ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1491219 - in /webservices/wss4j/trunk: integration/src/test/java/org/apache/wss4j/integration/test/stax/ ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/ ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/ ws...
Date Sun, 09 Jun 2013 13:40:49 GMT
Author: giger
Date: Sun Jun  9 13:40:49 2013
New Revision: 1491219

URL: http://svn.apache.org/r1491219
Log:
WSS-449 - Receiving code can't handle the case of a Thumbprint reference to a BST in the token 
- The same applies to X509 Issuer serial references and therefore fixed too
- some cleanups

Modified:
    webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/WSP13SpecTest.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/DsaKeyValueSecurityTokenImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ECKeyValueSecurityTokenImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/RsaKeyValueSecurityTokenImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509IssuerSerialTokenImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SKISecurityTokenImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509ThumbprintSHA1SecurityTokenImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InteroperabilityTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenReferenceTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlTokenDerivedTest.java

Modified: webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java (original)
+++ webservices/wss4j/trunk/integration/src/test/java/org/apache/wss4j/integration/test/stax/KerberosTest.java Sun Jun  9 13:40:49 2013
@@ -263,7 +263,7 @@ public class KerberosTest extends Abstra
             Assert.assertEquals(nodeList.getLength(), 1);
             Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
 
-            Assert.assertEquals(kerberosTokenSecurityEvents.size(), 2);
+            Assert.assertEquals(kerberosTokenSecurityEvents.size(), 1);
             final KerberosTokenSecurityEvent kerberosTokenSecurityEvent = kerberosTokenSecurityEvents.get(0);
             Assert.assertNotNull(kerberosTokenSecurityEvent.getSecurityToken().getSubject());
             Assert.assertTrue(kerberosTokenSecurityEvent.getSecurityToken().getPrincipal() instanceof KerberosPrincipal);
@@ -360,7 +360,7 @@ public class KerberosTest extends Abstra
             Assert.assertEquals(nodeList.getLength(), 1);
             Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
 
-            Assert.assertEquals(kerberosTokenSecurityEvents.size(), 2);
+            Assert.assertEquals(kerberosTokenSecurityEvents.size(), 1);
         }
     }
 
@@ -529,7 +529,7 @@ public class KerberosTest extends Abstra
             nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
             Assert.assertEquals(nodeList.getLength(), 0);
 
-            Assert.assertEquals(kerberosTokenSecurityEvents.size(), 2);
+            Assert.assertEquals(kerberosTokenSecurityEvents.size(), 1);
         }
     }
 
@@ -625,7 +625,7 @@ public class KerberosTest extends Abstra
             nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_xenc_EncryptedData.getNamespaceURI(), WSSConstants.TAG_xenc_EncryptedData.getLocalPart());
             Assert.assertEquals(nodeList.getLength(), 0);
 
-            Assert.assertEquals(kerberosTokenSecurityEvents.size(), 2);
+            Assert.assertEquals(kerberosTokenSecurityEvents.size(), 1);
         }
     }
 }

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java Sun Jun  9 13:40:49 2013
@@ -145,17 +145,17 @@ public class AbstractPolicyTestBase exte
     }
 
     public RsaKeyValueSecurityTokenImpl getRsaKeyValueSecurityToken() throws Exception {
-        return new RsaKeyValueSecurityTokenImpl(null, null);
+        return new RsaKeyValueSecurityTokenImpl(null, null, null);
     }
 
     public DsaKeyValueSecurityTokenImpl getDsaKeyValueSecurityToken() throws Exception {
-        return new DsaKeyValueSecurityTokenImpl(null, null);
+        return new DsaKeyValueSecurityTokenImpl(null, null, null);
     }
 
     public ECKeyValueSecurityTokenImpl getECKeyValueSecurityToken() throws Exception {
         ECKeyValueType ecKeyValueType = new ECKeyValueType();
         ecKeyValueType.setNamedCurve(new NamedCurveType());
-        return new ECKeyValueSecurityTokenImpl(ecKeyValueType, null);
+        return new ECKeyValueSecurityTokenImpl(ecKeyValueType, null, null);
     }
 
     protected String loadResourceAsString(String resource, String encoding) throws IOException {

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/WSP13SpecTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/WSP13SpecTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/WSP13SpecTest.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/WSP13SpecTest.java Sun Jun  9 13:40:49 2013
@@ -39,10 +39,10 @@ public class WSP13SpecTest extends Abstr
     public Object[][] ignoreEventsTransportBindingC11a() {
         return new Object[][]{
                 {null, null, null},
-                {WSSecurityEventConstants.HttpsToken, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken not satisfied"},
-                {WSSecurityEventConstants.RequiredElement, 2, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
-                {WSSecurityEventConstants.UsernameToken, 3, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
-                {SecurityEventConstants.X509Token, 4, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
+                {WSSecurityEventConstants.HttpsToken, 2, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}HttpsToken not satisfied"},
+                {WSSecurityEventConstants.RequiredElement, 4, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
+                {WSSecurityEventConstants.UsernameToken, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
+                {SecurityEventConstants.X509Token, 1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
         };
     }
 
