ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1172285 [14/48] - in /webservices/wss4j/branches/swssf: ./ cxf-integration/ cxf-integration/src/ cxf-integration/src/main/ cxf-integration/src/main/java/ cxf-integration/src/main/java/org/ cxf-integration/src/main/java/org/swssf/ cxf-integ...
Date Sun, 18 Sep 2011 13:51:36 GMT
Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractOutputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractOutputProcessor.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractOutputProcessor.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractOutputProcessor.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,512 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.ext;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.swssf.crypto.Merlin;
+import org.swssf.impl.EncryptionPartDef;
+import org.swssf.impl.util.RFC2253Parser;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLEventFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.*;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.*;
+
+/**
+ * An abstract OutputProcessor class for reusabilty
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public abstract class AbstractOutputProcessor implements OutputProcessor {
+
+    protected final transient Log logger = LogFactory.getLog(this.getClass());
+
+    protected static final XMLEventFactory xmlEventFactory = XMLEventFactory.newFactory();
+    protected SecurityProperties securityProperties;
+    protected Constants.Action action;
+
+    private Constants.Phase phase = Constants.Phase.PROCESSING;
+    private Set<Object> beforeProcessors = new HashSet<Object>();
+    private Set<Object> afterProcessors = new HashSet<Object>();
+
+    protected AbstractOutputProcessor(SecurityProperties securityProperties, Constants.Action action) throws WSSecurityException {
+        this.securityProperties = securityProperties;
+        this.action = action;
+    }
+
+    public Constants.Phase getPhase() {
+        return phase;
+    }
+
+    public void setPhase(Constants.Phase phase) {
+        this.phase = phase;
+    }
+
+    public Set<Object> getBeforeProcessors() {
+        return beforeProcessors;
+    }
+
+    public Set<Object> getAfterProcessors() {
+        return afterProcessors;
+    }
+
+    public SecurityProperties getSecurityProperties() {
+        return securityProperties;
+    }
+
+    public Constants.Action getAction() {
+        return action;
+    }
+
+    public abstract void processEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException;
+
+    public void processNextEvent(XMLEvent xmlEvent, OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException {
+        processEvent(xmlEvent, outputProcessorChain);
+    }
+
+    public void doFinal(OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException {
+        outputProcessorChain.doFinal();
+    }
+
+    //todo copy attributes
+    protected XMLEventNS cloneStartElementEvent(XMLEvent xmlEvent, List<Attribute> attributeList) throws XMLStreamException {
+        XMLEventNS xmlEventNS = (XMLEventNS) xmlEvent;
+        if (!xmlEvent.isStartElement()) {
+            return xmlEventNS;
+        }
+
+        List<ComparableNamespace>[] xmlEventNSNamespaces = xmlEventNS.getNamespaceList();
+        List<ComparableAttribute>[] xmlEventNsAttributes = xmlEventNS.getAttributeList();
+
+        List<ComparableNamespace> currentXmlEventNamespaces = xmlEventNSNamespaces[0];
+        currentXmlEventNamespaces.add(new ComparableNamespace(xmlEvent.asStartElement().getName().getPrefix(), xmlEvent.asStartElement().getName().getNamespaceURI()));
+
+        List<Namespace> namespaceList = new ArrayList<Namespace>();
+        @SuppressWarnings("unchecked")
+        Iterator<Namespace> namespaceIterator = xmlEvent.asStartElement().getNamespaces();
+        while (namespaceIterator.hasNext()) {
+            Namespace namespace = namespaceIterator.next();
+            namespaceList.add(createNamespace(namespace.getPrefix(), namespace.getNamespaceURI()));
+        }
+
+        for (int i = 0; i < attributeList.size(); i++) {
+            Attribute attribute = attributeList.get(i);
+            boolean found = false;
+            for (int j = 0; j < namespaceList.size(); j++) {
+                Namespace namespace = namespaceList.get(j);
+                if (namespace.getPrefix() != null && attribute.getName().getPrefix() != null && namespace.getPrefix().equals(attribute.getName().getPrefix())) {
+                    found = true;
+                    break;
+                }
+            }
+            if (!found) {
+                namespaceList.add(createNamespace(attribute.getName().getPrefix(), attribute.getName().getNamespaceURI()));
+                currentXmlEventNamespaces.add(new ComparableNamespace(attribute.getName().getPrefix(), attribute.getName().getNamespaceURI()));
+            }
+        }
+
+        StartElement startElement = xmlEventFactory.createStartElement(xmlEvent.asStartElement().getName(), attributeList.iterator(), namespaceList.iterator());
+
+        return new XMLEventNS(startElement, xmlEventNSNamespaces, xmlEventNsAttributes);
+    }
+
+    protected void createStartElementAndOutputAsEvent(OutputProcessorChain outputProcessorChain, QName element, Map<QName, String> namespaces, Map<QName, String> attributes) throws XMLStreamException, WSSecurityException {
+        List<Attribute> attributeList = new LinkedList<Attribute>();
+        if (attributes != null) {
+            Iterator<Map.Entry<QName, String>> attributeIterator = attributes.entrySet().iterator();
+            while (attributeIterator.hasNext()) {
+                Map.Entry<QName, String> qNameStringEntry = attributeIterator.next();
+                Attribute attribute = xmlEventFactory.createAttribute(qNameStringEntry.getKey(), qNameStringEntry.getValue());
+                attributeList.add(attribute);
+            }
+        }
+        List<Namespace> namespaceList = new LinkedList<Namespace>();
+        if (namespaces != null) {
+            Iterator<Map.Entry<QName, String>> namespaceIterator = namespaces.entrySet().iterator();
+            while (namespaceIterator.hasNext()) {
+                Map.Entry<QName, String> qNameStringEntry = namespaceIterator.next();
+                namespaceList.add(xmlEventFactory.createNamespace(qNameStringEntry.getKey().getLocalPart(), qNameStringEntry.getValue()));
+            }
+        }
+        StartElement startElement = xmlEventFactory.createStartElement(element, attributeList.iterator(), namespaceList.iterator());
+        outputAsEvent(outputProcessorChain, startElement);
+    }
+
+    protected void createStartElementAndOutputAsEvent(OutputProcessorChain outputProcessorChain, QName element, Map<QName, String> attributes) throws XMLStreamException, WSSecurityException {
+        List<Namespace> namespaceList = new LinkedList<Namespace>();
+        namespaceList.add(xmlEventFactory.createNamespace(element.getPrefix(), element.getNamespaceURI()));
+
+        List<Attribute> attributeList = new LinkedList<Attribute>();
+        if (attributes != null) {
+            Iterator<Map.Entry<QName, String>> attributeIterator = attributes.entrySet().iterator();
+            while (attributeIterator.hasNext()) {
+                Map.Entry<QName, String> qNameStringEntry = attributeIterator.next();
+                Attribute attribute = xmlEventFactory.createAttribute(qNameStringEntry.getKey(), qNameStringEntry.getValue());
+                attributeList.add(attribute);
+
+                if ("".equals(attribute.getName().getPrefix())) {
+                    continue;
+                }
+
+                boolean found = false;
+                for (int i = 0; i < namespaceList.size(); i++) {
+                    Namespace namespace = namespaceList.get(i);
+                    if (namespace.getPrefix() != null && attribute.getName().getPrefix() != null && namespace.getPrefix().equals(attribute.getName().getPrefix())) {
+                        found = true;
+                        break;
+                    }
+                }
+                if (!found) {
+                    namespaceList.add(xmlEventFactory.createNamespace(attribute.getName().getPrefix(), attribute.getName().getNamespaceURI()));
+                }
+            }
+        }
+
+        StartElement startElement = xmlEventFactory.createStartElement(element, attributeList.iterator(), namespaceList.iterator());
+        outputAsEvent(outputProcessorChain, startElement);
+    }
+
+    protected EndElement createEndElement(QName element) {
+        List<Namespace> namespaceList = new LinkedList<Namespace>();
+        namespaceList.add(xmlEventFactory.createNamespace(element.getPrefix(), element.getNamespaceURI()));
+        return xmlEventFactory.createEndElement(element, namespaceList.iterator());
+    }
+
+    protected void createEndElementAndOutputAsEvent(OutputProcessorChain outputProcessorChain, QName element) throws XMLStreamException, WSSecurityException {
+        outputAsEvent(outputProcessorChain, createEndElement(element));
+    }
+
+    protected void createCharactersAndOutputAsEvent(OutputProcessorChain outputProcessorChain, String characters) throws XMLStreamException, WSSecurityException {
+        outputAsEvent(outputProcessorChain, createCharacters(characters));
+    }
+
+    protected Characters createCharacters(String characters) {
+        return xmlEventFactory.createCharacters(characters);
