandler;
 
 public interface Processor {
     
-    public void handleToken(
+    public List<WSSecurityEngineResult> handleToken(
         Element elem, 
         Crypto crypto, 
         Crypto decCrypto,
         CallbackHandler cb, 
         WSDocInfo wsDocInfo, 
-        List<WSSecurityEngineResult> returnResults,
         WSSConfig config
     ) throws WSSecurityException;
     
-    /**
-     * Get the Id of the processor.
-     * 
-     * @return The Id string
-     */
-    public String getId();
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java Fri Dec 17 18:01:29 2010
@@ -36,6 +36,7 @@ import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.message.token.DerivedKeyToken;
 import org.apache.ws.security.message.token.Reference;
 import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.saml.SAMLKeyInfo;
@@ -52,29 +53,25 @@ public class ReferenceListProcessor impl
     private static Log log = 
         LogFactory.getLog(ReferenceListProcessor.class.getName());
 
-    private boolean debug = false;
-
-    public void handleToken(
+    public List<WSSecurityEngineResult> handleToken(
         Element elem, 
         Crypto crypto, 
         Crypto decCrypto,
         CallbackHandler cb, 
-        WSDocInfo wdi, 
-        List<WSSecurityEngineResult> returnResults,
+        WSDocInfo wsDocInfo, 
         WSSConfig wsc
     ) throws WSSecurityException {
-        debug = log.isDebugEnabled();
-        if (debug) {
+        if (log.isDebugEnabled()) {
             log.debug("Found reference list element");
         }
         if (cb == null) {
             throw new WSSecurityException(WSSecurityException.FAILURE, "noCallback");
         }
-        List<WSDataRef> dataRefs = handleReferenceList(elem, cb, decCrypto, wdi);
-        returnResults.add(
-            0,
-            new WSSecurityEngineResult(WSConstants.ENCR, dataRefs)
-        );
+        List<WSDataRef> dataRefs = handleReferenceList(elem, cb, decCrypto, wsDocInfo);
+        WSSecurityEngineResult result = 
+            new WSSecurityEngineResult(WSConstants.ENCR, dataRefs);
+        wsDocInfo.addResult(result);
+        return java.util.Collections.singletonList(result);
     }
 
     /**
@@ -89,7 +86,7 @@ public class ReferenceListProcessor impl
         Element elem, 
         CallbackHandler cb,
         Crypto crypto,
-        WSDocInfo wdi
+        WSDocInfo wsDocInfo
     ) throws WSSecurityException {
         List<WSDataRef> dataRefs = new ArrayList<WSDataRef>();
         for (Node node = elem.getFirstChild(); 
@@ -104,7 +101,7 @@ public class ReferenceListProcessor impl
                     dataRefURI = dataRefURI.substring(1);
                 }
                 WSDataRef dataRef = 
-                    decryptDataRefEmbedded(elem.getOwnerDocument(), dataRefURI, cb, crypto, wdi);
+                    decryptDataRefEmbedded(elem.getOwnerDocument(), dataRefURI, cb, crypto, wsDocInfo);
                 dataRefs.add(dataRef);
             }
         }
@@ -121,7 +118,7 @@ public class ReferenceListProcessor impl
         String dataRefURI, 
         CallbackHandler cb, 
         Crypto crypto,
-        WSDocInfo wdi
+        WSDocInfo wsDocInfo
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
             log.debug("Found data reference: " + dataRefURI);
@@ -154,7 +151,7 @@ public class ReferenceListProcessor impl
             symmetricKey = X509Util.getSharedKey(keyInfoElement, symEncAlgo, cb);
         } else {
             symmetricKey = 
-                getKeyFromSecurityTokenReference(secRefToken, symEncAlgo, crypto, cb, wdi);
+                getKeyFromSecurityTokenReference(secRefToken, symEncAlgo, crypto, cb, wsDocInfo);
         }
         
