ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1310493 - in /webservices/wss4j/branches/swssf: streaming-ws-policy/src/test/java/org/swssf/policy/test/ streaming-ws-security/src/main/java/org/swssf/wss/ext/ streaming-ws-security/src/main/java/org/swssf/wss/impl/ streaming-ws-security/s...
Date Fri, 06 Apr 2012 17:31:38 GMT
Author: giger
Date: Fri Apr  6 17:31:37 2012
New Revision: 1310493

URL: http://svn.apache.org/viewvc?rev=1310493&view=rev
Log:
BSP 1.1 (Basic Security Profile) enforcement for WSS-360

Modified:
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java
    webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingIntegrationTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/InboundWSSec.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSConstants.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSecurityContext.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/InboundWSSecurityContextImpl.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/WSSecurityContextImpl.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureConfirmationInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureReferenceVerifyInputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/TimestampTest.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/VulnerabliltyVectorsTest.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityConstants.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityUtils.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingIntegrationTest.java Fri Apr  6 17:31:37 2012
@@ -966,6 +966,8 @@ public class AsymmetricBindingIntegratio
         inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
         inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
         inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+        inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5421);
+        inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5420);
 
         PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
         inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
@@ -1080,6 +1082,9 @@ public class AsymmetricBindingIntegratio
         inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
         inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
         inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+        inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5404);
+        inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5423);
+        inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5412);
 
         PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
         inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
@@ -1194,6 +1199,7 @@ public class AsymmetricBindingIntegratio
         inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
         inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
         inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+        inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5420);
 
         PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
         inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));

Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingIntegrationTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingIntegrationTest.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingIntegrationTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingIntegrationTest.java Fri Apr  6 17:31:37 2012
@@ -918,6 +918,7 @@ public class TransportBindingIntegration
         inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
         inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
         inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+        inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5421);
 
         PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
         inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
@@ -1032,6 +1033,9 @@ public class TransportBindingIntegration
         inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
         inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
         inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+        inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5404);
+        inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5423);
+        inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5412);
 
         PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
         inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
@@ -1146,6 +1150,7 @@ public class TransportBindingIntegration
         inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
         inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
         inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+        inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5420);
 
         PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
         inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/InboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/InboundWSSec.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/InboundWSSec.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/InboundWSSec.java Fri Apr  6 17:31:37 2012
@@ -107,6 +107,7 @@ public class InboundWSSec {
         final InboundWSSecurityContextImpl securityContextImpl = new InboundWSSecurityContextImpl();
         securityContextImpl.putList(SecurityEvent.class, requestSecurityEvents);
         securityContextImpl.addSecurityEventListener(securityEventListener);
+        securityContextImpl.ignoredBSPRules(this.securityProperties.getIgnoredBSPRules());
 
         for (int i = 0; i < requestSecurityEvents.size(); i++) {
             SecurityEvent securityEvent = requestSecurityEvents.get(i);

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSConstants.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSConstants.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSConstants.java Fri Apr  6 17:31:37 2012
@@ -134,6 +134,8 @@ public class WSSConstants extends XMLSec
     public static final QName TAG_wst_BinarySecret = new QName(NS_WST, "BinarySecret");
 
     public static final String SOAPMESSAGE_NS10_STRTransform = NS10_SOAPMESSAGE_SECURITY + "#STR-Transform";
+    public static final String SWA_ATTACHMENT_CONTENT_SIG_TRANS = "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform";
+    public static final String SWA_ATTACHMENT_COMPLETE_SIG_TRANS = "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform";
 
     public static final QName TAG_saml_Assertion = new QName(NS_SAML, "Assertion");
     public static final QName TAG_saml2_Assertion = new QName(NS_SAML2, "Assertion");
@@ -262,6 +264,7 @@ public class WSSConstants extends XMLSec
         EMBEDDED_KEYIDENTIFIER_REF,
         USERNAMETOKEN_REFERENCE,
         KEY_VALUE,
+        SECURITY_TOKEN_REFERENCE,
     }
 
     public enum DerivedKeyTokenReference {
@@ -480,6 +483,10 @@ public class WSSConstants extends XMLSec
         private BSPRule(String msg) {
             this.msg = msg;
         }
+
+        public String getMsg() {
+            return msg;
+        }
     }
 
 

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSSecurityProperties.java Fri Apr  6 17:31:37 2012
@@ -20,6 +20,10 @@ package org.swssf.wss.ext;
 
 import org.swssf.xmlsec.ext.XMLSecurityProperties;
 
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+
 /**
  * Main configuration class to supply keys etc.
  * This class is subject to change in the future.
@@ -147,4 +151,14 @@ public class WSSSecurityProperties exten
     public void setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference derivedKeyTokenReference) {
         this.derivedKeyTokenReference = derivedKeyTokenReference;
     }
+
+    private List<WSSConstants.BSPRule> ignoredBSPRules = new LinkedList<WSSConstants.BSPRule>();
+
+    public void addIgnoreBSPRule(WSSConstants.BSPRule bspRule) {
+        ignoredBSPRules.add(bspRule);
+    }
+
+    public List<WSSConstants.BSPRule> getIgnoredBSPRules() {
+        return Collections.unmodifiableList(ignoredBSPRules);
+    }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSecurityContext.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSecurityContext.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSecurityContext.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSecurityContext.java Fri Apr  6 17:31:37 2012
@@ -21,6 +21,8 @@ package org.swssf.wss.ext;
 import org.swssf.wss.securityEvent.SecurityEventListener;
 import org.swssf.xmlsec.ext.SecurityContext;
 
+import java.util.List;
+
 /**
  * The document security context
  *
@@ -35,4 +37,8 @@ public interface WSSecurityContext exten
      * @param securityEventListener The SecurityEventListener
      */
     public void addSecurityEventListener(SecurityEventListener securityEventListener);
+
+    public void handleBSPRule(WSSConstants.BSPRule bspRule) throws WSSecurityException;
+
+    public void ignoredBSPRules(List<WSSConstants.BSPRule> bspRules);
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/InboundWSSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/InboundWSSecurityContextImpl.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/InboundWSSecurityContextImpl.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/InboundWSSecurityContextImpl.java Fri Apr  6 17:31:37 2012
@@ -19,6 +19,8 @@
 package org.swssf.wss.impl;
 
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.swssf.wss.ext.WSSConstants;
 import org.swssf.wss.ext.WSSUtils;
 import org.swssf.wss.ext.WSSecurityException;
@@ -40,10 +42,14 @@ import java.util.List;
  */
 public class InboundWSSecurityContextImpl extends WSSecurityContextImpl {
 
+    private static final transient Log logger = LogFactory.getLog(WSSecurityContextImpl.class);
+
     private Deque<SecurityEvent> securityEventQueue = new LinkedList<SecurityEvent>();
     private boolean operationSecurityEventOccured = false;
     private boolean messageEncryptionTokenOccured = false;
 
