ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1720192 [11/33] - in /webservices/wss4j/trunk: bindings/src/main/java/org/apache/wss4j/binding/wss10/ bindings/src/main/java/org/apache/wss4j/binding/wss11/ bindings/src/main/java/org/apache/wss4j/binding/wssc13/ bindings/src/main/java/org...
Date Tue, 15 Dec 2015 16:40:42 GMT
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSecurityEngineResult.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSecurityEngineResult.java?rev=1720192&r1=1720191&r2=1720192&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSecurityEngineResult.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSecurityEngineResult.java Tue Dec 15 16:40:37 2015
@@ -33,13 +33,13 @@ import java.util.List;
 
 
 public class WSSecurityEngineResult extends java.util.HashMap<String, Object> {
-    
+
     //
     // Tokens
     //
-    
+
     /**
-     * 
+     *
      */
     private static final long serialVersionUID = 8877354445092724300L;
 
@@ -49,7 +49,7 @@ public class WSSecurityEngineResult exte
      * The value under this tag is of type SamlAssertionWrapper.
      */
     public static final String TAG_SAML_ASSERTION = "saml-assertion";
-    
+
     /**
      * Tag denoting the timestamp found, if applicable.
      *
@@ -65,17 +65,17 @@ public class WSSecurityEngineResult exte
      * The value under this tag is of type SecurityContextToken.
      */
     public static final String TAG_SECURITY_CONTEXT_TOKEN = "security-context-token";
-    
+
     /**
      * Tag denoting a UsernameToken object
      */
     public static final String TAG_USERNAME_TOKEN = "username-token";
-    
+
     /**
      * Tag denoting a DerivedKeyToken object
      */
     public static final String TAG_DERIVED_KEY_TOKEN = "derived-key-token";
-    
+
     /**
      * Tag denoting the signature confirmation of a signed element,
      * if applicable.
@@ -91,40 +91,40 @@ public class WSSecurityEngineResult exte
      * The value under this tag is of type BinarySecurity.
      */
     public static final String TAG_BINARY_SECURITY_TOKEN = "binary-security-token";
-    
+
     /**
      * Tag denoting a Transformed Token. For certain tokens, the Validator may return
      * an SamlAssertionWrapper instance which corresponds to a transformed version of the
      * initial token. For example, a Username Token credential might be validated
-     * by an STS and transformed into a SAML Assertion. This tag then holds the 
+     * by an STS and transformed into a SAML Assertion. This tag then holds the
      * transformed SamlAssertionWrapper instance, as a component of the Result corresponding
      * to the Username Token.
-     * 
+     *
      * The value under this tag is of type SamlAssertionWrapper.
      */
     public static final String TAG_TRANSFORMED_TOKEN = "transformed-token";
-    
+
     /**
-     * Tag denoting that the TAG_*_TOKEN result has been validated by a Validator 
+     * Tag denoting that the TAG_*_TOKEN result has been validated by a Validator
      * implementation. Some of the processors do not have a default validator implementation,
-     * and so this is not set. Note that this is set for the NoOpValidator if it is 
+     * and so this is not set. Note that this is set for the NoOpValidator if it is
      * configured.
-     * 
+     *
      * The value under this tag is a Boolean instance.
      */
     public static final String TAG_VALIDATED_TOKEN = "validated-token";
-    
+
     /**
      * Tag denoting the DOM Element of the processed token (if a token has been processed).
-     * 
+     *
      * The value under this tag is of type org.w3c.dom.Element
      */
     public static final String TAG_TOKEN_ELEMENT = "token-element";
-    
+
     //
     // Keys and certs
     //
-    
+
     /**
      * Tag denoting the X.509 certificate found, if applicable.
      *
@@ -138,17 +138,17 @@ public class WSSecurityEngineResult exte
      * The value under this tag is of type byte[].
      */
     public static final String TAG_SIGNATURE_VALUE = "signature-value";
-    
+
     /**
      * Tag denoting the X.509 certificate chain found, if applicable.
      *
      * The value under this tag is of type java.security.cert.X509Certificate[].
      */
     public static final String TAG_X509_CERTIFICATES = "x509-certificates";
-    
+
     /**
      * Tag denoting how the X.509 certificate (chain) was referenced, if applicable.
-     * 
+     *
      * The value under this tag is of type STRParser.REFERENCE_TYPE.
      */
     public static final String TAG_X509_REFERENCE_TYPE  = "x509-reference-type";
@@ -156,20 +156,20 @@ public class WSSecurityEngineResult exte
     /**
      * Tag denoting the encrypted key bytes
      *
-     * The value under this tag is a byte array 
+     * The value under this tag is a byte array
      */
     public static final String TAG_ENCRYPTED_EPHEMERAL_KEY = "encrypted-ephemeral-key-bytes";
-    
+
     /**
      * Tag denoting a byte[] secret associated with this token
      */
     public static final String TAG_SECRET = "secret";
-    
+
     /**
      * Tag denoting a PublicKey associated with this token
      */
     public static final String TAG_PUBLIC_KEY = "public-key";
-    
+
     //
     // General tags
     //
@@ -187,14 +187,14 @@ public class WSSecurityEngineResult exte
      * The value under this tag is of type java.security.Principal.
