ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1069359 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/ main/java/org/apache/ws/security/message/token/ main/java/org/apache/ws/security/processor/ main/java/org/apache/ws/security/saml/ main/java/org/apache/ws/securit...
Date Thu, 10 Feb 2011 12:34:16 GMT
Author: coheigea
Date: Thu Feb 10 12:34:16 2011
New Revision: 1069359

URL: http://svn.apache.org/viewvc?rev=1069359&view=rev
Log:
[WSS-270,WSS-256] - Merged a fix for WSS-270 and some BSP work on SecurityTokenReferences + tests.

Added:
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/SecurityTokenReferenceTest.java
Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Reference.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/UsernameTokenProcessor.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/Base64.java
    webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/WSConstants.java Thu Feb 10 12:34:16 2011
@@ -52,6 +52,8 @@ public class WSConstants {
         "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0";
     public static final String SAMLTOKEN_NS11 = 
         "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1";
+    public static final String KERBEROS_NS11 =
+        "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1"; 
 
     public static final String SIG_NS = "http://www.w3.org/2000/09/xmldsig#";
     public static final String ENC_NS = "http://www.w3.org/2001/04/xmlenc#";
@@ -237,6 +239,7 @@ public class WSConstants {
     public static final String WSS_SAML2_KI_VALUE_TYPE = SAMLTOKEN_NS11 + "#" + SAML2_ASSERTION_ID;
     public static final String WSS_SAML_TOKEN_TYPE = SAMLTOKEN_NS11 + "#SAMLV1.1";
     public static final String WSS_SAML2_TOKEN_TYPE = SAMLTOKEN_NS11 + "#SAMLV2.0";
+    public static final String WSS_ENC_KEY_VALUE_TYPE = SOAPMESSAGE_NS11 + "#" + ENC_KEY_VALUE_TYPE;
     public static final String PASSWORD_DIGEST = USERNAMETOKEN_NS + "#PasswordDigest";
     public static final String PASSWORD_TEXT = USERNAMETOKEN_NS + "#PasswordText";
 

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Reference.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Reference.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Reference.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/Reference.java Thu Feb 10 12:34:16 2011
@@ -37,11 +37,11 @@ import javax.xml.namespace.QName;
 public class Reference {
     public static final QName TOKEN = new QName(WSConstants.WSSE_NS, "Reference");
     protected Element element = null;
-
+    
     /**
      * Constructor.
      * 
-     * @param elem 
+     * @param elem The Reference element
      * @throws WSSecurityException 
      */
     public Reference(Element elem) throws WSSecurityException {
@@ -55,6 +55,14 @@ public class Reference {
                 WSSecurityException.FAILURE, "badElement", new Object[] {TOKEN, el}
             );
         }
+
+        String uri = getURI();
+        // Reference URI cannot be null or empty
+        if (uri == null || uri.isEmpty()) {
+            throw new WSSecurityException(
+                WSSecurityException.INVALID_SECURITY, "badReferenceURI"
+            );
+        }
     }
 
     /**
@@ -75,54 +83,54 @@ public class Reference {
     }
 
     /**
-     * get the dom element.
+     * Get the DOM element.
      * 
-     * @return TODO
+     * @return the DOM element
      */
     public Element getElement() {
         return element;
     }
 
     /**
-     * get the URI.
+     * Get the ValueType attribute.
      * 
-     * @return TODO
+     * @return the ValueType attribute
      */
     public String getValueType() {
         return element.getAttribute("ValueType");
     }
 
     /**
-     * get the URI.
+     * Get the URI.
      * 
-     * @return TODO
+     * @return the URI
      */
     public String getURI() {
         return element.getAttribute("URI");
     }
 
     /**
-     * set the Value type.
+     * Set the Value type.
      * 
-     * @param valueType
+     * @param valueType the ValueType attribute to set
      */
     public void setValueType(String valueType) {
         element.setAttributeNS(null, "ValueType", valueType);
     }
 
     /**
-     * set the URI.
+     * Set the URI.
      * 
-     * @param uri 
+     * @param uri the URI to set
      */
     public void setURI(String uri) {
         element.setAttributeNS(null, "URI", uri);
     }
 
     /**
-     * return the string representation.
+     * Return the string representation.
      * 
-     * @return TODO
+     * @return the string representation.
      */
     public String toString() {
         return DOM2Writer.nodeToString((Node)element);

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/message/token/SecurityTokenReference.java Thu Feb 10 12:34:16 2011
@@ -51,7 +51,6 @@ public class SecurityTokenReference {
     public static final String SECURITY_TOKEN_REFERENCE = "SecurityTokenReference";
     public static final QName STR_QNAME = 
         new QName(WSConstants.WSSE_NS, SECURITY_TOKEN_REFERENCE);
-    public static final String KEY_NAME = "KeyName";
     public static final String SKI_URI = 
         WSConstants.X509TOKEN_NS + "#X509SubjectKeyIdentifier";
     public static final String THUMB_URI = 
@@ -64,26 +63,55 @@ public class SecurityTokenReference {
     private DOMX509IssuerSerial issuerSerial = null;
     private byte[] skiBytes = null;
     private static boolean doDebug = false;
+    private Reference reference = null;
 
