ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1672673 [1/2] - in /webservices/wss4j/trunk: ws-security-dom/src/main/java/org/apache/wss4j/dom/ ws-security-dom/src/main/java/org/apache/wss4j/dom/action/ ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/ ws-security-dom/src/mai...
Date Fri, 10 Apr 2015 14:10:51 GMT
Author: coheigea
Date: Fri Apr 10 14:10:50 2015
New Revision: 1672673

URL: http://svn.apache.org/r1672673
Log:
Refactor of WSSConfig/RequestData

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSConfig.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenUnsignedAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/TimestampAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSAMLToken.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/TimestampValidator.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/UsernameTokenValidator.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/PasswordTypeTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/TimestampTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UTDerivedKeyTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UTSignatureTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/UsernameTokenTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/token/WCFUsernameTokenTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/FaultCodeTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/misc/PrincipalTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAlgorithmSuiteTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAuthnTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlConditionsTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlNegativeTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlReferenceTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenActionTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenDerivedTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenHOKTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/AbstractTestBase.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSConfig.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSConfig.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSConfig.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSConfig.java Fri Apr 10 14:10:50 2015
@@ -254,104 +254,6 @@ public class WSSConfig {
     private static boolean staticallyInitialized = false;
 
     /**
-     * Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod
-     * child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS.
-     * The default is true.
-     */
-    private boolean addInclusivePrefixes = true;
-
-    /**
-     * Set the timestamp precision mode. If set to <code>true</code> then use
-     * timestamps with milliseconds, otherwise omit the milliseconds. As per XML
-     * Date/Time specification the default is to include the milliseconds.
-     */
-    private boolean precisionInMilliSeconds = true;
-
-    private boolean enableSignatureConfirmation;
-
-    /**
-     * If set to true then the timestamp handling will throw an exception if the
-     * timestamp contains an expires element and the semantics are expired.
-     * 
-     * If set to false, no exception will be thrown, even if the semantics are
-     * expired.
-     */
-    private boolean timeStampStrict = true;
-    
-    /**
-     * If this value is not null, then username token handling will throw an 
-     * exception if the password type of the Username Token does not match this value
-     */
-    private String requiredPasswordType;
-    
-    /**
-     * This variable controls whether a UsernameToken with no password element is allowed. 
-     * The default value is "false". Set it to "true" to allow deriving keys from UsernameTokens 
-     * or to support UsernameTokens for purposes other than authentication.
-     */
-    private boolean allowUsernameTokenNoPassword;
-    
-    /**
-     * The time in seconds between creation and expiry for a Timestamp. The default
-     * is 300 seconds (5 minutes).
-     */
-    private int timeStampTTL = 300;
-    
-    /**
-     * The time in seconds in the future within which the Created time of an incoming 
-     * Timestamp is valid. The default is 60 seconds.
-     */
-    private int timeStampFutureTTL = 60;
-    
-    /**
-     * The time in seconds between creation and expiry for a UsernameToken Created
-     * element. The default is 300 seconds (5 minutes).
-     */
-    private int utTTL = 300;
-    
-    /**
-     * The time in seconds in the future within which the Created time of an incoming 
-     * UsernameToken is valid. The default is 60 seconds.
-     */
-    private int utFutureTTL = 60;
-    
-    /**
-     * This variable controls whether types other than PasswordDigest or PasswordText
-     * are allowed when processing UsernameTokens. 
-     * 
-     * By default this is set to false so that the user doesn't have to explicitly
-     * reject custom token types in the callback handler.
-     */
-    private boolean handleCustomPasswordTypes;
-    
-    /**
-     * This variable controls whether (wsse) namespace qualified password types are
-     * accepted when processing UsernameTokens.
-     * 
-     * By default this is set to false.
-     */
-    private boolean allowNamespaceQualifiedPasswordTypes;
-    
-    /**
-     * Whether the password should be treated as a binary value.  This
-     * is needed to properly handle password equivalence for UsernameToken
-     * passwords.  Binary passwords are Base64 encoded so they can be
-     * treated as strings in most places, but when the password digest
-     * is calculated or a key is derived from the password, the password
-     * will be Base64 decoded before being used. This is most useful for
-     * hashed passwords as password equivalents.
-     *
-     * See https://issues.apache.org/jira/browse/WSS-239
-     */
-    private boolean passwordsAreEncoded;
-    
-    /**
-     * Whether to validate the SubjectConfirmation requirements of a received SAML Token
-     * (sender-vouches or holder-of-key). The default is true.
-     */
-    private boolean validateSamlSubjectConfirmation = true;
-    
-    /**
      * This allows the user to specify a different time than that of the current System time.
      */
     private WSTimeSource currentTime;
@@ -454,143 +356,6 @@ public class WSSConfig {
     }
 
     /**
-     * Checks if we need to use milliseconds in timestamps
-     * 
-     * @return whether to use precision in milliseconds for timestamps
-     */
-    public boolean isPrecisionInMilliSeconds() {
-        return precisionInMilliSeconds;
-    }
-
-    /**
-     * Set the precision in milliseconds for timestamps
-     * 
-     * @param precisionInMilliSeconds whether to use precision in milliseconds for timestamps
-     */
-    public void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds) {
-        this.precisionInMilliSeconds = precisionInMilliSeconds;
-    }
-
-    /**
-     * @return Returns the enableSignatureConfirmation.
-     */
-    public boolean isEnableSignatureConfirmation() {
-        return enableSignatureConfirmation;
-    }
-
-    /**
-     * @param enableSignatureConfirmation
-     *            The enableSignatureConfirmation to set.
-     */
-    public void setEnableSignatureConfirmation(boolean enableSignatureConfirmation) {
-        this.enableSignatureConfirmation = enableSignatureConfirmation;
-    }
-    
-    /**
-     * @param handleCustomTypes 
-     * whether to handle custom UsernameToken password types or not
-     */
-    public void setHandleCustomPasswordTypes(boolean handleCustomTypes) {
-        this.handleCustomPasswordTypes = handleCustomTypes;
-    }
-    
-    /**
-     * @return whether custom UsernameToken password types are allowed or not
-     */
-    public boolean getHandleCustomPasswordTypes() {
-        return handleCustomPasswordTypes;
-    }
-    
-    /**
-     * @param allowNamespaceQualifiedTypes
-     * whether (wsse) namespace qualified password types are accepted or not
-     */
-    public void setAllowNamespaceQualifiedPasswordTypes(boolean allowNamespaceQualifiedTypes) {
-        allowNamespaceQualifiedPasswordTypes = allowNamespaceQualifiedTypes;
-    }
-    
-    /**
-     * @return whether (wsse) namespace qualified password types are accepted or not
-     */
-    public boolean getAllowNamespaceQualifiedPasswordTypes() {
-        return allowNamespaceQualifiedPasswordTypes;
-    }
-    
-    /**
-     * @return Returns if we shall throw an exception on expired request
-     *         semantic
-     */
-    public boolean isTimeStampStrict() {
-        return timeStampStrict;
-    }
-
-    /**
-     * @param timeStampStrict
-     *            If true throw an exception on expired request semantic
-     */
-    public void setTimeStampStrict(boolean timeStampStrict) {
-        this.timeStampStrict = timeStampStrict;
-    }
-    
-    /**
-     * @return the required password type when processing a UsernameToken
-     */
-    public String getRequiredPasswordType() {
-        return requiredPasswordType;
-    }
-
-    /**
-     * @param requiredPasswordType The required password type when processing
-     * a Username Token.
-     */
-    public void setRequiredPasswordType(String requiredPasswordType) {
-        this.requiredPasswordType = requiredPasswordType;
-    }
-    
-    /**
-     * @return Returns the TTL of a Timestamp in seconds
-     */
-    public int getTimeStampTTL() {
-        return timeStampTTL;
-    }
-
-    /**
-     * @param timeStampTTL The new value for timeStampTTL
-     */
-    public void setTimeStampTTL(int timeStampTTL) {
-        this.timeStampTTL = timeStampTTL;
-    }
-    
-    /**
-     * @return Returns the Future TTL of a Timestamp in seconds
-     */
-    public int getTimeStampFutureTTL() {
-        return timeStampFutureTTL;
-    }
-
-    /**
-     * @param timeStampFutureTTL the new value for timeStampFutureTTL
-     */
-    public void setTimeStampFutureTTL(int timeStampFutureTTL) {
-        this.timeStampFutureTTL = timeStampFutureTTL;
-    }
-    
-    /**
-     * @param passwordsAreEncoded
-     * whether passwords are encoded
-     */
-    public void setPasswordsAreEncoded(boolean passwordsAreEncoded) {
-        this.passwordsAreEncoded = passwordsAreEncoded;
-    }
-    
-    /**
-     * @return whether passwords are encoded
-     */
-    public boolean getPasswordsAreEncoded() {
-        return passwordsAreEncoded;
-    }
-    
-    /**
      * @return Returns the WsuIdAllocator used to generate wsu:Id attributes
      */
     public WsuIdAllocator getIdAllocator() {
@@ -780,56 +545,6 @@ public class WSSConfig {
         return null;
     }
 