         return 
@@ -308,21 +305,27 @@ public class ReferenceListProcessor impl
             if (id.charAt(0) == '#') {
                 id = id.substring(1);
             }
-            Processor p = wsDocInfo.getProcessor(id);
-            
-            if (p instanceof EncryptedKeyProcessor) {
-                EncryptedKeyProcessor ekp = (EncryptedKeyProcessor) p;
-                decryptedData = ekp.getDecryptedBytes();
-            } else if (p instanceof DerivedKeyTokenProcessor) {
-                DerivedKeyTokenProcessor dkp = (DerivedKeyTokenProcessor) p;
-                decryptedData = dkp.getKeyBytes(WSSecurityUtil.getKeyLength(algorithm));
-            } else if (p instanceof SAMLTokenProcessor) {
-                SAMLTokenProcessor samlp = (SAMLTokenProcessor) p;
-                SAMLKeyInfo keyInfo = 
-                    SAMLUtil.getSAMLKeyInfo(samlp.getSamlTokenElement(), crypto, cb);
-                // TODO Handle malformed SAML tokens where they don't have the 
-                // secret in them
-                decryptedData = keyInfo.getSecret();
+            WSSecurityEngineResult result = wsDocInfo.getResult(id);
+            if (result != null) {
+                int action = ((Integer)result.get(WSSecurityEngineResult.TAG_ACTION)).intValue();
+                if (WSConstants.ENCR == action) {
+                    decryptedData = (byte[])result.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
+                } else if (WSConstants.DKT == action) {
+                    DerivedKeyToken dkt = 
+                        (DerivedKeyToken)result.get(WSSecurityEngineResult.TAG_DERIVED_KEY_TOKEN);
+                    byte[] secret = 
+                        (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
+                    decryptedData = dkt.deriveKey(WSSecurityUtil.getKeyLength(algorithm), secret);
+                } else if (WSConstants.ST_UNSIGNED == action) {
+                    Element samlElement = wsDocInfo.getTokenElement(id);
+                    SAMLKeyInfo keyInfo = 
+                        SAMLUtil.getSAMLKeyInfo(samlElement, crypto, cb);
+                    // TODO Handle malformed SAML tokens where they don't have the 
+                    // secret in them
+                    decryptedData = keyInfo.getSecret();
+                } else if (WSConstants.SCT == action) {
+                    decryptedData = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
+                }
             } else {
                 // Try custom token
                 WSPasswordCallback pwcb = 

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java Fri Dec 17 18:01:29 2010
@@ -31,36 +31,31 @@ import org.opensaml.SAMLAssertion;
 import org.opensaml.SAMLException;
 import org.w3c.dom.Element;
 
-import javax.security.auth.callback.CallbackHandler;
 import java.util.List;
+import javax.security.auth.callback.CallbackHandler;
 
 public class SAMLTokenProcessor implements Processor {
     private static Log log = LogFactory.getLog(SAMLTokenProcessor.class.getName());
     
-    private String id;
-    private Element samlTokenElement;
-
-    public void handleToken(
+    public List<WSSecurityEngineResult> handleToken(
         Element elem, 
         Crypto crypto,
         Crypto decCrypto, 
         CallbackHandler cb, 
         WSDocInfo wsDocInfo, 
-        List<WSSecurityEngineResult> returnResults, 
         WSSConfig wsc
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
             log.debug("Found SAML Assertion element");
         }
         SAMLAssertion assertion = handleSAMLToken(elem);
-        id = assertion.getId();
         wsDocInfo.addTokenElement(elem);
-        returnResults.add(
-            0,
-            new WSSecurityEngineResult(WSConstants.ST_UNSIGNED, assertion)
-        );
-        samlTokenElement = elem;
-
+        WSSecurityEngineResult result = 
+            new WSSecurityEngineResult(WSConstants.ST_UNSIGNED, assertion);
+        String id = assertion.getId();
+        result.put(WSSecurityEngineResult.TAG_ID, id);
+        wsDocInfo.addResult(result);
+        return java.util.Collections.singletonList(result);
     }
 
     public SAMLAssertion handleSAMLToken(Element token) throws WSSecurityException {
@@ -83,15 +78,4 @@ public class SAMLTokenProcessor implemen
         return assertion;
     }
 
-    /**
-     * Return the id of the SAML token
-     */
-    public String getId() {
-        return id;
-    }
-
-    public Element getSamlTokenElement() {
-        return samlTokenElement;
-    }
-
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SecurityContextTokenProcessor.java Fri Dec 17 18:01:29 2010
@@ -33,8 +33,8 @@ import javax.security.auth.callback.Call
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
-import java.io.IOException;
 import java.util.List;
+import java.io.IOException;
 