     /**
      * Constructor.
      *
-     * @param elem TODO
+     * @param elem A SecurityTokenReference element
      * @throws WSSecurityException
      */
     public SecurityTokenReference(Element elem) throws WSSecurityException {
+        this(elem, true);
+    }
+    
+    /**
+     * Constructor.
+     *
+     * @param elem A SecurityTokenReference element
+     * @param bspCompliant whether the SecurityTokenReference processing complies with the 
+     * BSP spec
+     * @throws WSSecurityException
+     */
+    public SecurityTokenReference(Element elem, boolean bspCompliant) throws WSSecurityException {
         doDebug = log.isDebugEnabled();
         element = elem;
         QName el = new QName(element.getNamespaceURI(), element.getLocalName());
         if (!STR_QNAME.equals(el)) {
             throw new WSSecurityException(WSSecurityException.FAILURE, "badElement", null);
         }
+        
+        if (bspCompliant) {
+            checkBSPCompliance();
+        }
+        if (containsReference()) {
+            Node node = element.getFirstChild();
+            while (node != null) {
+                if (Node.ELEMENT_NODE == node.getNodeType()
+                    && WSConstants.WSSE_NS.equals(node.getNamespaceURI())
+                    && "Reference".equals(node.getLocalName())) {
+                    reference = new Reference((Element)node);
+                    break;
+                }
+                node = node.getNextSibling();
+            }
+        }
     }
 
     /**
      * Constructor.
      *
-     * @param doc TODO
+     * @param doc The Document
      */
     public SecurityTokenReference(Document doc) {
         doDebug = log.isDebugEnabled();
@@ -131,6 +159,7 @@ public class SecurityTokenReference {
         } else {
             element.appendChild(ref.getElement());
         }
+        this.reference = ref;
     }
 
     /**
@@ -141,8 +170,7 @@ public class SecurityTokenReference {
      * @throws WSSecurityException
      */
     public Reference getReference() throws WSSecurityException {
-        Element elem = getFirstElement();
-        return new Reference(elem);
+        return reference;
     }
 
     /**
@@ -168,11 +196,6 @@ public class SecurityTokenReference {
         if (doDebug) {
             log.debug("Token reference uri: " + uri);
         }
-        if (uri == null) {
-            throw new WSSecurityException(
-                WSSecurityException.INVALID_SECURITY, "badReferenceURI"
-            );
-        }
         
         Element tokElement = findTokenElement(doc, docInfo, cb, uri, ref.getValueType());
         
@@ -408,7 +431,6 @@ public class SecurityTokenReference {
         }
     }
 
-    
     /**
      * get the first child element.
      *
@@ -483,7 +505,6 @@ public class SecurityTokenReference {
         return null;
     }
     
-
     public String getX509SKIAlias(Crypto crypto) throws WSSecurityException {
         if (skiBytes == null) {
             skiBytes = getSKIBytes();
@@ -608,7 +629,7 @@ public class SecurityTokenReference {
     /**
      * Method containsReference
      *
-     * @return true if the <code>SecurtityTokenReference</code> contains
+     * @return true if the <code>SecurityTokenReference</code> contains
      *         a <code>wsse:Reference</code> element
      */
     public boolean containsReference() {
@@ -619,7 +640,7 @@ public class SecurityTokenReference {
      * Method lengthReference.
      *
      * @return number of <code>wsse:Reference</code> elements in
-     *         the <code>SecurtityTokenReference</code>
+     *         the <code>SecurityTokenReference</code>
      */
     public int lengthReference() {
         return length(WSConstants.WSSE_NS, "Reference");
@@ -628,7 +649,7 @@ public class SecurityTokenReference {
     /**
      * Method containsX509IssuerSerial
      *
-     * @return true if the <code>SecurtityTokenReference</code> contains
+     * @return true if the <code>SecurityTokenReference</code> contains
      *         a <code>ds:IssuerSerial</code> element
      */
     public boolean containsX509IssuerSerial() {
@@ -638,7 +659,7 @@ public class SecurityTokenReference {
     /**
      * Method containsX509Data
      *
-     * @return true if the <code>SecurtityTokenReference</code> contains
+     * @return true if the <code>SecurityTokenReference</code> contains
      *         a <code>ds:X509Data</code> element
      */
     public boolean containsX509Data() {
@@ -649,7 +670,7 @@ public class SecurityTokenReference {
      * Method lengthX509IssuerSerial.
      *
      * @return number of <code>ds:IssuerSerial</code> elements in
-     *         the <code>SecurtityTokenReference</code>
+     *         the <code>SecurityTokenReference</code>
      */
     public int lengthX509IssuerSerial() {
         return length(WSConstants.SIG_NS, WSConstants.X509_ISSUER_SERIAL_LN);
@@ -659,7 +680,7 @@ public class SecurityTokenReference {
      * Method lengthX509Data.
      *
      * @return number of <code>ds:IssuerSerial</code> elements in
-     *         the <code>SecurtityTokenReference</code>
+     *         the <code>SecurityTokenReference</code>
      */
     public int lengthX509Data() {
         return length(WSConstants.SIG_NS, WSConstants.X509_DATA_LN);
@@ -668,18 +689,18 @@ public class SecurityTokenReference {
     /**
      * Method containsKeyIdentifier.
      *
-     * @return true if the <code>SecurtityTokenReference</code> contains
+     * @return true if the <code>SecurityTokenReference</code> contains
      *         a <code>wsse:KeyIdentifier</code> element
      */
     public boolean containsKeyIdentifier() {
         return lengthKeyIdentifier() > 0;
     }
-
+    
     /**
      * Method lengthKeyIdentifier.
      *
      * @return number of <code>wsse:KeyIdentifier</code> elements in
-     *         the <code>SecurtityTokenReference</code>
+     *         the <code>SecurityTokenReference</code>
      */
     public int lengthKeyIdentifier() {
         return length(WSConstants.WSSE_NS, "KeyIdentifier");
@@ -712,9 +733,9 @@ public class SecurityTokenReference {
     }
 