      */
     public static final String TAG_PRINCIPAL = "principal";
-    
+
     /**
      * Tag denoting the security subject found, if applicable.
      *
      * The value under this tag is of type javax.security.auth.Subject.
      */
     public static final String TAG_SUBJECT = "subject";
-    
+
     /**
      * Tag denoting references to a List of Data ref URIs.
      *
@@ -208,7 +208,7 @@ public class WSSecurityEngineResult exte
      * The value under this tag is of type String.
      */
     public static final String TAG_ENCRYPTED_KEY_TRANSPORT_METHOD = "encrypted-key-transport-method";
-    
+
     /**
      * Tag denoting the algorithm that was used to sign the message
      *
@@ -222,25 +222,25 @@ public class WSSecurityEngineResult exte
      * The value under this tag is of type String.
      */
     public static final String TAG_CANONICALIZATION_METHOD = "canonicalization-method";
-    
+
     /**
      * Tag denoting a delegation credential found, if applicable.
      *
      * For Kerberos (if delegation is enabled), the value under this tag is of type GSSCredential
      */
     public static final String TAG_DELEGATION_CREDENTIAL = "delegation-credential";
-    
+
     /**
      * The (wsu) Id of the token corresponding to this result.
      */
     public static final String TAG_ID = "id";
-    
+
     public WSSecurityEngineResult(int act) {
         put(TAG_ACTION, act);
     }
-    
+
     public WSSecurityEngineResult(
-        int act, 
+        int act,
         SamlAssertionWrapper ass
     ) {
         put(TAG_ACTION, act);
@@ -250,9 +250,9 @@ public class WSSecurityEngineResult exte
     }
 
     public WSSecurityEngineResult(
-        int act, 
+        int act,
         Principal princ,
-        X509Certificate[] certs, 
+        X509Certificate[] certs,
         byte[] sv
     ) {
         put(TAG_ACTION, act);
@@ -276,10 +276,10 @@ public class WSSecurityEngineResult exte
         this(act, princ, certs, sv);
         put(TAG_DATA_REF_URIS, dataRefs);
     }
-    
+
     public WSSecurityEngineResult(
-        int act, 
-        byte[] decryptedKey, 
+        int act,
+        byte[] decryptedKey,
         byte[] encryptedKeyBytes,
         List<WSDataRef> dataRefUris
     ) {
@@ -289,10 +289,10 @@ public class WSSecurityEngineResult exte
         put(TAG_DATA_REF_URIS, dataRefUris);
         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
     }
-    
+
     public WSSecurityEngineResult(
-        int act, 
-        byte[] decryptedKey, 
+        int act,
+        byte[] decryptedKey,
         byte[] encryptedKeyBytes,
         List<WSDataRef> dataRefUris,
         X509Certificate[] certs
@@ -307,38 +307,38 @@ public class WSSecurityEngineResult exte
         }
         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
     }
-    
+
     public WSSecurityEngineResult(int act, List<WSDataRef> dataRefUris) {
         put(TAG_ACTION, act);
         put(TAG_DATA_REF_URIS, dataRefUris);
         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
     }
-    
+
     public WSSecurityEngineResult(int act, Timestamp tstamp) {
         put(TAG_ACTION, act);
         put(TAG_TIMESTAMP, tstamp);
         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
         put(TAG_TOKEN_ELEMENT, tstamp.getElement());
     }
-    
+
     public WSSecurityEngineResult(int act, SecurityContextToken sct) {
         put(TAG_ACTION, act);
         put(TAG_SECURITY_CONTEXT_TOKEN, sct);
         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
         put(TAG_TOKEN_ELEMENT, sct.getElement());
     }
-    
+
     public WSSecurityEngineResult(int act, SignatureConfirmation sc) {
         put(TAG_ACTION, act);
         put(TAG_SIGNATURE_CONFIRMATION, sc);
         put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
         put(TAG_TOKEN_ELEMENT, sc.getElement());
     }
-    
+
     public WSSecurityEngineResult(int act, UsernameToken usernameToken) {
         this(act, usernameToken, null);
     }
-    
+
     public WSSecurityEngineResult(int act, UsernameToken usernameToken, Principal principal) {
         put(TAG_ACTION, act);
         put(TAG_USERNAME_TOKEN, usernameToken);
@@ -358,5 +358,5 @@ public class WSSecurityEngineResult exte
         put(TAG_TOKEN_ELEMENT, token.getElement());
     }
 
-    
+
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/HandlerAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/HandlerAction.java?rev=1720192&r1=1720191&r2=1720192&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/HandlerAction.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/HandlerAction.java Tue Dec 15 16:40:37 2015
@@ -26,23 +26,23 @@ import org.apache.wss4j.common.SecurityA
  * This class associates an "Action" Integer with a (optional) SecurityActionToken
  */
 public class HandlerAction {
-    
+
     private Integer action;
     private SecurityActionToken actionToken;
-    
+
     public HandlerAction() {
-        
+
     }
-    
+
     public HandlerAction(Integer action) {
         this(action, null);
     }
-    
+
     public HandlerAction(Integer action, SecurityActionToken actionToken) {
         this.action = action;
         this.actionToken = actionToken;
     }
-    
+
     public Integer getAction() {
         return action;
     }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1720192&r1=1720191&r2=1720192&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java Tue Dec 15 16:40:37 2015
@@ -52,7 +52,7 @@ import org.apache.xml.security.utils.Bas
  * This class holds per request data.