+    }
+
+    protected Attribute createAttribute(QName attribute, String attributeValue) {
+        return xmlEventFactory.createAttribute(attribute, attributeValue);
+    }
+
+    protected Namespace createNamespace(String prefix, String uri) {
+        return xmlEventFactory.createNamespace(prefix, uri);
+    }
+
+    protected void outputAsEvent(OutputProcessorChain outputProcessorChain, XMLEvent xmlEvent) throws XMLStreamException, WSSecurityException {
+        outputProcessorChain.reset();
+        outputProcessorChain.processEvent(xmlEvent);
+    }
+
+    protected void createSecurityTokenReferenceStructureForSignature(
+            OutputProcessorChain outputProcessorChain,
+            SecurityToken securityToken,
+            Constants.KeyIdentifierType keyIdentifierType,
+            boolean useSingleCertificate)
+            throws XMLStreamException, WSSecurityException {
+
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        attributes.put(Constants.ATT_wsu_Id, "STRId-" + UUID.randomUUID().toString());
+        if ((keyIdentifierType == Constants.KeyIdentifierType.BST_DIRECT_REFERENCE
+                || keyIdentifierType == Constants.KeyIdentifierType.BST_EMBEDDED)
+                && !useSingleCertificate) {
+            attributes.put(Constants.ATT_wsse11_TokenType, Constants.NS_X509PKIPathv1);
+        } else if (securityToken.getTokenType() == Constants.TokenType.Saml10Token || securityToken.getTokenType() == Constants.TokenType.Saml11Token) {
+            attributes.put(Constants.ATT_wsse11_TokenType, Constants.NS_SAML11_TOKEN_PROFILE_TYPE);
+        } else if (securityToken.getTokenType() == Constants.TokenType.Saml20Token) {
+            attributes.put(Constants.ATT_wsse11_TokenType, Constants.NS_SAML20_TOKEN_PROFILE_TYPE);
+        }
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference, attributes);
+
+        X509Certificate[] x509Certificates = securityToken.getX509Certificates();
+        String tokenId = securityToken.getId();
+
+        if (keyIdentifierType == Constants.KeyIdentifierType.ISSUER_SERIAL) {
+            createX509IssuerSerialStructure(outputProcessorChain, x509Certificates);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.SKI_KEY_IDENTIFIER) {
+            createX509SubjectKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.X509_KEY_IDENTIFIER) {
+            createX509KeyIdentifierStructure(outputProcessorChain, x509Certificates);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.THUMBPRINT_IDENTIFIER) {
+            createThumbprintKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.BST_EMBEDDED) {
+            createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.BST_DIRECT_REFERENCE) {
+            createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.EMBEDDED_SECURITY_TOKEN_REF) {
+            createEmbeddedSecurityTokenReferenceStructure(outputProcessorChain, tokenId);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.EMEDDED_KEYIDENTIFIER_REF) {
+            createEmbeddedKeyIdentifierStructure(outputProcessorChain, securityToken.getTokenType(), tokenId);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.USERNAMETOKEN_REFERENCE) {
+            createUsernameTokenReferenceStructure(outputProcessorChain, tokenId);
+        } else {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "unsupportedSecurityToken", keyIdentifierType.name());
+        }
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference);
+    }
+
+    protected void createSecurityTokenReferenceStructureForEncryptedKey(
+            OutputProcessorChain outputProcessorChain,
+            SecurityToken securityToken,
+            Constants.KeyIdentifierType keyIdentifierType,
+            boolean useSingleCertificate)
+            throws XMLStreamException, WSSecurityException {
+
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        attributes.put(Constants.ATT_wsu_Id, "STRId-" + UUID.randomUUID().toString());
+        if ((keyIdentifierType == Constants.KeyIdentifierType.BST_DIRECT_REFERENCE
+                || keyIdentifierType == Constants.KeyIdentifierType.BST_EMBEDDED)
+                && !useSingleCertificate) {
+            attributes.put(Constants.ATT_wsse11_TokenType, Constants.NS_X509PKIPathv1);
+        }
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference, attributes);
+
+        X509Certificate[] x509Certificates = securityToken.getKeyWrappingToken().getX509Certificates();
+        String tokenId = securityToken.getKeyWrappingToken().getId();
+
+        if (keyIdentifierType == Constants.KeyIdentifierType.ISSUER_SERIAL) {
+            createX509IssuerSerialStructure(outputProcessorChain, x509Certificates);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.SKI_KEY_IDENTIFIER) {
+            createX509SubjectKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.X509_KEY_IDENTIFIER) {
+            createX509KeyIdentifierStructure(outputProcessorChain, x509Certificates);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.THUMBPRINT_IDENTIFIER) {
+            createThumbprintKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.BST_EMBEDDED) {
+            createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.BST_DIRECT_REFERENCE) {
+            createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.EMBEDDED_SECURITY_TOKEN_REF) {
+            createEmbeddedSecurityTokenReferenceStructure(outputProcessorChain, tokenId);
+        } else {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, "unsupportedSecurityToken", keyIdentifierType.name());
+        }
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference);
+    }
+
+    protected void createSecurityTokenReferenceStructureForDerivedKey(
+            OutputProcessorChain outputProcessorChain,
+            SecurityToken securityToken,
+            Constants.KeyIdentifierType keyIdentifierType,
+            Constants.DerivedKeyTokenReference derivedKeyTokenReference,
+            boolean useSingleCertificate)
+            throws XMLStreamException, WSSecurityException {
+
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        attributes.put(Constants.ATT_wsu_Id, "STRId-" + UUID.randomUUID().toString());
+        if ((keyIdentifierType == Constants.KeyIdentifierType.BST_DIRECT_REFERENCE
+                || keyIdentifierType == Constants.KeyIdentifierType.BST_EMBEDDED)
+                && !useSingleCertificate) {
+            attributes.put(Constants.ATT_wsse11_TokenType, Constants.NS_X509PKIPathv1);
+        } else if (derivedKeyTokenReference == Constants.DerivedKeyTokenReference.EncryptedKey) {
+            attributes.put(Constants.ATT_wsse11_TokenType, Constants.NS_WSS_ENC_KEY_VALUE_TYPE);
+        }
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference, attributes);
+
+        X509Certificate[] x509Certificates = securityToken.getKeyWrappingToken().getX509Certificates();
+        String tokenId = securityToken.getKeyWrappingToken().getId();
+
+        if (keyIdentifierType == Constants.KeyIdentifierType.ISSUER_SERIAL) {
+            createX509IssuerSerialStructure(outputProcessorChain, x509Certificates);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.SKI_KEY_IDENTIFIER) {
+            createX509SubjectKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.X509_KEY_IDENTIFIER) {
+            createX509KeyIdentifierStructure(outputProcessorChain, x509Certificates);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.THUMBPRINT_IDENTIFIER) {
+            createThumbprintKeyIdentifierStructure(outputProcessorChain, x509Certificates);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.BST_EMBEDDED) {
+            createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, true);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.BST_DIRECT_REFERENCE) {
+            createBSTReferenceStructure(outputProcessorChain, tokenId, x509Certificates, useSingleCertificate, false);
+        } else if (keyIdentifierType == Constants.KeyIdentifierType.EMBEDDED_SECURITY_TOKEN_REF) {
+            createEmbeddedSecurityTokenReferenceStructure(outputProcessorChain, tokenId);
+        } else {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_ENCRYPTION, "unsupportedSecurityToken", keyIdentifierType.name());
+        }
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_SecurityTokenReference);
+    }
+
+    protected void createUsernameTokenReferenceStructure(OutputProcessorChain outputProcessorChain, String tokenId) throws XMLStreamException, WSSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        attributes.put(Constants.ATT_NULL_URI, "#" + tokenId);
+        attributes.put(Constants.ATT_NULL_ValueType, Constants.NS_USERNAMETOKEN_PROFILE_UsernameToken);
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference, attributes);
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference);
+    }
+
+    protected void createEmbeddedSecurityTokenReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId) throws XMLStreamException, WSSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        attributes.put(Constants.ATT_NULL_URI, "#" + referenceId);
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference, attributes);
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference);
+    }
+
+    protected void createEmbeddedKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, Constants.TokenType tokenType, String referenceId) throws XMLStreamException, WSSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        if (tokenType == Constants.TokenType.Saml10Token || tokenType == Constants.TokenType.Saml11Token) {