-    /**
-     * Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod
-     * child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS.
-     * The default is true.
-     */
-    public boolean isAddInclusivePrefixes() {
-        return addInclusivePrefixes;
-    }
-
-    /**
-     * Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod
-     * child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS.
-     * The default is true.
-     */
-    public void setAddInclusivePrefixes(boolean addInclusivePrefixes) {
-        this.addInclusivePrefixes = addInclusivePrefixes;
-    }
-
-    public boolean isAllowUsernameTokenNoPassword() {
-        return allowUsernameTokenNoPassword;
-    }
-
-    public void setAllowUsernameTokenNoPassword(boolean allowUsernameTokenNoPassword) {
-        this.allowUsernameTokenNoPassword = allowUsernameTokenNoPassword;
-    }
-
-    public int getUtTTL() {
-        return utTTL;
-    }
-
-    public void setUtTTL(int utTTL) {
-        this.utTTL = utTTL;
-    }
-
-    public int getUtFutureTTL() {
-        return utFutureTTL;
-    }
-
-    public void setUtFutureTTL(int utFutureTTL) {
-        this.utFutureTTL = utFutureTTL;
-    }
-
-    public boolean isValidateSamlSubjectConfirmation() {
-        return validateSamlSubjectConfirmation;
-    }
-
-    public void setValidateSamlSubjectConfirmation(boolean validateSamlSubjectConfirmation) {
-        this.validateSamlSubjectConfirmation = validateSamlSubjectConfirmation;
-    }
-    
     public WSTimeSource getCurrentTime() {
         if (currentTime != null) {
             return currentTime;

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSSecurityEngine.java Fri Apr 10 14:10:50 2015
@@ -457,7 +457,7 @@ public class WSSecurityEngine {
             new WSHandlerResult(requestData.getActor(), returnResults, wsDocInfo.getActionResults());
         
         // Validate SAML Subject Confirmation requirements
-        if (wssConfig.isValidateSamlSubjectConfirmation()) {
+        if (requestData.isValidateSamlSubjectConfirmation()) {
             Element bodyElement = callbackLookupToUse.getSOAPBody();
             DOMSAMLUtil.validateSAMLResults(handlerResult, requestData.getTlsCerts(), bodyElement);
         }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionAction.java Fri Apr 10 14:10:50 2015
@@ -40,7 +40,8 @@ public class EncryptionAction implements
     public void execute(WSHandler handler, SecurityActionToken actionToken,
                         Document doc, RequestData reqData)
             throws WSSecurityException {
-        WSSecEncrypt wsEncrypt = new WSSecEncrypt(reqData.getWssConfig());
+        WSSecEncrypt wsEncrypt = new WSSecEncrypt();
+        wsEncrypt.setIdAllocator(reqData.getWssConfig().getIdAllocator());
 
         EncryptionActionToken encryptionToken = null;
         if (actionToken instanceof EncryptionActionToken) {

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/EncryptionDerivedAction.java Fri Apr 10 14:10:50 2015
@@ -58,7 +58,8 @@ public class EncryptionDerivedAction ext
         
         WSPasswordCallback passwordCallback = 
             handler.getPasswordCB(encryptionToken.getUser(), WSConstants.DKT_ENCR, callbackHandler, reqData);
-        WSSecDKEncrypt wsEncrypt = new WSSecDKEncrypt(reqData.getWssConfig());
+        WSSecDKEncrypt wsEncrypt = new WSSecDKEncrypt();
+        wsEncrypt.setIdAllocator(reqData.getWssConfig().getIdAllocator());
 
         if (encryptionToken.getKeyIdentifierId() != 0) {
             wsEncrypt.setKeyIdentifierType(encryptionToken.getKeyIdentifierId());

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenSignedAction.java Fri Apr 10 14:10:50 2015
@@ -84,7 +84,9 @@ public class SAMLTokenSignedAction imple
                 samlCallback.getSignatureDigestAlgorithm()
             );
         }
-        WSSecSignatureSAML wsSign = new WSSecSignatureSAML(reqData.getWssConfig());
+        WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
+        wsSign.setIdAllocator(reqData.getWssConfig().getIdAllocator());
+        wsSign.setAddInclusivePrefixes(reqData.isAddInclusivePrefixes());
 
         CallbackHandler callbackHandler = 
             handler.getPasswordCallbackHandler(reqData);

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenUnsignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenUnsignedAction.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenUnsignedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SAMLTokenUnsignedAction.java Fri Apr 10 14:10:50 2015
@@ -37,7 +37,8 @@ public class SAMLTokenUnsignedAction imp
     public void execute(WSHandler handler, SecurityActionToken actionToken,
                         Document doc, RequestData reqData)
             throws WSSecurityException {
-        WSSecSAMLToken builder = new WSSecSAMLToken(reqData.getWssConfig());
+        WSSecSAMLToken builder = new WSSecSAMLToken();
+        builder.setIdAllocator(reqData.getWssConfig().getIdAllocator());
 
         CallbackHandler samlCallbackHandler = 
                 handler.getCallbackHandler(

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureAction.java Fri Apr 10 14:10:50 2015
@@ -57,7 +57,9 @@ public class SignatureAction implements
         
         WSPasswordCallback passwordCallback = 
             handler.getPasswordCB(signatureToken.getUser(), WSConstants.SIGN, callbackHandler, reqData);
-        WSSecSignature wsSign = new WSSecSignature(reqData.getWssConfig());
+        WSSecSignature wsSign = new WSSecSignature();
+        wsSign.setIdAllocator(reqData.getWssConfig().getIdAllocator());
+        wsSign.setAddInclusivePrefixes(reqData.isAddInclusivePrefixes());
 
         if (signatureToken.getKeyIdentifierId() != 0) {
             wsSign.setKeyIdentifierType(signatureToken.getKeyIdentifierId());

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureConfirmationAction.java Fri Apr 10 14:10:50 2015
@@ -57,7 +57,8 @@ public class SignatureConfirmationAction
         //
         // prepare a SignatureConfirmation token
         //
-        WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation(reqData.getWssConfig());
+        WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
+        wsc.setIdAllocator(reqData.getWssConfig().getIdAllocator());
         SignatureActionToken signatureToken = (SignatureActionToken)actionToken;
         if (signatureToken == null) {
             signatureToken = reqData.getSignatureToken();

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java Fri Apr 10 14:10:50 2015
@@ -59,7 +59,9 @@ public class SignatureDerivedAction exte
         
         WSPasswordCallback passwordCallback = 
             handler.getPasswordCB(signatureToken.getUser(), WSConstants.DKT_SIGN, callbackHandler, reqData);
-        WSSecDKSign wsSign = new WSSecDKSign(reqData.getWssConfig());
+        WSSecDKSign wsSign = new WSSecDKSign();
+        wsSign.setIdAllocator(reqData.getWssConfig().getIdAllocator());
+        wsSign.setAddInclusivePrefixes(reqData.isAddInclusivePrefixes());
 
         if (signatureToken.getSignatureAlgorithm() != null) {
             wsSign.setSignatureAlgorithm(signatureToken.getSignatureAlgorithm());

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/TimestampAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/TimestampAction.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/TimestampAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/TimestampAction.java Fri Apr 10 14:10:50 2015
@@ -34,8 +34,11 @@ public class TimestampAction implements
         //
         // add the Timestamp to the SOAP Envelope
         //
-        WSSecTimestamp timeStampBuilder = new WSSecTimestamp(reqData.getWssConfig());
-        timeStampBuilder.setTimeToLive(handler.decodeTimeToLive(reqData, true));
+        WSSecTimestamp timeStampBuilder = new WSSecTimestamp();
+        timeStampBuilder.setIdAllocator(reqData.getWssConfig().getIdAllocator());
+        timeStampBuilder.setPrecisionInMilliSeconds(reqData.isPrecisionInMilliSeconds());
+        timeStampBuilder.setTimeToLive(reqData.getTimeStampTTL());
+        timeStampBuilder.setWsTimeSource(reqData.getWssConfig().getCurrentTime());
         timeStampBuilder.build(doc, reqData.getSecHeader());
     }
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenAction.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenAction.java Fri Apr 10 14:10:50 2015
@@ -50,9 +50,12 @@ public class UsernameTokenAction impleme
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noUser");
         }
 