     /**
-     * get the dom element.
+     * Get the DOM element.
      *
-     * @return TODO
+     * @return the DOM element
      */
     public Element getElement() {
         return element;
@@ -732,9 +753,84 @@ public class SecurityTokenReference {
     /**
      * return the string representation.
      *
-     * @return TODO
+     * @return a representation of this SecurityTokenReference element as a String
      */
     public String toString() {
         return DOM2Writer.nodeToString((Node) element);
     }
+    
+    /**
+     * A method to check that the SecurityTokenReference is compliant with the BSP spec.
+     * @throws WSSecurityException
+     */
+    private void checkBSPCompliance() throws WSSecurityException {
+        // We can only have one token reference
+        int result = 0;
+        Node node = element.getFirstChild();
+        Element child = null;
+        while (node != null) {
+            if (Node.ELEMENT_NODE == node.getNodeType()) {
+                result++;
+                child = (Element)node;
+            }
+            node = node.getNextSibling();
+        }
+        if (result != 1) {
+            throw new WSSecurityException(
+                WSSecurityException.INVALID_SECURITY, "invalidDataRef"
+            );
+        }
+        
+        if ("KeyIdentifier".equals(child.getLocalName()) 
+            && WSConstants.WSSE_NS.equals(child.getNamespaceURI())) {
+            
+            String valueType = getKeyIdentifierValueType();
+            // ValueType cannot be null
+            if (valueType == null || valueType.isEmpty()) {
+                throw new WSSecurityException(
+                    WSSecurityException.INVALID_SECURITY, "invalidValueType"
+                );
+            }
+            String encodingType = getFirstElement().getAttribute("EncodingType");
+            // Encoding Type must be equal to Base64Binary if it's specified
+            if (encodingType != null && !encodingType.isEmpty() 
+                && !BinarySecurity.BASE64_ENCODING.equals(encodingType)) {
+                throw new WSSecurityException(
+                    WSSecurityException.INVALID_SECURITY, 
+                    "badEncodingType", 
+                    new Object[] {encodingType}
+                );
+            }
+            // Encoding type must be specified other than for a SAML Assertion
+            if (!WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(valueType) 
+                && !WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(valueType)
+                && (encodingType == null || encodingType.isEmpty())) {
+                throw new WSSecurityException(
+                    WSSecurityException.INVALID_SECURITY, "noEncodingType"
+                );
+            }
+        } else if ("Embedded".equals(child.getLocalName())) {
+            result = 0;
+            node = child.getFirstChild();
+            while (node != null) {
+                if (Node.ELEMENT_NODE == node.getNodeType()) {
+                    result++;
+                    // We cannot have a SecurityTokenReference child element
+                    if ("SecurityTokenReference".equals(node.getLocalName())
+                        && WSConstants.WSSE_NS.equals(node.getNamespaceURI())) {
+                        throw new WSSecurityException(
+                            WSSecurityException.INVALID_SECURITY, "invalidEmbeddedRef"
+                        );
+                    }
+                }
+                node = node.getNextSibling();
+            }
+            // We can only have one embedded child
+            if (result != 1) {
+                throw new WSSecurityException(
+                    WSSecurityException.INVALID_SECURITY, "invalidEmbeddedRef"
+                );
+            }
+        }
+    }
 }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/DerivedKeyTokenProcessor.java Thu Feb 10 12:34:16 2011
@@ -65,9 +65,9 @@ public class DerivedKeyTokenProcessor im
         Element secRefElement = dkt.getSecurityTokenReferenceElement();
         if (secRefElement != null) {
             STRParser strParser = new DerivedKeyTokenSTRParser();
-            strParser.parseSecurityTokenReference(
-                secRefElement, crypto, cb, wsDocInfo, null
-            );
+            strParser.setBspCompliant(config.isWsiBSPCompliant());
+            strParser.parseSecurityTokenReference(secRefElement, crypto, cb, wsDocInfo, null);
+            
             secret = strParser.getSecretKey();
         } else {
             throw new WSSecurityException(WSSecurityException.FAILED_CHECK, "noReference");

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java Thu Feb 10 12:34:16 2011
@@ -71,7 +71,7 @@ public class EncryptedKeyProcessor imple
         Crypto decCrypto, 
         CallbackHandler cb, 
         WSDocInfo wsDocInfo,
-        WSSConfig wsc
+        WSSConfig config
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
             log.debug("Found encrypted key element");
@@ -104,7 +104,7 @@ public class EncryptedKeyProcessor imple
             throw new WSSecurityException(WSSecurityException.INVALID_SECURITY, "noCipher");
         }
         