  */
 public class RequestData {
-    
+
     private Object msgContext;
     private SOAPConstants soapConstants;
     private String actor;
@@ -94,7 +94,7 @@ public class RequestData {
     private final List<String> audienceRestrictions = new ArrayList<>();
     private boolean requireTimestampExpires;
     private boolean storeBytesInAttachment;
-    
+
     /**
      * Whether to add an InclusiveNamespaces PrefixList as a CanonicalizationMethod
      * child when generating Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS.
@@ -114,66 +114,66 @@ public class RequestData {
     /**
      * If set to true then the timestamp handling will throw an exception if the
      * timestamp contains an expires element and the semantics are expired.
-     * 
+     *
      * If set to false, no exception will be thrown, even if the semantics are
      * expired.
      */
     private boolean timeStampStrict = true;
-    
+
     /**
-     * If this value is not null, then username token handling will throw an 
+     * If this value is not null, then username token handling will throw an
      * exception if the password type of the Username Token does not match this value
      */
     private String requiredPasswordType;
-    
+
     /**
-     * This variable controls whether a UsernameToken with no password element is allowed. 
-     * The default value is "false". Set it to "true" to allow deriving keys from UsernameTokens 
+     * This variable controls whether a UsernameToken with no password element is allowed.
+     * The default value is "false". Set it to "true" to allow deriving keys from UsernameTokens
      * or to support UsernameTokens for purposes other than authentication.
      */
     private boolean allowUsernameTokenNoPassword;
-    
+
     /**
      * The time in seconds between creation and expiry for a Timestamp. The default
      * is 300 seconds (5 minutes).
      */
     private int timeStampTTL = 300;
-    
+
     /**
-     * The time in seconds in the future within which the Created time of an incoming 
+     * The time in seconds in the future within which the Created time of an incoming
      * Timestamp is valid. The default is 60 seconds.
      */
     private int timeStampFutureTTL = 60;
-    
+
     /**
      * The time in seconds between creation and expiry for a UsernameToken Created
      * element. The default is 300 seconds (5 minutes).
      */
     private int utTTL = 300;
-    
+
     /**
-     * The time in seconds in the future within which the Created time of an incoming 
+     * The time in seconds in the future within which the Created time of an incoming
      * UsernameToken is valid. The default is 60 seconds.
      */
     private int utFutureTTL = 60;
-    
+
     /**
      * This variable controls whether types other than PasswordDigest or PasswordText
-     * are allowed when processing UsernameTokens. 
-     * 
+     * are allowed when processing UsernameTokens.
+     *
      * By default this is set to false so that the user doesn't have to explicitly
      * reject custom token types in the callback handler.
      */
     private boolean handleCustomPasswordTypes;
-    
+
     /**
      * This variable controls whether (wsse) namespace qualified password types are
      * accepted when processing UsernameTokens.
-     * 
+     *
      * By default this is set to false.
      */
     private boolean allowNamespaceQualifiedPasswordTypes;
-    
+
     /**
      * Whether the password should be treated as a binary value.  This
      * is needed to properly handle password equivalence for UsernameToken
@@ -186,13 +186,13 @@ public class RequestData {
      * See https://issues.apache.org/jira/browse/WSS-239
      */
     private boolean encodePasswords;
-    
+
     /**
      * Whether to validate the SubjectConfirmation requirements of a received SAML Token
      * (sender-vouches or holder-of-key). The default is true.
      */
     private boolean validateSamlSubjectConfirmation = true;
-    
+
     private boolean expandXopIncludeForSignature = true;
 
     public boolean isEnableTimestampReplayCache() {
@@ -234,7 +234,7 @@ public class RequestData {
     public void setActor(String actor) {
         this.actor = actor;
     }
-    
+
     public String getUsername() {
         return username;
     }
@@ -242,7 +242,7 @@ public class RequestData {
     public void setUsername(String username) {
         this.username = username;
     }
-    
+
     public String getPwType() {
         return pwType;
     }
@@ -280,7 +280,7 @@ public class RequestData {
     public void setWssConfig(WSSConfig wssConfig) {
         this.wssConfig = wssConfig;
     }
-    
+
     /**
      * @return Returns the list of stored signature values.
      */
@@ -301,7 +301,7 @@ public class RequestData {
     public void setSecHeader(WSSecHeader secHeader) {
         this.secHeader = secHeader;
     }
-    
+
     /**
      * Set the derived key iterations. Default is 1000.