-        WSSecUsernameToken builder = new WSSecUsernameToken(reqData.getWssConfig());
+        WSSecUsernameToken builder = new WSSecUsernameToken();
+        builder.setIdAllocator(reqData.getWssConfig().getIdAllocator());
+        builder.setPrecisionInMilliSeconds(reqData.isPrecisionInMilliSeconds());
+        builder.setWsTimeSource(reqData.getWssConfig().getCurrentTime());
         builder.setPasswordType(reqData.getPwType());
-        builder.setPasswordsAreEncoded(reqData.getWssConfig().getPasswordsAreEncoded());
+        builder.setPasswordsAreEncoded(reqData.isEncodePasswords());
         builder.setUserInfo(username, password);
 
         if (reqData.isAddUsernameTokenNonce()) {

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/UsernameTokenSignedAction.java Fri Apr 10 14:10:50 2015
@@ -59,7 +59,10 @@ public class UsernameTokenSignedAction i
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noUser");
         }
         
-        WSSecUsernameToken builder = new WSSecUsernameToken(reqData.getWssConfig());
+        WSSecUsernameToken builder = new WSSecUsernameToken();
+        builder.setIdAllocator(reqData.getWssConfig().getIdAllocator());
+        builder.setPrecisionInMilliSeconds(reqData.isPrecisionInMilliSeconds());
+        builder.setWsTimeSource(reqData.getWssConfig().getCurrentTime());
         
         int iterations = reqData.getDerivedKeyIterations();
         boolean useMac = reqData.isUseDerivedKeyForMAC();
@@ -94,7 +97,10 @@ public class UsernameTokenSignedAction i
             signatureToken = reqData.getSignatureToken();
         }
         
-        WSSecSignature sign = new WSSecSignature(reqData.getWssConfig());
+        WSSecSignature sign = new WSSecSignature();
+        sign.setIdAllocator(reqData.getWssConfig().getIdAllocator());
+        sign.setAddInclusivePrefixes(reqData.isAddInclusivePrefixes());
+        
         sign.setCustomTokenValueType(WSConstants.USERNAMETOKEN_NS + "#UsernameToken");
         sign.setCustomTokenId(builder.getId());
         sign.setSecretKey(builder.getDerivedKey());

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java Fri Apr 10 14:10:50 2015
@@ -63,7 +63,6 @@ public class RequestData {
     private Crypto decCrypto;
     private SignatureActionToken signatureToken;
     private EncryptionActionToken encryptionToken;
-    private int timeToLive = 300;   // Timestamp: time in seconds between creation and expiry
     private WSSConfig wssConfig;
     private List<byte[]> signatureValues = new ArrayList<>();
     private WSSecHeader secHeader;
@@ -95,43 +94,104 @@ public class RequestData {
     private boolean use200512Namespace = true;
     private final List<String> audienceRestrictions = new ArrayList<>();
     private boolean requireTimestampExpires;
+    
+    /**
+     * Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod
+     * child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS.
+     * The default is true.
+     */
+    private boolean addInclusivePrefixes = true;
 
-    public void clear() {
-        soapConstants = null;
-        actor = username = pwType = null;
-        decCrypto = sigVerCrypto = null;
-        signatureToken = null;
-        encryptionToken = null;
-        wssConfig = null;
-        signatureValues.clear();
-        derivedKeyIterations = UsernameToken.DEFAULT_ITERATION;
-        useDerivedKeyForMAC = true;
-        callback = null;
-        attachmentCallbackHandler = null;
-        enableRevocation = false;
-        timestampReplayCache = null;
-        nonceReplayCache = null;
-        samlOneTimeUseReplayCache = null;
-        subjectDNPatterns.clear();
-        ignoredBSPRules.clear();
-        appendSignatureAfterTimestamp = false;
-        algorithmSuite = null;
-        samlAlgorithmSuite = null;
-        setOriginalSignatureActionPosition(0);
-        setDisableBSPEnforcement(false);
-        allowRSA15KeyTransportAlgorithm = false;
-        setAddUsernameTokenNonce(false);
-        setAddUsernameTokenCreated(false);
-        setTlsCerts(null);
-        enableTimestampReplayCache = true;
-        enableNonceReplayCache = true;
-        setEnableSamlOneTimeUseReplayCache(true);
-        passwordEncryptor = null;
-        derivedKeyTokenReference = null;
-        setUse200512Namespace(true);
-        audienceRestrictions.clear();
-        requireTimestampExpires = false;
-    }
+    /**
+     * Set the timestamp precision mode. If set to <code>true</code> then use
+     * timestamps with milliseconds, otherwise omit the milliseconds. As per XML
+     * Date/Time specification the default is to include the milliseconds.
+     */
+    private boolean precisionInMilliSeconds = true;
+
+    private boolean enableSignatureConfirmation;
+
+    /**
+     * If set to true then the timestamp handling will throw an exception if the
+     * timestamp contains an expires element and the semantics are expired.
+     * 
+     * If set to false, no exception will be thrown, even if the semantics are
+     * expired.
+     */
+    private boolean timeStampStrict = true;
+    
+    /**
+     * If this value is not null, then username token handling will throw an 
+     * exception if the password type of the Username Token does not match this value
+     */
+    private String requiredPasswordType;
+    
+    /**
+     * This variable controls whether a UsernameToken with no password element is allowed. 
+     * The default value is "false". Set it to "true" to allow deriving keys from UsernameTokens 
+     * or to support UsernameTokens for purposes other than authentication.
+     */
+    private boolean allowUsernameTokenNoPassword;
+    
+    /**
+     * The time in seconds between creation and expiry for a Timestamp. The default
+     * is 300 seconds (5 minutes).
+     */
+    private int timeStampTTL = 300;
+    
+    /**
+     * The time in seconds in the future within which the Created time of an incoming 
+     * Timestamp is valid. The default is 60 seconds.
+     */
+    private int timeStampFutureTTL = 60;
+    
+    /**
+     * The time in seconds between creation and expiry for a UsernameToken Created
+     * element. The default is 300 seconds (5 minutes).
+     */
+    private int utTTL = 300;
+    
+    /**
+     * The time in seconds in the future within which the Created time of an incoming 
+     * UsernameToken is valid. The default is 60 seconds.
+     */
+    private int utFutureTTL = 60;
+    
+    /**
+     * This variable controls whether types other than PasswordDigest or PasswordText
+     * are allowed when processing UsernameTokens. 
+     * 
+     * By default this is set to false so that the user doesn't have to explicitly
+     * reject custom token types in the callback handler.
+     */
+    private boolean handleCustomPasswordTypes;
+    
+    /**
+     * This variable controls whether (wsse) namespace qualified password types are
+     * accepted when processing UsernameTokens.
+     * 
+     * By default this is set to false.
+     */
+    private boolean allowNamespaceQualifiedPasswordTypes;
+    
+    /**
+     * Whether the password should be treated as a binary value.  This
+     * is needed to properly handle password equivalence for UsernameToken
+     * passwords.  Binary passwords are Base64 encoded so they can be
+     * treated as strings in most places, but when the password digest
+     * is calculated or a key is derived from the password, the password
+     * will be Base64 decoded before being used. This is most useful for
+     * hashed passwords as password equivalents.
+     *
+     * See https://issues.apache.org/jira/browse/WSS-239
+     */
+    private boolean encodePasswords;
+    
+    /**
+     * Whether to validate the SubjectConfirmation requirements of a received SAML Token
+     * (sender-vouches or holder-of-key). The default is true.
+     */
+    private boolean validateSamlSubjectConfirmation = true;
 
     public boolean isEnableTimestampReplayCache() {
         return enableTimestampReplayCache;
@@ -205,14 +265,6 @@ public class RequestData {
         this.decCrypto = decCrypto;
     }
 