+            attributes.put(Constants.ATT_NULL_ValueType, Constants.NS_SAML10_TYPE);
+        } else if (tokenType == Constants.TokenType.Saml20Token) {
+            attributes.put(Constants.ATT_NULL_ValueType, Constants.NS_SAML20_TYPE);
+        }
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier, attributes);
+        createCharactersAndOutputAsEvent(outputProcessorChain, referenceId);
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier);
+    }
+
+    protected void createBSTReferenceStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate, boolean embed) throws XMLStreamException, WSSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        String valueType;
+        if (useSingleCertificate) {
+            valueType = Constants.NS_X509_V3_TYPE;
+        } else {
+            valueType = Constants.NS_X509PKIPathv1;
+        }
+        attributes.put(Constants.ATT_NULL_URI, "#" + referenceId);
+        attributes.put(Constants.ATT_NULL_ValueType, valueType);
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference, attributes);
+        if (embed) {
+            createBinarySecurityTokenStructure(outputProcessorChain, referenceId, x509Certificates, useSingleCertificate);
+        }
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_Reference);
+    }
+
+    protected void createBinarySecurityTokenStructure(OutputProcessorChain outputProcessorChain, String referenceId, X509Certificate[] x509Certificates, boolean useSingleCertificate) throws XMLStreamException, WSSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        String valueType;
+        if (useSingleCertificate) {
+            valueType = Constants.NS_X509_V3_TYPE;
+        } else {
+            valueType = Constants.NS_X509PKIPathv1;
+        }
+        attributes.put(Constants.ATT_NULL_EncodingType, Constants.SOAPMESSAGE_NS10_BASE64_ENCODING);
+        attributes.put(Constants.ATT_NULL_ValueType, valueType);
+        attributes.put(Constants.ATT_wsu_Id, referenceId);
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_BinarySecurityToken, attributes);
+        try {
+            if (useSingleCertificate) {
+                createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
+            } else {
+                try {
+                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
+                    List<X509Certificate> certificates = Arrays.asList(x509Certificates);
+                    createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(certificateFactory.generateCertPath(certificates).getEncoded()));
+                } catch (CertificateException e) {
+                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+                } catch (NoSuchProviderException e) {
+                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+                }
+            }
+        } catch (CertificateEncodingException e) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+        }
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_BinarySecurityToken);
+    }
+
+    protected void createThumbprintKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, WSSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        attributes.put(Constants.ATT_NULL_EncodingType, Constants.SOAPMESSAGE_NS10_BASE64_ENCODING);
+        attributes.put(Constants.ATT_NULL_ValueType, Constants.NS_THUMBPRINT);
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier, attributes);
+        try {
+            MessageDigest sha;
+            sha = MessageDigest.getInstance("SHA-1");
+            sha.reset();
+            sha.update(x509Certificates[0].getEncoded());
+            byte[] data = sha.digest();
+
+            createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
+        } catch (CertificateEncodingException e) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+        } catch (NoSuchAlgorithmException e) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+        }
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier);
+    }
+
+    protected void createX509KeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, WSSecurityException {
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        attributes.put(Constants.ATT_NULL_EncodingType, Constants.SOAPMESSAGE_NS10_BASE64_ENCODING);
+        attributes.put(Constants.ATT_NULL_ValueType, Constants.NS_X509_V3_TYPE);
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier, attributes);
+        try {
+            createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(x509Certificates[0].getEncoded()));
+        } catch (CertificateEncodingException e) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e);
+        }
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier);
+    }
+
+    protected void createX509SubjectKeyIdentifierStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws WSSecurityException, XMLStreamException {
+        // As per the 1.1 specification, SKI can only be used for a V3 certificate
+        if (x509Certificates[0].getVersion() != 3) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, "invalidCertForSKI");
+        }
+
+        Map<QName, String> attributes = new HashMap<QName, String>();
+        attributes.put(Constants.ATT_NULL_EncodingType, Constants.SOAPMESSAGE_NS10_BASE64_ENCODING);
+        attributes.put(Constants.ATT_NULL_ValueType, Constants.NS_X509SubjectKeyIdentifier);
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier, attributes);
+        byte data[] = new Merlin().getSKIBytesFromCert(x509Certificates[0]);
+        createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{'\n'}).encodeToString(data));
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_wsse_KeyIdentifier);
+    }
+
+    protected void createX509IssuerSerialStructure(OutputProcessorChain outputProcessorChain, X509Certificate[] x509Certificates) throws XMLStreamException, WSSecurityException {
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509Data, null);
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509IssuerSerial, null);
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509IssuerName, null);
+        createCharactersAndOutputAsEvent(outputProcessorChain, RFC2253Parser.normalize(x509Certificates[0].getIssuerDN().getName(), true));
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509IssuerName);
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509SerialNumber, null);
+        createCharactersAndOutputAsEvent(outputProcessorChain, x509Certificates[0].getSerialNumber().toString());
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509SerialNumber);
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509IssuerSerial);
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_dsig_X509Data);
+    }
+
+    protected void createReferenceListStructure(OutputProcessorChain outputProcessorChain) throws XMLStreamException, WSSecurityException {
+        List<EncryptionPartDef> encryptionPartDefs = outputProcessorChain.getSecurityContext().getAsList(EncryptionPartDef.class);
+        if (encryptionPartDefs == null) {
+            return;
+        }
+        Map<QName, String> attributes;
+        createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_ReferenceList, null);
+        //output the references to the encrypted data:
+        Iterator<EncryptionPartDef> encryptionPartDefIterator = encryptionPartDefs.iterator();
+        while (encryptionPartDefIterator.hasNext()) {
+            EncryptionPartDef encryptionPartDef = encryptionPartDefIterator.next();
+
+            attributes = new HashMap<QName, String>();
+            attributes.put(Constants.ATT_NULL_URI, "#" + encryptionPartDef.getEncRefId());
+            createStartElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_DataReference, attributes);
+            createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_DataReference);
+        }
+        createEndElementAndOutputAsEvent(outputProcessorChain, Constants.TAG_xenc_ReferenceList);
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/AbstractOutputProcessor.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/ComparableAttribute.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/ComparableAttribute.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/ComparableAttribute.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/ComparableAttribute.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,149 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.ext;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.Location;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.Attribute;
+import javax.xml.stream.events.Characters;
+import javax.xml.stream.events.EndElement;
+import javax.xml.stream.events.StartElement;
+import java.io.Writer;
+
+/**
+ * Class to let XML-Attributes be comparable how it is requested by C14N
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class ComparableAttribute implements Attribute, Comparable<ComparableAttribute> {
+
+    private QName name;
+    private String value;
+
+    public ComparableAttribute(QName name, String value) {
+        this.name = name;
+        this.value = value;
+    }
+
+    public int compareTo(ComparableAttribute o) {
+        //An element's attribute nodes are sorted lexicographically with namespace URI as the primary
+        //key and local name as the secondary key (an empty namespace URI is lexicographically least).