      * @param iterations The number of iterations to use when deriving a key
@@ -309,7 +309,7 @@ public class RequestData {
     public void setDerivedKeyIterations(int iterations) {
         derivedKeyIterations = iterations;
     }
-    
+
     /**
      * Get the derived key iterations.
      * @return The number of iterations to use when deriving a key
@@ -317,7 +317,7 @@ public class RequestData {
     public int getDerivedKeyIterations() {
         return derivedKeyIterations;
     }
-    
+
     /**
      * Whether to use the derived key for a MAC.
      * @param useMac Whether to use the derived key for a MAC.
@@ -325,7 +325,7 @@ public class RequestData {
     public void setUseDerivedKeyForMAC(boolean useMac) {
         useDerivedKeyForMAC = useMac;
     }
-    
+
     /**
      * Whether to use the derived key for a MAC.
      * @return Whether to use the derived key for a MAC.
@@ -333,15 +333,15 @@ public class RequestData {
     public boolean isUseDerivedKeyForMAC() {
         return useDerivedKeyForMAC;
     }
-    
+
     /**
      * Set whether to enable CRL checking or not when verifying trust in a certificate.
-     * @param enableRevocation whether to enable CRL checking 
+     * @param enableRevocation whether to enable CRL checking
      */
     public void setEnableRevocation(boolean enableRevocation) {
         this.enableRevocation = enableRevocation;
     }
-    
+
     /**
      * Get whether to enable CRL checking or not when verifying trust in a certificate.
      * @return whether to enable CRL checking
@@ -349,7 +349,7 @@ public class RequestData {
     public boolean isRevocationEnabled() {
         return enableRevocation;
     }
-    
+
     /**
      * @return whether EncryptedData elements are required to be signed
      */
@@ -362,21 +362,21 @@ public class RequestData {
      * are in a signed subtree of the document. This can be used to
      * prevent some wrapping based attacks when encrypt-before-sign
      * token protection is selected.
-     *  
+     *
      * @param requireSignedEncryptedDataElements
      */
     public void setRequireSignedEncryptedDataElements(boolean requireSignedEncryptedDataElements) {
         this.requireSignedEncryptedDataElements = requireSignedEncryptedDataElements;
     }
-    
+
     /**
      * Sets the CallbackHandler used for this request
      * @param cb
      */
-    public void setCallbackHandler(CallbackHandler cb) { 
+    public void setCallbackHandler(CallbackHandler cb) {
         callback = cb;
     }
-    
+
     /**
      * Returns the CallbackHandler used for this request.
      * @return the CallbackHandler used for this request.
@@ -405,7 +405,7 @@ public class RequestData {
         }
         return null;
     }
-    
+
     /**
      * Set the replay cache for Timestamps
      */
@@ -415,22 +415,22 @@ public class RequestData {
 
     /**
      * Get the replay cache for Timestamps
-     * @throws WSSecurityException 
+     * @throws WSSecurityException
      */
     public ReplayCache getTimestampReplayCache() throws WSSecurityException {
         if (enableTimestampReplayCache && timestampReplayCache == null) {
             timestampReplayCache = createCache("wss4j.timestamp.cache-");
         }
-        
+
         return timestampReplayCache;
     }
-    
+
     private synchronized ReplayCache createCache(String key) throws WSSecurityException {
         ReplayCacheFactory replayCacheFactory = ReplayCacheFactory.newInstance();
         String cacheKey = key + Base64.encode(WSSecurityUtil.generateNonce(10));
         return replayCacheFactory.newReplayCache(cacheKey, null);
     }
-    
+
     /**
      * Set the replay cache for Nonces
      */
@@ -440,16 +440,16 @@ public class RequestData {
 
     /**
      * Get the replay cache for Nonces
-     * @throws WSSecurityException 
+     * @throws WSSecurityException
      */
     public ReplayCache getNonceReplayCache() throws WSSecurityException {
         if (enableNonceReplayCache && nonceReplayCache == null) {
             nonceReplayCache = createCache("wss4j.nonce.cache-");
         }
-        
+
         return nonceReplayCache;
     }
-    
+
     /**
      * Set the replay cache for SAML2 OneTimeUse Assertions
      */
@@ -459,16 +459,16 @@ public class RequestData {
 
     /**
      * Get the replay cache for SAML2 OneTimeUse Assertions
-     * @throws WSSecurityException 
+     * @throws WSSecurityException
      */
     public ReplayCache getSamlOneTimeUseReplayCache() throws WSSecurityException {
         if (enableSamlOneTimeUseReplayCache && samlOneTimeUseReplayCache == null) {
             samlOneTimeUseReplayCache = createCache("wss4j.saml.one.time.use.cache-");
         }
-        
+
         return samlOneTimeUseReplayCache;
     }
-    
+
     /**
      * Set the Signature Subject Cert Constraints
      */
@@ -477,14 +477,14 @@ public class RequestData {
             subjectDNPatterns.addAll(subjectCertConstraints);
         }
     }
-    
+
     /**
      * Get the Signature Subject Cert Constraints
      */
     public Collection<Pattern> getSubjectCertConstraints() {
         return subjectDNPatterns;
     }
-    
+
     /**