-    public int getTimeToLive() {
-        return timeToLive;
-    }
-
-    public void setTimeToLive(int timeToLive) {
-        this.timeToLive = timeToLive;
-    }
-
     /**
      * @return Returns the wssConfig.
      */
@@ -590,5 +642,116 @@ public class RequestData {
     public void setRequireTimestampExpires(boolean requireTimestampExpires) {
         this.requireTimestampExpires = requireTimestampExpires;
     }
+
+    public boolean isValidateSamlSubjectConfirmation() {
+        return validateSamlSubjectConfirmation;
+    }
+
+    public void setValidateSamlSubjectConfirmation(boolean validateSamlSubjectConfirmation) {
+        this.validateSamlSubjectConfirmation = validateSamlSubjectConfirmation;
+    }
+
+    public boolean isAllowNamespaceQualifiedPasswordTypes() {
+        return allowNamespaceQualifiedPasswordTypes;
+    }
+
+    public void setAllowNamespaceQualifiedPasswordTypes(boolean allowNamespaceQualifiedPasswordTypes) {
+        this.allowNamespaceQualifiedPasswordTypes = allowNamespaceQualifiedPasswordTypes;
+    }
+
+    public int getUtFutureTTL() {
+        return utFutureTTL;
+    }
+
+    public void setUtFutureTTL(int utFutureTTL) {
+        this.utFutureTTL = utFutureTTL;
+    }
+
+    public boolean isHandleCustomPasswordTypes() {
+        return handleCustomPasswordTypes;
+    }
+
+    public void setHandleCustomPasswordTypes(boolean handleCustomPasswordTypes) {
+        this.handleCustomPasswordTypes = handleCustomPasswordTypes;
+    }
+
+    public int getUtTTL() {
+        return utTTL;
+    }
+
+    public void setUtTTL(int utTTL) {
+        this.utTTL = utTTL;
+    }
+
+    public int getTimeStampTTL() {
+        return timeStampTTL;
+    }
+
+    public void setTimeStampTTL(int timeStampTTL) {
+        this.timeStampTTL = timeStampTTL;
+    }
+
+    public int getTimeStampFutureTTL() {
+        return timeStampFutureTTL;
+    }
+
+    public void setTimeStampFutureTTL(int timeStampFutureTTL) {
+        this.timeStampFutureTTL = timeStampFutureTTL;
+    }
+
+    public boolean isAllowUsernameTokenNoPassword() {
+        return allowUsernameTokenNoPassword;
+    }
+
+    public void setAllowUsernameTokenNoPassword(boolean allowUsernameTokenNoPassword) {
+        this.allowUsernameTokenNoPassword = allowUsernameTokenNoPassword;
+    }
+
+    public boolean isTimeStampStrict() {
+        return timeStampStrict;
+    }
+
+    public void setTimeStampStrict(boolean timeStampStrict) {
+        this.timeStampStrict = timeStampStrict;
+    }
+
+    public boolean isAddInclusivePrefixes() {
+        return addInclusivePrefixes;
+    }
+
+    public void setAddInclusivePrefixes(boolean addInclusivePrefixes) {
+        this.addInclusivePrefixes = addInclusivePrefixes;
+    }
+
+    public boolean isPrecisionInMilliSeconds() {
+        return precisionInMilliSeconds;
+    }
+
+    public void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds) {
+        this.precisionInMilliSeconds = precisionInMilliSeconds;
+    }
         
+    public boolean isEnableSignatureConfirmation() {
+        return enableSignatureConfirmation;
+    }
+
+    public void setEnableSignatureConfirmation(boolean enableSignatureConfirmation) {
+        this.enableSignatureConfirmation = enableSignatureConfirmation;
+    }
+
+    public String getRequiredPasswordType() {
+        return requiredPasswordType;
+    }
+
+    public void setRequiredPasswordType(String requiredPasswordType) {
+        this.requiredPasswordType = requiredPasswordType;
+    }
+
+    public boolean isEncodePasswords() {
+        return encodePasswords;
+    }
+
+    public void setEncodePasswords(boolean encodePasswords) {
+        this.encodePasswords = encodePasswords;
+    }
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Fri Apr 10 14:10:50 2015
@@ -84,41 +84,46 @@ public abstract class WSHandler {
             boolean isRequest
     ) throws WSSecurityException {
 
-        boolean mu = decodeMustUnderstand(reqData);
-
         WSSConfig wssConfig = reqData.getWssConfig();
         if (wssConfig == null) {
             wssConfig = WSSConfig.getNewInstance();
             reqData.setWssConfig(wssConfig);
         }
-        wssConfig.setPasswordsAreEncoded(decodeUseEncodedPasswords(reqData));
-        wssConfig.setPrecisionInMilliSeconds(decodeTimestampPrecision(reqData));
-
+        
         Object mc = reqData.getMsgContext();
+        reqData.setEncodePasswords(
+            decodeBooleanConfigValue(mc, WSHandlerConstants.USE_ENCODED_PASSWORDS, false)
+        );
+        reqData.setPrecisionInMilliSeconds(
+            decodeBooleanConfigValue(mc, WSHandlerConstants.TIMESTAMP_PRECISION, true)
+        );
+        reqData.setAddInclusivePrefixes(
+            decodeBooleanConfigValue(mc, WSHandlerConstants.ADD_INCLUSIVE_PREFIXES, true)
+        );
+        reqData.setEnableSignatureConfirmation(
+            decodeBooleanConfigValue(mc, WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, false)
+        );
+        reqData.setTimeStampTTL(decodeTimeToLive(reqData, true));
+
         String actor = getString(WSHandlerConstants.ACTOR, mc);
         reqData.setActor(actor);
 
+        boolean mu = decodeBooleanConfigValue(mc, WSHandlerConstants.MUST_UNDERSTAND, true);
         WSSecHeader secHeader = new WSSecHeader(actor, mu);
         secHeader.insertSecurityHeader(doc);
-
         reqData.setSecHeader(secHeader);
         reqData.setSoapConstants(WSSecurityUtil.getSOAPConstants(doc.getDocumentElement()));
-        wssConfig.setAddInclusivePrefixes(decodeAddInclusivePrefixes(reqData));
 
         // Load CallbackHandler
         if (reqData.getCallbackHandler() == null) {
-            CallbackHandler passwordCallbackHandler = 
-                getPasswordCallbackHandler(reqData);
+            CallbackHandler passwordCallbackHandler = getPasswordCallbackHandler(reqData);
             reqData.setCallbackHandler(passwordCallbackHandler);
         }
         
-        boolean enableSigConf = decodeEnableSignatureConfirmation(reqData);
-        wssConfig.setEnableSignatureConfirmation(enableSigConf);
-
         // Perform configuration
         for (HandlerAction actionToDo : actions) {
             if (actionToDo.getAction() == WSConstants.SC) {
-                wssConfig.setEnableSignatureConfirmation(true);
+                reqData.setEnableSignatureConfirmation(true);
             } else if (actionToDo.getAction() == WSConstants.UT 
                 && actionToDo.getActionToken() == null) {
                 decodeUTParameter(reqData);
@@ -176,7 +181,7 @@ public abstract class WSHandler {
          * parts. They will be signed automatically during a (probably) defined
          * SIGN action.
          */
-        if (wssConfig.isEnableSignatureConfirmation() && !isRequest) {
+        if (reqData.isEnableSignatureConfirmation() && !isRequest) {
             String done = 
                 (String)getProperty(reqData.getMsgContext(), WSHandlerConstants.SIG_CONF_DONE);
             if (done == null) {
@@ -221,7 +226,7 @@ public abstract class WSHandler {
          * already gathered values because of chained handlers, e.g. for
          * other actors.
          */
-        if (wssConfig.isEnableSignatureConfirmation() 
+        if (reqData.isEnableSignatureConfirmation() 
             && isRequest && reqData.getSignatureValues().size() > 0) {
             @SuppressWarnings("unchecked")
             Set<Integer> savedSignatures = 
@@ -276,40 +281,48 @@ public abstract class WSHandler {
             wssConfig = WSSConfig.getNewInstance();
             reqData.setWssConfig(wssConfig);
         }
-        boolean enableSigConf = decodeEnableSignatureConfirmation(reqData);
-        wssConfig.setEnableSignatureConfirmation(
+        
+        Object mc = reqData.getMsgContext();
+        boolean enableSigConf = 
+            decodeBooleanConfigValue(mc, WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, false);
+        reqData.setEnableSignatureConfirmation(
             enableSigConf || actions.contains(WSConstants.SC)
         );
-        wssConfig.setTimeStampStrict(decodeTimestampStrict(reqData));
-        String passwordType = decodePasswordType(reqData);
-        wssConfig.setRequiredPasswordType(passwordType);
+        reqData.setTimeStampStrict(
+            decodeBooleanConfigValue(mc, WSHandlerConstants.TIMESTAMP_STRICT, true)
+        );
+        reqData.setRequiredPasswordType(decodePasswordType(reqData));
             