-        String alias = getAliasFromEncryptedKey(elem, decCrypto, cb, wsDocInfo);
+        String alias = getAliasFromEncryptedKey(elem, decCrypto, cb, wsDocInfo, config);
         PrivateKey privateKey = getPrivateKeyFromKeyInfo(decCrypto, cb, alias);
         X509Certificate[] certs = decCrypto.getCertificates(alias);
 
@@ -173,7 +173,8 @@ public class EncryptedKeyProcessor imple
         Element xencEncryptedKey,
         Crypto crypto,
         CallbackHandler cb,
-        WSDocInfo wsDocInfo
+        WSDocInfo wsDocInfo,
+        WSSConfig config
     ) throws WSSecurityException {
         Element keyInfo = 
             WSSecurityUtil.getDirectChildElement(
@@ -193,7 +194,9 @@ public class EncryptedKeyProcessor imple
                 );
             }
             STRParser strParser = new EncryptedKeySTRParser();
+            strParser.setBspCompliant(config.isWsiBSPCompliant());
             strParser.parseSecurityTokenReference(strElement, crypto, cb, wsDocInfo, null);
+            
             X509Certificate[] certs = strParser.getCertificates();
             if (certs == null || certs.length < 1 || certs[0] == null) {
                 throw new WSSecurityException(

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/ReferenceListProcessor.java Thu Feb 10 12:34:16 2011
@@ -65,7 +65,7 @@ public class ReferenceListProcessor impl
         Crypto decCrypto,
         CallbackHandler cb, 
         WSDocInfo wsDocInfo, 
-        WSSConfig wsc
+        WSSConfig config
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
             log.debug("Found reference list element");
@@ -73,7 +73,7 @@ public class ReferenceListProcessor impl
         if (cb == null) {
             throw new WSSecurityException(WSSecurityException.FAILURE, "noCallback");
         }
-        List<WSDataRef> dataRefs = handleReferenceList(elem, cb, decCrypto, wsDocInfo);
+        List<WSDataRef> dataRefs = handleReferenceList(elem, cb, decCrypto, wsDocInfo, config);
         WSSecurityEngineResult result = 
             new WSSecurityEngineResult(WSConstants.ENCR, dataRefs);
         wsDocInfo.addTokenElement(elem);
@@ -93,7 +93,8 @@ public class ReferenceListProcessor impl
         Element elem, 
         CallbackHandler cb,
         Crypto crypto,
-        WSDocInfo wsDocInfo
+        WSDocInfo wsDocInfo,
+        WSSConfig config
     ) throws WSSecurityException {
         List<WSDataRef> dataRefs = new ArrayList<WSDataRef>();
         for (Node node = elem.getFirstChild(); 
@@ -108,7 +109,8 @@ public class ReferenceListProcessor impl
                     dataRefURI = dataRefURI.substring(1);
                 }
                 WSDataRef dataRef = 
-                    decryptDataRefEmbedded(elem.getOwnerDocument(), dataRefURI, cb, crypto, wsDocInfo);
+                    decryptDataRefEmbedded(
+                        elem.getOwnerDocument(), dataRefURI, cb, crypto, wsDocInfo, config);
                 dataRefs.add(dataRef);
             }
         }
@@ -125,7 +127,8 @@ public class ReferenceListProcessor impl
         String dataRefURI, 
         CallbackHandler cb, 
         Crypto crypto,
-        WSDocInfo wsDocInfo
+        WSDocInfo wsDocInfo,
+        WSSConfig config
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
             log.debug("Found data reference: " + dataRefURI);
@@ -158,6 +161,7 @@ public class ReferenceListProcessor impl
             symmetricKey = X509Util.getSharedKey(keyInfoElement, symEncAlgo, cb);
         } else {
             STRParser strParser = new SecurityTokenRefSTRParser();
+            strParser.setBspCompliant(config.isWsiBSPCompliant());
             Map<String, Object> parameters = new HashMap<String, Object>();
             parameters.put(SecurityTokenRefSTRParser.SIGNATURE_METHOD, symEncAlgo);
             strParser.parseSecurityTokenReference(

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java Thu Feb 10 12:34:16 2011
@@ -57,7 +57,7 @@ public class SAMLTokenProcessor implemen
         Crypto decCrypto, 
         CallbackHandler cb, 
         WSDocInfo wsDocInfo, 
-        WSSConfig wsc
+        WSSConfig config
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
             log.debug("Found SAML Assertion element");

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureConfirmationProcessor.java Thu Feb 10 12:34:16 2011
@@ -51,7 +51,7 @@ public class SignatureConfirmationProces
         Crypto decCrypto, 
         CallbackHandler cb, 
         WSDocInfo wsDocInfo, 
-        WSSConfig wsc
+        WSSConfig config
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
             log.debug("Found SignatureConfirmation list element");