 /**
  * The processor to process <code>wsc:SecurityContextToken</code>.
@@ -43,41 +43,24 @@ import java.util.List;
  */
 public class SecurityContextTokenProcessor implements Processor {
 
-    /**
-     * The <code>wsi:ID</code> of the <code>wsc:SecurityContextToken</code>
-     * element.
-     */
-    private String sctId;
-
-    /**
-     * The secret associated with the <code>wsc:SecurityContextToken</code>.
-     */
-    private byte[] secret;
-
-    /**
-     * The <code>wsc:Identifier</code> of the
-     * <code>wsc:SecurityContextToken</code> element.
-     */
-    private String identifier;
-
-    public void handleToken(
+    public List<WSSecurityEngineResult> handleToken(
         Element elem, 
         Crypto crypto, 
         Crypto decCrypto,
         CallbackHandler cb, 
         WSDocInfo wsDocInfo, 
-        List<WSSecurityEngineResult> returnResults,
         WSSConfig config
     ) throws WSSecurityException {
         SecurityContextToken sct = new SecurityContextToken(elem);
-        identifier = sct.getIdentifier();
-        secret = getSecret(cb, sct);
-        sctId = sct.getID();
+        byte[] secret = getSecret(cb, sct);
         
-        returnResults.add(
-            0, 
-            new WSSecurityEngineResult(WSConstants.SCT, sct)
-        );
+        WSSecurityEngineResult result =
+            new WSSecurityEngineResult(WSConstants.SCT, sct);
+        wsDocInfo.addTokenElement(elem);
+        result.put(WSSecurityEngineResult.TAG_ID, sct.getID());
+        result.put(WSSecurityEngineResult.TAG_SECRET, secret);
+        wsDocInfo.addResult(result);
+        return java.util.Collections.singletonList(result);
     }
 
     /**
@@ -120,25 +103,4 @@ public class SecurityContextTokenProcess
         return callback.getKey();
     }
 
-    /**
-     * Return the id of the 
-     */
-    public String getId() {
-        return sctId;
-    }
-
-    /**
-     * @return Returns the identifier.
-     */
-    public String getIdentifier() {
-        return identifier;
-    }
-
-    /**
-     * @return Returns the secret.
-     */
-    public byte[] getSecret() {
-        return secret;
-    }
-
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java Fri Dec 17 18:01:29 2010
@@ -30,21 +30,18 @@ import org.apache.ws.security.components
 import org.apache.ws.security.message.token.SignatureConfirmation;
 import org.w3c.dom.Element;
 
-import javax.security.auth.callback.CallbackHandler;
 import java.util.List;
+import javax.security.auth.callback.CallbackHandler;
 
 public class SignatureConfirmationProcessor implements Processor {
     private static Log log = LogFactory.getLog(SignatureConfirmationProcessor.class.getName());
 
-    private String scId;
-    
-    public void handleToken(
+    public List<WSSecurityEngineResult> handleToken(
         Element elem, 
         Crypto crypto, 
         Crypto decCrypto, 
         CallbackHandler cb, 
         WSDocInfo wsDocInfo, 
-        List<WSSecurityEngineResult> returnResults, 
         WSSConfig wsc
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
@@ -54,14 +51,11 @@ public class SignatureConfirmationProces
         // Decode SignatureConfirmation, just store in result
         //
         SignatureConfirmation sigConf = new SignatureConfirmation(elem);
-        returnResults.add(
-            0, 
-            new WSSecurityEngineResult(WSConstants.SC, sigConf)
-        );
-        scId = sigConf.getID();
+        WSSecurityEngineResult result = 
+            new WSSecurityEngineResult(WSConstants.SC, sigConf);
+        result.put(WSSecurityEngineResult.TAG_ID, sigConf.getID());
+        wsDocInfo.addResult(result);
+        return java.util.Collections.singletonList(result);
     }
     
-    public String getId() {
-        return scId;
-    }    
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java Fri Dec 17 18:01:29 2010
@@ -38,6 +38,7 @@ import org.apache.ws.security.message.DO
 import org.apache.ws.security.message.token.BinarySecurity;
 import org.apache.ws.security.message.token.DerivedKeyToken;
 import org.apache.ws.security.message.token.PKIPathSecurity;
+import org.apache.ws.security.message.token.SecurityContextToken;
 import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.message.token.UsernameToken;
 import org.apache.ws.security.message.token.X509Security;
@@ -85,14 +86,10 @@ import java.util.List;
 public class SignatureProcessor implements Processor {
     private static Log log = LogFactory.getLog(SignatureProcessor.class.getName());
     