-        wssConfig.setTimeStampTTL(decodeTimeToLive(reqData, true));
-        wssConfig.setTimeStampFutureTTL(decodeFutureTimeToLive(reqData, true));
-        wssConfig.setUtTTL(decodeTimeToLive(reqData, false));
-        wssConfig.setUtFutureTTL(decodeFutureTimeToLive(reqData, false));
-        
-        wssConfig.setHandleCustomPasswordTypes(decodeCustomPasswordTypes(reqData));
-        wssConfig.setPasswordsAreEncoded(decodeUseEncodedPasswords(reqData));
-        wssConfig.setAllowNamespaceQualifiedPasswordTypes(
-            decodeNamespaceQualifiedPasswordTypes(reqData)
+        reqData.setTimeStampTTL(decodeTimeToLive(reqData, true));
+        reqData.setTimeStampFutureTTL(decodeFutureTimeToLive(reqData, true));
+        reqData.setUtTTL(decodeTimeToLive(reqData, false));
+        reqData.setUtFutureTTL(decodeFutureTimeToLive(reqData, false));
+        
+        reqData.setHandleCustomPasswordTypes(
+            decodeBooleanConfigValue(mc, WSHandlerConstants.HANDLE_CUSTOM_PASSWORD_TYPES, false)
         );
-        wssConfig.setAllowUsernameTokenNoPassword(
-            decodeAllowUsernameTokenNoPassword(reqData)
+        reqData.setEncodePasswords(
+            decodeBooleanConfigValue(mc, WSHandlerConstants.USE_ENCODED_PASSWORDS, false)
         );
-        wssConfig.setValidateSamlSubjectConfirmation(
-            decodeSamlSubjectConfirmationValidation(reqData)
+        reqData.setAllowNamespaceQualifiedPasswordTypes(
+            decodeBooleanConfigValue(mc, WSHandlerConstants.ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES, false)
+        );
+        reqData.setAllowUsernameTokenNoPassword(
+            decodeBooleanConfigValue(mc, WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD, false)
+        );
+        reqData.setValidateSamlSubjectConfirmation(
+            decodeBooleanConfigValue(mc, WSHandlerConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, true)
         );
         
-        boolean bspCompliant = decodeBSPCompliance(reqData);
+        boolean bspCompliant = 
+            decodeBooleanConfigValue(mc, WSHandlerConstants.IS_BSP_COMPLIANT, true);
         if (!bspCompliant) {
             reqData.setDisableBSPEnforcement(true);
         }
         
         // Load CallbackHandler
         if (reqData.getCallbackHandler() == null) {
-            CallbackHandler passwordCallbackHandler = 
-                getPasswordCallbackHandler(reqData);
+            CallbackHandler passwordCallbackHandler = getPasswordCallbackHandler(reqData);
             reqData.setCallbackHandler(passwordCallbackHandler);
         }
 
@@ -321,8 +334,14 @@ public abstract class WSHandler {
         if (actions.contains(WSConstants.ENCR)) {
             decodeDecryptionParameter(reqData);
         }
-        decodeRequireSignedEncryptedDataElements(reqData);
-        decodeRequireTimestampExpires(reqData);
+        reqData.setRequireSignedEncryptedDataElements(
+            decodeBooleanConfigValue(
+                mc, WSHandlerConstants.REQUIRE_SIGNED_ENCRYPTED_DATA_ELEMENTS, false
+            )
+        );
+        reqData.setRequireTimestampExpires(
+            decodeBooleanConfigValue(mc, WSHandlerConstants.REQUIRE_TIMESTAMP_EXPIRES, false)
+        );
     }
 
     protected boolean checkReceiverResults(
@@ -472,11 +491,11 @@ public abstract class WSHandler {
         }
         
         boolean addNonce = 
-            decodeBooleanConfigValue(reqData, WSHandlerConstants.ADD_USERNAMETOKEN_NONCE, false);
+            decodeBooleanConfigValue(mc, WSHandlerConstants.ADD_USERNAMETOKEN_NONCE, false);
         reqData.setAddUsernameTokenNonce(addNonce);
         
         boolean addCreated = 
-            decodeBooleanConfigValue(reqData, WSHandlerConstants.ADD_USERNAMETOKEN_CREATED, false);
+            decodeBooleanConfigValue(mc, WSHandlerConstants.ADD_USERNAMETOKEN_CREATED, false);
         reqData.setAddUsernameTokenCreated(addCreated);
         
         String derivedMAC = getString(WSHandlerConstants.USE_DERIVED_KEY_FOR_MAC, mc);
@@ -565,7 +584,8 @@ public abstract class WSHandler {
         String c14nAlgo = getString(WSHandlerConstants.SIG_C14N_ALGO, mc);
         actionToken.setC14nAlgorithm(c14nAlgo);
         
-        boolean use200512Namespace = decodeUse200512Namespace(reqData);
+        boolean use200512Namespace = 
+            decodeBooleanConfigValue(mc, WSHandlerConstants.USE_2005_12_NAMESPACE, true);
         reqData.setUse200512Namespace(use200512Namespace);
 
         String parts = getString(WSHandlerConstants.SIGNATURE_PARTS, mc);
@@ -577,10 +597,12 @@ public abstract class WSHandler {
             splitEncParts(false, parts, actionToken.getParts(), reqData);
         }
         
-        boolean useSingleCert = decodeUseSingleCertificate(reqData);
+        boolean useSingleCert = 
+            decodeBooleanConfigValue(mc, WSHandlerConstants.USE_SINGLE_CERTIFICATE, true);
         actionToken.setUseSingleCert(useSingleCert);
         
-        boolean includeToken = decodeIncludeSignatureToken(reqData);
+        boolean includeToken = 
+            decodeBooleanConfigValue(mc, WSHandlerConstants.INCLUDE_SIGNATURE_TOKEN, false);
         actionToken.setIncludeToken(includeToken);
     }
 
@@ -679,7 +701,8 @@ public abstract class WSHandler {
             }
         }
         
-        boolean use200512Namespace = decodeUse200512Namespace(reqData);
+        boolean use200512Namespace = 
+            decodeBooleanConfigValue(mc, WSHandlerConstants.USE_2005_12_NAMESPACE, true);
         reqData.setUse200512Namespace(use200512Namespace);
         
         String digestAlgo = getString(WSHandlerConstants.ENC_DIGEST_ALGO, mc);
@@ -716,7 +739,8 @@ public abstract class WSHandler {
             splitEncParts(false, encParts, actionToken.getParts(), reqData);
         }
         
-        boolean includeToken = decodeIncludeEncryptionToken(reqData);
+        boolean includeToken = 
+            decodeBooleanConfigValue(mc, WSHandlerConstants.INCLUDE_ENCRYPTION_TOKEN, false);
         actionToken.setIncludeToken(includeToken);
     }
 
@@ -770,27 +794,6 @@ public abstract class WSHandler {
         return defaultFutureTimeToLive;
     }
     
-    protected boolean decodeAddInclusivePrefixes(RequestData reqData)
-        throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.ADD_INCLUSIVE_PREFIXES, true
-        );
-    }
-    
-    protected boolean decodeSamlSubjectConfirmationValidation(RequestData reqData)
-        throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, true
-        );
-    }
-    
-    protected boolean decodeBSPCompliance(RequestData reqData)
-        throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.IS_BSP_COMPLIANT, true
-        );
-    } 
-    
     protected String decodePasswordType(RequestData reqData) throws WSSecurityException {
         String type = getString(WSHandlerConstants.PASSWORD_TYPE, reqData.getMsgContext());
         if (type != null) {
@@ -803,113 +806,11 @@ public abstract class WSHandler {
         return null;
     }
     