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/SignatureProcessor.java Thu Feb 10 12:34:16 2011
@@ -93,7 +93,7 @@ public class SignatureProcessor implemen
         Crypto decCrypto, 
         CallbackHandler cb, 
         WSDocInfo wsDocInfo, 
-        WSSConfig wsc
+        WSSConfig config
     ) throws WSSecurityException {
         if (LOG.isDebugEnabled()) {
             LOG.debug("Found signature element");
@@ -131,10 +131,11 @@ public class SignatureProcessor implemen
                 validator.validate(credential);
             } else {
                 STRParser strParser = new SignatureSTRParser();
+                strParser.setBspCompliant(config.isWsiBSPCompliant());
                 Map<String, Object> parameters = new HashMap<String, Object>();
                 parameters.put(SignatureSTRParser.SIGNATURE_METHOD, signatureMethod);
                 parameters.put(
-                    SignatureSTRParser.SECRET_KEY_LENGTH, new Integer(wsc.getSecretKeyLength())
+                    SignatureSTRParser.SECRET_KEY_LENGTH, new Integer(config.getSecretKeyLength())
                 );
                 strParser.parseSecurityTokenReference(
                     strElement, crypto, cb, wsDocInfo, parameters
@@ -170,7 +171,7 @@ public class SignatureProcessor implemen
         String c14nMethod = xmlSignature.getSignedInfo().getCanonicalizationMethod().getAlgorithm();
         List<WSDataRef> dataRefs =  
             buildProtectedRefs(
-                elem.getOwnerDocument(), xmlSignature.getSignedInfo(), wsDocInfo
+                elem.getOwnerDocument(), xmlSignature.getSignedInfo(), config, wsDocInfo
             );
         
         int actionPerformed = WSConstants.SIGN;
@@ -394,6 +395,7 @@ public class SignatureProcessor implemen
      * to caller
      * @param doc The owning document
      * @param signedInfo The SignedInfo object
+     * @param wssConfig A WSSConfig instance
      * @param protectedRefs A list of protected references
      * @return A list of protected references
      * @throws WSSecurityException
@@ -401,6 +403,7 @@ public class SignatureProcessor implemen
     private List<WSDataRef> buildProtectedRefs(
         Document doc,
         SignedInfo signedInfo,
+        WSSConfig wssConfig,
         WSDocInfo wsDocInfo
     ) throws WSSecurityException {
         List<WSDataRef> protectedRefs = new java.util.ArrayList<WSDataRef>();
@@ -434,7 +437,10 @@ public class SignatureProcessor implemen
                             
                             if (securityTokenReference != null) {
                                 SecurityTokenReference secTokenRef = 
-                                    new SecurityTokenReference((Element)securityTokenReference);
+                                    new SecurityTokenReference(
+                                        (Element)securityTokenReference,
+                                        wssConfig.isWsiBSPCompliant()
+                                    );
                                 se = STRTransformUtil.dereferenceSTR(doc, secTokenRef, wsDocInfo);
                             }
                         }

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/TimestampProcessor.java Thu Feb 10 12:34:16 2011
@@ -54,7 +54,7 @@ public class TimestampProcessor implemen
         Crypto decCrypto, 
         CallbackHandler cb, 
         WSDocInfo wsDocInfo, 
-        WSSConfig wsc
+        WSSConfig config
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
             log.debug("Found Timestamp list element");
@@ -62,10 +62,10 @@ public class TimestampProcessor implemen
         //
         // Decode Timestamp, add the found time (created/expiry) to result
         //
-        Timestamp timestamp = new Timestamp(elem, wsc.isWsiBSPCompliant());
+        Timestamp timestamp = new Timestamp(elem, config.isWsiBSPCompliant());
         Credential credential = new Credential();
         credential.setTimestamp(timestamp);
-        validator.setWSSConfig(wsc);
+        validator.setWSSConfig(config);
         validator.validate(credential);
         
         WSSecurityEngineResult result = 

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/UsernameTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/UsernameTokenProcessor.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/UsernameTokenProcessor.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/processor/UsernameTokenProcessor.java Thu Feb 10 12:34:16 2011
@@ -52,15 +52,15 @@ public class UsernameTokenProcessor impl
 
     public List<WSSecurityEngineResult> handleToken(
         Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, 
-        WSDocInfo wsDocInfo, WSSConfig wsc
+        WSDocInfo wsDocInfo, WSSConfig config
     ) throws WSSecurityException {
         if (log.isDebugEnabled()) {
             log.debug("Found UsernameToken list element");
         }
         validator.setCallbackHandler(cb);
-        validator.setWSSConfig(wsc);
+        validator.setWSSConfig(config);
         
-        UsernameToken token = handleUsernameToken(elem, wsc);
+        UsernameToken token = handleUsernameToken(elem, config);
         
         WSUsernameTokenPrincipal principal = 
             new WSUsernameTokenPrincipal(token.getName(), token.isHashed());

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/SAMLUtil.java Thu Feb 10 12:34:16 2011
@@ -157,6 +157,12 @@ public class SAMLUtil {
             return new SAMLKeyInfo(key);
         }
         
+        if (crypto == null) {
+            throw new WSSecurityException(
+                WSSecurityException.FAILURE, "noSigCryptoFile"
+            );
+        }
+        
         for (org.opensaml.saml1.core.Statement stmt : assertion.getStatements()) {
             org.opensaml.saml1.core.Subject samlSubject = null;
             if (stmt instanceof org.opensaml.saml1.core.AttributeStatement) {

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/DerivedKeyTokenSTRParser.java Thu Feb 10 12:34:16 2011
@@ -51,6 +51,16 @@ public class DerivedKeyTokenSTRParser im
     
     private byte[] secretKey;
     