+    private List<WSSConstants.BSPRule> ignoredBSPRules = new LinkedList<WSSConstants.BSPRule>();
+
     public synchronized void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
 
         if (operationSecurityEventOccured) {
@@ -417,9 +423,9 @@ public class InboundWSSecurityContextImp
                         && tokenSecurityEvent.getSecurityToken() != null
                         && signedElementSecurityEvent.getXmlEvent() != null
                         && signedElementSecurityEvent.getXmlEvent() == tokenSecurityEvent.getSecurityToken().getXMLEvent()
-                        /*&& WSSUtils.pathMatches(
-                        tokenSecurityEvent.getSecurityToken().getElementPath(),
-                        signedElementSecurityEvent.getElementPath(), false, false)*/) {
+                    /*&& WSSUtils.pathMatches(
+                  tokenSecurityEvent.getSecurityToken().getElementPath(),
+                  signedElementSecurityEvent.getElementPath(), false, false)*/) {
 
                     if (!securityTokenList.contains(signedElementSecurityEvent.getSecurityToken())) {
                         securityTokenList.add(signedElementSecurityEvent.getSecurityToken());
@@ -442,9 +448,9 @@ public class InboundWSSecurityContextImp
                         && tokenSecurityEvent.getSecurityToken() != null
                         && encryptedElementSecurityEvent.getXmlEvent() != null
                         && encryptedElementSecurityEvent.getXmlEvent() == tokenSecurityEvent.getSecurityToken().getXMLEvent()
-                        /*&& WSSUtils.pathMatches(
-                        tokenSecurityEvent.getSecurityToken().getElementPath(),
-                        encryptedElementSecurityEvent.getElementPath(), false, false)*/) {
+                    /*&& WSSUtils.pathMatches(
+                  tokenSecurityEvent.getSecurityToken().getElementPath(),
+                  encryptedElementSecurityEvent.getElementPath(), false, false)*/) {
 
                     if (!securityTokenList.contains(encryptedElementSecurityEvent.getSecurityToken())) {
                         securityTokenList.add(encryptedElementSecurityEvent.getSecurityToken());
@@ -494,4 +500,16 @@ public class InboundWSSecurityContextImp
         }
         return false;
     }
+
+    public void handleBSPRule(WSSConstants.BSPRule bspRule) throws WSSecurityException {
+        if (!ignoredBSPRules.contains(bspRule)) {
+            throw new WSSecurityException("BSP:" + bspRule.name() + ": " + bspRule.getMsg());
+        } else {
+            logger.warn("BSP:" + bspRule.name() + ": " + bspRule.getMsg());
+        }
+    }
+
+    public void ignoredBSPRules(List<WSSConstants.BSPRule> bspRules) {
+        ignoredBSPRules.addAll(bspRules);
+    }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/WSSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/WSSecurityContextImpl.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/WSSecurityContextImpl.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/WSSecurityContextImpl.java Fri Apr  6 17:31:37 2012
@@ -18,6 +18,7 @@
  */
 package org.swssf.wss.impl;
 
+import org.swssf.wss.ext.WSSConstants;
 import org.swssf.wss.ext.WSSecurityContext;
 import org.swssf.wss.ext.WSSecurityException;
 import org.swssf.wss.securityEvent.SecurityEvent;
@@ -53,4 +54,10 @@ public class WSSecurityContextImpl exten
             securityEventListener.registerSecurityEvent(securityEvent);
         }
     }
+
+    public void handleBSPRule(WSSConstants.BSPRule bspRule) throws WSSecurityException {
+    }
+
+    public void ignoredBSPRules(List<WSSConstants.BSPRule> bspRules) {
+    }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/BinarySecurityTokenInputHandler.java Fri Apr  6 17:31:37 2012
@@ -19,7 +19,9 @@
 package org.swssf.wss.impl.processor.input;
 
 import org.swssf.binding.wss10.BinarySecurityTokenType;
+import org.swssf.wss.ext.WSSConstants;
 import org.swssf.wss.ext.WSSecurityContext;
+import org.swssf.wss.ext.WSSecurityException;
 import org.swssf.wss.ext.WSSecurityToken;
 import org.swssf.wss.impl.securityToken.SecurityTokenFactoryImpl;
 import org.swssf.wss.securityEvent.X509TokenSecurityEvent;
@@ -48,6 +50,8 @@ public class BinarySecurityTokenInputHan
         final BinarySecurityTokenType binarySecurityTokenType =
                 ((JAXBElement<BinarySecurityTokenType>) parseStructure(eventQueue, index)).getValue();
 
+        checkBSPCompliance(inputProcessorChain, binarySecurityTokenType);
+
         if (binarySecurityTokenType.getId() == null) {
             binarySecurityTokenType.setId(UUID.randomUUID().toString());
         }
@@ -94,4 +98,16 @@ public class BinarySecurityTokenInputHan
         x509TokenSecurityEvent.setSecurityToken(securityTokenProvider.getSecurityToken());
         ((WSSecurityContext) inputProcessorChain.getSecurityContext()).registerSecurityEvent(x509TokenSecurityEvent);
     }
+
+    private void checkBSPCompliance(InputProcessorChain inputProcessorChain, BinarySecurityTokenType binarySecurityTokenType) throws WSSecurityException {
+        if (binarySecurityTokenType.getEncodingType() == null) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3029);
+        }
+        if (!WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING.equals(binarySecurityTokenType.getEncodingType())) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3030);
+        }
+        if (binarySecurityTokenType.getValueType() == null) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3031);
+        }
+    }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java Fri Apr  6 17:31:37 2012
@@ -18,13 +18,12 @@
  */
 package org.swssf.wss.impl.processor.input;
 
+import org.swssf.binding.wss10.SecurityTokenReferenceType;
 import org.swssf.binding.xmldsig.KeyInfoType;
 import org.swssf.binding.xmlenc.EncryptedDataType;
 import org.swssf.binding.xmlenc.ReferenceList;
-import org.swssf.wss.ext.WSSDocumentContext;
-import org.swssf.wss.ext.WSSSecurityProperties;
-import org.swssf.wss.ext.WSSUtils;
-import org.swssf.wss.ext.WSSecurityContext;
+import org.swssf.binding.xmlenc.ReferenceType;
+import org.swssf.wss.ext.*;
 import org.swssf.wss.securityEvent.ContentEncryptedElementSecurityEvent;
 import org.swssf.wss.securityEvent.EncryptedElementSecurityEvent;
 import org.swssf.wss.securityEvent.EncryptedPartSecurityEvent;
@@ -32,8 +31,10 @@ import org.swssf.wss.securityEvent.Token
 import org.swssf.xmlsec.ext.*;
 import org.swssf.xmlsec.impl.processor.input.AbstractDecryptInputProcessor;
 