@@ -60,9 +60,9 @@ public class WSP13SpecTest extends Abstr
     public Object[][] ignoreEventsAsymmetricBindingC31a() {
         return new Object[][]{
                 {null, null, null},
-                {WSSecurityEventConstants.RequiredElement, 1, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
-                {SecurityEventConstants.X509Token, 2, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
-                {WSSecurityEventConstants.UsernameToken, 7, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
+                {WSSecurityEventConstants.RequiredElement, 8, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
+                {SecurityEventConstants.X509Token, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
+                {WSSecurityEventConstants.UsernameToken, 1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
         };
     }
 
@@ -80,10 +80,10 @@ public class WSP13SpecTest extends Abstr
     public Object[][] ignoreEventsSymmetricBindingC21a() {
         return new Object[][]{
                 {null, null, null},
-                {WSSecurityEventConstants.RequiredElement, 1, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
+                {WSSecurityEventConstants.RequiredElement, 4, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
                 {WSSecurityEventConstants.SamlToken, -1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IssuedToken not satisfied"},
-                {WSSecurityEventConstants.UsernameToken, 4, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
-                {SecurityEventConstants.X509Token, 15, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
+                {WSSecurityEventConstants.UsernameToken, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
+                {SecurityEventConstants.X509Token, 2, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
         };
     }
 
@@ -101,10 +101,10 @@ public class WSP13SpecTest extends Abstr
     public Object[][] ignoreEventsSymmetricBindingC21b() {
         return new Object[][]{
                 {null, null, null},
-                {WSSecurityEventConstants.RequiredElement, 1, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
+                {WSSecurityEventConstants.RequiredElement, 4, "Element /{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp must be present"},
                 {WSSecurityEventConstants.SamlToken, -1, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}IssuedToken not satisfied"},
-                {WSSecurityEventConstants.UsernameToken, 4, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
-                {SecurityEventConstants.X509Token, 15, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
+                {WSSecurityEventConstants.UsernameToken, 0, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}UsernameToken not satisfied"},
+                {SecurityEventConstants.X509Token, 2, "Assertion {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token not satisfied"},
         };
     }
 

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java Sun Jun  9 13:40:49 2013
@@ -182,31 +182,21 @@ public class InboundWSSecurityContextImp
             }
         }
 
-        //search for the root tokens...
-        for (int i = 0; i < tokenSecurityEvents.size(); i++) {
-            TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = tokenSecurityEvents.get(i);
-            SecurityToken securityToken = tokenSecurityEvent.getSecurityToken();
-            if (securityToken.getKeyWrappingToken() == null && !containsSecurityToken(supportingTokens, securityToken)) {
-                supportingTokens = addTokenSecurityEvent(tokenSecurityEvent, supportingTokens);
-            }
-        }
-        //...and then for the intermediare tokens and create new TokenSecurityEvents if not already there
+        //search the root tokens and create new TokenSecurityEvents if not already there...
         for (int i = 0; i < tokenSecurityEvents.size(); i++) {
             TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = tokenSecurityEvents.get(i);
             InboundSecurityToken securityToken = tokenSecurityEvent.getSecurityToken();
-            if (securityToken.getKeyWrappingToken() != null) {
-                while (securityToken.getKeyWrappingToken() != null) {
-                    securityToken = securityToken.getKeyWrappingToken();
-                }
-                if (!containsSecurityToken(supportingTokens, securityToken)) {
-                    TokenSecurityEvent<? extends InboundSecurityToken> newTokenSecurityEvent =
-                            WSSUtils.createTokenSecurityEvent(securityToken, tokenSecurityEvent.getCorrelationID());
-                    supportingTokens = addTokenSecurityEvent(newTokenSecurityEvent, supportingTokens);
-                    securityEventDeque.offer(newTokenSecurityEvent);
-                }
-                //remove old TokenSecurityEvent so that only root tokens are in the queue
-                securityEventDeque.remove(tokenSecurityEvent);
+            while (securityToken.getKeyWrappingToken() != null) {
+                securityToken = securityToken.getKeyWrappingToken();
+            }
+            if (!containsSecurityToken(supportingTokens, securityToken)) {
+                TokenSecurityEvent<? extends InboundSecurityToken> newTokenSecurityEvent =
+                        WSSUtils.createTokenSecurityEvent(securityToken, tokenSecurityEvent.getCorrelationID());
+                supportingTokens = addTokenSecurityEvent(newTokenSecurityEvent, supportingTokens);
+                securityEventDeque.offer(newTokenSecurityEvent);
             }
+            //remove old TokenSecurityEvent so that only root tokens are in the queue
+            securityEventDeque.remove(tokenSecurityEvent);
         }
 
         Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> supportingTokensIterator = supportingTokens.iterator();

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/DsaKeyValueSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/DsaKeyValueSecurityTokenImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/DsaKeyValueSecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/DsaKeyValueSecurityTokenImpl.java Sun Jun  9 13:40:49 2013
@@ -18,6 +18,7 @@
  */
 package org.apache.wss4j.stax.impl.securityToken;
 