+    private boolean bspCompliant = true;
+    
+    /**
+     * Set whether we should process tokens according to the BSP spec
+     * @param bspCompliant whether we should process tokens according to the BSP spec
+     */
+    public void setBspCompliant(boolean bspCompliant) {
+        this.bspCompliant = bspCompliant;
+    }
+    
     /**
      * Parse a SecurityTokenReference element and extract credentials.
      * 
@@ -68,7 +78,7 @@ public class DerivedKeyTokenSTRParser im
         WSDocInfo wsDocInfo,
         Map<String, Object> parameters
     ) throws WSSecurityException {
-        SecurityTokenReference secRef = new SecurityTokenReference(strElement);
+        SecurityTokenReference secRef = new SecurityTokenReference(strElement, bspCompliant);
         
         String uri = null;
         String keyIdentifierValueType = null;

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/EncryptedKeySTRParser.java Thu Feb 10 12:34:16 2011
@@ -52,6 +52,16 @@ public class EncryptedKeySTRParser imple
     
     private X509Certificate[] certs;
     
+    private boolean bspCompliant = true;
+    
+    /**
+     * Set whether we should process tokens according to the BSP spec
+     * @param bspCompliant whether we should process tokens according to the BSP spec
+     */
+    public void setBspCompliant(boolean bspCompliant) {
+        this.bspCompliant = bspCompliant;
+    }
+    
     /**
      * Parse a SecurityTokenReference element and extract credentials.
      * 
@@ -69,7 +79,7 @@ public class EncryptedKeySTRParser imple
         WSDocInfo wsDocInfo,
         Map<String, Object> parameters
     ) throws WSSecurityException {
-        SecurityTokenReference secRef = new SecurityTokenReference(strElement);
+        SecurityTokenReference secRef = new SecurityTokenReference(strElement, bspCompliant);
         //
         // Handle X509IssuerSerial here. First check if all elements are available,
         // get the appropriate data, check if all data is available.

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/STRParser.java Thu Feb 10 12:34:16 2011
@@ -37,6 +37,12 @@ import javax.security.auth.callback.Call
 public interface STRParser {
     
     /**
+     * Set whether we should process tokens according to the BSP spec
+     * @param bspCompliant whether we should process tokens according to the BSP spec
+     */
+    public void setBspCompliant(boolean bspCompliant);
+    
+    /**
      * Parse a SecurityTokenReference element and extract credentials.
      * 
      * @param strElement The SecurityTokenReference element

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SecurityTokenRefSTRParser.java Thu Feb 10 12:34:16 2011
@@ -55,6 +55,16 @@ public class SecurityTokenRefSTRParser i
     
     private byte[] secretKey;
     
+    private boolean bspCompliant = true;
+    
+    /**
+     * Set whether we should process tokens according to the BSP spec
+     * @param bspCompliant whether we should process tokens according to the BSP spec
+     */
+    public void setBspCompliant(boolean bspCompliant) {
+        this.bspCompliant = bspCompliant;
+    }
+    
     /**
      * Parse a SecurityTokenReference element and extract credentials.
      * 
@@ -73,7 +83,7 @@ public class SecurityTokenRefSTRParser i
         Map<String, Object> parameters
     ) throws WSSecurityException {
 
-        SecurityTokenReference secRef = new SecurityTokenReference(strElement);
+        SecurityTokenReference secRef = new SecurityTokenReference(strElement, bspCompliant);
 
         if (secRef.containsReference()) {
             Reference reference = secRef.getReference();

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/str/SignatureSTRParser.java Thu Feb 10 12:34:16 2011
@@ -76,6 +76,16 @@ public class SignatureSTRParser implemen
     
     private Principal principal;
     
+    private boolean bspCompliant = true;
+    
+    /**
+     * Set whether we should process tokens according to the BSP spec
+     * @param bspCompliant whether we should process tokens according to the BSP spec
+     */
+    public void setBspCompliant(boolean bspCompliant) {
+        this.bspCompliant = bspCompliant;
+    }
+    
     /**
      * Parse a SecurityTokenReference element and extract credentials.
      * 
@@ -93,7 +103,7 @@ public class SignatureSTRParser implemen
         WSDocInfo wsDocInfo,
         Map<String, Object> parameters
     ) throws WSSecurityException {
-        SecurityTokenReference secRef = new SecurityTokenReference(strElement);
+        SecurityTokenReference secRef = new SecurityTokenReference(strElement, bspCompliant);
         //
         // Here we get some information about the document that is being
         // processed, in particular the crypto implementation, and already
@@ -115,11 +125,7 @@ public class SignatureSTRParser implemen
                     certs = getCertificatesTokenReference(token, crypto);
                 } else if (el.equals(WSSecurityEngine.SAML_TOKEN) 
                     || el.equals(WSSecurityEngine.SAML2_TOKEN)) {
-                    if (crypto == null) {
-                        throw new WSSecurityException(
-                                WSSecurityException.FAILURE, "noSigCryptoFile"
-                        );
-                    }
+
                     AssertionWrapper assertion = new AssertionWrapper(token);
                     SAMLKeyInfo samlKi = SAMLUtil.getCredentialFromSubject(assertion, crypto, cb);
                     X509Certificate[] foundCerts = samlKi.getCerts();
@@ -184,11 +190,7 @@ public class SignatureSTRParser implemen
                     secretKey = dkt.deriveKey(keyLength, secret); 
                     principal = dkt.createPrincipal();
                 } else if (WSConstants.ST_UNSIGNED == action || WSConstants.ST_SIGNED == action) {
-                    if (crypto == null) {
-                        throw new WSSecurityException(
-                            WSSecurityException.FAILURE, "noSigCryptoFile"
-                        );
-                    }
+
                     AssertionWrapper assertion = 
                         (AssertionWrapper)result.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
                     SAMLKeyInfo keyInfo = assertion.getSubjectKeyInfo();