+import javax.xml.bind.JAXBElement;
 import javax.xml.namespace.QName;
 import javax.xml.stream.events.XMLEvent;
+import java.util.Iterator;
 import java.util.List;
 
 /**
@@ -44,13 +45,40 @@ import java.util.List;
  */
 public class DecryptInputProcessor extends AbstractDecryptInputProcessor {
 
-    public DecryptInputProcessor(ReferenceList referenceList, WSSSecurityProperties securityProperties) {
+    public DecryptInputProcessor(ReferenceList referenceList, WSSSecurityProperties securityProperties,
+                                 WSSecurityContext securityContext) throws WSSecurityException {
         super(referenceList, securityProperties);
+        checkBSPCompliance(referenceList, securityContext, WSSConstants.BSPRule.R5608);
     }
 
     public DecryptInputProcessor(KeyInfoType keyInfoType, ReferenceList referenceList,
-                                 WSSSecurityProperties securityProperties) {
+                                 WSSSecurityProperties securityProperties, WSSecurityContext securityContext)
+            throws WSSecurityException {
+
         super(keyInfoType, referenceList, securityProperties);
+
+        if (keyInfoType.getContent().size() != 1) {
+            securityContext.handleBSPRule(WSSConstants.BSPRule.R5424);
+        }
+        SecurityTokenReferenceType securityTokenReferenceType = XMLSecurityUtils.getQNameType(keyInfoType.getContent(),
+                WSSConstants.TAG_wsse_SecurityTokenReference);
+        if (securityTokenReferenceType == null) {
+            securityContext.handleBSPRule(WSSConstants.BSPRule.R5426);
+        }
+        checkBSPCompliance(referenceList, securityContext, WSSConstants.BSPRule.R3006);
+    }
+
+    private void checkBSPCompliance(ReferenceList referenceList, WSSecurityContext securityContext, WSSConstants.BSPRule bspRule) throws WSSecurityException {
+        if (referenceList != null) {
+            List<JAXBElement<ReferenceType>> references = referenceList.getDataReferenceOrKeyReference();
+            Iterator<JAXBElement<ReferenceType>> referenceTypeIterator = references.iterator();
+            while (referenceTypeIterator.hasNext()) {
+                ReferenceType referenceType = referenceTypeIterator.next().getValue();
+                if (!referenceType.getURI().startsWith("#")) {
+                    securityContext.handleBSPRule(bspRule);
+                }
+            }
+        }
     }
 
     protected void handleEncryptedContent(InputProcessorChain inputProcessorChain, XMLEvent parentXMLEvent, XMLEvent xmlEvent,
@@ -77,7 +105,16 @@ public class DecryptInputProcessor exten
     @Override
     protected AbstractDecryptedEventReaderInputProcessor newDecryptedEventReaderInputProccessor(
             boolean encryptedHeader, List<ComparableNamespace>[] comparableNamespaceList,
-            List<ComparableAttribute>[] comparableAttributeList, EncryptedDataType currentEncryptedDataType, SecurityToken securityToken) {
+            List<ComparableAttribute>[] comparableAttributeList, EncryptedDataType currentEncryptedDataType,
+            SecurityToken securityToken, SecurityContext securityContext) throws WSSecurityException {
+
+        String encryptionAlgorithm = currentEncryptedDataType.getEncryptionMethod().getAlgorithm();
+        if (!WSSConstants.NS_XENC_TRIBLE_DES.equals(encryptionAlgorithm)
+                && !WSSConstants.NS_XENC_AES128.equals(encryptionAlgorithm)
+                && !WSSConstants.NS_XENC_AES256.equals(encryptionAlgorithm)) {
+            ((WSSecurityContext) securityContext).handleBSPRule(WSSConstants.BSPRule.R5620);
+        }
+
         return new DecryptedEventReaderInputProcessor(getSecurityProperties(),
                 SecurePart.Modifier.getModifier(currentEncryptedDataType.getType()),
                 encryptedHeader, comparableNamespaceList, comparableAttributeList,

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java Fri Apr  6 17:31:37 2012
@@ -58,6 +58,9 @@ public class EncryptedKeyInputHandler ex
 
         @SuppressWarnings("unchecked")
         final EncryptedKeyType encryptedKeyType = ((JAXBElement<EncryptedKeyType>) parseStructure(eventQueue, index)).getValue();
+
+        checkBSPCompliance(inputProcessorChain, encryptedKeyType);
+
         if (encryptedKeyType.getId() == null) {
             encryptedKeyType.setId(UUID.randomUUID().toString());
         }
@@ -201,11 +204,30 @@ public class EncryptedKeyInputHandler ex
             securityTokenReferenceType.getAny().add(objectFactory.createReference(referenceType));
             keyInfoType.getContent().add(objectFactory.createSecurityTokenReference(securityTokenReferenceType));
             inputProcessorChain.addProcessor(
-                    new DecryptInputProcessor(keyInfoType, encryptedKeyType.getReferenceList(), (WSSSecurityProperties) securityProperties)
+                    new DecryptInputProcessor(keyInfoType, encryptedKeyType.getReferenceList(),
+                            (WSSSecurityProperties) securityProperties, (WSSecurityContext) inputProcessorChain.getSecurityContext())
             );
         }
     }
 
+    private void checkBSPCompliance(InputProcessorChain inputProcessorChain, EncryptedKeyType encryptedKeyType) throws WSSecurityException {
+        if (encryptedKeyType.getType() != null) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3209);
+        }
+        if (encryptedKeyType.getMimeType() != null) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R5622);
+        }
+        if (encryptedKeyType.getEncoding() != null) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R5623);
+        }
+        if (encryptedKeyType.getRecipient() != null) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R5602);
+        }
+        if (encryptedKeyType.getEncryptionMethod() == null) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R5603);
+        }
+    }
+
     /*
     <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncKeyId-1483925398">
         <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java Fri Apr  6 17:31:37 2012
@@ -20,6 +20,7 @@ package org.swssf.wss.impl.processor.inp
 
 import org.swssf.binding.xmlenc.ReferenceList;
 import org.swssf.wss.ext.WSSSecurityProperties;
+import org.swssf.wss.ext.WSSecurityContext;
 import org.swssf.xmlsec.ext.AbstractInputSecurityHeaderHandler;
 import org.swssf.xmlsec.ext.InputProcessorChain;
 import org.swssf.xmlsec.ext.XMLSecurityException;
@@ -43,6 +44,7 @@ public class ReferenceListInputHandler e
         final ReferenceList referenceList = (ReferenceList) parseStructure(eventQueue, index);
 
