Author: giger
Date: Sat Jun 8 13:20:18 2013
New Revision: 1490977
URL: http://svn.apache.org/r1490977
Log:
- WSS-442
- Cleanup KeyIdentifier
- SecurityToken refactorings
Added:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509IssuerSerialTokenImpl.java
- copied, changed from r1485168, webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509DataSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SKISecurityTokenImpl.java
- copied, changed from r1485168, webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SubjectKeyIdentifierSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509ThumbprintSHA1SecurityTokenImpl.java
- copied, changed from r1485168, webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ThumbprintSHA1SecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509V3SecurityTokenImpl.java
- copied, changed from r1485168, webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509_V3SecurityTokenImpl.java
Removed:
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ThumbprintSHA1SecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509DataSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SubjectKeyIdentifierSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509_V3SecurityTokenImpl.java
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecureConversationTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingIntegrationTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/IssuedTokenTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/KerberosTokenTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/SamlTokenTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/SupportingTokensTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/SymmetricBindingTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingIntegrationTest.java
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/UsernameTokenTest.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DerivedKeyTokenInputHandler.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/DsaKeyValueSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ECKeyValueSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/EncryptedKeySha1SecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/HttpsSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/KerberosServiceSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/RsaKeyValueSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SamlSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecureConversationSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenReferenceImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509DefaultSecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509PKIPathv1SecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SecurityTokenImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/securityToken/WSSecurityTokenConstants.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/BinarySecurityTokenValidatorImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SecurityContextTokenValidatorImpl.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
Sat Jun 8 13:20:18 2013
@@ -126,6 +126,7 @@ public class PolicyEnforcer implements S
public PolicyEnforcer(List<OperationPolicy> operationPolicies, String soapAction,
boolean initiator) throws WSSPolicyException {
this.operationPolicies = operationPolicies;
+ this.initiator = initiator;
assertionStateMap = new LinkedList<Map<SecurityEventConstants.Event, Map<Assertion,
List<Assertable>>>>();
failedAssertionStateMap = new LinkedList<Map<SecurityEventConstants.Event,
Map<Assertion, List<Assertable>>>>();
@@ -135,7 +136,6 @@ public class PolicyEnforcer implements S
buildAssertionStateMap(effectivePolicy.getPolicy(), assertionStateMap);
}
}
- this.initiator = initiator;
}
private OperationPolicy findPolicyBySOAPAction(List<OperationPolicy> operationPolicies,
String soapAction) {
@@ -268,27 +268,27 @@ public class PolicyEnforcer implements S
} else if (abstractSecurityAssertion instanceof RequiredParts) {
assertableList.add(new RequiredPartsAssertionState(abstractSecurityAssertion,
false));
} else if (abstractSecurityAssertion instanceof UsernameToken) {
- assertableList.add(new UsernameTokenAssertionState(abstractSecurityAssertion,
false));
+ assertableList.add(new UsernameTokenAssertionState(abstractSecurityAssertion,
false, initiator));
} else if (abstractSecurityAssertion instanceof IssuedToken) {
- assertableList.add(new IssuedTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new IssuedTokenAssertionState(abstractSecurityAssertion, false,
initiator));
} else if (abstractSecurityAssertion instanceof X509Token) {
- assertableList.add(new X509TokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new X509TokenAssertionState(abstractSecurityAssertion, false,
initiator));
} else if (abstractSecurityAssertion instanceof KerberosToken) {
- assertableList.add(new KerberosTokenAssertionState(abstractSecurityAssertion,
false));
+ assertableList.add(new KerberosTokenAssertionState(abstractSecurityAssertion,
false, initiator));
} else if (abstractSecurityAssertion instanceof SpnegoContextToken) {
- assertableList.add(new SpnegoContextTokenAssertionState(abstractSecurityAssertion,
false));
+ assertableList.add(new SpnegoContextTokenAssertionState(abstractSecurityAssertion,
false, initiator));
} else if (abstractSecurityAssertion instanceof SecureConversationToken) {
- assertableList.add(new SecureConversationTokenAssertionState(abstractSecurityAssertion,