+import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.principal.PublicKeyPrincipalImpl;
 import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
@@ -32,11 +33,18 @@ public class DsaKeyValueSecurityTokenImp
         extends org.apache.xml.security.stax.impl.securityToken.DsaKeyValueSecurityToken
         implements DsaKeyValueSecurityToken {
 
+    private Crypto crypto;
     private Principal principal;
 
     public DsaKeyValueSecurityTokenImpl(
-            DSAKeyValueType dsaKeyValueType, WSInboundSecurityContext wsInboundSecurityContext) {
+            DSAKeyValueType dsaKeyValueType, WSInboundSecurityContext wsInboundSecurityContext, Crypto crypto) {
         super(dsaKeyValueType, wsInboundSecurityContext);
+        this.crypto = crypto;
+    }
+
+    @Override
+    public void verify() throws XMLSecurityException {
+        crypto.verifyTrust(getPublicKey());
     }
 
     @Override

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ECKeyValueSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ECKeyValueSecurityTokenImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ECKeyValueSecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/ECKeyValueSecurityTokenImpl.java Sun Jun  9 13:40:49 2013
@@ -18,6 +18,7 @@
  */
 package org.apache.wss4j.stax.impl.securityToken;
 
+import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.principal.PublicKeyPrincipalImpl;
 import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
@@ -32,12 +33,19 @@ public class ECKeyValueSecurityTokenImpl
         extends org.apache.xml.security.stax.impl.securityToken.ECKeyValueSecurityToken
         implements ECKeyValueSecurityToken {
 
+    private Crypto crypto;
     private Principal principal;
 
     public ECKeyValueSecurityTokenImpl(
-            ECKeyValueType ecKeyValueType, WSInboundSecurityContext wsInboundSecurityContext)
+            ECKeyValueType ecKeyValueType, WSInboundSecurityContext wsInboundSecurityContext, Crypto crypto)
             throws XMLSecurityException {
         super(ecKeyValueType, wsInboundSecurityContext);
+        this.crypto = crypto;
+    }
+
+    @Override
+    public void verify() throws XMLSecurityException {
+        crypto.verifyTrust(getPublicKey());
     }
 
     @Override

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/RsaKeyValueSecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/RsaKeyValueSecurityTokenImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/RsaKeyValueSecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/RsaKeyValueSecurityTokenImpl.java Sun Jun  9 13:40:49 2013
@@ -18,6 +18,7 @@
  */
 package org.apache.wss4j.stax.impl.securityToken;
 
+import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.principal.PublicKeyPrincipalImpl;
 import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
@@ -32,11 +33,18 @@ public class RsaKeyValueSecurityTokenImp
         extends org.apache.xml.security.stax.impl.securityToken.RsaKeyValueSecurityToken
         implements RsaKeyValueSecurityToken {
 
+    private Crypto crypto;
     private Principal principal;
 
     public RsaKeyValueSecurityTokenImpl(
-            RSAKeyValueType rsaKeyValueType, WSInboundSecurityContext wsInboundSecurityContext) {
+            RSAKeyValueType rsaKeyValueType, WSInboundSecurityContext wsInboundSecurityContext, Crypto crypto) {
         super(rsaKeyValueType, wsInboundSecurityContext);
+        this.crypto = crypto;
+    }
+
+    @Override
+    public void verify() throws XMLSecurityException {
+        crypto.verifyTrust(getPublicKey());
     }
 