         //instantiate a new DecryptInputProcessor and add it to the chain
-        inputProcessorChain.addProcessor(new DecryptInputProcessor(referenceList, (WSSSecurityProperties) securityProperties));
+        inputProcessorChain.addProcessor(
+                new DecryptInputProcessor(referenceList, (WSSSecurityProperties) securityProperties, (WSSecurityContext) inputProcessorChain.getSecurityContext()));
     }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureConfirmationInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureConfirmationInputHandler.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureConfirmationInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureConfirmationInputHandler.java Fri Apr  6 17:31:37 2012
@@ -19,6 +19,9 @@
 package org.swssf.wss.impl.processor.input;
 
 import org.swssf.binding.wss11.SignatureConfirmationType;
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSecurityContext;
+import org.swssf.wss.ext.WSSecurityException;
 import org.swssf.xmlsec.ext.AbstractInputSecurityHeaderHandler;
 import org.swssf.xmlsec.ext.InputProcessorChain;
 import org.swssf.xmlsec.ext.XMLSecurityException;
@@ -43,6 +46,15 @@ public class SignatureConfirmationInputH
         @SuppressWarnings("unchecked")
         final SignatureConfirmationType signatureConfirmationType =
                 ((JAXBElement<SignatureConfirmationType>) parseStructure(eventQueue, index)).getValue();
+
+        checkBSPCompliance(inputProcessorChain, signatureConfirmationType);
+
         inputProcessorChain.getSecurityContext().putAsList(SignatureConfirmationType.class, signatureConfirmationType);
     }
+
+    private void checkBSPCompliance(InputProcessorChain inputProcessorChain, SignatureConfirmationType signatureConfirmationType) throws WSSecurityException {
+        if (signatureConfirmationType.getId() == null) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R5441);
+        }
+    }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java Fri Apr  6 17:31:37 2012
@@ -18,19 +18,26 @@
  */
 package org.swssf.wss.impl.processor.input;
 
+import org.swssf.binding.excc14n.InclusiveNamespaces;
+import org.swssf.binding.wss10.SecurityTokenReferenceType;
+import org.swssf.binding.xmldsig.CanonicalizationMethodType;
+import org.swssf.binding.xmldsig.ManifestType;
+import org.swssf.binding.xmldsig.ObjectType;
 import org.swssf.binding.xmldsig.SignatureType;
 import org.swssf.wss.ext.WSSConstants;
 import org.swssf.wss.ext.WSSUtils;
 import org.swssf.wss.ext.WSSecurityContext;
+import org.swssf.wss.ext.WSSecurityException;
 import org.swssf.wss.securityEvent.AlgorithmSuiteSecurityEvent;
 import org.swssf.wss.securityEvent.SignatureValueSecurityEvent;
 import org.swssf.wss.securityEvent.TokenSecurityEvent;
-import org.swssf.xmlsec.ext.InputProcessorChain;
-import org.swssf.xmlsec.ext.SecurityToken;
-import org.swssf.xmlsec.ext.XMLSecurityException;
-import org.swssf.xmlsec.ext.XMLSecurityProperties;
+import org.swssf.xmlsec.ext.*;
 import org.swssf.xmlsec.impl.processor.input.AbstractSignatureInputHandler;
 
+import javax.xml.bind.JAXBElement;
+import java.util.Iterator;
+import java.util.List;
+
 /**
  * @author $Author$
  * @version $Revision$ $Date$
@@ -42,6 +49,8 @@ public class SignatureInputHandler exten
                                                      XMLSecurityProperties securityProperties,
                                                      final SignatureType signatureType) throws XMLSecurityException {
 
+        checkBSPCompliance(inputProcessorChain, signatureType);
+
         final WSSecurityContext securityContext = (WSSecurityContext) inputProcessorChain.getSecurityContext();
         SignatureVerifier signatureVerifier = new SignatureVerifier(signatureType, inputProcessorChain.getSecurityContext(), securityProperties) {
             @Override
@@ -66,11 +75,59 @@ public class SignatureInputHandler exten
         return signatureVerifier;
     }
 
+    private void checkBSPCompliance(InputProcessorChain inputProcessorChain, SignatureType signatureType) throws WSSecurityException {
+        String algorithm = signatureType.getSignedInfo().getSignatureMethod().getAlgorithm();
+        if (!WSSConstants.NS_XMLDSIG_HMACSHA1.equals(algorithm) && !WSSConstants.NS_XMLDSIG_RSASHA1.equals(algorithm)) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R5421);
+        }
+        //todo test:
+        JAXBElement hmacOutputLength = XMLSecurityUtils.getQNameType(
+                signatureType.getSignedInfo().getSignatureMethod().getContent(),
+                WSSConstants.TAG_dsig_HMACOutputLength);
+        if (hmacOutputLength != null) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R5401);
+        }
+
+        List<Object> keyInfoContent = signatureType.getKeyInfo().getContent();
+        if (keyInfoContent.size() != 1) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R5402);
+        }
+
+        SecurityTokenReferenceType securityTokenReferenceType = XMLSecurityUtils.getQNameType(keyInfoContent,
+                WSSConstants.TAG_wsse_SecurityTokenReference);
+        if (securityTokenReferenceType == null) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R5417);
+        }
+
+        Iterator<ObjectType> objectTypeIterator = signatureType.getObject().iterator();
+        while (objectTypeIterator.hasNext()) {
+            ObjectType objectType = objectTypeIterator.next();
+            ManifestType manifestType = XMLSecurityUtils.getQNameType(objectType.getContent(), WSSConstants.TAG_dsig_Manifest);
+            if (manifestType != null) {
+                ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R5403);
+            }
+        }
+
+
+        CanonicalizationMethodType canonicalizationMethodType = signatureType.getSignedInfo().getCanonicalizationMethod();
+        if (!WSSConstants.NS_C14N_EXCL.equals(canonicalizationMethodType.getAlgorithm())) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R5404);
+        }
+
+        InclusiveNamespaces inclusiveNamespacesType = XMLSecurityUtils.getQNameType(canonicalizationMethodType.getContent(),
+                WSSConstants.TAG_c14nExcl_InclusiveNamespaces);
+        if (inclusiveNamespacesType != null && inclusiveNamespacesType.getPrefixList().size() == 0) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R5406);
+        }
+    }
+
     @Override
     protected void addSignatureReferenceInputProcessorToChain(InputProcessorChain inputProcessorChain,
                                                               XMLSecurityProperties securityProperties,
-                                                              SignatureType signatureType, SecurityToken securityToken) {
+                                                              SignatureType signatureType, SecurityToken securityToken) throws WSSecurityException {
         //add processors to verify references
-        inputProcessorChain.addProcessor(new SignatureReferenceVerifyInputProcessor(signatureType, securityToken, securityProperties));
+        inputProcessorChain.addProcessor(
+                new SignatureReferenceVerifyInputProcessor(signatureType, securityToken, securityProperties,
+                        (WSSecurityContext) inputProcessorChain.getSecurityContext()));
     }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureReferenceVerifyInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureReferenceVerifyInputProcessor.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureReferenceVerifyInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureReferenceVerifyInputProcessor.java Fri Apr  6 17:31:37 2012
@@ -66,9 +66,73 @@ public class SignatureReferenceVerifyInp
 
     private boolean replayChecked = false;
 