false));
+ assertableList.add(new SecureConversationTokenAssertionState(abstractSecurityAssertion,
false, initiator));
} else if (abstractSecurityAssertion instanceof SecurityContextToken) {
- assertableList.add(new SecurityContextTokenAssertionState(abstractSecurityAssertion,
false));
+ assertableList.add(new SecurityContextTokenAssertionState(abstractSecurityAssertion,
false, initiator));
} else if (abstractSecurityAssertion instanceof SamlToken) {
- assertableList.add(new SamlTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new SamlTokenAssertionState(abstractSecurityAssertion, false,
initiator));
} else if (abstractSecurityAssertion instanceof RelToken) {
- assertableList.add(new RelTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new RelTokenAssertionState(abstractSecurityAssertion, false,
initiator));
} else if (abstractSecurityAssertion instanceof HttpsToken) {
- assertableList.add(new HttpsTokenAssertionState(abstractSecurityAssertion, false));
+ assertableList.add(new HttpsTokenAssertionState(abstractSecurityAssertion, false,
initiator));
} else if (abstractSecurityAssertion instanceof KeyValueToken) {
- assertableList.add(new KeyValueTokenAssertionState(abstractSecurityAssertion,
false));
+ assertableList.add(new KeyValueTokenAssertionState(abstractSecurityAssertion,
false, initiator));
} else if (abstractSecurityAssertion instanceof AlgorithmSuite) {
//initialized with asserted=true because we do negative matching
assertableList.add(new AlgorithmSuiteAssertionState(abstractSecurityAssertion,
true));
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -34,8 +34,8 @@ import org.apache.wss4j.stax.securityEve
public class HttpsTokenAssertionState extends TokenAssertionState {
- public HttpsTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted)
{
- super(assertion, asserted);
+ public HttpsTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted,
boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -51,8 +51,8 @@ import java.util.Map;
public class IssuedTokenAssertionState extends TokenAssertionState {
- public IssuedTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted)
{
- super(assertion, asserted);
+ public IssuedTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted,
boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -36,8 +36,8 @@ import org.apache.wss4j.stax.securityEve
public class KerberosTokenAssertionState extends TokenAssertionState {
- public KerberosTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted)
{
- super(assertion, asserted);
+ public KerberosTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted,
boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -35,8 +35,8 @@ import org.apache.wss4j.stax.securityEve
public class KeyValueTokenAssertionState extends TokenAssertionState {
- public KeyValueTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted)
{
- super(assertion, asserted);
+ public KeyValueTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted,
boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -34,8 +34,8 @@ import org.apache.wss4j.stax.securityEve
public class RelTokenAssertionState extends TokenAssertionState {
- public RelTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted)
{
- super(assertion, asserted);
+ public RelTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted,
boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -38,8 +38,8 @@ import org.apache.xml.security.stax.secu
public class SamlTokenAssertionState extends TokenAssertionState {
- public SamlTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted)
{
- super(assertion, asserted);
+ public SamlTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted,
boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecureConversationTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecureConversationTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecureConversationTokenAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecureConversationTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -34,8 +34,8 @@ import org.apache.wss4j.stax.securityEve
public class SecureConversationTokenAssertionState extends TokenAssertionState {
- public SecureConversationTokenAssertionState(AbstractSecurityAssertion assertion, boolean
asserted) {
- super(assertion, asserted);
+ public SecureConversationTokenAssertionState(AbstractSecurityAssertion assertion, boolean
asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -34,8 +34,8 @@ import org.apache.wss4j.stax.securityEve
public class SecurityContextTokenAssertionState extends TokenAssertionState {
- public SecurityContextTokenAssertionState(AbstractSecurityAssertion assertion, boolean
asserted) {
- super(assertion, asserted);
+ public SecurityContextTokenAssertionState(AbstractSecurityAssertion assertion, boolean
asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -34,8 +34,8 @@ import org.apache.wss4j.stax.securityEve
public class SpnegoContextTokenAssertionState extends TokenAssertionState {
- public SpnegoContextTokenAssertionState(AbstractSecurityAssertion assertion, boolean
asserted) {
- super(assertion, asserted);
+ public SpnegoContextTokenAssertionState(AbstractSecurityAssertion assertion, boolean
asserted, boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -41,8 +41,11 @@ public abstract class TokenAssertionStat
//todo? WSP1.3 5.2.3 Required Claims
//todo derived keys?