+        int namespacePartCompare = this.getName().getNamespaceURI().compareTo(o.getName().getNamespaceURI());
+        if (namespacePartCompare != 0) {
+            return namespacePartCompare;
+        } else {
+            return this.getName().getLocalPart().compareTo(o.getName().getLocalPart());
+        }
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (!(obj instanceof ComparableAttribute)) {
+            return false;
+        }
+        ComparableAttribute comparableAttribute = (ComparableAttribute) obj;
+        if (comparableAttribute.getName().getLocalPart().equals(this.getName().getLocalPart())) {
+            //&& comparableNamespace.getNamespace().getNamespaceURI().equals(this.attribute.getNamespaceURI())) {
+            return true;
+        }
+        return false;
+    }
+
+    public QName getName() {
+        return name;
+    }
+
+    public String getValue() {
+        return value;
+    }
+
+    public String getDTDType() {
+        return "CDATA";
+    }
+
+    public boolean isSpecified() {
+        return true;
+    }
+
+    public int getEventType() {
+        return ATTRIBUTE;
+    }
+
+    public Location getLocation() {
+        return null;
+    }
+
+    public boolean isStartElement() {
+        return false;
+    }
+
+    public boolean isAttribute() {
+        return true;
+    }
+
+    public boolean isNamespace() {
+        return false;
+    }
+
+    public boolean isEndElement() {
+        return false;
+    }
+
+    public boolean isEntityReference() {
+        return false;
+    }
+
+    public boolean isProcessingInstruction() {
+        return false;
+    }
+
+    public boolean isCharacters() {
+        return false;
+    }
+
+    public boolean isStartDocument() {
+        return false;
+    }
+
+    public boolean isEndDocument() {
+        return false;
+    }
+
+    public StartElement asStartElement() {
+        return null;
+    }
+
+    public EndElement asEndElement() {
+        return null;
+    }
+
+    public Characters asCharacters() {
+        return null;
+    }
+
+    public QName getSchemaType() {
+        return null;
+    }
+
+    public void writeAsEncodedUnicode(Writer writer) throws XMLStreamException {
+        throw new UnsupportedOperationException("writeAsEncodedUnicode not implemented");
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/ComparableAttribute.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/ComparableNamespace.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/ComparableNamespace.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/ComparableNamespace.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/ComparableNamespace.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,178 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.ext;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.Location;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.Characters;
+import javax.xml.stream.events.EndElement;
+import javax.xml.stream.events.Namespace;
+import javax.xml.stream.events.StartElement;
+import java.io.Writer;
+
+/**
+ * Class to let XML-Namespaces be comparable how it is requested by C14N
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class ComparableNamespace implements Namespace, Comparable<ComparableNamespace> {
+
+    private String prefix;
+    private String uri;
+
+    public ComparableNamespace(String uri) {
+        this.uri = uri;
+        this.prefix = "";
+    }
+
+    public ComparableNamespace(String prefix, String uri) {
+        if (prefix != null) {
+            this.prefix = prefix;
+        } else {
+            this.prefix = "";
+        }
+        if (uri != null) {
+            this.uri = uri;
+        } else {
+            this.uri = "";
+        }
+    }
+
+    public int compareTo(ComparableNamespace o) {
+        //An element's namespace nodes are sorted lexicographically by local name
+        //(the default namespace node, if one exists, has no local name and is therefore lexicographically least).
+        return this.getPrefix().compareTo(o.getPrefix());
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (!(obj instanceof ComparableNamespace)) {
+            return false;
+        }
+        ComparableNamespace comparableNamespace = (ComparableNamespace) obj;
+
+        if (comparableNamespace.getPrefix().equals(this.getPrefix())) {
+            //just test for prefix to get the last prefix definition on the stack and let overwrite it 
+            return true;
+        }
+        return false;
+    }
+
+    public QName getName() {
+        return null;
+    }
+
+    public String getValue() {
+        return null;
+    }
+
+    public String getNamespaceURI() {
+        return uri;
+    }
+
+    public String getPrefix() {
+        return prefix;
+    }
+
+    public boolean isDefaultNamespaceDeclaration() {
+        return (prefix.length() == 0);
+    }
+
+    public String getDTDType() {
+        return "CDATA";
+    }
+
+    public boolean isSpecified() {
+        return true;
+    }
+
+    public int getEventType() {
+        return NAMESPACE;
+    }
+
+    public Location getLocation() {
+        return null;
+    }
+
+    public boolean isStartElement() {
+        return false;
+    }
+
+    public boolean isAttribute() {
+        return true;
+    }
+
+    public boolean isNamespace() {
+        return true;
+    }
+
+    public boolean isEndElement() {
+        return false;
+    }
+
+    public boolean isEntityReference() {
+        return false;
+    }
+
+    public boolean isProcessingInstruction() {
+        return false;
+    }
+
+    public boolean isCharacters() {
+        return false;
+    }
+
+    public boolean isStartDocument() {
+        return false;
+    }
+
+    public boolean isEndDocument() {
+        return false;
+    }
+
+    public StartElement asStartElement() {
+        return null;
+    }
+
+    public EndElement asEndElement() {
+        return null;
+    }
+
+    public Characters asCharacters() {
+        return null;
+    }
+
+    public QName getSchemaType() {
+        return null;
+    }
+
+    public void writeAsEncodedUnicode(Writer writer) throws XMLStreamException {
+        throw new UnsupportedOperationException("writeAsEncodedUnicode not implemented");
+    }
+
+    @Override
+    public String toString() {
+        if (getPrefix() == null || getPrefix().length() == 0) {
+            return "xmlns=\"" + getNamespaceURI() + "\"";
+        }
+        return "xmlns:" + getPrefix() + "=\"" + getNamespaceURI() + "\"";
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/ComparableNamespace.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/Constants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/Constants.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/Constants.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/Constants.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,396 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.ext;
+
+import javax.xml.namespace.QName;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.EnumSet;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Constants for global use
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class Constants {
+
+    private Constants() {
+    }
+
+    public static final SecureRandom secureRandom;