      * Set the Audience Restrictions
      */
@@ -493,14 +493,14 @@ public class RequestData {
             this.audienceRestrictions.addAll(audienceRestrictions);
         }
     }
-    
+
     /**
      * Get the Audience Restrictions
      */
     public List<String> getAudienceRestrictions() {
         return audienceRestrictions;
     }
-    
+
     public void setIgnoredBSPRules(List<BSPRule> bspRules) {
         ignoredBSPRules.clear();
         ignoredBSPRules.addAll(bspRules);
@@ -509,7 +509,7 @@ public class RequestData {
     public List<BSPRule> getIgnoredBSPRules() {
         return Collections.unmodifiableList(ignoredBSPRules);
     }
-    
+
     public BSPEnforcer getBSPEnforcer() {
         if (disableBSPEnforcement) {
             return new BSPEnforcer(true);
@@ -532,7 +532,7 @@ public class RequestData {
     public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
         this.algorithmSuite = algorithmSuite;
     }
-    
+
     public AlgorithmSuite getSamlAlgorithmSuite() {
         return samlAlgorithmSuite;
     }
@@ -732,7 +732,7 @@ public class RequestData {
     public void setPrecisionInMilliSeconds(boolean precisionInMilliSeconds) {
         this.precisionInMilliSeconds = precisionInMilliSeconds;
     }
-        
+
     public boolean isEnableSignatureConfirmation() {
         return enableSignatureConfirmation;
     }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1720192&r1=1720191&r2=1720192&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Tue Dec 15 16:40:37 2015
@@ -61,25 +61,25 @@ import org.w3c.dom.Document;
  * Extended to all passwordless UsernameTokens and configurable identities.
  */
 public abstract class WSHandler {
-    private static final org.slf4j.Logger LOG = 
+    private static final org.slf4j.Logger LOG =
         org.slf4j.LoggerFactory.getLogger(WSHandler.class);
     protected Map<String, Crypto> cryptos = new ConcurrentHashMap<String, Crypto>();
 
     private boolean doDebug = LOG.isDebugEnabled();
 
-    /**                                                             
+    /**
      * Performs all defined security actions to set-up the SOAP request.
-     * 
-     * @param doc   the request as DOM document 
+     *
+     * @param doc   the request as DOM document
      * @param reqData a data storage to pass values around between methods
      * @param actions a list holding the actions to do in the order defined
-     *                in the deployment file or property, plus an optional 
+     *                in the deployment file or property, plus an optional
      *                associated SecurityActionToken object for that Action
      * @throws WSSecurityException
      */
     protected void doSenderAction(
             Document doc,
-            RequestData reqData, 
+            RequestData reqData,
             List<HandlerAction> actions,
             boolean isRequest
     ) throws WSSecurityException {
@@ -89,7 +89,7 @@ public abstract class WSHandler {
             wssConfig = WSSConfig.getNewInstance();
             reqData.setWssConfig(wssConfig);
         }
-        
+
         Object mc = reqData.getMsgContext();
         reqData.setEncodePasswords(
             decodeBooleanConfigValue(mc, WSHandlerConstants.USE_ENCODED_PASSWORDS, false)
@@ -119,20 +119,20 @@ public abstract class WSHandler {
             CallbackHandler passwordCallbackHandler = getPasswordCallbackHandler(reqData);
             reqData.setCallbackHandler(passwordCallbackHandler);
         }
-        
-        boolean storeBytesInAttachment = 
+
+        boolean storeBytesInAttachment =
             decodeBooleanConfigValue(mc, WSHandlerConstants.STORE_BYTES_IN_ATTACHMENT, false);
         reqData.setStoreBytesInAttachment(storeBytesInAttachment);
-        
+
         // Perform configuration
         boolean encryptionFound = false;
         for (HandlerAction actionToDo : actions) {
             if (actionToDo.getAction() == WSConstants.SC) {
                 reqData.setEnableSignatureConfirmation(true);
-            } else if (actionToDo.getAction() == WSConstants.UT 
+            } else if (actionToDo.getAction() == WSConstants.UT
                 && actionToDo.getActionToken() == null) {
                 decodeUTParameter(reqData);
-            } else if (actionToDo.getAction() == WSConstants.UT_SIGN 
+            } else if (actionToDo.getAction() == WSConstants.UT_SIGN
                 && actionToDo.getActionToken() == null) {
                 decodeUTParameter(reqData);
                 decodeSignatureParameter(reqData);
@@ -153,7 +153,7 @@ public abstract class WSHandler {
                              + " The danger here is that the actual encryption bytes will not be signed");
                     reqData.setStoreBytesInAttachment(false);
                 }
-            } else if (actionToDo.getAction() == WSConstants.ST_SIGNED 
+            } else if (actionToDo.getAction() == WSConstants.ST_SIGNED
                 && actionToDo.getActionToken() == null) {
                 decodeSignatureParameter(reqData);
             } else if ((actionToDo.getAction() == WSConstants.ENCR
@@ -193,15 +193,15 @@ public abstract class WSHandler {
          * SIGN action.