- public TokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ private boolean initiator;
+
+ public TokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted, boolean
initiator) {
super(assertion, asserted);
+ this.initiator = initiator;
}
@Override
@@ -65,7 +68,15 @@ public abstract class TokenAssertionStat
while (tokenUsageIterator.hasNext()) {
WSSecurityTokenConstants.TokenUsage tokenUsage = tokenUsageIterator.next();
if (WSSecurityTokenConstants.TokenUsage_MainSignature.equals(tokenUsage)) {
- if (!(parentAssertion instanceof InitiatorToken)
+ if (initiator && !(parentAssertion instanceof RecipientToken)
+ && !(parentAssertion instanceof RecipientSignatureToken)
+ && !(parentAssertion instanceof SignatureToken)
+ && !(parentAssertion instanceof ProtectionToken)
+ && !(parentAssertion instanceof TransportToken)) {
+ ignoreToken++;
+ continue loop;
+ }
+ else if (!initiator && !(parentAssertion instanceof InitiatorToken)
&& !(parentAssertion instanceof InitiatorSignatureToken)
&& !(parentAssertion instanceof SignatureToken)
&& !(parentAssertion instanceof ProtectionToken)
@@ -76,7 +87,15 @@ public abstract class TokenAssertionStat
} else if (WSSecurityTokenConstants.TokenUsage_Signature.equals(tokenUsage))
{
throw new WSSPolicyException("Illegal token usage!");
} else if (WSSecurityTokenConstants.TokenUsage_MainEncryption.equals(tokenUsage))
{
- if (!(parentAssertion instanceof RecipientToken)
+ if (initiator && !(parentAssertion instanceof InitiatorToken)
+ && !(parentAssertion instanceof InitiatorEncryptionToken)
+ && !(parentAssertion instanceof EncryptionToken)
+ && !(parentAssertion instanceof ProtectionToken)
+ && !(parentAssertion instanceof TransportToken)) {
+ ignoreToken++;
+ continue loop;
+ }
+ else if (!initiator && !(parentAssertion instanceof RecipientToken)
&& !(parentAssertion instanceof RecipientEncryptionToken)
&& !(parentAssertion instanceof EncryptionToken)
&& !(parentAssertion instanceof ProtectionToken)
@@ -130,9 +149,40 @@ public abstract class TokenAssertionStat
//WSP1.3, 5.1 Token Inclusion
//todo do we need a global token cache to fullfill ".../IncludeToken/Once" ?
SPConstants.IncludeTokenType includeTokenType = abstractToken.getIncludeTokenType();
- if (includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER) {
- setErrorMessage("Token must not be included");
- asserted = false;
+ boolean isIncludedInMessage = tokenSecurityEvent.getSecurityToken().isIncludedInMessage();
+ switch (includeTokenType) {
+ case INCLUDE_TOKEN_NEVER:
+ if (isIncludedInMessage) {
+ setErrorMessage("Token must not be included");
+ asserted = false;
+ }
+ break;
+ case INCLUDE_TOKEN_ONCE:
+ break;
+ case INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT:
+ if (initiator && isIncludedInMessage) {
+ setErrorMessage("Token must not be included");
+ asserted = false;
+ } else if (!initiator && !isIncludedInMessage) {
+ setErrorMessage("Token must be included");
+ asserted = false;
+ }
+ break;
+ case INCLUDE_TOKEN_ALWAYS_TO_INITIATOR:
+ if (initiator && !isIncludedInMessage) {
+ setErrorMessage("Token must be included");
+ asserted = false;
+ } else if (!initiator && isIncludedInMessage) {
+ setErrorMessage("Token must not be included");
+ asserted = false;
+ }
+ break;
+ case INCLUDE_TOKEN_ALWAYS:
+ if (!isIncludedInMessage) {
+ setErrorMessage("Token must be included");
+ asserted = false;
+ }
+ break;
}
//WSP1.3, 5.3 Token Properties
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -96,7 +96,8 @@ public class TokenProtectionAssertionSta
securityToken = securityToken.getKeyWrappingToken();
}
- if (isSignatureToken(securityToken)) {
+ //a token can only be signed if it is included in the message:
+ if (securityToken.isIncludedInMessage() && isSignatureToken(securityToken))
{
//[WSP1.3_8.9]
boolean signsItsSignatureToken = signsItsSignatureToken(securityToken);
if (protectTokens && !signsItsSignatureToken) {
@@ -183,7 +184,7 @@ public class TokenProtectionAssertionSta
signingSecurityToken = signingSecurityToken.getKeyWrappingToken();
}
//todo ATM me just check if the token signs a signature but we don't know
if it's the main signature
- if (signingSecurityToken == securityToken) {
+ if (signingSecurityToken != null && signingSecurityToken.getId().equals(securityToken.getId()))
{
return true;
}
}
@@ -202,7 +203,7 @@ public class TokenProtectionAssertionSta