-    private String signatureId;
-    
     private X509Certificate[] certs;
     
     private byte[] signatureValue;
     
-    private int secretKeyLength = WSConstants.WSE_DERIVED_KEY_LEN;
-    
     private KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance("DOM");
     private XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");
 
@@ -100,13 +97,12 @@ public class SignatureProcessor implemen
     
     private String c14nMethod;
 
-    public void handleToken(
+    public List<WSSecurityEngineResult> handleToken(
         Element elem, 
         Crypto crypto, 
         Crypto decCrypto, 
         CallbackHandler cb, 
         WSDocInfo wsDocInfo, 
-        List<WSSecurityEngineResult> returnResults, 
         WSSConfig wsc
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
@@ -114,15 +110,11 @@ public class SignatureProcessor implemen
         }
         List<WSDataRef> protectedRefs = new java.util.ArrayList<WSDataRef>();
         Principal lastPrincipalFound = null;
-        certs = null;
-        signatureValue = null;
-        secretKeyLength = wsc.getSecretKeyLength();
-        signatureMethod = c14nMethod = null;
         
         try {
             lastPrincipalFound = 
                 verifyXMLSignature(
-                    elem, crypto, protectedRefs, cb, wsDocInfo
+                    elem, crypto, protectedRefs, cb, wsDocInfo, wsc
                 );
         } catch (WSSecurityException ex) {
             throw ex;
@@ -137,9 +129,9 @@ public class SignatureProcessor implemen
                 certs, protectedRefs, signatureValue);
         result.put(WSSecurityEngineResult.TAG_SIGNATURE_METHOD, signatureMethod);
         result.put(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD, c14nMethod);
-        returnResults.add(0, result);
-        
-        signatureId = elem.getAttribute("Id");
+        result.put(WSSecurityEngineResult.TAG_ID, elem.getAttribute("Id"));
+        wsDocInfo.addResult(result);
+        return java.util.Collections.singletonList(result);
     }
 