+
+    static {
+        try {
+            secureRandom = SecureRandom.getInstance("SHA1PRNG");
+            secureRandom.setSeed(System.currentTimeMillis());
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    public enum Phase {
+        PREPROCESSING,
+        PROCESSING,
+        POSTPROCESSING,
+    }
+
+    public static final String XMLINPUTFACTORY = "XMLInputFactory";
+    public static final String TIMESTAMP_PROCESSED = "TimestampProcessed";
+
+    public static final String NS_XML = "http://www.w3.org/2000/xmlns/";
+    public static final String NS_XMLENC = "http://www.w3.org/2001/04/xmlenc#";
+    public static final String NS_DSIG = "http://www.w3.org/2000/09/xmldsig#";
+    public static final String NS_WSSE10 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
+    public static final String NS_WSSE11 = "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
+    public static final String NS_WSU10 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+    public static final String NS_SOAP11 = "http://schemas.xmlsoap.org/soap/envelope/";
+    public static final String NS_SOAP12 = "http://www.w3.org/2003/05/soap-envelope";
+
+    public static final String NS_WST = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+    public static final String NS_WSC_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
+
+    public static final String NS_SAML = "urn:oasis:names:tc:SAML:1.0:assertion";
+    public static final String NS_SAML2 = "urn:oasis:names:tc:SAML:2.0:assertion";
+
+    public static final String PREFIX_SOAPENV = "env";
+    public static final String TAG_soap_Envelope_LocalName = "Envelope";
+    public static final String TAG_soap_Header_LocalName = "Header";
+    public static final String TAG_soap_Body_LocalName = "Body";
+
+    public static final QName TAG_soap11_Envelope = new QName(NS_SOAP11, TAG_soap_Envelope_LocalName, PREFIX_SOAPENV);
+    public static final QName TAG_soap11_Header = new QName(NS_SOAP11, TAG_soap_Header_LocalName, PREFIX_SOAPENV);
+    public static final QName TAG_soap11_Body = new QName(NS_SOAP11, TAG_soap_Body_LocalName, PREFIX_SOAPENV);
+    public static final QName ATT_soap11_Actor = new QName(NS_SOAP11, "actor", PREFIX_SOAPENV);
+
+    public static final QName TAG_soap12_Envelope = new QName(NS_SOAP12, TAG_soap_Envelope_LocalName, PREFIX_SOAPENV);
+    public static final QName TAG_soap12_Header = new QName(NS_SOAP12, TAG_soap_Header_LocalName, PREFIX_SOAPENV);
+    public static final QName TAG_soap12_Body = new QName(NS_SOAP12, TAG_soap_Body_LocalName, PREFIX_SOAPENV);
+    public static final QName ATT_soap12_Role = new QName(NS_SOAP12, "role", PREFIX_SOAPENV);
+
+    public static final String PREFIX_WSSE = "wsse";
+    public static final String PREFIX_WSSE11 = "wsse11";
+    public static final QName TAG_wsse_Security = new QName(NS_WSSE10, "Security", PREFIX_WSSE);
+
+    public static final String PREFIX_XENC = "xenc";
+    public static final QName TAG_xenc_EncryptedKey = new QName(NS_XMLENC, "EncryptedKey", PREFIX_XENC);
+    public static final QName ATT_NULL_Id = new QName(null, "Id");
+    public static final QName ATT_NULL_Type = new QName(null, "Type");
+    public static final QName ATT_NULL_MimeType = new QName(null, "MimeType");
+    public static final QName ATT_NULL_Encoding = new QName(null, "Encoding");
+
+    public static final QName TAG_xenc_EncryptionMethod = new QName(NS_XMLENC, "EncryptionMethod", PREFIX_XENC);
+    public static final QName ATT_NULL_Algorithm = new QName(null, "Algorithm");
+
+    public static final String PREFIX_DSIG = "dsig";
+    public static final QName TAG_dsig_KeyInfo = new QName(NS_DSIG, "KeyInfo", PREFIX_DSIG);
+
+    public static final QName TAG_wsse_SecurityTokenReference = new QName(NS_WSSE10, "SecurityTokenReference", PREFIX_WSSE);
+    public static final QName TAG_wsse_Reference = new QName(NS_WSSE10, "Reference", PREFIX_WSSE);
+    public static final QName ATT_wsse_Usage = new QName(NS_WSSE10, "Usage", PREFIX_WSSE);
+    public static final QName ATT_wsse11_TokenType = new QName(NS_WSSE11, "TokenType", PREFIX_WSSE11);
+
+    public static final QName TAG_wsse_KeyIdentifier = new QName(NS_WSSE10, "KeyIdentifier", PREFIX_WSSE);
+    public static final QName ATT_NULL_EncodingType = new QName(null, "EncodingType");
+    public static final QName ATT_NULL_ValueType = new QName(null, "ValueType");
+
+    public static final QName TAG_xenc_EncryptionProperties = new QName(NS_XMLENC, "EncryptionProperties", PREFIX_XENC);
+
+    public static final QName TAG_xenc_CipherData = new QName(NS_XMLENC, "CipherData", PREFIX_XENC);
+
+    public static final QName TAG_xenc_CipherValue = new QName(NS_XMLENC, "CipherValue", PREFIX_XENC);
+
+    public static final QName TAG_xenc_ReferenceList = new QName(NS_XMLENC, "ReferenceList", PREFIX_XENC);
+
+    public static final QName TAG_xenc_DataReference = new QName(NS_XMLENC, "DataReference", PREFIX_XENC);
+    public static final QName ATT_NULL_URI = new QName(null, "URI");
+
+    public static final QName TAG_wsse_BinarySecurityToken = new QName(NS_WSSE10, "BinarySecurityToken", PREFIX_WSSE);
+    public static final String PREFIX_WSU = "wsu";
+    public static final QName ATT_wsu_Id = new QName(NS_WSU10, "Id", PREFIX_WSU);
+
+    public static final QName TAG_xenc_EncryptedData = new QName(NS_XMLENC, "EncryptedData", PREFIX_XENC);
+
+    public static final QName TAG_wsse11_EncryptedHeader = new QName(NS_WSSE11, "EncryptedHeader", PREFIX_WSSE11);
+
+    public static final QName TAG_dsig_Signature = new QName(NS_DSIG, "Signature", PREFIX_DSIG);
+
+    public static final QName TAG_dsig_SignedInfo = new QName(NS_DSIG, "SignedInfo", PREFIX_DSIG);
+
+    public static final QName TAG_dsig_CanonicalizationMethod = new QName(NS_DSIG, "CanonicalizationMethod", PREFIX_DSIG);
+
+    public static final QName TAG_dsig_SignatureMethod = new QName(NS_DSIG, "SignatureMethod", PREFIX_DSIG);
+
+    public static final QName TAG_dsig_Reference = new QName(NS_DSIG, "Reference", PREFIX_DSIG);
+
+    public static final QName TAG_dsig_Transforms = new QName(NS_DSIG, "Transforms", PREFIX_DSIG);
+
+    public static final QName TAG_dsig_Transform = new QName(NS_DSIG, "Transform", PREFIX_DSIG);
+
+    public static final QName TAG_wsse_TransformationParameters = new QName(NS_WSSE10, "TransformationParameters", PREFIX_WSSE);
+
+    public static final QName TAG_dsig_DigestMethod = new QName(NS_DSIG, "DigestMethod", PREFIX_DSIG);
+
+    public static final QName TAG_dsig_DigestValue = new QName(NS_DSIG, "DigestValue", PREFIX_DSIG);
+
+    public static final QName TAG_dsig_SignatureValue = new QName(NS_DSIG, "SignatureValue", PREFIX_DSIG);
+
+    public static final QName TAG_wsu_Timestamp = new QName(NS_WSU10, "Timestamp", PREFIX_WSU);
+    public static final QName TAG_wsu_Created = new QName(NS_WSU10, "Created", PREFIX_WSU);
+    public static final QName TAG_wsu_Expires = new QName(NS_WSU10, "Expires", PREFIX_WSU);
+
+    public static final QName TAG_dsig_X509Data = new QName(NS_DSIG, "X509Data", PREFIX_DSIG);
+    public static final QName TAG_dsig_X509IssuerSerial = new QName(NS_DSIG, "X509IssuerSerial", PREFIX_DSIG);
+    public static final QName TAG_dsig_X509IssuerName = new QName(NS_DSIG, "X509IssuerName", PREFIX_DSIG);