-    public SignatureReferenceVerifyInputProcessor(SignatureType signatureType, SecurityToken securityToken, XMLSecurityProperties securityProperties) {
+    public SignatureReferenceVerifyInputProcessor(
+            SignatureType signatureType, SecurityToken securityToken,
+            XMLSecurityProperties securityProperties, WSSecurityContext securityContext) throws WSSecurityException {
         super(signatureType, securityToken, securityProperties);
         this.getAfterProcessors().add(SignatureReferenceVerifyInputProcessor.class.getName());
+
+        checkBSPCompliance(securityContext);
+    }
+
+    private void checkBSPCompliance(WSSecurityContext securityContext) throws WSSecurityException {
+        List<ReferenceType> references = getSignatureType().getSignedInfo().getReference();
+        for (int i = 0; i < references.size(); i++) {
+            ReferenceType referenceType = references.get(i);
+            if (referenceType.getTransforms() == null) {
+                securityContext.handleBSPRule(WSSConstants.BSPRule.R5416);
+            } else if (referenceType.getTransforms().getTransform().size() == 0) {
+                securityContext.handleBSPRule(WSSConstants.BSPRule.R5411);
+            } else {
+                List<TransformType> transformTypes = referenceType.getTransforms().getTransform();
+                for (int j = 0; j < transformTypes.size(); j++) {
+                    TransformType transformType = transformTypes.get(j);
+                    final String algorithm = transformType.getAlgorithm();
+                    if (!WSSConstants.NS_C14N_EXCL.equals(algorithm)
+                            && !WSSConstants.NS_XMLDSIG_FILTER2.equals(algorithm)
+                            && !WSSConstants.SOAPMESSAGE_NS10_STRTransform.equals(algorithm)
+                            && !WSSConstants.NS_XMLDSIG_ENVELOPED_SIGNATURE.equals(algorithm)
+                            && !WSSConstants.SWA_ATTACHMENT_CONTENT_SIG_TRANS.equals(algorithm)
+                            && !WSSConstants.SWA_ATTACHMENT_COMPLETE_SIG_TRANS.equals(algorithm)) {
+                        securityContext.handleBSPRule(WSSConstants.BSPRule.R5423);
+                        if (j == transformTypes.size() - 1) {
+                            if (!WSSConstants.NS_C14N_EXCL.equals(algorithm)
+                                    && !WSSConstants.SOAPMESSAGE_NS10_STRTransform.equals(algorithm)
+                                    && !WSSConstants.SWA_ATTACHMENT_CONTENT_SIG_TRANS.equals(algorithm)
+                                    && !WSSConstants.SWA_ATTACHMENT_COMPLETE_SIG_TRANS.equals(algorithm)) {
+                                securityContext.handleBSPRule(WSSConstants.BSPRule.R5412);
+                            }
+                        }
+                        InclusiveNamespaces inclusiveNamespacesType = XMLSecurityUtils.getQNameType(transformType.getContent(), XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces);
+                        if (WSSConstants.NS_C14N_EXCL.equals(algorithm)
+                                && inclusiveNamespacesType != null
+                                && inclusiveNamespacesType.getPrefixList().size() == 0) {
+                            securityContext.handleBSPRule(WSSConstants.BSPRule.R5407);
+                        }
+                        if (WSSConstants.SOAPMESSAGE_NS10_STRTransform.equals(algorithm)) {
+                            if (inclusiveNamespacesType != null
+                                    && inclusiveNamespacesType.getPrefixList().size() == 0) {
+                                securityContext.handleBSPRule(WSSConstants.BSPRule.R5413);
+                            }
+                            TransformationParametersType transformationParametersType =
+                                    XMLSecurityUtils.getQNameType(transformType.getContent(), WSSConstants.TAG_wsse_TransformationParameters);
+                            if (transformationParametersType == null) {
+                                securityContext.handleBSPRule(WSSConstants.BSPRule.R3065);
+                            } else {
+                                CanonicalizationMethodType canonicalizationMethodType =
+                                        XMLSecurityUtils.getQNameType(transformationParametersType.getAny(), WSSConstants.TAG_dsig_CanonicalizationMethod);
+                                if (canonicalizationMethodType == null) {
+                                    securityContext.handleBSPRule(WSSConstants.BSPRule.R3065);
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+            if (!WSSConstants.NS_XMLDSIG_SHA1.equals(referenceType.getDigestMethod().getAlgorithm())) {
+                securityContext.handleBSPRule(WSSConstants.BSPRule.R5420);
+            }
+        }
     }
 
     @Override
@@ -176,6 +240,7 @@ public class SignatureReferenceVerifyInp
         protected void buildTransformerChain(ReferenceType referenceType, InputProcessorChain inputProcessorChain)
                 throws XMLSecurityException, XMLStreamException, NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {
 
+            //todo Transforms can be null
             List<TransformType> transformTypeList = (List<TransformType>) (List<?>) referenceType.getTransforms().getTransform();
 
             String algorithm = null;

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java Fri Apr  6 17:31:37 2012
@@ -24,19 +24,18 @@ import org.swssf.wss.ext.WSSSecurityProp
 import org.swssf.wss.ext.WSSecurityContext;
 import org.swssf.wss.ext.WSSecurityException;
 import org.swssf.wss.securityEvent.TimestampSecurityEvent;
-import org.swssf.xmlsec.ext.AbstractInputSecurityHeaderHandler;
-import org.swssf.xmlsec.ext.InputProcessorChain;
-import org.swssf.xmlsec.ext.XMLSecurityException;
-import org.swssf.xmlsec.ext.XMLSecurityProperties;
+import org.swssf.xmlsec.ext.*;
 
 import javax.xml.bind.JAXBElement;
 import javax.xml.datatype.DatatypeConfigurationException;
+import javax.xml.datatype.DatatypeConstants;
 import javax.xml.datatype.DatatypeFactory;
 import javax.xml.datatype.XMLGregorianCalendar;
 import javax.xml.stream.events.XMLEvent;
 import java.util.Calendar;
 import java.util.Deque;
 import java.util.GregorianCalendar;
+import java.util.Iterator;
 
 /**
  * @author $Author$
@@ -58,6 +57,8 @@ public class TimestampInputHandler exten
 
         final TimestampType timestampType = ((JAXBElement<TimestampType>) parseStructure(eventQueue, index)).getValue();
 
+        checkBSPCompliance(inputProcessorChain, timestampType, eventQueue, index);
+
         if (timestampType.getCreated() == null) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "missingCreated");
         }
@@ -116,6 +117,85 @@ public class TimestampInputHandler exten
         }
     }
 