     @Override

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.java Sun Jun  9 13:40:49 2013
@@ -39,12 +39,16 @@ import org.apache.xml.security.stax.secu
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
 import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.x500.X500Principal;
 import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.lang.reflect.Proxy;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
@@ -116,11 +120,27 @@ public class SecurityTokenFactoryImpl ex
             final X509DataType x509DataType
                     = XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_dsig_X509Data);
             if (x509DataType != null) {
-
                 //Issuer Serial
                 X509IssuerSerialType x509IssuerSerialType = XMLSecurityUtils.getQNameType(
                         x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), WSSConstants.TAG_dsig_X509IssuerSerial);
                 if (x509IssuerSerialType != null) {
+                    //first look if the token is included in the message (necessary for TokenInclusion policy)...
+                    List<SecurityTokenProvider<? extends InboundSecurityToken>> securityTokenProviders =
+                            inboundSecurityContext.getRegisteredSecurityTokenProviders();
+                    for (int i = 0; i < securityTokenProviders.size(); i++) {
+                        SecurityTokenProvider<? extends InboundSecurityToken> tokenProvider = securityTokenProviders.get(i);
+                        InboundSecurityToken inboundSecurityToken = tokenProvider.getSecurityToken();
+                        if (inboundSecurityToken instanceof X509SecurityToken) {
+                            X509SecurityToken x509SecurityToken = (X509SecurityToken) inboundSecurityToken;
+
+                            final X509Certificate x509Certificate = x509SecurityToken.getX509Certificates()[0];
+                            if (x509Certificate.getSerialNumber().compareTo(x509IssuerSerialType.getX509SerialNumber()) == 0 &&
+                                    x509Certificate.getIssuerX500Principal().equals(new X500Principal(x509IssuerSerialType.getX509IssuerName())))
+                                return createSecurityTokenProxy(inboundSecurityToken,
+                                        WSSecurityTokenConstants.KeyIdentifier_IssuerSerial);
+                        }
+                    }
+                    //...then if none is found create a new SecurityToken instance
                     return new X509IssuerSerialTokenImpl(
                             (WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, x509IssuerSerialType,
                             securityTokenReferenceType.getId(), securityProperties);
@@ -185,6 +205,31 @@ public class SecurityTokenFactoryImpl ex
                             (WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, binaryContent,
                             securityTokenReferenceType.getId(), securityProperties);
                 } else if (WSSConstants.NS_THUMBPRINT.equals(valueType)) {
+                    try {
+                        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
+                        //first look if the token is included in the message (necessary for TokenInclusion policy)...
+                        List<SecurityTokenProvider<? extends InboundSecurityToken>> securityTokenProviders =
+                                inboundSecurityContext.getRegisteredSecurityTokenProviders();
+                        for (int i = 0; i < securityTokenProviders.size(); i++) {
+                            SecurityTokenProvider<? extends InboundSecurityToken> tokenProvider = securityTokenProviders.get(i);
+                            InboundSecurityToken inboundSecurityToken = tokenProvider.getSecurityToken();
+                            if (inboundSecurityToken instanceof X509SecurityToken) {
+                                X509SecurityToken x509SecurityToken = (X509SecurityToken)inboundSecurityToken;
+                                byte[] tokenDigest = messageDigest.digest(x509SecurityToken.getX509Certificates()[0].getEncoded());
+
+                                if (Arrays.equals(tokenDigest, binaryContent)) {
+                                    return createSecurityTokenProxy(inboundSecurityToken,
+                                            WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier);
+                                }
+                            }
+                        }
+                    } catch (NoSuchAlgorithmException e) {
+                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+                    } catch (CertificateEncodingException e) {
+                        throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
+                    }
+
+                    //...then if none is found create a new SecurityToken instance
                     return new X509ThumbprintSHA1SecurityTokenImpl(
                             (WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, binaryContent,
                             securityTokenReferenceType.getId(), securityProperties);
@@ -214,27 +259,27 @@ public class SecurityTokenFactoryImpl ex
                                 WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
                     }
 
-                    MessageDigest messageDigest = null;
                     try {
-                        messageDigest = MessageDigest.getInstance("SHA-1");
+                        //ok we have to find the token via digesting...
+                        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
+                        List<SecurityTokenProvider<? extends InboundSecurityToken>> securityTokenProviders =
+                                inboundSecurityContext.getRegisteredSecurityTokenProviders();
+                        for (int i = 0; i < securityTokenProviders.size(); i++) {
+                            SecurityTokenProvider<? extends InboundSecurityToken> tokenProvider = securityTokenProviders.get(i);
+                            InboundSecurityToken inboundSecurityToken = tokenProvider.getSecurityToken();
+                            if (inboundSecurityToken instanceof KerberosServiceSecurityToken) {
+                                KerberosServiceSecurityToken kerberosSecurityToken = (KerberosServiceSecurityToken)inboundSecurityToken;
+                                byte[] tokenDigest = messageDigest.digest(kerberosSecurityToken.getBinaryContent());
+                                if (Arrays.equals(tokenDigest, binaryContent)) {
+                                    return createSecurityTokenProxy(inboundSecurityToken,
+                                            WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier);
+                                }
+                            }
+                        }
                     } catch (NoSuchAlgorithmException e) {
                         throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
                     }
 
-                    //ok we have to find the token via digesting...
-                    List<SecurityTokenProvider<? extends InboundSecurityToken>> securityTokenProviders = inboundSecurityContext.getRegisteredSecurityTokenProviders();
-                    for (int i = 0; i < securityTokenProviders.size(); i++) {
-                        SecurityTokenProvider<? extends InboundSecurityToken> tokenProvider = securityTokenProviders.get(i);
-                        InboundSecurityToken inboundSecurityToken = tokenProvider.getSecurityToken();
-                        if (inboundSecurityToken instanceof KerberosServiceSecurityToken) {
-                            KerberosServiceSecurityToken kerberosSecurityToken = (KerberosServiceSecurityToken)inboundSecurityToken;
-                            byte[] tokenDigest = messageDigest.digest(kerberosSecurityToken.getBinaryContent());
-                            if (Arrays.equals(tokenDigest, binaryContent)) {
-                                return createSecurityTokenProxy(inboundSecurityToken,
-                                        WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier);
-                            }
-                        }
-                    }
                     throw new WSSecurityException(
                             WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", keyIdentifierType.getValue());
                 } else {
@@ -273,7 +318,8 @@ public class SecurityTokenFactoryImpl ex
                 }
                 inboundSecurityContext.put("" + Thread.currentThread().hashCode(), invokeCount);
 