     /**
@@ -178,7 +170,8 @@ public class SignatureProcessor implemen
         Crypto crypto,
         List<WSDataRef> protectedRefs,
         CallbackHandler cb,
-        WSDocInfo wsDocInfo
+        WSDocInfo wsDocInfo,
+        WSSConfig wssConfig
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
             log.debug("Verify XML Signature");
@@ -244,9 +237,8 @@ public class SignatureProcessor implemen
                     if (uri.charAt(0) == '#') {
                         uri = uri.substring(1);
                     }
-                    Processor processor = wsDocInfo.getProcessor(uri);
-                    
-                    if (processor == null) {
+                    WSSecurityEngineResult result = wsDocInfo.getResult(uri);
+                    if (result == null) {
                         Element token = secRef.getTokenElement(elem.getOwnerDocument(), wsDocInfo, cb);
                         QName el = new QName(token.getNamespaceURI(), token.getLocalName());
                         if (el.equals(WSSecurityEngine.BINARY_TOKEN)) {
@@ -265,69 +257,75 @@ public class SignatureProcessor implemen
                             secretKey = samlKi.getSecret();
                             principal = createPrincipalFromSAMLKeyInfo(samlKi);
                         } else if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
-                            String encryptedKeyID = token.getAttribute("Id");                   
-                            EncryptedKeyProcessor encryptKeyProcessor = 
+                            EncryptedKeyProcessor proc = 
                                 new EncryptedKeyProcessor();
-                            if (crypto == null) {
-                                throw new WSSecurityException(
-                                        WSSecurityException.FAILURE, "noSigCryptoFile"
+                            WSDocInfo docInfo = new WSDocInfo(token.getOwnerDocument());
+                            List<WSSecurityEngineResult> encrResult =
+                                proc.handleToken(token, null, crypto, cb, docInfo, null);
+                            secretKey = 
+                                (byte[])encrResult.get(0).get(
+                                    WSSecurityEngineResult.TAG_DECRYPTED_KEY
                                 );
-                            }
-                            encryptKeyProcessor.handleEncryptedKey(token, cb, crypto);
-                            secretKey = encryptKeyProcessor.getDecryptedBytes();
-                            principal = new CustomTokenPrincipal(encryptedKeyID);
+                            principal = new CustomTokenPrincipal(token.getAttribute("Id"));
                         } else {
                             String id = secRef.getReference().getURI();
                             secretKey = getSecretKeyFromCustomToken(id, cb);
                             principal = new CustomTokenPrincipal(id);
                         }
-                    } else if (processor instanceof UsernameTokenProcessor) {
-                        UsernameToken ut = ((UsernameTokenProcessor)processor).getUt();
-                        if (ut.isDerivedKey()) {
-                            secretKey = ut.getDerivedKey();
-                        } else {
-                            secretKey = ut.getSecretKey(secretKeyLength);
-                        }
-                        principal = ut.createPrincipal();
-                    } else if (processor instanceof BinarySecurityTokenProcessor) {
-                        certs = ((BinarySecurityTokenProcessor)processor).getCertificates();
-                        if (certs != null && certs.length > 1) {
-                            validateCertificateChain = true;
-                        }
-                    } else if (processor instanceof EncryptedKeyProcessor) {
-                        EncryptedKeyProcessor encryptedKeyProcessor = 
-                            (EncryptedKeyProcessor)processor;
-                        secretKey = encryptedKeyProcessor.getDecryptedBytes();
-                        principal = new CustomTokenPrincipal(encryptedKeyProcessor.getId());
-                    } else if (processor instanceof SecurityContextTokenProcessor) {
-                        SecurityContextTokenProcessor sctProcessor = 
-                            (SecurityContextTokenProcessor)processor;
-                        secretKey = sctProcessor.getSecret();
-                        principal = new CustomTokenPrincipal(sctProcessor.getIdentifier());
-                    } else if (processor instanceof DerivedKeyTokenProcessor) {
-                        DerivedKeyTokenProcessor dktProcessor = 
-                            (DerivedKeyTokenProcessor) processor;
-                        DerivedKeyToken dkt = dktProcessor.getDerivedKeyToken();
-                        int keyLength = dkt.getLength();
-                        if (keyLength <= 0) {
-                            String signatureMethodURI = getSignatureMethod(elem);
-                            keyLength = WSSecurityUtil.getKeyLength(signatureMethodURI);
-                        }
-                        secretKey = dktProcessor.getKeyBytes(keyLength);
-                        principal = dkt.createPrincipal();
-                    } else if (processor instanceof SAMLTokenProcessor) {
-                        if (crypto == null) {
-                            throw new WSSecurityException(
-                                WSSecurityException.FAILURE, "noSigCryptoFile"
-                            );
+                    } else {
+                        int action = ((Integer)result.get(WSSecurityEngineResult.TAG_ACTION)).intValue();
+                        if (WSConstants.UT == action) {
+                            UsernameToken usernameToken = 
+                                (UsernameToken)result.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
+                            
+                            if (usernameToken.isDerivedKey()) {
+                                secretKey = usernameToken.getDerivedKey();
+                            } else {
+                                secretKey = usernameToken.getSecretKey(wssConfig.getSecretKeyLength());
+                            }
+                            principal = usernameToken.createPrincipal();
+                        } else if (WSConstants.BST == action) {
+                            certs = 
+                                (X509Certificate[])result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
+                            if (certs != null && certs.length > 1) {
+                                validateCertificateChain = true;
+                            }
+                        } else if (WSConstants.ENCR == action) {
+                            secretKey = (byte[])result.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
+                            String id = (String)result.get(WSSecurityEngineResult.TAG_ID);
+                            principal = new CustomTokenPrincipal(id);
+                        } else if (WSConstants.SCT == action) {
+                            secretKey = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
+                            SecurityContextToken sct = 
+                                (SecurityContextToken)result.get(
+                                    WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN
+                                );
+                            principal = new CustomTokenPrincipal(sct.getIdentifier());
+                        } else if (WSConstants.DKT == action) {
+                            DerivedKeyToken dkt = 
+                                (DerivedKeyToken)result.get(WSSecurityEngineResult.TAG_DERIVED_KEY_TOKEN);
+                            int keyLength = dkt.getLength();
+                            if (keyLength <= 0) {
+                                String signatureMethodURI = getSignatureMethod(elem);
+                                keyLength = WSSecurityUtil.getKeyLength(signatureMethodURI);
+                            }
+                            byte[] secret = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
+                            secretKey = dkt.deriveKey(keyLength, secret); 
+                            principal = dkt.createPrincipal();
+                        } else if (WSConstants.ST_UNSIGNED == action) {
+                            if (crypto == null) {
+                                throw new WSSecurityException(
+                                    WSSecurityException.FAILURE, "noSigCryptoFile"
+                                );
+                            }
+                            Element samlElement = wsDocInfo.getTokenElement(uri);
+                            SAMLKeyInfo keyInfo = 
+                                SAMLUtil.getSAMLKeyInfo(samlElement, crypto, cb);
+                            certs = keyInfo.getCerts();
+                            secretKey = keyInfo.getSecret();
+                            publicKey = keyInfo.getPublicKey();
+                            principal = createPrincipalFromSAMLKeyInfo(keyInfo);
                         }
-                        SAMLTokenProcessor samlp = (SAMLTokenProcessor) processor;
-                        SAMLKeyInfo samlKi = 
-                            SAMLUtil.getSAMLKeyInfo(samlp.getSamlTokenElement(), crypto, cb);
-                        certs = samlKi.getCerts();
-                        secretKey = samlKi.getSecret();
-                        publicKey = samlKi.getPublicKey();
-                        principal = createPrincipalFromSAMLKeyInfo(samlKi);
                     }
                 } else if (secRef.containsX509Data() || secRef.containsX509IssuerSerial()) {
                     certs = secRef.getX509IssuerSerial(crypto);
@@ -955,8 +953,4 @@ public class SignatureProcessor implemen
         );
     }
 