+    public static final QName TAG_dsig_X509SerialNumber = new QName(NS_DSIG, "X509SerialNumber", PREFIX_DSIG);
+
+    public static final String NS10_SOAPMESSAGE_SECURITY = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0";
+    public static final String NS11_SOAPMESSAGE_SECURITY = "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1";
+
+    public static final String NS_X509TOKEN_PROFILE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0";
+
+    public static final String NS_X509_V3_TYPE = NS_X509TOKEN_PROFILE + "#X509v3";
+    public static final String NS_X509PKIPathv1 = NS_X509TOKEN_PROFILE + "#X509PKIPathv1";
+    public static final String NS_X509SubjectKeyIdentifier = NS_X509TOKEN_PROFILE + "#X509SubjectKeyIdentifier";
+    public static final String NS_THUMBPRINT = NS11_SOAPMESSAGE_SECURITY + "#ThumbprintSHA1";
+
+    public static final String SOAPMESSAGE_NS10_BASE64_ENCODING = NS10_SOAPMESSAGE_SECURITY + "#Base64Binary";
+
+    public static final QName TAG_wsse_UsernameToken = new QName(NS_WSSE10, "UsernameToken", PREFIX_WSSE);
+    public static final QName TAG_wsse_Username = new QName(NS_WSSE10, "Username", PREFIX_WSSE);
+    public static final QName TAG_wsse_Password = new QName(NS_WSSE10, "Password", PREFIX_WSSE);
+    public static final QName TAG_wsse_Nonce = new QName(NS_WSSE10, "Nonce", PREFIX_WSSE);
+    public static final QName TAG_wsse11_Salt = new QName(NS_WSSE11, "Salt", PREFIX_WSSE11);
+    public static final QName TAG_wsse11_Iteration = new QName(NS_WSSE11, "Iteration", PREFIX_WSSE11);
+
+    public static final String NS_USERNAMETOKEN_PROFILE11 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0";
+    public static final String NS_PASSWORD_DIGEST = NS_USERNAMETOKEN_PROFILE11 + "#PasswordDigest";
+    public static final String NS_PASSWORD_TEXT = NS_USERNAMETOKEN_PROFILE11 + "#PasswordText";
+    public static final String NS_USERNAMETOKEN_PROFILE_UsernameToken = NS_USERNAMETOKEN_PROFILE11 + "#UsernameToken";
+
+    public static final QName TAG_wsse11_SignatureConfirmation = new QName(NS_WSSE11, "SignatureConfirmation", PREFIX_WSSE11);
+    public static final QName ATT_NULL_Value = new QName(null, "Value");
+
+    public static final String NS_C14N_EXCL = "http://www.w3.org/2001/10/xml-exc-c14n#";
+    public static final String PREFIX_C14N_EXCL = "c14nEx";
+    public static final QName ATT_NULL_PrefixList = new QName(null, "PrefixList");
+    public static final QName TAG_c14nExcl_InclusiveNamespaces = new QName(NS_C14N_EXCL, "InclusiveNamespaces", PREFIX_C14N_EXCL);
+
+    public static final QName TAG_wst_BinarySecret = new QName(NS_WST, "BinarySecret");
+
+    public static final String SOAPMESSAGE_NS10_STRTransform = NS10_SOAPMESSAGE_SECURITY + "#STR-Transform";
+
+    public static final QName TAG_saml_Assertion = new QName(NS_SAML, "Assertion");
+    public static final QName TAG_saml2_Assertion = new QName(NS_SAML2, "Assertion");
+
+    public static final String NS_SAML10_TOKEN_PROFILE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0";
+    public static final String NS_SAML11_TOKEN_PROFILE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1";
+    public static final String NS_SAML10_TYPE = NS_SAML10_TOKEN_PROFILE + "#SAMLAssertionID";
+    public static final String NS_SAML20_TYPE = NS_SAML11_TOKEN_PROFILE + "#SAMLID";
+    public static final String NS_SAML11_TOKEN_PROFILE_TYPE = NS_SAML11_TOKEN_PROFILE + "#SAMLV1.1";
+    public static final String NS_SAML20_TOKEN_PROFILE_TYPE = NS_SAML11_TOKEN_PROFILE + "#SAMLV2.0";
+
+    public static final QName ATT_NULL_AssertionID = new QName(null, "AssertionID");
+    public static final QName ATT_NULL_ID = new QName(null, "ID");
+
+
+    public static final String NS_WSC_05_02 = "http://schemas.xmlsoap.org/ws/2005/02/sc";
+    public static final String NS_WSC_05_12 = "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512";
+    public static final String PREFIX_WSC = "wsc";
+
+    public static final QName TAG_wsc0502_SecurityContextToken = new QName(NS_WSC_05_02, "SecurityContextToken", PREFIX_WSC);
+    public static final QName TAG_wsc0512_SecurityContextToken = new QName(NS_WSC_05_12, "SecurityContextToken", PREFIX_WSC);
+    public static final QName TAG_wsc0502_Identifier = new QName(NS_WSC_05_02, "Identifier", PREFIX_WSC);
+    public static final QName TAG_wsc0512_Identifier = new QName(NS_WSC_05_12, "Identifier", PREFIX_WSC);
+
+    public static final QName TAG_wsc0502_DerivedKeyToken = new QName(NS_WSC_05_02, "DerivedKeyToken", PREFIX_WSC);
+    public static final QName TAG_wsc0512_DerivedKeyToken = new QName(NS_WSC_05_12, "DerivedKeyToken", PREFIX_WSC);
+    public static final QName TAG_wsc0502_Properties = new QName(NS_WSC_05_02, "Properties", PREFIX_WSC);
+    public static final QName TAG_wsc0512_Properties = new QName(NS_WSC_05_02, "Properties", PREFIX_WSC);
+    public static final QName TAG_wsc0502_Length = new QName(NS_WSC_05_02, "Length", PREFIX_WSC);
+    public static final QName TAG_wsc0512_Length = new QName(NS_WSC_05_02, "Length", PREFIX_WSC);
+    public static final QName TAG_wsc0502_Generation = new QName(NS_WSC_05_02, "Generation", PREFIX_WSC);
+    public static final QName TAG_wsc0512_Generation = new QName(NS_WSC_05_02, "Generation", PREFIX_WSC);
+    public static final QName TAG_wsc0502_Offset = new QName(NS_WSC_05_02, "Offset", PREFIX_WSC);
+    public static final QName TAG_wsc0512_Offset = new QName(NS_WSC_05_02, "Offset", PREFIX_WSC);
+    public static final QName TAG_wsc0502_Label = new QName(NS_WSC_05_02, "Label", PREFIX_WSC);
+    public static final QName TAG_wsc0512_Label = new QName(NS_WSC_05_02, "Label", PREFIX_WSC);
+    public static final QName TAG_wsc0502_Nonce = new QName(NS_WSC_05_02, "Nonce", PREFIX_WSC);
+    public static final QName TAG_wsc0512_Nonce = new QName(NS_WSC_05_02, "Nonce", PREFIX_WSC);
+
+    public static final String P_SHA_1 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+    public static final String P_SHA_1_2005_12 = "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1";
+    public static final String WS_SecureConversation_DEFAULT_LABEL = "WS-SecureConversation";
+
+    public static final String NS_WSS_ENC_KEY_VALUE_TYPE = NS11_SOAPMESSAGE_SECURITY + "#EncryptedKey";
+
+    public static final String PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE = "PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE";
+    public static final String PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION = "PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION";
+    public static final String PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTED_KEY = "PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTED_KEY";
+    public static final String PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY = "PROP_USE_THIS_TOKEN_ID_FOR_DERIVED_KEY";
+    public static final String PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN = "PROP_USE_THIS_TOKEN_ID_FOR_SECURITYCONTEXTTOKEN";
+
+    public static final String PROP_TIMESTAMP_SECURITYEVENT = "PROP_TIMESTAMP";
+
+    public static final String PROP_APPEND_SIGNATURE_ON_THIS_ID = "PROP_APPEND_SIGNATURE_ON_THIS_ID";
+
+    /**
+     * Length of UsernameToken derived key used by .NET WSE to sign a message.