-    protected boolean decodeMustUnderstand(RequestData reqData) 
-        throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.MUST_UNDERSTAND, true
-        );
-    }
-
-    protected boolean decodeEnableSignatureConfirmation(
-        RequestData reqData
-    ) throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, false
-        );
-    }
-    
-    protected boolean decodeTimestampPrecision(
-        RequestData reqData
-    ) throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.TIMESTAMP_PRECISION, true
-        );
-    }
-    
-    protected boolean decodeCustomPasswordTypes(
-        RequestData reqData
-    ) throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.HANDLE_CUSTOM_PASSWORD_TYPES, false
-        );
-    }
-    
-    protected boolean decodeAllowUsernameTokenNoPassword(
-        RequestData reqData
-        ) throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD, false
-        );
-    }
-
-    protected boolean decodeUseEncodedPasswords(RequestData reqData) 
-        throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.USE_ENCODED_PASSWORDS, false
-        );
-    }
-    
-    protected boolean decodeNamespaceQualifiedPasswordTypes(RequestData reqData) 
-        throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES, false
-        );
-    }
-
-    protected boolean decodeTimestampStrict(RequestData reqData) 
-        throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.TIMESTAMP_STRICT, true
-        );
-    }
-    
-    protected boolean decodeUse200512Namespace(RequestData reqData) 
-        throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.USE_2005_12_NAMESPACE, true
-        );
-    }
-    
-    protected boolean decodeUseSingleCertificate(RequestData reqData) 
-        throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.USE_SINGLE_CERTIFICATE, true
-        );
-    }
-    
-    protected boolean decodeIncludeSignatureToken(RequestData reqData) 
-        throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.INCLUDE_SIGNATURE_TOKEN, false
-        );
-    }
-    
-    protected boolean decodeIncludeEncryptionToken(RequestData reqData) 
-        throws WSSecurityException {
-        return decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.INCLUDE_ENCRYPTION_TOKEN, false
-        );
-    }
-    
-    protected void decodeRequireSignedEncryptedDataElements(RequestData reqData) 
-        throws WSSecurityException {
-        reqData.setRequireSignedEncryptedDataElements(decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.REQUIRE_SIGNED_ENCRYPTED_DATA_ELEMENTS, false
-        ));
-    }
-    
-    protected void decodeRequireTimestampExpires(RequestData reqData) 
-        throws WSSecurityException {
-        reqData.setRequireTimestampExpires(decodeBooleanConfigValue(
-            reqData, WSHandlerConstants.REQUIRE_TIMESTAMP_EXPIRES, false
-        ));
-    }
-
     protected boolean decodeBooleanConfigValue(
-        RequestData reqData, String configTag, boolean defaultToTrue
+        Object messageContext, String configTag, boolean defaultToTrue
     ) throws WSSecurityException {
 
-        String value = getString(configTag, reqData.getMsgContext());
+        String value = getString(configTag, messageContext);
 
         if (value == null) {
             return defaultToTrue;
@@ -1374,7 +1275,7 @@ public abstract class WSHandler {
         }
         boolean enableRevocation = 
             decodeBooleanConfigValue(
-                reqData, WSHandlerConstants.ENABLE_REVOCATION, false
+                reqData.getMsgContext(), WSHandlerConstants.ENABLE_REVOCATION, false
             );
         reqData.setEnableRevocation(enableRevocation);
         
@@ -1410,7 +1311,8 @@ public abstract class WSHandler {
         
         boolean allowRsa15 = 
             decodeBooleanConfigValue(
-                reqData, WSHandlerConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, false
+                reqData.getMsgContext(), WSHandlerConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, 
+                false
             );
         reqData.setAllowRSA15KeyTransportAlgorithm(allowRsa15);
     }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java Fri Apr 10 14:10:50 2015
@@ -23,6 +23,7 @@ import org.apache.wss4j.common.WSEncrypt
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.WsuIdAllocator;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
@@ -44,17 +45,13 @@ public class WSSecBase {
     protected CallbackLookup callbackLookup;
     protected CallbackHandler attachmentCallbackHandler;
 
-    private WSSConfig wssConfig;
+    private WsuIdAllocator idAllocator;
     private final List<WSEncryptionPart> parts = new ArrayList<>();
 
     
     public WSSecBase() {
     }
     
-    public WSSecBase(WSSConfig config) {
-        wssConfig = config;
-    }
-
     /**
      * @param callbackLookup The CallbackLookup object to retrieve elements
      */
@@ -104,21 +101,6 @@ public class WSSecBase {
         return keyIdentifierType;
     }
 
-    /**
-     * @param wsConfig
-     *            The wsConfig to set.
-     */
-    public void setWsConfig(WSSConfig wsConfig) {
-        this.wssConfig = wsConfig;
-    }
-    
-    public WSSConfig getWsConfig() {
-        if (wssConfig == null) {
-            wssConfig = WSSConfig.getNewInstance();
-        }
-        return wssConfig;
-    }
-
     public void setAttachmentCallbackHandler(CallbackHandler attachmentCallbackHandler) {
         this.attachmentCallbackHandler = attachmentCallbackHandler;
     }
@@ -170,7 +152,7 @@ public class WSSecBase {
         }
         
         if (id == null || id.length() == 0) {
-            id = wssConfig.getIdAllocator().createId("id-", bodyElement);
+            id = getIdAllocator().createId("id-", bodyElement);
             String prefix = XMLUtils.setNamespace(bodyElement, newAttrNs, newAttrPrefix);
             bodyElement.setAttributeNS(newAttrNs, prefix + ":Id", id);
         }
@@ -193,5 +175,16 @@ public class WSSecBase {
         this.user = user;
         this.password = password;
     }
+
+    public WsuIdAllocator getIdAllocator() {
+        if (idAllocator != null) {
+            return idAllocator;
+        }
+        return WSSConfig.DEFAULT_ID_ALLOCATOR;
+    }
+
+    public void setIdAllocator(WsuIdAllocator idAllocator) {
+        this.idAllocator = idAllocator;
+    }
     
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java Fri Apr 10 14:10:50 2015
@@ -30,7 +30,6 @@ import org.apache.wss4j.common.token.Ref
 import org.apache.wss4j.common.token.SecurityTokenReference;
 import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.xml.security.keys.KeyInfo;
 import org.w3c.dom.Document;
@@ -50,10 +49,6 @@ public class WSSecDKEncrypt extends WSSe
         super();
     }
     
-    public WSSecDKEncrypt(WSSConfig config) {
-        super(config);
-    }
-    
     public Document build(Document doc, WSSecHeader secHeader) throws WSSecurityException {
         
         //
@@ -109,7 +104,7 @@ public class WSSecDKEncrypt extends WSSe
 
         List<String> encDataRefs = 
             WSSecEncrypt.doEncryption(
-                document, getWsConfig(), keyInfo, key, symEncAlgo, references, callbackLookup
+                document, getIdAllocator(), keyInfo, key, symEncAlgo, references, callbackLookup
             );
         if (dataRef == null) {
             dataRef = 

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java Fri Apr 10 14:10:50 2015
@@ -36,6 +36,9 @@ import javax.xml.crypto.dsig.keyinfo.Key
 import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
 import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
 
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
 import org.apache.wss4j.common.WSEncryptionPart;
 import org.apache.wss4j.common.derivedKey.ConversationConstants;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -45,11 +48,8 @@ import org.apache.wss4j.common.util.KeyU
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDocInfo;
-import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.transform.STRTransform;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
 
 /**
  * Builder to sign with derived keys
@@ -75,17 +75,13 @@ public class WSSecDKSign extends WSSecDe
     private CanonicalizationMethod c14nMethod;
     private Element securityHeader;
     private int derivedKeyLength = -1;
+    private boolean addInclusivePrefixes = true;
 
     public WSSecDKSign() {
         super();
         init();
     }
     
-    public WSSecDKSign(WSSConfig config) {
-        super(config);
-        init();
-    }
-    
     private void init() {
         // Try to install the Santuario Provider - fall back to the JDK provider if this does
         // not work
@@ -129,8 +125,7 @@ public class WSSecDKSign extends WSSecDe
         
         try {
             C14NMethodParameterSpec c14nSpec = null;
-            if (getWsConfig().isAddInclusivePrefixes() 
-                && canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
+            if (addInclusivePrefixes && canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
                 List<String> prefixes = 
                     getInclusivePrefixes(secHeader.getSecurityHeader(), false);
                 c14nSpec = new ExcC14NParameterSpec(prefixes);
@@ -144,10 +139,10 @@ public class WSSecDKSign extends WSSecDe
             );
         }
 
-        keyInfoUri = getWsConfig().getIdAllocator().createSecureId("KI-", keyInfo);
+        keyInfoUri = getIdAllocator().createSecureId("KI-", keyInfo);
         
         secRef = new SecurityTokenReference(doc);
-        strUri = getWsConfig().getIdAllocator().createSecureId("STR-", secRef);
+        strUri = getIdAllocator().createSecureId("STR-", secRef);
         secRef.setID(strUri);
         