          */
         if (reqData.isEnableSignatureConfirmation() && !isRequest) {
-            String done = 
+            String done =
                 (String)getProperty(reqData.getMsgContext(), WSHandlerConstants.SIG_CONF_DONE);
             if (done == null) {
                 wssConfig.getAction(WSConstants.SC).execute(this, null, doc, reqData);
             }
         }
-        
+
         // See if the Signature and Timestamp actions (in that order) are defined, and if
-        // the Timestamp is to be signed. In this case we need to swap the actions, as the 
+        // the Timestamp is to be signed. In this case we need to swap the actions, as the
         // Timestamp must appear in the security header first for signature creation to work.
         List<HandlerAction> actionsToPerform = actions;
         HandlerAction signingAction = getSignatureActionThatSignsATimestamp(actions, reqData);
@@ -216,7 +216,7 @@ public abstract class WSHandler {
             reqData.setAppendSignatureAfterTimestamp(true);
             reqData.setOriginalSignatureActionPosition(signatureIndex);
         }
-        
+
         /*
          * Here we have all necessary information to perform the requested
          * action(s).
@@ -231,16 +231,16 @@ public abstract class WSHandler {
                     this, actionToDo.getActionToken(), doc, reqData);
             }
         }
-        
+
         /*
          * If this is a request then store all signature values. Add ours to
          * already gathered values because of chained handlers, e.g. for
          * other actors.
          */
-        if (reqData.isEnableSignatureConfirmation() 
+        if (reqData.isEnableSignatureConfirmation()
             && isRequest && reqData.getSignatureValues().size() > 0) {
             @SuppressWarnings("unchecked")
-            Set<Integer> savedSignatures = 
+            Set<Integer> savedSignatures =
                 (Set<Integer>)getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
             if (savedSignatures == null) {
                 savedSignatures = new HashSet<>();
@@ -253,7 +253,7 @@ public abstract class WSHandler {
             }
         }
     }
-    
+
     private HandlerAction getSignatureActionThatSignsATimestamp(
         List<HandlerAction> actions, RequestData reqData
     ) {
@@ -262,18 +262,18 @@ public abstract class WSHandler {
             if (action.getAction() == WSConstants.TS) {
                 return null;
             } else if (action.getAction() == WSConstants.SIGN) {
-                if (action.getActionToken() != null 
+                if (action.getActionToken() != null
                     && ((SignatureEncryptionActionToken)action.getActionToken()).getParts() != null) {
-                    for (WSEncryptionPart encP 
+                    for (WSEncryptionPart encP
                         : ((SignatureEncryptionActionToken)action.getActionToken()).getParts()) {
-                        if (WSConstants.WSU_NS.equals(encP.getNamespace()) 
+                        if (WSConstants.WSU_NS.equals(encP.getNamespace())
                             && "Timestamp".equals(encP.getName())) {
                             return action;
                         }
                     }
                 } else {
                     for (WSEncryptionPart encP : reqData.getSignatureToken().getParts()) {
-                        if (WSConstants.WSU_NS.equals(encP.getNamespace()) 
+                        if (WSConstants.WSU_NS.equals(encP.getNamespace())
                             && "Timestamp".equals(encP.getName())) {
                             return action;
                         }
@@ -292,9 +292,9 @@ public abstract class WSHandler {
             wssConfig = WSSConfig.getNewInstance();
             reqData.setWssConfig(wssConfig);
         }
-        
+
         Object mc = reqData.getMsgContext();
-        boolean enableSigConf = 
+        boolean enableSigConf =
             decodeBooleanConfigValue(mc, WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, false);
         reqData.setEnableSignatureConfirmation(
             enableSigConf || actions.contains(WSConstants.SC)
@@ -303,12 +303,12 @@ public abstract class WSHandler {
             decodeBooleanConfigValue(mc, WSHandlerConstants.TIMESTAMP_STRICT, true)
         );
         reqData.setRequiredPasswordType(decodePasswordType(reqData));
-            
+
         reqData.setTimeStampTTL(decodeTimeToLive(reqData, true));
         reqData.setTimeStampFutureTTL(decodeFutureTimeToLive(reqData, true));
         reqData.setUtTTL(decodeTimeToLive(reqData, false));
         reqData.setUtFutureTTL(decodeFutureTimeToLive(reqData, false));
-        
+
         reqData.setHandleCustomPasswordTypes(
             decodeBooleanConfigValue(mc, WSHandlerConstants.HANDLE_CUSTOM_PASSWORD_TYPES, false)
         );
@@ -324,13 +324,13 @@ public abstract class WSHandler {
         reqData.setValidateSamlSubjectConfirmation(
             decodeBooleanConfigValue(mc, WSHandlerConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, true)
         );
-        
-        boolean bspCompliant = 
+
+        boolean bspCompliant =