-                SecurityTokenProvider<? extends InboundSecurityToken> securityTokenProvider = inboundSecurityContext.getSecurityTokenProvider(uri);
+                SecurityTokenProvider<? extends InboundSecurityToken> securityTokenProvider =
+                        inboundSecurityContext.getSecurityTokenProvider(uri);
                 if (securityTokenProvider == null) {
                     throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noToken", uri);
                 }
@@ -326,37 +372,22 @@ public class SecurityTokenFactoryImpl ex
                                                  final CallbackHandler callbackHandler, SecurityContext securityContext)
             throws XMLSecurityException {
 
-        //todo *KeyValueSecurityToken verify() inline in classes
-        //todo either handover crypto to verify() or to constructor
         final RSAKeyValueType rsaKeyValueType
                 = XMLSecurityUtils.getQNameType(keyValueType.getContent(), WSSConstants.TAG_dsig_RSAKeyValue);
         if (rsaKeyValueType != null) {
-            return new RsaKeyValueSecurityTokenImpl(rsaKeyValueType, (WSInboundSecurityContext) securityContext) {
-                @Override
-                public void verify() throws XMLSecurityException {
-                    crypto.verifyTrust(getPubKey("", null, null));
-                }
-            };
+            return new RsaKeyValueSecurityTokenImpl(rsaKeyValueType, (WSInboundSecurityContext) securityContext, crypto);
         }
+
         final DSAKeyValueType dsaKeyValueType
                 = XMLSecurityUtils.getQNameType(keyValueType.getContent(), WSSConstants.TAG_dsig_DSAKeyValue);
         if (dsaKeyValueType != null) {
-            return new DsaKeyValueSecurityTokenImpl(dsaKeyValueType, (WSInboundSecurityContext) securityContext) {
-                @Override
-                public void verify() throws XMLSecurityException {
-                    crypto.verifyTrust(getPubKey("", null, null));
-                }
-            };
+            return new DsaKeyValueSecurityTokenImpl(dsaKeyValueType, (WSInboundSecurityContext) securityContext, crypto);
         }
+
         final ECKeyValueType ecKeyValueType
                 = XMLSecurityUtils.getQNameType(keyValueType.getContent(), WSSConstants.TAG_dsig11_ECKeyValue);
         if (ecKeyValueType != null) {
-            return new ECKeyValueSecurityTokenImpl(ecKeyValueType, (WSInboundSecurityContext) securityContext) {
-                @Override
-                public void verify() throws XMLSecurityException {
-                    crypto.verifyTrust(getPubKey("", null, null));
-                }
-            };
+            return new ECKeyValueSecurityTokenImpl(ecKeyValueType, (WSInboundSecurityContext) securityContext, crypto);
         }
         throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "unsupportedKeyInfo");
     }
@@ -365,9 +396,10 @@ public class SecurityTokenFactoryImpl ex
             final InboundSecurityToken inboundSecurityToken,
             final WSSecurityTokenConstants.KeyIdentifier keyIdentifier) {
 
-        Class<?>[] interfaces = new Class<?>[inboundSecurityToken.getClass().getInterfaces().length + 1];
-        System.arraycopy(inboundSecurityToken.getClass().getInterfaces(), 0, interfaces, 0, inboundSecurityToken.getClass().getInterfaces().length);
-        interfaces[interfaces.length - 1] = InboundSecurityToken.class;
+        List<Class<?>> implementedInterfaces = new ArrayList<Class<?>>();
+        getImplementedInterfaces(inboundSecurityToken.getClass(), implementedInterfaces);
+        Class<?>[] interfaces = implementedInterfaces.toArray(new Class<?>[implementedInterfaces.size()]);
+
         return (InboundSecurityToken) Proxy.newProxyInstance(
                 inboundSecurityToken.getClass().getClassLoader(),
                 interfaces,
@@ -375,7 +407,6 @@ public class SecurityTokenFactoryImpl ex
 
                     @Override
                     public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
-                        //todo static final initializer for getKeyIdentifier?
                         if (method.getName().equals("getKeyIdentifier")) {
                             return keyIdentifier;
                         }
@@ -385,6 +416,23 @@ public class SecurityTokenFactoryImpl ex
                             throw e.getTargetException();
                         }
                     }
-                });
+                }
+        );
+    }
+
+    private static void getImplementedInterfaces(Class<?> clazz, List<Class<?>> interfaceList) {
+        if (clazz == null) {
+            return;
+        }
+        Class<?>[] interfaces = clazz.getInterfaces();
+        for (int i = 0; i < interfaces.length; i++) {
+            Class<?> anInterface = interfaces[i];
+
+            if (!interfaceList.contains(anInterface)) {
+                interfaceList.add(anInterface);
+            }
+            getImplementedInterfaces(anInterface, interfaceList);
+        }
+        getImplementedInterfaces(clazz.getSuperclass(), interfaceList);
     }
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509IssuerSerialTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509IssuerSerialTokenImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509IssuerSerialTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509IssuerSerialTokenImpl.java Sun Jun  9 13:40:49 2013
@@ -60,7 +60,7 @@ public class X509IssuerSerialTokenImpl e
             X509Certificate[] certs = getCrypto().getX509Certificates(cryptoType);
             setX509Certificates(certs);
             if (certs == null) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+                throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE);
             }
             return this.alias = getCrypto().getX509Identifier(certs[0]);
         }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SKISecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SKISecurityTokenImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SKISecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509SKISecurityTokenImpl.java Sun Jun  9 13:40:49 2013
@@ -20,6 +20,7 @@ package org.apache.wss4j.stax.impl.secur
 