         Reference ref = new Reference(document);
@@ -198,7 +193,7 @@ public class WSSecDKSign extends WSSecDe
                 wsDocInfo,
                 signatureFactory, 
                 secHeader, 
-                getWsConfig(), 
+                addInclusivePrefixes, 
                 digestAlgo
             );
     }
@@ -243,7 +238,7 @@ public class WSSecDKSign extends WSSecDe
                     signedInfo, 
                     keyInfo,
                     null,
-                    getWsConfig().getIdAllocator().createId("SIG-", null),
+                    getIdAllocator().createId("SIG-", null),
                     null);
             
             //
@@ -374,4 +369,11 @@ public class WSSecDKSign extends WSSecDe
         return canonAlgo;
     }
     
+    public boolean isAddInclusivePrefixes() {
+        return addInclusivePrefixes;
+    }
+
+    public void setAddInclusivePrefixes(boolean addInclusivePrefixes) {
+        this.addInclusivePrefixes = addInclusivePrefixes;
+    }
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDerivedKeyBase.java Fri Apr 10 14:10:50 2015
@@ -20,7 +20,6 @@
 package org.apache.wss4j.dom.message;
 
 import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.token.Reference;
 import org.apache.wss4j.common.token.SecurityTokenReference;
@@ -110,11 +109,6 @@ public abstract class WSSecDerivedKeyBas
         setKeyIdentifierType(0);
     }
     
-    public WSSecDerivedKeyBase(WSSConfig config) {
-        super(config);
-        setKeyIdentifierType(0);
-    }
-    
     /**
      * The derived key will change depending on the sig/encr algorithm.
      * Therefore the child classes are expected to provide this value.
@@ -229,7 +223,7 @@ public abstract class WSSecDerivedKeyBas
         
         // Add the DKTs
         dkt = new DerivedKeyToken(wscVersion, document);
-        dktId = getWsConfig().getIdAllocator().createId("DK-", dkt);
+        dktId = getIdAllocator().createId("DK-", dkt);
         
         dkt.setOffset(offset);
         dkt.setLength(length);
@@ -238,7 +232,7 @@ public abstract class WSSecDerivedKeyBas
         
         if (strElem == null) {
             SecurityTokenReference secRef = new SecurityTokenReference(document);
-            String strUri = getWsConfig().getIdAllocator().createSecureId("STR-", secRef);
+            String strUri = getIdAllocator().createSecureId("STR-", secRef);
             secRef.setID(strUri);
             
             X509Certificate[] certs = getSigningCerts();

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncrypt.java Fri Apr 10 14:10:50 2015
@@ -46,7 +46,7 @@ import org.apache.wss4j.common.util.Atta
 import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.WsuIdAllocator;
 import org.apache.wss4j.dom.message.token.KerberosSecurity;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.xml.security.algorithms.JCEMapper;
@@ -98,10 +98,6 @@ public class WSSecEncrypt extends WSSecE
         super();
     }
     
-    public WSSecEncrypt(WSSConfig config) {
-        super(config);
-    }
-    
     /**
      * Initialize a WSSec Encrypt.
      * 
@@ -245,7 +241,7 @@ public class WSSecEncrypt extends WSSecE
         SecretKeySpec secretKeySpec = new SecretKeySpec(symmetricKey.getEncoded(), symmetricKey.getAlgorithm());
         List<String> encDataRefs = 
             doEncryption(
-                document, getWsConfig(), keyInfo, secretKeySpec, getSymmetricEncAlgorithm(), references, 
+                document, getIdAllocator(), keyInfo, secretKeySpec, getSymmetricEncAlgorithm(), references, 
                     callbackLookup, attachmentCallbackHandler, attachmentEncryptedDataElements
             );
         if (dataRef == null) {
@@ -308,7 +304,7 @@ public class WSSecEncrypt extends WSSecE
     /**
      * Perform encryption on the SOAP envelope.
      * @param doc The document containing the SOAP envelope as document element
-     * @param config The WSSConfig from which to generate wsu:ID's
+     * @param idAllocator A WsuIdAllocator used to generate wsu:ID's
      * @param keyInfo The KeyInfo object to set in EncryptedData
      * @param secretKey The SecretKey object with which to encrypt data
      * @param encryptionAlgorithm The encryption algorithm URI to use
@@ -318,7 +314,7 @@ public class WSSecEncrypt extends WSSecE
      */
     public static List<String> doEncryption(
         Document doc,
-        WSSConfig config,
+        WsuIdAllocator idAllocator,
         KeyInfo keyInfo,
         SecretKey secretKey,
         String encryptionAlgorithm,
@@ -326,13 +322,13 @@ public class WSSecEncrypt extends WSSecE
         CallbackLookup callbackLookup
     ) throws WSSecurityException {
         return doEncryption(
-                doc, config, keyInfo, secretKey, encryptionAlgorithm,
+                doc, idAllocator, keyInfo, secretKey, encryptionAlgorithm,
                 references, callbackLookup, null, null);
     }
 
     public static List<String> doEncryption(
             Document doc,
-            WSSConfig config,
+            WsuIdAllocator idAllocator,
             KeyInfo keyInfo,
             SecretKey secretKey,
             String encryptionAlgorithm,
@@ -379,7 +375,7 @@ public class WSSecEncrypt extends WSSecE
 
             for (Element elementToEncrypt : elementsToEncrypt) {
                 String id = 
-                    encryptElement(doc, elementToEncrypt, encPart.getEncModifier(), config, xmlCipher,
+                    encryptElement(doc, elementToEncrypt, encPart.getEncModifier(), idAllocator, xmlCipher,
                                    secretKey, keyInfo);
                 encPart.setEncId(id);
                 encDataRef.add("#" + id);
@@ -426,7 +422,7 @@ public class WSSecEncrypt extends WSSecE
                 for (Attachment attachment : attachmentRequestCallback.getAttachments()) {
 
                     final String attachmentId = attachment.getId();
-                    String encEncryptedDataId = config.getIdAllocator().createId("ED-", attachmentId);
+                    String encEncryptedDataId = idAllocator.createId("ED-", attachmentId);
                     encDataRef.add("#" + encEncryptedDataId);
 
                     Element encryptedData =
@@ -516,7 +512,7 @@ public class WSSecEncrypt extends WSSecE
         Document doc,
         Element elementToEncrypt,
         String modifier,
-        WSSConfig config,
+        WsuIdAllocator idAllocator,
         XMLCipher xmlCipher,
         SecretKey secretKey,
         KeyInfo keyInfo
@@ -526,8 +522,7 @@ public class WSSecEncrypt extends WSSecE
         //
         // Encrypt data, and set necessary attributes in xenc:EncryptedData
         //
-        String xencEncryptedDataId = 
-            config.getIdAllocator().createId("ED-", elementToEncrypt);
+        String xencEncryptedDataId = idAllocator.createId("ED-", elementToEncrypt);
         try {
             String headerId = "";
             if ("Header".equals(modifier)) {
@@ -538,7 +533,7 @@ public class WSSecEncrypt extends WSSecE
                 XMLUtils.setNamespace(elem, WSConstants.WSSE11_NS, WSConstants.WSSE11_PREFIX);
                 String wsuPrefix = 
                     XMLUtils.setNamespace(elem, WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
-                headerId = config.getIdAllocator().createId("EH-", elementToEncrypt);
+                headerId = idAllocator.createId("EH-", elementToEncrypt);
                 elem.setAttributeNS(
                     WSConstants.WSU_NS, wsuPrefix + ":Id", headerId
                 );

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java Fri Apr 10 14:10:50 2015
@@ -42,7 +42,6 @@ import org.apache.wss4j.common.token.Sec
 import org.apache.wss4j.common.token.X509Security;
 import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.stax.impl.util.IDGenerator;
@@ -141,10 +140,6 @@ public class WSSecEncryptedKey extends W
         super();
     }
     
-    public WSSecEncryptedKey(WSSConfig config) {
-        super(config);
-    }
-
     /**
      * Set the user name to get the encryption certificate.
      * 

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSAMLToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSAMLToken.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSAMLToken.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSAMLToken.java Fri Apr 10 14:10:50 2015
@@ -20,7 +20,6 @@
 package org.apache.wss4j.dom.message;
 
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 
@@ -46,10 +45,6 @@ public class WSSecSAMLToken extends WSSe
         super();
     }
     
-    public WSSecSAMLToken(WSSConfig config) {
-        super(config);
-    }
-    
     /**
      * Creates a SAML token.
      * 