             decodeBooleanConfigValue(mc, WSHandlerConstants.IS_BSP_COMPLIANT, true);
         if (!bspCompliant) {
             reqData.setDisableBSPEnforcement(true);
         }
-        
+
         // Load CallbackHandler
         if (reqData.getCallbackHandler() == null) {
             CallbackHandler passwordCallbackHandler = getPasswordCallbackHandler(reqData);
@@ -341,7 +341,7 @@ public abstract class WSHandler {
             || actions.contains(WSConstants.ST_UNSIGNED)) {
             decodeSignatureParameter2(reqData);
         }
-        
+
         if (actions.contains(WSConstants.ENCR)) {
             decodeDecryptionParameter(reqData);
         }
@@ -367,7 +367,7 @@ public abstract class WSHandler {
                 if (act == WSConstants.SC || act == WSConstants.BST) {
                     continue;
                 }
-                
+
                 if (ai >= size || actions.get(ai++) != act) {
                     return false;
                 }
@@ -380,7 +380,7 @@ public abstract class WSHandler {
 
         return true;
     }
-    
+
     protected boolean checkReceiverResultsAnyOrder(
         List<WSSecurityEngineResult> wsResult, List<Integer> actions
     ) {
@@ -388,7 +388,7 @@ public abstract class WSHandler {
         for (Integer action : actions) {
             recordedActions.add(action);
         }
-        
+
         for (WSSecurityEngineResult result : wsResult) {
             final Integer actInt = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
             if (actInt != null) {
@@ -400,8 +400,8 @@ public abstract class WSHandler {
                         || ((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)).isEmpty())) {
                     continue;
                 }
-                    
-                
+
+
                 if (!recordedActions.remove(actInt)) {
                     return false;
                 }
@@ -426,33 +426,33 @@ public abstract class WSHandler {
         //
         // First get all Signature values stored during sending the request
         //
-        Set<Integer> savedSignatures = 
+        Set<Integer> savedSignatures =
             (Set<Integer>) getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
         //
         // Now get all results that hold a SignatureConfirmation element from
         // the current run of receiver (we can have more than one run: if we
         // have several security header blocks with different actors/roles)
         //
-        List<WSSecurityEngineResult> sigConf = 
+        List<WSSecurityEngineResult> sigConf =
             handlerResults.getActionResults().get(WSConstants.SC);
         //
         // now loop over all SignatureConfirmation results and check:
         // - if there is a signature value and no Signature value generated in request: error
         // - if there is a signature value and no matching Signature value found: error
-        // 
+        //
         //  If a matching value found: remove from vector of stored signature values
         //
         if (sigConf != null) {
             for (WSSecurityEngineResult result : sigConf) {
-                SignatureConfirmation sc = 
+                SignatureConfirmation sc =
                     (SignatureConfirmation)result.get(
                         WSSecurityEngineResult.TAG_SIGNATURE_CONFIRMATION
                     );
-    
+
                 if (sc != null && sc.getSignatureValue() != null) {
                     if (savedSignatures == null || savedSignatures.size() == 0) {
                         //
-                        // If there are no stored signature values, and we've received a 
+                        // If there are no stored signature values, and we've received a
                         // SignatureConfirmation element then throw an Exception
                         //
                         if (sc.getSignatureValue().length != 0) {
@@ -470,7 +470,7 @@ public abstract class WSHandler {
                                 new Object[] {"Received a SignatureConfirmation element, but there are no matching"
                                 + " stored signature values"}
                             );
-                        } 
+                        }
                     }
                 }
             }
@@ -486,11 +486,11 @@ public abstract class WSHandler {
             );
         }
     }
-    
-    protected void decodeUTParameter(RequestData reqData) 
+
+    protected void decodeUTParameter(RequestData reqData)
         throws WSSecurityException {
         Object mc = reqData.getMsgContext();
-        
+
         String type = getString(WSHandlerConstants.PASSWORD_TYPE, mc);
         if (type != null) {
             if (WSConstants.PW_TEXT.equals(type)) {
@@ -504,21 +504,21 @@ public abstract class WSHandler {
                         "empty", new Object[] {"Unknown password type encoding: " + type});
             }
         }
-        
-        boolean addNonce = 
+
+        boolean addNonce =
             decodeBooleanConfigValue(mc, WSHandlerConstants.ADD_USERNAMETOKEN_NONCE, false);
         reqData.setAddUsernameTokenNonce(addNonce);
-        
-        boolean addCreated = 
+
+        boolean addCreated =