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/Base64.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/Base64.java?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/Base64.java (original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/util/Base64.java Thu Feb 10 12:34:16 2011
@@ -172,7 +172,7 @@ public final class  Base64 {
     }
 
     /**
-     * Decodes Base64 data into octects
+     * Decodes Base64 data into octets
      *
      * @param encoded string containing Base64 data
      * @return Array containind decoded data.

Modified: webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties?rev=1069359&r1=1069358&r2=1069359&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties (original)
+++ webservices/wss4j/trunk/src/main/resources/org/apache/ws/security/errors.properties Thu Feb 10 12:34:16 2011
@@ -15,6 +15,8 @@
 noToken = Reference \"{0}\"
 noReference = <Reference> token could not be retrieved
 badReferenceURI = Reference URI is null
+noEncodingType = No EncodingType attribute was specified
+badEncodingType = A bad EncodingType attribute was specified \"{0}\"
 unhandledToken = Security token supported but currently not handled \"{0}\"
 unsupportedBinaryTokenType = Token type \"{0}\"
 invalidConstructor = Token impl. class \"{0}\" does not provide appropriate constructor
@@ -28,6 +30,7 @@ noPrivateKey = The private key for the s
 invalidCertData = Unexpected number of certificates: {0}
 noSKIHandling = Error during processing of SKI data: {0}
 invalidDataRef = Cannot handle multiple data references
+invalidEmbeddedRef = The embedded Reference is invalid
 noEncryptedData = Referenced encrypted data could not be retrieved. Reference \"{0}\"
 badElement = Bad element, expected \"{0}\" while got \"{1}\"
 badTokenType00 = Bad UsernameToken Type