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
@@ -48,6 +49,9 @@ public class X509SKISecurityTokenImpl ex
             CryptoType cryptoType = new CryptoType(CryptoType.TYPE.SKI_BYTES);
             cryptoType.setBytes(binaryContent);
             X509Certificate[] certs = getCrypto().getX509Certificates(cryptoType);
+            if (certs == null) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE);
+            }
             this.alias = getCrypto().getX509Identifier(certs[0]);
         }
         return this.alias;

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509ThumbprintSHA1SecurityTokenImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509ThumbprintSHA1SecurityTokenImpl.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509ThumbprintSHA1SecurityTokenImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/X509ThumbprintSHA1SecurityTokenImpl.java Sun Jun  9 13:40:49 2013
@@ -20,6 +20,7 @@ package org.apache.wss4j.stax.impl.secur
 
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
@@ -48,7 +49,9 @@ public class X509ThumbprintSHA1SecurityT
             CryptoType cryptoType = new CryptoType(CryptoType.TYPE.THUMBPRINT_SHA1);
             cryptoType.setBytes(binaryContent);
             X509Certificate[] certs = getCrypto().getX509Certificates(cryptoType);
-
+            if (certs == null) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE);
+            }
             this.alias = getCrypto().getX509Identifier(certs[0]);
         }
         return this.alias;

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java Sun Jun  9 13:40:49 2013
@@ -183,7 +183,7 @@ public class InboundWSSecurityContextImp
         boolean encryptedSupportingTokensOccured = false;
         boolean mainEncryptionTokenOccured = false;
         boolean usernameTokenOccured = false;
-        Assert.assertEquals(securityEventList.size(), 34);
+        Assert.assertEquals(securityEventList.size(), 31);
         int x509TokenIndex = 0;
         for (int i = 0; i < securityEventList.size(); i++) {
             SecurityEvent securityEvent = securityEventList.get(i);
@@ -197,31 +197,31 @@ public class InboundWSSecurityContextImp
                 x509TokenIndex++;
                 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
                 Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
-                Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SignedEndorsingSupportingTokens));
+                Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_EncryptedSupportingTokens));
                 signedEndorsingSupportingTokenOccured = true;
             } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 2) {
                 x509TokenIndex++;
                 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
                 Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
-                Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_EncryptedSupportingTokens));
+                Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SupportingTokens));
                 encryptedSupportingTokensOccured = true;
             } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 3) {
                 x509TokenIndex++;
                 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
                 Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
-                Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SupportingTokens));
+                Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_MainSignature));
                 supportingTokensOccured = true;
             } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 4) {
                 x509TokenIndex++;
                 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
                 Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
-                Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SignedEndorsingEncryptedSupportingTokens));
+                Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SignedEndorsingSupportingTokens));
                 signedEndorsingEncryptedSupportingTokenOccured = true;
             } else if (securityEvent instanceof X509TokenSecurityEvent && x509TokenIndex == 5) {
                 x509TokenIndex++;
                 X509TokenSecurityEvent tokenSecurityEvent = (X509TokenSecurityEvent) securityEvent;
                 Assert.assertEquals(tokenSecurityEvent.getSecurityToken().getTokenUsages().size(), 1);
-                Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_MainSignature));
+                Assert.assertTrue(tokenSecurityEvent.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_SignedEndorsingEncryptedSupportingTokens));
                 mainSignatureTokenOccured = true;
             } else if (securityEvent instanceof UsernameTokenSecurityEvent) {
                 UsernameTokenSecurityEvent tokenSecurityEvent = (UsernameTokenSecurityEvent) securityEvent;
@@ -471,7 +471,7 @@ public class InboundWSSecurityContextImp
 
         final List<SecurityEvent> securityEventList = generateSymmetricBindingSecurityEvents();
 
-        Assert.assertEquals(securityEventList.size(), 22);
+        Assert.assertEquals(securityEventList.size(), 21);
 
         for (int i = 0; i < securityEventList.size(); i++) {
             SecurityEvent securityEvent = securityEventList.get(i);