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java Fri Apr 10 14:10:50 2015
@@ -53,7 +53,6 @@ import org.apache.wss4j.common.util.KeyU
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDocInfo;
-import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.message.token.KerberosSecurity;
 import org.apache.wss4j.dom.transform.STRTransform;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
@@ -105,17 +104,13 @@ public class WSSecSignature extends WSSe
     private boolean useCustomSecRef;
     private boolean bstAddedToSecurityHeader;
     private boolean includeSignatureToken;
+    private boolean addInclusivePrefixes = true;
 
     public WSSecSignature() {
         super();
         init();
     }
     
-    public WSSecSignature(WSSConfig config) {
-        super(config);
-        init();
-    }
-    
     private void init() {
         // Try to install the Santuario Provider - fall back to the JDK provider if this does
         // not work
@@ -161,8 +156,7 @@ public class WSSecSignature extends WSSe
 
         try {
             C14NMethodParameterSpec c14nSpec = null;
-            if (getWsConfig().isAddInclusivePrefixes() 
-                && canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
+            if (addInclusivePrefixes && canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
                 List<String> prefixes = 
                     getInclusivePrefixes(secHeader.getSecurityHeader(), false);
                 c14nSpec = new ExcC14NParameterSpec(prefixes);
@@ -176,10 +170,10 @@ public class WSSecSignature extends WSSe
             );
         }
 
-        keyInfoUri = getWsConfig().getIdAllocator().createSecureId("KI-", keyInfo);
+        keyInfoUri = getIdAllocator().createSecureId("KI-", keyInfo);
         if (!useCustomSecRef) {
             secRef = new SecurityTokenReference(doc);
-            strUri = getWsConfig().getIdAllocator().createSecureId("STR-", secRef);
+            strUri = getIdAllocator().createSecureId("STR-", secRef);
             secRef.setID(strUri);
             
             //
@@ -413,7 +407,7 @@ public class WSSecSignature extends WSSe
                 wsDocInfo,
                 signatureFactory, 
                 secHeader, 
-                getWsConfig(), 
+                addInclusivePrefixes, 
                 digestAlgo
             );
     }
@@ -525,7 +519,7 @@ public class WSSecSignature extends WSSe
                     signedInfo, 
                     keyInfo,
                     null,
-                    getWsConfig().getIdAllocator().createId("SIG-", null),
+                    getIdAllocator().createId("SIG-", null),
                     null);
             
             //
@@ -806,7 +800,7 @@ public class WSSecSignature extends WSSe
                         "noUserCertsFound",
                         user, "signature");
             }
-            certUri = getWsConfig().getIdAllocator().createSecureId("X509-", certs[0]);  
+            certUri = getIdAllocator().createSecureId("X509-", certs[0]);  
             //
             // If no signature algorithm was set try to detect it according to the
             // data stored in the certificate.
@@ -836,5 +830,13 @@ public class WSSecSignature extends WSSe
     public void setIncludeSignatureToken(boolean includeSignatureToken) {
         this.includeSignatureToken = includeSignatureToken;
     }
+
+    public boolean isAddInclusivePrefixes() {
+        return addInclusivePrefixes;
+    }
+
+    public void setAddInclusivePrefixes(boolean addInclusivePrefixes) {
+        this.addInclusivePrefixes = addInclusivePrefixes;
+    }
     
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureBase.java Fri Apr 10 14:10:50 2015
@@ -40,7 +40,6 @@ import org.apache.wss4j.common.ext.Attac
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDocInfo;
-import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.transform.AttachmentTransformParameterSpec;
 import org.apache.wss4j.dom.transform.STRTransform;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
@@ -62,10 +61,6 @@ public class WSSecSignatureBase extends
         super();
     }
     
-    public WSSecSignatureBase(WSSConfig config) {
-        super(config);
-    }
-    
     /**
      * This method adds references to the Signature.
      * 
@@ -84,7 +79,7 @@ public class WSSecSignatureBase extends
         WSDocInfo wsDocInfo,
         XMLSignatureFactory signatureFactory,
         WSSecHeader secHeader,
-        WSSConfig wssConfig,
+        boolean addInclusivePrefixes,
         String digestAlgo
     ) throws WSSecurityException {
         DigestMethod digestMethod;
@@ -136,7 +131,7 @@ public class WSSecSignatureBase extends
                             }
                             element = callbackLookup.getElement(idToSign, null, false);
                         }
-                        if (wssConfig.isAddInclusivePrefixes()) {
+                        if (addInclusivePrefixes) {
                             List<String> prefixes = getInclusivePrefixes(element);
                             transformSpec = new ExcC14NParameterSpec(prefixes);
                         }
@@ -183,7 +178,7 @@ public class WSSecSignatureBase extends
                     }
                     for (Element elementToSign : elementsToSign) {
                         TransformParameterSpec transformSpec = null;
-                        if (wssConfig.isAddInclusivePrefixes()) {
+                        if (addInclusivePrefixes) {
                             List<String> prefixes = getInclusivePrefixes(elementToSign);
                             transformSpec = new ExcC14NParameterSpec(prefixes);
                         }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignatureConfirmation.java Fri Apr 10 14:10:50 2015
@@ -19,7 +19,6 @@
 
 package org.apache.wss4j.dom.message;
 
-import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.message.token.SignatureConfirmation;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.w3c.dom.Document;
@@ -40,10 +39,6 @@ public class WSSecSignatureConfirmation
         super();
     }
     
-    public WSSecSignatureConfirmation(WSSConfig config) {
-        super(config);
-    }
-    
     /**
      * Set the Signature value to store in this SignatureConfirmation.
      * 
@@ -65,7 +60,7 @@ public class WSSecSignatureConfirmation
      */
     public void prepare(Document doc) {
         sc = new SignatureConfirmation(doc, signatureValue);
-        sc.setID(getWsConfig().getIdAllocator().createId("SC-", sc));
+        sc.setID(getIdAllocator().createId("SC-", sc));
     }
     
     /**

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java?rev=1672673&r1=1672672&r2=1672673&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecTimestamp.java Fri Apr 10 14:10:50 2015
@@ -19,12 +19,14 @@
 
 package org.apache.wss4j.dom.message;
 
-import org.apache.wss4j.dom.WSSConfig;
-import org.apache.wss4j.dom.message.token.Timestamp;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import org.apache.wss4j.common.util.WSCurrentTimeSource;
+import org.apache.wss4j.common.util.WSTimeSource;
+import org.apache.wss4j.dom.message.token.Timestamp;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+
 /**
  * Builds a WS Timestamp and inserts it into the SOAP Envelope. Refer to the WS
  * specification 1.0. chapter 10 / appendix A.2
@@ -37,15 +39,13 @@ public class WSSecTimestamp extends WSSe
     private Timestamp ts;
 
     private int timeToLive = 300; // time between Created and Expires
+    private boolean precisionInMilliSeconds = true;
+    private WSTimeSource wsTimeSource = new WSCurrentTimeSource();
     
     public WSSecTimestamp() {
         super();
     }
     
-    public WSSecTimestamp(WSSConfig config) {
-        super(config);
-    }
-    
     /**
      * Set the time to live. This is the time difference in seconds between the
      * <code>Created</code> and the <code>Expires</code> in
@@ -68,9 +68,8 @@ public class WSSecTimestamp extends WSSe
      * @param doc The SOAP envelope as W3C document
      */
     public void prepare(Document doc) {
-        ts = new Timestamp(getWsConfig().isPrecisionInMilliSeconds(), doc, 
-                           getWsConfig().getCurrentTime(), timeToLive);
-        String tsId = getWsConfig().getIdAllocator().createId("TS-", ts);
+        ts = new Timestamp(precisionInMilliSeconds, doc, wsTimeSource, timeToLive);
+        String tsId = getIdAllocator().createId("TS-", ts);
         ts.setID(tsId);
     }
 
@@ -123,6 +122,14 @@ public class WSSecTimestamp extends WSSe
         return ts.getID();
     }
     
+    public WSTimeSource getWsTimeSource() {
+        return wsTimeSource;
+    }
+
+    public void setWsTimeSource(WSTimeSource wsTimeSource) {
+        this.wsTimeSource = wsTimeSource;
+    }
+
     /**
      * Get the timestamp element generated during <code>prepare()</code>.
      */
@@ -132,4 +139,12 @@ public class WSSecTimestamp extends WSSe
         }
         return ts.getElement();
     }
+
+    public boolean isPrecisionInMilliSeconds() {
+        return precisionInMilliSeconds;
+    }
+
+    public void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds) {
+        this.precisionInMilliSeconds = precisionInMilliSeconds;
+    }
 }



Mime
View raw message