Added: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/SecurityTokenReferenceTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/SecurityTokenReferenceTest.java?rev=1069359&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/SecurityTokenReferenceTest.java (added)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/SecurityTokenReferenceTest.java Thu Feb 10 12:34:16 2011
@@ -0,0 +1,290 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.message.token;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.common.SOAPUtil;
+import org.apache.ws.security.util.DOM2Writer;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Some tests for the SecurityTokenReference class.
+ */
+public class SecurityTokenReferenceTest extends org.junit.Assert {
+    private static final Log LOG = LogFactory.getLog(SecurityTokenReferenceTest.class);
+    
+    /**
+     * Test for a Reference with no URI
+     */
+    @org.junit.Test
+    public void testReferenceNoURI() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        
+        // Create the STR
+        SecurityTokenReference str = new SecurityTokenReference(doc);
+        str.addWSSENamespace();
+        Reference ref = new Reference(doc);
+        ref.setValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+        ref.setURI(null);
+        str.setReference(ref);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(str.toString());
+        }
+        
+        // Process the STR
+        Element strElement = str.getElement();
+        try {
+            new SecurityTokenReference(strElement);
+            fail("Failure expected on a reference with no URI");
+        } catch (WSSecurityException ex) {
+            assert ex.getMessage().contains("Reference URI is null");
+        }
+    }
+
+    /**
+     * Test for a SecurityTokenReference having multiple data references
+     */
+    @org.junit.Test
+    public void testMultipleChildren() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        
+        // Create the STR
+        SecurityTokenReference str = new SecurityTokenReference(doc);
+        str.addWSSENamespace();
+        str.setKeyIdentifierEncKeySHA1("123456");
+        Element strElement = str.getElement();
+        
+        Reference ref = new Reference(doc);
+        ref.setValueType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
+        ref.setURI("#123");
+        strElement.appendChild(ref.getElement());
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(str.toString());
+        }
+        
+        // Process the STR
+        try {
+            new SecurityTokenReference(strElement);
+            fail("Failure expected on multiple data references");
+        } catch (WSSecurityException ex) {
+            assert ex.getMessage().contains("Cannot handle multiple data references");
+        }
+        
+        new SecurityTokenReference(strElement, false);
+    }
+    
+    /**
+     * Test for a SecurityTokenReference having a Key Identifier with no ValueType
+     */
+    @org.junit.Test
+    public void testKeyIdentifierNoValueType() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        
+        // Create the STR
+        SecurityTokenReference str = new SecurityTokenReference(doc);
+        str.addWSSENamespace();
+        str.setKeyIdentifier((String)null, "#123");
+        Element strElement = str.getElement();
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(str.toString());
+        }
+        
+        // Process the STR
+        try {
+            new SecurityTokenReference(strElement);
+            fail("Failure expected on a Key Identifier with no ValueType");
+        } catch (WSSecurityException ex) {
+            assert ex.getMessage().contains("Bad ValueType");
+        }
+        
+        new SecurityTokenReference(strElement, false);
+    }
+    
+    /**
+     * Test for a SecurityTokenReference having a Key Identifier with a bad EncodingType
+     */
+    @org.junit.Test
+    public void testKeyIdentifierBadEncodingType() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        
+        // Create the STR
+        SecurityTokenReference str = new SecurityTokenReference(doc);
+        str.addWSSENamespace();
+        Element strElement = str.getElement();
+        
+        Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
+        keyId.setAttributeNS(null, "ValueType", SecurityTokenReference.ENC_KEY_SHA1_URI);
+        keyId.setAttributeNS(null, "EncodingType", "http://bad_encoding");
+        keyId.appendChild(doc.createTextNode("#123"));
+        strElement.appendChild(keyId);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(str.toString());
+        }
+        
+        // Process the STR
+        try {
+            new SecurityTokenReference(strElement);
+            fail("Failure expected on a Key Identifier with a Bad EncodingType");
+        } catch (WSSecurityException ex) {
+            assert ex.getMessage().contains("bad EncodingType");
+        }
+        
+        new SecurityTokenReference(strElement, false);
+    }
+    
+    
+    /**
+     * Test for a SecurityTokenReference having a Key Identifier with no EncodingType
+     */
+    @org.junit.Test
+    public void testKeyIdentifierNoEncodingType() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        
+        // Create the STR
+        SecurityTokenReference str = new SecurityTokenReference(doc);
+        str.addWSSENamespace();
+        Element strElement = str.getElement();
+        
+        Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
+        keyId.setAttributeNS(null, "ValueType", SecurityTokenReference.ENC_KEY_SHA1_URI);
+        keyId.appendChild(doc.createTextNode("#123"));
+        strElement.appendChild(keyId);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(str.toString());
+        }
+        
+        // Process the STR
+        try {
+            new SecurityTokenReference(strElement);
+            fail("Failure expected on a Key Identifier with no EncodingType");
+        } catch (WSSecurityException ex) {
+            assert ex.getMessage().contains("No EncodingType");
+        }
+        
+        new SecurityTokenReference(strElement, false);
+    }
+    
+    /**
+     * Test for a SecurityTokenReference having a Key Identifier with no EncodingType, but
+     * it should pass as the ValueType is for a SAML Assertion.
+     */
+    @org.junit.Test
+    public void testKeyIdentifierSAMLNoEncodingType() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        
+        // Create the STR
+        SecurityTokenReference str = new SecurityTokenReference(doc);
+        str.addWSSENamespace();
+        Element strElement = str.getElement();
+        
+        Element keyId = doc.createElementNS(WSConstants.WSSE_NS, "wsse:KeyIdentifier");
+        keyId.setAttributeNS(null, "ValueType", WSConstants.WSS_SAML_KI_VALUE_TYPE);
+        keyId.appendChild(doc.createTextNode("#123"));
+        strElement.appendChild(keyId);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(str.toString());
+        }
+        
+        // Process the STR
+        new SecurityTokenReference(strElement);
+    }
+    
+    /**
+     * Test for a SecurityTokenReference having an Embedded Child, which in turn has a 
+     * SecurityTokenReference child.
+     */
+    @org.junit.Test
+    public void testEmbeddedSTRChild() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        
+        // Create the STR
+        SecurityTokenReference str = new SecurityTokenReference(doc);
+        str.addWSSENamespace();
+        Element strElement = str.getElement();
+        
+        Element embedded = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Embedded");
+        str = new SecurityTokenReference(doc);
+        str.addWSSENamespace();
+        embedded.appendChild(str.getElement());
+        
+        strElement.appendChild(embedded);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(DOM2Writer.nodeToString(strElement));
+        }
+        
+        // Process the STR
+        try {
+            new SecurityTokenReference(strElement);
+            fail("Failure expected on an Embedded Child with a SecurityTokenReference child");
+        } catch (WSSecurityException ex) {
+            assert ex.getMessage().contains("embedded Reference is invalid");
+        }
+        
+        new SecurityTokenReference(strElement, false);
+    }
+    
+    /**
+     * Test for a SecurityTokenReference having an Embedded Child, which has multiple
+     * children.
+     */
+    @org.junit.Test
+    public void testMultipleEmbeddedChildren() throws Exception {
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        
+        // Create the STR
+        SecurityTokenReference str = new SecurityTokenReference(doc);
+        str.addWSSENamespace();
+        Element strElement = str.getElement();
+        
+        Element embedded = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Embedded");
+        Element embedded1 = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Reference");
+        Element embedded2 = doc.createElementNS(WSConstants.WSSE_NS, "wsse:Reference");
+        embedded.appendChild(embedded1);
+        embedded.appendChild(embedded2);
+        
+        strElement.appendChild(embedded);
+        
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(DOM2Writer.nodeToString(strElement));
+        }
+        
+        // Process the STR
+        try {
+            new SecurityTokenReference(strElement);
+            fail("Failure expected on an Embedded Child with multiple children");
+        } catch (WSSecurityException ex) {
+            assert ex.getMessage().contains("embedded Reference is invalid");
+        }
+        
+        new SecurityTokenReference(strElement, false);
+    }
+    
+}



Mime
View raw message