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InteroperabilityTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InteroperabilityTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InteroperabilityTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InteroperabilityTest.java Sun Jun  9 13:40:49 2013
@@ -76,8 +76,8 @@ public class InteroperabilityTest extend
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.X509Token,
-                WSSecurityEventConstants.SignatureValue,
                 WSSecurityEventConstants.X509Token,
+                WSSecurityEventConstants.SignatureValue,
                 WSSecurityEventConstants.Timestamp,
                 WSSecurityEventConstants.SignedElement,
                 WSSecurityEventConstants.SignedElement,
@@ -176,8 +176,8 @@ public class InteroperabilityTest extend
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.X509Token,
-                WSSecurityEventConstants.SignatureValue,
                 WSSecurityEventConstants.X509Token,
+                WSSecurityEventConstants.SignatureValue,
                 WSSecurityEventConstants.Timestamp,
                 WSSecurityEventConstants.SignedElement,
                 WSSecurityEventConstants.SignedElement,
@@ -233,9 +233,9 @@ public class InteroperabilityTest extend
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.X509Token,
+                WSSecurityEventConstants.X509Token,
                 WSSecurityEventConstants.EncryptedElement,
                 WSSecurityEventConstants.SignatureValue,
-                WSSecurityEventConstants.X509Token,
                 WSSecurityEventConstants.Timestamp,
                 WSSecurityEventConstants.SignedElement,
                 WSSecurityEventConstants.SignedElement,
@@ -376,9 +376,9 @@ public class InteroperabilityTest extend
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.X509Token,
+                WSSecurityEventConstants.X509Token,
                 WSSecurityEventConstants.Timestamp,
                 WSSecurityEventConstants.SignatureValue,
-                WSSecurityEventConstants.X509Token,
                 WSSecurityEventConstants.SignedElement,
                 WSSecurityEventConstants.EncryptedPart,
                 WSSecurityEventConstants.Operation,
@@ -538,8 +538,8 @@ public class InteroperabilityTest extend
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.X509Token,
-                WSSecurityEventConstants.SignatureValue,
                 WSSecurityEventConstants.X509Token,
+                WSSecurityEventConstants.SignatureValue,
                 WSSecurityEventConstants.EncryptedElement,
                 WSSecurityEventConstants.Timestamp,
                 WSSecurityEventConstants.SignedElement,
@@ -801,8 +801,8 @@ public class InteroperabilityTest extend
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.X509Token,
-                    WSSecurityEventConstants.SignatureValue,
                     WSSecurityEventConstants.X509Token,
+                    WSSecurityEventConstants.SignatureValue,
                     WSSecurityEventConstants.EncryptedPart,
                     WSSecurityEventConstants.Operation,
                     WSSecurityEventConstants.AlgorithmSuite,
@@ -927,8 +927,8 @@ public class InteroperabilityTest extend
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.X509Token,
-                WSSecurityEventConstants.SignatureValue,
                 WSSecurityEventConstants.X509Token,
+                WSSecurityEventConstants.SignatureValue,
                 WSSecurityEventConstants.Timestamp,
                 WSSecurityEventConstants.SignedElement,
                 WSSecurityEventConstants.SignedElement,
@@ -1024,8 +1024,8 @@ public class InteroperabilityTest extend
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.AlgorithmSuite,
                 WSSecurityEventConstants.X509Token,
-                WSSecurityEventConstants.SignatureValue,
                 WSSecurityEventConstants.X509Token,
+                WSSecurityEventConstants.SignatureValue,
                 WSSecurityEventConstants.Timestamp,
                 WSSecurityEventConstants.SignedElement,
                 WSSecurityEventConstants.SignedElement,

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SecurityContextTokenTest.java Sun Jun  9 13:40:49 2013
@@ -197,11 +197,10 @@ public class SecurityContextTokenTest ex
                 }
             }
 
-            org.junit.Assert.assertEquals(4, encryptedPartSecurityEvents.size());
+            org.junit.Assert.assertEquals(5, encryptedPartSecurityEvents.size());
             org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
                     operationSecurityEvents.size() +
-                            encryptedPartSecurityEvents.size() + 1 //plus one because of the
-                    // SecurityContextToken which can't be correlated that easy for this use case
+                            encryptedPartSecurityEvents.size()
             );
         }
     }
@@ -335,11 +334,10 @@ public class SecurityContextTokenTest ex
             }
 
             org.junit.Assert.assertEquals(3, signedElementSecurityEvents.size());
-            org.junit.Assert.assertEquals(5, signatureValueSecurityEvents.size());
+            org.junit.Assert.assertEquals(6, signatureValueSecurityEvents.size());
             org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
                     operationSecurityEvents.size() +
-                            signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + 1 //plus one because of the
-                    // SecurityContextToken which can't be correlated that easy for this use case
+                            signedElementSecurityEvents.size() + signatureValueSecurityEvents.size()
             );
         }
     }
@@ -497,11 +495,10 @@ public class SecurityContextTokenTest ex
 
             org.junit.Assert.assertEquals(3, signedElementSecurityEvents.size());
             org.junit.Assert.assertEquals(5, signatureValueSecurityEvents.size());
-            org.junit.Assert.assertEquals(4, encryptedPartSecurityEvents.size());
+            org.junit.Assert.assertEquals(5, encryptedPartSecurityEvents.size());
             org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
                     operationSecurityEvents.size() +
-                            signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + encryptedPartSecurityEvents.size() + 1 //plus one because of the
-                    // SecurityContextToken which can't be correlated that easy for this use case
+                            signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + encryptedPartSecurityEvents.size()
             );
         }
     }
@@ -612,11 +609,10 @@ public class SecurityContextTokenTest ex
 