+    private void checkBSPCompliance(InputProcessorChain inputProcessorChain, TimestampType timestampType, Deque<XMLEvent> eventDeque, int index) throws WSSecurityException {
+        if (timestampType.getCreated() == null) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3203);
+        }
+
+        Iterator<XMLEvent> xmlEventIterator = eventDeque.descendingIterator();
+        int curIdx = 0;
+        //forward to first timestamp child element
+        while (curIdx++ <= index) {
+            xmlEventIterator.next();
+        }
+        int createdIndex = -1;
+        int expiresIndex = -1;
+        while (xmlEventIterator.hasNext()) {
+            XMLEvent xmlEvent = xmlEventIterator.next();
+            if (xmlEvent.isStartElement()) {
+                if (xmlEvent.asStartElement().getName().equals(WSSConstants.TAG_wsu_Created)) {
+                    if (createdIndex != -1) {
+                        ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3203);
+                    }
+                    if (expiresIndex != -1) {
+                        ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3221);
+                    }
+                    createdIndex = curIdx;
+                } else if (xmlEvent.asStartElement().getName().equals(WSSConstants.TAG_wsu_Expires)) {
+                    if (expiresIndex != -1) {
+                        ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3224);
+                    }
+                    if (createdIndex == -1) {
+                        ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3221);
+                    }
+                    expiresIndex = curIdx;
+                } else {
+                    ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3222);
+                }
+            }
+            curIdx++;
+        }
+
+        DatatypeFactory datatypeFactory = null;
+        try {
+            datatypeFactory = DatatypeFactory.newInstance();
+        } catch (DatatypeConfigurationException e) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+        }
+        if (timestampType.getCreated() != null) {
+            XMLGregorianCalendar createdCalendar = datatypeFactory.newXMLGregorianCalendar(timestampType.getCreated().getValue());
+            if (createdCalendar.getFractionalSecond().scale() > 3) {
+                ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3220);
+            }
+            if (createdCalendar.getSecond() > 59) {
+                ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3213);
+            }
+            String valueType = XMLSecurityUtils.getQNameAttribute(timestampType.getCreated().getOtherAttributes(), WSSConstants.ATT_NULL_ValueType);
+            if (valueType != null) {
+                ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3225);
+            }
+            if (createdCalendar.getTimezone() == DatatypeConstants.FIELD_UNDEFINED) {
+                ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3217);
+            }
+        }
+        if (timestampType.getExpires() != null) {
+            XMLGregorianCalendar expiresCalendar = datatypeFactory.newXMLGregorianCalendar(timestampType.getExpires().getValue());
+            if (expiresCalendar.getFractionalSecond().scale() > 3) {
+                ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3229);
+            }
+            if (expiresCalendar.getSecond() > 59) {
+                ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3215);
+            }
+            String valueType = XMLSecurityUtils.getQNameAttribute(timestampType.getExpires().getOtherAttributes(), WSSConstants.ATT_NULL_ValueType);
+            if (valueType != null) {
+                ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3226);
+            }
+            if (expiresCalendar.getTimezone() == DatatypeConstants.FIELD_UNDEFINED) {
+                ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3223);
+            }
+        }
+    }
+
     /*
     <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1106985890">
         <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-18T10:11:28.358Z</wsu:Created>

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java Fri Apr  6 17:31:37 2012
@@ -64,6 +64,9 @@ public class UsernameTokenInputHandler e
                        Deque<XMLEvent> eventQueue, Integer index) throws XMLSecurityException {
 
         final UsernameTokenType usernameTokenType = ((JAXBElement<UsernameTokenType>) parseStructure(eventQueue, index)).getValue();
+
+        checkBSPCompliance(inputProcessorChain, usernameTokenType, eventQueue, index);
+
         if (usernameTokenType.getId() == null) {
             usernameTokenType.setId(UUID.randomUUID().toString());
         }
@@ -211,4 +214,61 @@ public class UsernameTokenInputHandler e
         usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
         ((WSSecurityContext) inputProcessorChain.getSecurityContext()).registerSecurityEvent(usernameTokenSecurityEvent);
     }
+
+    private void checkBSPCompliance(InputProcessorChain inputProcessorChain, UsernameTokenType usernameTokenType,
+                                    Deque<XMLEvent> eventDeque, int index) throws WSSecurityException {
+
+        if (usernameTokenType.getAny() == null) {
+            ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3031);
+        }
+
+        Iterator<XMLEvent> xmlEventIterator = eventDeque.descendingIterator();
+        int curIdx = 0;
+        //forward to first Usernametoken child element
+        while (curIdx++ <= index) {
+            xmlEventIterator.next();
+        }
+        int passwordIndex = -1;
+        int createdIndex = -1;
+        int nonceIndex = -1;
+        while (xmlEventIterator.hasNext()) {
+            XMLEvent xmlEvent = xmlEventIterator.next();
+            if (xmlEvent.isStartElement()) {
+                if (xmlEvent.asStartElement().getName().equals(WSSConstants.TAG_wsse_Password)) {
+                    if (passwordIndex != -1) {
+                        ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R4222);
+                    }
+                    passwordIndex = curIdx;
+                } else if (xmlEvent.asStartElement().getName().equals(WSSConstants.TAG_wsu_Created)) {
+                    if (createdIndex != -1) {
+                        ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R4223);
+                    }
+                    createdIndex = curIdx;
+                } else if (xmlEvent.asStartElement().getName().equals(WSSConstants.TAG_wsse_Nonce)) {
+                    if (nonceIndex != -1) {
+                        ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R4225);
+                    }
+                    nonceIndex = curIdx;
+                }
+            }
+            curIdx++;
+        }
+
+        PasswordString passwordType = XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsse_Password);
+        if (passwordType != null) {
+            if (passwordType.getType() == null) {
+                ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R4201);
+            }
+        }
+
+        EncodedString encodedNonce = XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsse_Nonce);
+        if (encodedNonce != null) {
+            if (encodedNonce.getEncodingType() == null) {
+                ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R4220);
+            } else if (!WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING.equals(encodedNonce.getEncodingType())) {
+                ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R4221);
+            }
+        }
+
+    }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecurityTokenFactoryImpl.java Fri Apr  6 17:31:37 2012
@@ -21,7 +21,6 @@ package org.swssf.wss.impl.securityToken
 import org.apache.commons.codec.binary.Base64;
 import org.swssf.binding.wss10.BinarySecurityTokenType;
 import org.swssf.binding.wss10.KeyIdentifierType;
-import org.swssf.binding.wss10.ReferenceType;
 import org.swssf.binding.wss10.SecurityTokenReferenceType;
 import org.swssf.binding.xmldsig.*;
 import org.swssf.binding.xmldsig11.ECKeyValueType;
@@ -72,11 +71,21 @@ public class SecurityTokenFactoryImpl ex
     public static SecurityToken getSecurityToken(SecurityTokenReferenceType securityTokenReferenceType, Crypto crypto,
                                                  final CallbackHandler callbackHandler, SecurityContext securityContext)
             throws XMLSecurityException {
+
+        //BSP.R5205 is a joke. In real life we have a lot of cases which prevents a one pass processing.
+        //Say encrypted Tokens, SignedTokens, Signed-Timestamp first...
+
         try {
             if (securityTokenReferenceType == null) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noSecTokRef");
             }
 