+     */
+    public static final int WSE_DERIVED_KEY_LEN = 16;
+    public static final String LABEL_FOR_DERIVED_KEY = "WS-Security";
+
+    public enum Action {
+        TIMESTAMP,
+        SIGNATURE,
+        ENCRYPT,
+        USERNAMETOKEN,
+        USERNAMETOKEN_SIGNED,
+        SIGNATURE_CONFIRMATION,
+        SIGNATURE_WITH_DERIVED_KEY,
+        ENCRYPT_WITH_DERIVED_KEY,
+        SAML_TOKEN_SIGNED,
+        SAML_TOKEN_UNSIGNED,
+    }
+
+    public enum KeyIdentifierType {
+        DEFAULT_TOKEN,
+        ISSUER_SERIAL,
+        BST_DIRECT_REFERENCE,
+        BST_EMBEDDED,
+        X509_KEY_IDENTIFIER,
+        SKI_KEY_IDENTIFIER,
+        THUMBPRINT_IDENTIFIER,
+        EMBEDDED_SECURITY_TOKEN_REF,
+        EMEDDED_KEYIDENTIFIER_REF,
+        USERNAMETOKEN_REFERENCE,
+    }
+
+    public enum TokenType {
+        EncryptedKeyToken,
+        X509V3Token,
+        X509V1Token,
+        X509Pkcs7Token,
+        X509PkiPathV1Token,
+        UsernameToken,
+        SecurityContextToken,
+        Saml10Token,
+        Saml11Token,
+        Saml20Token,
+        IssuedToken,
+        SecureConversationToken,
+        HttpsToken,
+
+    }
+
+    public enum DerivedKeyTokenReference {
+        DirectReference,
+        EncryptedKey,
+        SecurityContextToken,
+    }
+
+    public enum UsernameTokenPasswordType {
+        PASSWORD_NONE(null),
+        PASSWORD_TEXT(NS_PASSWORD_TEXT),
+        PASSWORD_DIGEST(NS_PASSWORD_DIGEST);
+
+        private String namespace;
+        private static final Map<String, UsernameTokenPasswordType> lookup = new HashMap<String, UsernameTokenPasswordType>();
+
+        static {
+            for (UsernameTokenPasswordType u : EnumSet.allOf(UsernameTokenPasswordType.class))
+                lookup.put(u.getNamespace(), u);
+        }
+
+        UsernameTokenPasswordType(String namespace) {
+            this.namespace = namespace;
+        }
+
+        public String getNamespace() {
+            return namespace;
+        }
+
+        public static UsernameTokenPasswordType getUsernameTokenPasswordType(String namespace) {
+            return lookup.get(namespace);
+        }
+    }
+
+
+    /****************************************************************************
+     * Fault codes defined in the WSS 1.1 spec under section 12, Error handling
+     */
+
+    /**
+     * An unsupported token was provided
+     */
+    public static final QName UNSUPPORTED_SECURITY_TOKEN = new QName(NS_WSSE10, "UnsupportedSecurityToken");
+
+    /**
+     * An unsupported signature or encryption algorithm was used
+     */
+    public static final QName UNSUPPORTED_ALGORITHM = new QName(NS_WSSE10, "UnsupportedAlgorithm");
+
+    /**
+     * An error was discovered processing the <Security> header
+     */
+    public static final QName INVALID_SECURITY = new QName(NS_WSSE10, "InvalidSecurity");
+
+    /**
+     * An invalid security token was provided
+     */
+    public static final QName INVALID_SECURITY_TOKEN = new QName(NS_WSSE10, "InvalidSecurityToken");
+
+    /**
+     * The security token could not be authenticated or authorized
+     */
+    public static final QName FAILED_AUTHENTICATION = new QName(NS_WSSE10, "FailedAuthentication");
+
+    /**
+     * The signature or decryption was invalid
+     */
+    public static final QName FAILED_CHECK = new QName(NS_WSSE10, "FailedCheck");
+
+    /**
+     * Referenced security token could not be retrieved
+     */
+    public static final QName SECURITY_TOKEN_UNAVAILABLE = new QName(NS_WSSE10, "SecurityTokenUnavailable");
+
+    /**
+     * The message has expired
+     */
+    public static final QName MESSAGE_EXPIRED = new QName(NS_WSSE10, "MessageExpired");
+
+    public enum KeyUsage {
+        Sym_Sig,
+        Asym_Sig,
+        Dig,
+        Enc,
+        Sym_Key_Wrap,
+        Asym_Key_Wrap,
+        Comp_Key,
+        Enc_KD,
+        Sig_KD,
+        C14n,
+        Soap_Norm,
+        STR_Trans,
+        XPath,
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/Constants.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/DocumentContext.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/DocumentContext.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/DocumentContext.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/DocumentContext.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,131 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.ext;
+
+import javax.xml.namespace.QName;
+import java.util.List;
+
+/**
+ * This class holds per document, context informations
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public interface DocumentContext {
+
+    /**
+     * @return The Encoding of the Document
+     */
+    public String getEncoding();
+
+    /**
+     * @return The SOAP Version used
+     */
+    public String getSOAPMessageVersionNamespace();
+
+    /**
+     * Adds a Element to the path
+     *
+     * @param qName The QName of the path element
+     */
+    public void addPathElement(QName qName);
+
+    /**
+     * Removes a element from the path
+     *
+     * @return the removed element
+     */
+    public QName removePathElement();
+
+    /**
+     * @return The actual path in the xml
+     */
+    public List<QName> getPath();
+
+    /**
+     * Returns the parent element of the actual eventtype
+     *
+     * @param eventType current event type
+     * @return the name of the parent element
+     */
+    public QName getParentElement(int eventType);
+
+    /**
+     * Indicates if we are currently processing the soap header
+     *
+     * @return true if we stay in the soap header, false otherwise
+     */
+    public boolean isInSOAPHeader();
+
+    /**
+     * Indicates if we are currently processing the soap body
+     *
+     * @return true if we stay in the soap body, false otherwise
+     */
+    public boolean isInSOAPBody();
+
+    /**
+     * @return The current level in the document
+     */
+    public int getDocumentLevel();
+
+    /**
+     * Indicates if we are currently processing the security header
+     *
+     * @return true if we stay in the security header, false otherwise
+     */
+    public boolean isInSecurityHeader();
+
+    /**
+     * Specifies that we are now in the security header
+     *
+     * @param inSecurityHeader set to true when we entering the security header, false otherwise
+     */
+    public void setInSecurityHeader(boolean inSecurityHeader);
+
+    /**
+     * Indicates if we currently stay in an encrypted content
+     */
+    public void setIsInEncryptedContent();
+
+    /**
+     * unset when we leave the encrypted content
+     */
+    public void unsetIsInEncryptedContent();
+
+    /**
+     * @return true if we currently stay in encrypted content
+     */
+    public boolean isInEncryptedContent();
+
+    /**
+     * Indicates if we currently stay in a signed content
+     */
+    public void setIsInSignedContent();
+
+    /**
+     * unset when we leave the signed content
+     */
+    public void unsetIsInSignedContent();
+
+    /**
+     * @return true if we currently stay in signed content
+     */
+    public boolean isInSignedContent();
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/DocumentContext.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InboundWSSec.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InboundWSSec.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InboundWSSec.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,132 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.ext;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.swssf.impl.DocumentContextImpl;
+import org.swssf.impl.InputProcessorChainImpl;
+import org.swssf.impl.XMLSecurityStreamReader;
+import org.swssf.impl.processor.input.LogInputProcessor;
+import org.swssf.impl.processor.input.SecurityHeaderInputProcessor;
+import org.swssf.impl.processor.input.SignatureConfirmationInputProcessor;
+import org.swssf.impl.processor.input.XMLEventReaderInputProcessor;
+import org.swssf.securityEvent.SecurityEvent;
+import org.swssf.securityEvent.SecurityEventListener;
+
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * Inbound Streaming-WebService-Security
+ * An instance of this class can be retrieved over the WSSec class
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class InboundWSSec {
+
+    protected static final transient Log log = LogFactory.getLog(InboundWSSec.class);
+
+    private SecurityProperties securityProperties;
+
+    public InboundWSSec(SecurityProperties securityProperties) {
+        this.securityProperties = securityProperties;
+    }
+
+    /**
+     * Warning:
+     * configure your xmlStreamReader correctly. Otherwise you can create a security hole.
+     * At minimum configure the following properties:
+     * xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+     * xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
+     * xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false);
+     * xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));
+     * <p/>
+     * This method is the entry point for the incoming security-engine.