             org.junit.Assert.assertEquals(3, signedElementSecurityEvents.size());
             org.junit.Assert.assertEquals(5, signatureValueSecurityEvents.size());
-            org.junit.Assert.assertEquals(4, encryptedPartSecurityEvents.size());
+            org.junit.Assert.assertEquals(5, encryptedPartSecurityEvents.size());
             org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
                     operationSecurityEvents.size() +
-                            signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + encryptedPartSecurityEvents.size() + 1 //plus one because of the
-                    // SecurityContextToken which can't be correlated that easy for this use case
+                            signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + encryptedPartSecurityEvents.size()
             );
         }
     }
@@ -670,7 +666,6 @@ public class SecurityContextTokenTest ex
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.SecurityContextToken,
                     WSSecurityEventConstants.SignatureValue,
-                    WSSecurityEventConstants.SecurityContextToken,
                     WSSecurityEventConstants.SignedElement,
                     WSSecurityEventConstants.Operation,
             };
@@ -709,8 +704,7 @@ public class SecurityContextTokenTest ex
             org.junit.Assert.assertEquals(4, signatureValueSecurityEvents.size());
             org.junit.Assert.assertEquals(securityEventListener.getReceivedSecurityEvents().size(),
                     operationSecurityEvents.size() +
-                            signedElementSecurityEvents.size() + signatureValueSecurityEvents.size() + 1 //plus one because of the
-                    // SecurityContextToken which can't be correlated that easy for this use case
+                            signedElementSecurityEvents.size() + signatureValueSecurityEvents.size()
             );
         }
     }

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/SignatureTest.java Sun Jun  9 13:40:49 2013
@@ -1316,8 +1316,8 @@ public class SignatureTest extends Abstr
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.AlgorithmSuite,
-                    WSSecurityEventConstants.SignatureValue,
                     WSSecurityEventConstants.KeyValueToken,
+                    WSSecurityEventConstants.SignatureValue,
                     WSSecurityEventConstants.SignedElement,
                     WSSecurityEventConstants.Operation,
             };

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenReferenceTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenReferenceTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenReferenceTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenReferenceTest.java Sun Jun  9 13:40:49 2013
@@ -158,8 +158,8 @@ public class SAMLTokenReferenceTest exte
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.SamlToken,
-                    WSSecurityEventConstants.SignatureValue,
                     WSSecurityEventConstants.X509Token,
+                    WSSecurityEventConstants.SignatureValue,
                     WSSecurityEventConstants.SignedElement,
                     WSSecurityEventConstants.SignedElement,
                     WSSecurityEventConstants.Operation,
@@ -271,7 +271,6 @@ public class SAMLTokenReferenceTest exte
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.SamlToken,
                     WSSecurityEventConstants.SignatureValue,
-                    WSSecurityEventConstants.SamlToken,
                     WSSecurityEventConstants.SignedElement,
                     WSSecurityEventConstants.Operation,
             };
@@ -602,8 +601,8 @@ public class SAMLTokenReferenceTest exte
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.SamlToken,
-                    WSSecurityEventConstants.SignatureValue,
                     WSSecurityEventConstants.X509Token,
+                    WSSecurityEventConstants.SignatureValue,
                     WSSecurityEventConstants.SignedElement,
                     WSSecurityEventConstants.SignedElement,
                     WSSecurityEventConstants.Operation,
@@ -716,7 +715,6 @@ public class SAMLTokenReferenceTest exte
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.SamlToken,
                     WSSecurityEventConstants.SignatureValue,
-                    WSSecurityEventConstants.SamlToken,
                     WSSecurityEventConstants.SignedElement,
                     WSSecurityEventConstants.Operation,
             };
@@ -842,7 +840,6 @@ public class SAMLTokenReferenceTest exte
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.SamlToken,
                     WSSecurityEventConstants.SignatureValue,
-                    WSSecurityEventConstants.SamlToken,
                     WSSecurityEventConstants.SignedElement,
                     WSSecurityEventConstants.Operation,
             };

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlTokenDerivedTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlTokenDerivedTest.java?rev=1491219&r1=1491218&r2=1491219&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlTokenDerivedTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlTokenDerivedTest.java Sun Jun  9 13:40:49 2013
@@ -123,8 +123,8 @@ public class SamlTokenDerivedTest extend
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.AlgorithmSuite,
                     WSSecurityEventConstants.X509Token,
-                    WSSecurityEventConstants.SignatureValue,
                     WSSecurityEventConstants.SamlToken,
+                    WSSecurityEventConstants.SignatureValue,
                     WSSecurityEventConstants.SignedElement,
                     WSSecurityEventConstants.SignedElement,
                     WSSecurityEventConstants.Operation,



Mime
View raw message