-    public String getId() {
-        return signatureId;
-    }
-
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java?rev=1050460&r1=1050459&r2=1050460&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java Fri Dec 17 18:01:29 2010
@@ -30,50 +30,46 @@ import org.apache.ws.security.components
 import org.apache.ws.security.message.token.Timestamp;
 import org.w3c.dom.Element;
 
-import javax.security.auth.callback.CallbackHandler;
 import java.util.List;
+import javax.security.auth.callback.CallbackHandler;
 
 public class TimestampProcessor implements Processor {
     private static Log log = LogFactory.getLog(TimestampProcessor.class.getName());
 
-    private WSSConfig wssConfig = null;
-    private String tsId;
-    private int timeToLive = 300;
-    
-    public void handleToken(
+    public List<WSSecurityEngineResult> handleToken(
         Element elem, 
         Crypto crypto, 
         Crypto decCrypto, 
         CallbackHandler cb, 
         WSDocInfo wsDocInfo, 
-        List<WSSecurityEngineResult> returnResults, 
         WSSConfig wsc
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
             log.debug("Found Timestamp list element");
         }
-        wssConfig = wsc;
-        timeToLive = wssConfig.getTimeStampTTL();
         //
         // Decode Timestamp, add the found time (created/expiry) to result
         //
         Timestamp timestamp = new Timestamp(elem);
-        handleTimestamp(timestamp);
-        returnResults.add(
-            0,
-            new WSSecurityEngineResult(WSConstants.TS, timestamp)
-        );
-        tsId = timestamp.getID();
+        handleTimestamp(timestamp, wsc);
+        WSSecurityEngineResult result = 
+            new WSSecurityEngineResult(WSConstants.TS, timestamp);
+        result.put(WSSecurityEngineResult.TAG_ID, timestamp.getID());
+        wsDocInfo.addResult(result);
+        return java.util.Collections.singletonList(result);
     }
 
-    public void handleTimestamp(Timestamp timestamp) throws WSSecurityException {
+    private void handleTimestamp(
+        Timestamp timestamp, 
+        WSSConfig wssConfig
+    ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
             log.debug("Preparing to verify the timestamp");
         }
 
         // Validate whether the security semantics have expired
         if ((wssConfig.isTimeStampStrict() && timestamp.isExpired()) 
-            || !timestamp.verifyCreated(timeToLive)) {
+            || !timestamp.verifyCreated(wssConfig.getTimeStampTTL())) {
             throw new WSSecurityException(
                 WSSecurityException.MESSAGE_EXPIRED,
                 "invalidTimestamp",
@@ -82,8 +78,4 @@ public class TimestampProcessor implemen
         }
     }
     
-    public String getId() {
-        return tsId;
-    }    
-    
 }



Mime
View raw message