+     * Hand over the original XMLStreamReader and use the returned one for further processing
+     *
+     * @param xmlStreamReader The original XMLStreamReader
+     * @return A new XMLStreamReader which does transparently the security processing.
+     * @throws XMLStreamException  thrown when a streaming error occurs
+     * @throws WSSecurityException thrown when a Security failure occurs
+     */
+    public XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader) throws XMLStreamException, WSSecurityException {
+        return this.processInMessage(xmlStreamReader, new ArrayList<SecurityEvent>(), null);
+    }
+
+    /**
+     * Warning:
+     * configure your xmlStreamReader correctly. Otherwise you can create a security hole.
+     * At minimum configure the following properties:
+     * xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+     * xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
+     * xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, false);
+     * xmlInputFactory.setProperty(WstxInputProperties.P_MIN_TEXT_SEGMENT, new Integer(8192));
+     * <p/>
+     * This method is the entry point for the incoming security-engine.
+     * Hand over the original XMLStreamReader and use the returned one for further processing
+     *
+     * @param xmlStreamReader       The original XMLStreamReader
+     * @param securityEventListener A SecurityEventListener to receive security-relevant events.
+     * @return A new XMLStreamReader which does transparently the security processing.
+     * @throws XMLStreamException  thrown when a streaming error occurs
+     * @throws WSSecurityException thrown when a Security failure occurs
+     */
+    public XMLStreamReader processInMessage(XMLStreamReader xmlStreamReader, List<SecurityEvent> requestSecurityEvents, SecurityEventListener securityEventListener) throws XMLStreamException, WSSecurityException {
+
+        final SecurityContextImpl securityContextImpl = new SecurityContextImpl();
+        securityContextImpl.putList(SecurityEvent.class, requestSecurityEvents);
+        securityContextImpl.setSecurityEventListener(securityEventListener);
+
+        final XMLInputFactory xmlInputFactory = XMLInputFactory.newFactory();
+        xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+        xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
+        securityContextImpl.put(Constants.XMLINPUTFACTORY, xmlInputFactory);
+        final XMLEventReader xmlEventReader = xmlInputFactory.createXMLEventReader(xmlStreamReader);
+
+        DocumentContextImpl documentContext = new DocumentContextImpl();
+        documentContext.setEncoding(xmlStreamReader.getEncoding() != null ? xmlStreamReader.getEncoding() : "UTF-8");
+        InputProcessorChainImpl inputProcessorChain = new InputProcessorChainImpl(securityContextImpl, documentContext);
+        inputProcessorChain.addProcessor(new XMLEventReaderInputProcessor(securityProperties, xmlEventReader));
+        inputProcessorChain.addProcessor(new SecurityHeaderInputProcessor(securityProperties));
+
+        if (securityProperties.isEnableSignatureConfirmationVerification()) {
+            inputProcessorChain.addProcessor(new SignatureConfirmationInputProcessor(securityProperties));
+        }
+
+        if (log.isTraceEnabled()) {
+            inputProcessorChain.addProcessor(new LogInputProcessor(securityProperties));
+        }
+
+        List<InputProcessor> additionalInputProcessors = securityProperties.getInputProcessorList();
+        Iterator<InputProcessor> inputProcessorIterator = additionalInputProcessors.iterator();
+        while (inputProcessorIterator.hasNext()) {
+            InputProcessor inputProcessor = inputProcessorIterator.next();
+            inputProcessorChain.addProcessor(inputProcessor);
+        }
+
+        return new XMLSecurityStreamReader(inputProcessorChain, securityProperties);
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InboundWSSec.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InputProcessor.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InputProcessor.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InputProcessor.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.ext;
+
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.XMLEvent;
+import java.util.Set;
+
+/**
+ * This is the Interface which every InputProcessor must implement.
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public interface InputProcessor {
+
+    /**
+     * This InputProcessor will be added before the processors in this set
+     *
+     * @return The set with the named InputProcessors
+     */
+    Set<Object> getBeforeProcessors();
+
+    /**
+     * This InputProcessor will be added after the processors in this set
+     *
+     * @return The set with the named InputProcessors
+     */
+    Set<Object> getAfterProcessors();
+
+    /**
+     * The Phase in which this InputProcessor should be applied
+     *
+     * @return The Phase
+     */
+    Constants.Phase getPhase();
+
+    /**
+     * Will be called from the framework when the next security-header XMLEvent is requested
+     *
+     * @param inputProcessorChain
+     * @return The next XMLEvent
+     * @throws XMLStreamException  thrown when a streaming error occurs
+     * @throws WSSecurityException thrown when a Security failure occurs
+     */
+    XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException;
+
+    /**
+     * Will be called from the framework when the next XMLEvent is requested
+     *
+     * @param inputProcessorChain
+     * @return The next XMLEvent
+     * @throws XMLStreamException  thrown when a streaming error occurs
+     * @throws WSSecurityException thrown when a Security failure occurs
+     */
+    XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException;
+
+    /**
+     * Will be called when the whole document is processed.
+     *
+     * @param inputProcessorChain
+     * @throws XMLStreamException  thrown when a streaming error occurs
+     * @throws WSSecurityException thrown when a Security failure occurs
+     */
+    void doFinal(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException;
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InputProcessor.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InputProcessorChain.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InputProcessorChain.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InputProcessorChain.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InputProcessorChain.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,98 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.ext;
+
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.XMLEvent;
+import java.util.List;
+
+/**
+ * The InputProcessorChain manages the InputProcessors and controls the XMLEvent flow
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public interface InputProcessorChain extends ProcessorChain {
+
+    /**
+     * Adds an InputProcessor to the chain. The place where it
+     * will be applied can be controlled through the Phase,
+     * getBeforeProcessors and getAfterProcessors. @see Interface InputProcessor
+     *
+     * @param inputProcessor The InputProcessor which should be placed in the chain
+     */
+    public void addProcessor(InputProcessor inputProcessor);
+
+    /**
+     * Removes the specified InputProcessor from this chain.
+     *
+     * @param inputProcessor to remove
+     */
+    public void removeProcessor(InputProcessor inputProcessor);
+
+    /**
+     * Returns a list with the active processors.
+     *
+     * @return List<InputProcessor>
+     */
+    public List<InputProcessor> getProcessors();
+
+    /**
+     * The actual processed document's security context
+     *
+     * @return The SecurityContext
+     */
+    public SecurityContext getSecurityContext();
+
+    /**
+     * The actual processed document's document context
+     *
+     * @return The DocumentContext
+     */
+    public DocumentContext getDocumentContext();
+
+    /**
+     * Create a new SubChain. The XMLEvents will be only be processed from the given InputProcessor to the end.
+     * All earlier InputProcessors don't get these events. In other words the chain will be splitted in two parts.
+     *
+     * @param inputProcessor The InputProcessor position the XMLEvents should be processed over this SubChain.
+     * @return A new InputProcessorChain
+     * @throws XMLStreamException  thrown when a streaming error occurs
+     * @throws WSSecurityException thrown when a Security failure occurs
+     */
+    public InputProcessorChain createSubChain(InputProcessor inputProcessor) throws XMLStreamException, WSSecurityException;
+
+    /**
+     * Requests the next security header XMLEvent from the next processor in the chain.
+     *
+     * @return The next XMLEvent from the previous processor
+     * @throws XMLStreamException  thrown when a streaming error occurs
+     * @throws WSSecurityException thrown when a Security failure occurs
+     */
+    public XMLEvent processHeaderEvent() throws XMLStreamException, WSSecurityException;
+
+    /**
+     * Requests the next XMLEvent from the next processor in the chain.
+     *
+     * @return The next XMLEvent from the previous processor
+     * @throws XMLStreamException  thrown when a streaming error occurs
+     * @throws WSSecurityException thrown when a Security failure occurs
+     */
+    public XMLEvent processEvent() throws XMLStreamException, WSSecurityException;
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/ext/InputProcessorChain.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision



Mime
View raw message