signingSecurityToken = signingSecurityToken.getKeyWrappingToken();
}
- if (signingSecurityToken == securityToken) {
+ if (signingSecurityToken != null && signingSecurityToken.getId().equals(securityToken.getId()))
{
return true;
}
}
@@ -234,7 +235,7 @@ public class TokenProtectionAssertionSta
while (elementSignatureToken != null && elementSignatureToken.getKeyWrappingToken()
!= null) {
elementSignatureToken = elementSignatureToken.getKeyWrappingToken();
}
- if (signedElementSecurityEvent.getSecurityToken() == securityToken)
{
+ if (elementSignatureToken != null && elementSignatureToken.getId().equals(securityToken.getId()))
{
if (!signedElements.contains(signedElementSecurityEvent)) {
signedElements.add(signedElementSecurityEvent);
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -37,8 +37,8 @@ import org.apache.xml.security.stax.secu
public class UsernameTokenAssertionState extends TokenAssertionState {
- public UsernameTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted)
{
- super(assertion, asserted);
+ public UsernameTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted,
boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
Sat Jun 8 13:20:18 2013
@@ -37,8 +37,8 @@ import java.security.cert.X509Certificat
public class X509TokenAssertionState extends TokenAssertionState {
- public X509TokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted)
{
- super(assertion, asserted);
+ public X509TokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted,
boolean initiator) {
+ super(assertion, asserted, initiator);
}
@Override
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java?rev=1490977&r1=1490976&r2=1490977&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
Sat Jun 8 13:20:18 2013
@@ -35,6 +35,7 @@ import org.apache.xml.security.binding.x
import org.apache.xml.security.binding.xmldsig11.NamedCurveType;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.Init;
+import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.testng.annotations.BeforeClass;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -105,7 +106,10 @@ public class AbstractPolicyTestBase exte
final KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"),
"default".toCharArray());
- X509SecurityTokenImpl x509SecurityToken = new X509SecurityTokenImpl(tokenType, null,
null, null, "", WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier, null) {
+ X509SecurityTokenImpl x509SecurityToken =
+ new X509SecurityTokenImpl(
+ tokenType, null, null, null, IDGenerator.generateID(null),
+ WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier, null,
true) {
@Override
protected String getAlias() throws XMLSecurityException {
return keyAlias;
@@ -131,7 +135,9 @@ public class AbstractPolicyTestBase exte
}
public KerberosServiceSecurityTokenImpl getKerberosServiceSecurityToken(WSSecurityTokenConstants.TokenType
tokenType) throws Exception {
- return new KerberosServiceSecurityTokenImpl(null, null, null, null, "", WSSecurityTokenConstants.KeyIdentifier_SecurityTokenReference);
+ return new KerberosServiceSecurityTokenImpl(
+ null, null, null, null, IDGenerator.generateID(null),
+ WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
}
public HttpsSecurityTokenImpl getHttpsSecurityToken(WSSecurityTokenConstants.TokenType
tokenType) throws Exception {
@@ -139,17 +145,17 @@ public class AbstractPolicyTestBase exte
}
public RsaKeyValueSecurityTokenImpl getRsaKeyValueSecurityToken() throws Exception {
- return new RsaKeyValueSecurityTokenImpl(null, null, WSSecurityTokenConstants.KeyIdentifier_EmbeddedKeyIdentifierRef);
+ return new RsaKeyValueSecurityTokenImpl(null, null);
}
public DsaKeyValueSecurityTokenImpl getDsaKeyValueSecurityToken() throws Exception {
- return new DsaKeyValueSecurityTokenImpl(null, null, WSSecurityTokenConstants.KeyIdentifier_EmbeddedKeyIdentifierRef);
+ return new DsaKeyValueSecurityTokenImpl(null, null);
}
public ECKeyValueSecurityTokenImpl getECKeyValueSecurityToken() throws Exception {
ECKeyValueType ecKeyValueType = new ECKeyValueType();
ecKeyValueType.setNamedCurve(new NamedCurveType());
- return new ECKeyValueSecurityTokenImpl(ecKeyValueType, null, WSSecurityTokenConstants.KeyIdentifier_EmbeddedKeyIdentifierRef);
+ return new ECKeyValueSecurityTokenImpl(ecKeyValueType, null);
}
protected String loadResourceAsString(String resource, String encoding) throws IOException
{
|