+            if (securityTokenReferenceType.getAny().size() > 1) {
+                ((WSSecurityContext) securityContext).handleBSPRule(WSSConstants.BSPRule.R3061);
+            }
+
+            //todo BSP.R3027 KeyName? not supported ATM
+            //todo BSP.R3060,BSP.R3025,BSP.R3056 only one Embedded element? Not supported ATM
             final X509DataType x509DataType
                     = XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_dsig_X509Data);
             final KeyIdentifierType keyIdentifierType
@@ -87,16 +96,22 @@ public class SecurityTokenFactoryImpl ex
                 return new X509DataSecurityToken((WSSecurityContext) securityContext, crypto, callbackHandler,
                         x509DataType, securityTokenReferenceType.getId(),
                         WSSConstants.KeyIdentifierType.ISSUER_SERIAL);
-            }
-            //todo this is not supported by outputProcessor but can be implemented.
-            // We'll have a look at the spec if this is allowed
-            else if (keyIdentifierType != null) {
+            } else if (keyIdentifierType != null) {
                 String valueType = keyIdentifierType.getValueType();
+                if (valueType == null) {
+                    ((WSSecurityContext) securityContext).handleBSPRule(WSSConstants.BSPRule.R3054);
+                }
                 String encodingType = keyIdentifierType.getEncodingType();
 
                 byte[] binaryContent = null;
                 if (WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING.equals(encodingType)) {
                     binaryContent = Base64.decodeBase64(keyIdentifierType.getValue());
+                } else if (!WSSConstants.NS_SAML10_TYPE.equals(valueType) && !WSSConstants.NS_SAML20_TYPE.equals(valueType)) {
+                    if (encodingType == null) {
+                        ((WSSecurityContext) securityContext).handleBSPRule(WSSConstants.BSPRule.R3070);
+                    } else {
+                        ((WSSecurityContext) securityContext).handleBSPRule(WSSConstants.BSPRule.R3071);
+                    }
                 }
 
                 if (WSSConstants.NS_X509_V3_TYPE.equals(valueType)) {
@@ -118,13 +133,22 @@ public class SecurityTokenFactoryImpl ex
                                 WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", keyIdentifierType.getValue());
                     }
                     return securityTokenProvider.getSecurityToken();
+                } else {
+                    //we do enforce BSP compliance here but will fail anyway since we cannot identify the referenced token
+                    ((WSSecurityContext) securityContext).handleBSPRule(WSSConstants.BSPRule.R3063);
                 }
             } else if (referenceType != null) {
+                //We do not check for BSP.R3023, BSP.R3022, BSP.R3066, BSP.R3067, BSP.R3024, BSP.R3064, BSP.R3211, BSP.R3058, BSP.R3059
 
                 String uri = referenceType.getURI();
                 if (uri == null) {
+                    //we do enforce BSP compliance here but will fail anyway since we cannot identify the referenced token
+                    ((WSSecurityContext) securityContext).handleBSPRule(WSSConstants.BSPRule.R3062);
                     throw new WSSecurityException("badReferenceURI");
                 }
+                if (!uri.startsWith("#")) {
+                    ((WSSecurityContext) securityContext).handleBSPRule(WSSConstants.BSPRule.R5204);
+                }
                 uri = WSSUtils.dropReferenceMarker(uri);
                 //referenced BST:*/
                 //we have to search BST somewhere in the doc. First we will check for a BST already processed and
@@ -145,6 +169,9 @@ public class SecurityTokenFactoryImpl ex
                 if (securityTokenProvider == null) {
                     throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", uri);
                 }
+                if (securityTokenProvider.getSecurityToken() instanceof SecurityTokenReference) {
+                    ((WSSecurityContext) securityContext).handleBSPRule(WSSConstants.BSPRule.R3057);
+                }
                 return securityTokenProvider.getSecurityToken();
             }
             throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");
@@ -216,6 +243,6 @@ public class SecurityTokenFactoryImpl ex
         return new SecurityTokenReference(
                 securityContext.getSecurityTokenProvider(referencedTokenId).
                         getSecurityToken(), xmlEvents,
-                (WSSecurityContext) securityContext, callbackHandler, id, null);
+                (WSSecurityContext) securityContext, callbackHandler, id, WSSConstants.KeyIdentifierType.SECURITY_TOKEN_REFERENCE);
     }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java Fri Apr  6 17:31:37 2012
@@ -416,7 +416,7 @@ public class InteroperabilityTest extend
                 SecurityEvent.Event.Operation,
         };
         final TestSecurityEventListener securityEventListener = new TestSecurityEventListener(expectedSecurityEvents);
-                Document document = doInboundSecurity(
+        Document document = doInboundSecurity(
                 securityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), securityEventListener);
 
         //read the whole stream:
@@ -607,6 +607,9 @@ public class InteroperabilityTest extend
             securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
             securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
             securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5404);
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5423);
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5412);
             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
 
             SecurityEvent.Event[] expectedSecurityEvents = new SecurityEvent.Event[]{

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SecurityContextTokenTest.java Fri Apr  6 17:31:37 2012
@@ -324,6 +324,7 @@ public class SecurityContextTokenTest ex
             securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
             CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl(tempSecret);
             securityProperties.setCallbackHandler(callbackHandler);
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5204);
             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
 

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureTest.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/SignatureTest.java Fri Apr  6 17:31:37 2012
@@ -333,6 +333,9 @@ public class SignatureTest extends Abstr
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
             securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5404);
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5423);
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5412);
             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
 
@@ -920,6 +923,8 @@ public class SignatureTest extends Abstr
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
             securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5421);
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5417);
             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
 
             SecurityEvent.Event[] expectedSecurityEvents = new SecurityEvent.Event[]{
@@ -984,6 +989,8 @@ public class SignatureTest extends Abstr
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
             securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5421);
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5417);
             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
 
@@ -1035,6 +1042,8 @@ public class SignatureTest extends Abstr
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
             securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5421);
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R5417);
             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
 

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/TimestampTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/TimestampTest.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/TimestampTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/TimestampTest.java Fri Apr  6 17:31:37 2012
@@ -396,6 +396,8 @@ public class TimestampTest extends Abstr
         //done timestamp; now test timestamp-verification:
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R3203);
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R3221);
             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
 
@@ -482,6 +484,7 @@ public class TimestampTest extends Abstr
         //done timestamp; now test timestamp-verification:
         {
             WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            securityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R3203);
             InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
             XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
 

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/VulnerabliltyVectorsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/VulnerabliltyVectorsTest.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/VulnerabliltyVectorsTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/VulnerabliltyVectorsTest.java Fri Apr  6 17:31:37 2012
@@ -184,6 +184,7 @@ public class VulnerabliltyVectorsTest ex
         inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
         inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
         inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+        inSecurityProperties.addIgnoreBSPRule(WSSConstants.BSPRule.R3006);
 
         try {
             doInboundSecurity(inSecurityProperties, xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));

Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityConstants.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityConstants.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityConstants.java Fri Apr  6 17:31:37 2012
@@ -107,12 +107,14 @@ public class XMLSecurityConstants {
     public static final QName TAG_dsig_SignedInfo = new QName(NS_DSIG, "SignedInfo", PREFIX_DSIG);
     public static final QName TAG_dsig_CanonicalizationMethod = new QName(NS_DSIG, "CanonicalizationMethod", PREFIX_DSIG);
     public static final QName TAG_dsig_SignatureMethod = new QName(NS_DSIG, "SignatureMethod", PREFIX_DSIG);
+    public static final QName TAG_dsig_HMACOutputLength = new QName(NS_DSIG, "HMACOutputLength", PREFIX_DSIG);
     public static final QName TAG_dsig_Reference = new QName(NS_DSIG, "Reference", PREFIX_DSIG);
     public static final QName TAG_dsig_Transforms = new QName(NS_DSIG, "Transforms", PREFIX_DSIG);
     public static final QName TAG_dsig_Transform = new QName(NS_DSIG, "Transform", PREFIX_DSIG);
     public static final QName TAG_dsig_DigestMethod = new QName(NS_DSIG, "DigestMethod", PREFIX_DSIG);
     public static final QName TAG_dsig_DigestValue = new QName(NS_DSIG, "DigestValue", PREFIX_DSIG);
     public static final QName TAG_dsig_SignatureValue = new QName(NS_DSIG, "SignatureValue", PREFIX_DSIG);
+    public static final QName TAG_dsig_Manifest = new QName(NS_DSIG, "Manifest", PREFIX_DSIG);
 
     public static final QName TAG_dsig_X509Data = new QName(NS_DSIG, "X509Data", PREFIX_DSIG);
     public static final QName TAG_dsig_X509IssuerSerial = new QName(NS_DSIG, "X509IssuerSerial", PREFIX_DSIG);
@@ -140,6 +142,16 @@ public class XMLSecurityConstants {
     public static final QName TAG_dsig11_PublicKey = new QName(NS_DSIG11, "PublicKey", PREFIX_DSIG11);
 
     public static final String NS_C14N_EXCL = "http://www.w3.org/2001/10/xml-exc-c14n#";
+    public static final String NS_XMLDSIG_FILTER2 = "http://www.w3.org/2002/06/xmldsig-filter2";
+    public static final String NS_XMLDSIG_ENVELOPED_SIGNATURE = NS_DSIG + "enveloped-signature";
+    public static final String NS_XMLDSIG_SHA1 = NS_DSIG + "sha1";
+    public static final String NS_XMLDSIG_HMACSHA1 = NS_DSIG + "hmac-sha1";
+    public static final String NS_XMLDSIG_RSASHA1 = NS_DSIG + "rsa-sha1";
+
+    public static final String NS_XENC_TRIBLE_DES = NS_XMLENC + "tripledes-cbc";
+    public static final String NS_XENC_AES128 = NS_XMLENC + "aes128-cbc";
+    public static final String NS_XENC_AES256 = NS_XMLENC + "aes256-cbc";
+
     public static final String PREFIX_C14N_EXCL = "c14nEx";
     public static final QName ATT_NULL_PrefixList = new QName(null, "PrefixList");
     public static final QName TAG_c14nExcl_InclusiveNamespaces = new QName(NS_C14N_EXCL, "InclusiveNamespaces", PREFIX_C14N_EXCL);

Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityUtils.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityUtils.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/ext/XMLSecurityUtils.java Fri Apr  6 17:31:37 2012
@@ -33,10 +33,7 @@ import java.io.IOException;
 import java.io.OutputStream;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
-import java.util.Deque;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
+import java.util.*;
 
 /**
  * @author $Author$
@@ -250,4 +247,15 @@ public class XMLSecurityUtils {
         }
         return null;
     }
+
+    public static String getQNameAttribute(Map<QName, String> attributes, QName qName) {
+        Iterator<Map.Entry<QName, String>> attributeIterator = attributes.entrySet().iterator();
+        while (attributeIterator.hasNext()) {
+            Map.Entry<QName, String> entry = attributeIterator.next();
+            if (entry.getKey().equals(qName)) {
+                return entry.getValue();
+            }
+        }
+        return null;
+    }
 }

Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java Fri Apr  6 17:31:37 2012
@@ -270,7 +270,7 @@ public abstract class AbstractDecryptInp
                 receiverThread.setName("decrypting thread");
 
                 AbstractDecryptedEventReaderInputProcessor decryptedEventReaderInputProcessor = newDecryptedEventReaderInputProccessor(
-                        encryptedHeader, comparableNamespaceList, comparableAttributeList, encryptedDataType, securityToken
+                        encryptedHeader, comparableNamespaceList, comparableAttributeList, encryptedDataType, securityToken, inputProcessorChain.getSecurityContext()
                 );
 
                 //add the new created EventReader processor to the chain.
@@ -320,7 +320,8 @@ public abstract class AbstractDecryptInp
 
     protected abstract AbstractDecryptedEventReaderInputProcessor newDecryptedEventReaderInputProccessor(
             boolean encryptedHeader, List<ComparableNamespace>[] comparableNamespaceList,
-            List<ComparableAttribute>[] comparableAttributeList, EncryptedDataType currentEncryptedDataType, SecurityToken securityToken);
+            List<ComparableAttribute>[] comparableAttributeList, EncryptedDataType currentEncryptedDataType,
+            SecurityToken securityToken, SecurityContext securityContext) throws XMLSecurityException;
 
     protected abstract void handleSecurityToken(
             SecurityToken securityToken, SecurityContext securityContext, EncryptedDataType encryptedDataType) throws XMLSecurityException;

Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java?rev=1310493&r1=1310492&r2=1310493&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java (original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractSignatureInputHandler.java Fri Apr  6 17:31:37 2012
@@ -60,9 +60,9 @@ public abstract class AbstractSignatureI
         addSignatureReferenceInputProcessorToChain(inputProcessorChain, securityProperties, signatureType, securityToken);
     }
 
-    protected abstract void addSignatureReferenceInputProcessorToChain(InputProcessorChain inputProcessorChain,
-                                                                       XMLSecurityProperties securityProperties,
-                                                                       SignatureType signatureType, SecurityToken securityToken);
+    protected abstract void addSignatureReferenceInputProcessorToChain(
+            InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties,
+            SignatureType signatureType, SecurityToken securityToken) throws XMLSecurityException;
 
     protected SecurityToken verifySignedInfo(InputProcessorChain inputProcessorChain, XMLSecurityProperties securityProperties,
                                              SignatureType signatureType, Deque<XMLEvent> eventDeque, int index)



Mime
View raw message