             decodeBooleanConfigValue(mc, WSHandlerConstants.ADD_USERNAMETOKEN_CREATED, false);
         reqData.setAddUsernameTokenCreated(addCreated);
-        
+
         String derivedMAC = getString(WSHandlerConstants.USE_DERIVED_KEY_FOR_MAC, mc);
         boolean useDerivedKeyForMAC = Boolean.parseBoolean(derivedMAC);
         if (useDerivedKeyForMAC) {
             reqData.setUseDerivedKeyForMAC(useDerivedKeyForMAC);
         }
-        
+
         String iterations = getString(WSHandlerConstants.DERIVED_KEY_ITERATIONS, mc);
         if (iterations != null) {
             int iIterations = Integer.parseInt(iterations);
@@ -528,7 +528,7 @@ public abstract class WSHandler {
 
     // Convert various Signature configuration into a single SignatureActionToken to be set on
     // the RequestData object
-    protected void decodeSignatureParameter(RequestData reqData) 
+    protected void decodeSignatureParameter(RequestData reqData)
         throws WSSecurityException {
         Object mc = reqData.getMsgContext();
         String signatureUser = getString(WSHandlerConstants.SIGNATURE_USER, mc);
@@ -538,13 +538,13 @@ public abstract class WSHandler {
             actionToken = new SignatureActionToken();
             reqData.setSignatureToken(actionToken);
         }
-        
+
         if (signatureUser != null) {
             actionToken.setUser(signatureUser);
         } else {
             actionToken.setUser(reqData.getUsername());
         }
-        
+
         String keyId = getString(WSHandlerConstants.SIG_KEY_ID, mc);
         if (keyId != null) {
             Integer id = WSHandlerConstants.getKeyIdentifier(keyId);
@@ -571,16 +571,16 @@ public abstract class WSHandler {
         }
         String algo = getString(WSHandlerConstants.SIG_ALGO, mc);
         actionToken.setSignatureAlgorithm(algo);
-        
+
         String derivedKeyReference = getString(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, mc);
         actionToken.setDerivedKeyTokenReference(derivedKeyReference);
-        
+
         String derivedKeyIdentifier = getString(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, mc);
         if (derivedKeyIdentifier != null) {
             Integer id = WSHandlerConstants.getKeyIdentifier(derivedKeyIdentifier);
             actionToken.setDerivedKeyIdentifier(id);
         }
-        
+
         String derivedKeyLength = getString(WSHandlerConstants.DERIVED_SIGNATURE_KEY_LENGTH, mc);
         if (derivedKeyLength != null) {
             try {
@@ -592,14 +592,14 @@ public abstract class WSHandler {
                 LOG.warn("Error in configuring a derived key length: " + e.getMessage());
             }
         }
-        
+
         String digestAlgo = getString(WSHandlerConstants.SIG_DIGEST_ALGO, mc);
         actionToken.setDigestAlgorithm(digestAlgo);
-        
+
         String c14nAlgo = getString(WSHandlerConstants.SIG_C14N_ALGO, mc);
         actionToken.setC14nAlgorithm(c14nAlgo);
-        
-        boolean use200512Namespace = 
+
+        boolean use200512Namespace =
             decodeBooleanConfigValue(mc, WSHandlerConstants.USE_2005_12_NAMESPACE, true);
         reqData.setUse200512Namespace(use200512Namespace);
 
@@ -611,12 +611,12 @@ public abstract class WSHandler {
         if (parts != null) {
             splitEncParts(false, parts, actionToken.getParts(), reqData);
         }
-        
-        boolean useSingleCert = 
+
+        boolean useSingleCert =
             decodeBooleanConfigValue(mc, WSHandlerConstants.USE_SINGLE_CERTIFICATE, true);
         actionToken.setUseSingleCert(useSingleCert);
-        
-        boolean includeToken = 
+
+        boolean includeToken =
             decodeBooleanConfigValue(mc, WSHandlerConstants.INCLUDE_SIGNATURE_TOKEN, false);
         actionToken.setIncludeToken(includeToken);
     }
@@ -626,9 +626,9 @@ public abstract class WSHandler {
         if (mc == null || reqData.getAlgorithmSuite() != null) {
             return;
         }
-        
+
         AlgorithmSuite algorithmSuite = new AlgorithmSuite();
-        
+
         String signatureAlgorithm = getString(WSHandlerConstants.SIG_ALGO, mc);
         if (signatureAlgorithm != null && !"".equals(signatureAlgorithm)) {
             algorithmSuite.addSignatureMethod(signatureAlgorithm);
@@ -637,7 +637,7 @@ public abstract class WSHandler {
         if (signatureDigestAlgorithm != null && !"".equals(signatureDigestAlgorithm)) {
             algorithmSuite.addDigestAlgorithm(signatureDigestAlgorithm);
         }
-        
+
         String encrAlgorithm = getString(WSHandlerConstants.ENC_SYM_ALGO, mc);
         if (encrAlgorithm != null && !"".equals(encrAlgorithm)) {
             algorithmSuite.addEncryptionMethod(encrAlgorithm);
@@ -646,13 +646,13 @@ public abstract class WSHandler {
         if (transportAlgorithm != null && !"".equals(transportAlgorithm)) {
             algorithmSuite.addKeyWrapAlgorithm(transportAlgorithm);
         }
-        
+
         reqData.setAlgorithmSuite(algorithmSuite);
     }
-    
+
     // Convert various Encryption configuration into a single EncryptionActionToken to be set on
     // the RequestData object
-    protected void decodeEncryptionParameter(RequestData reqData) 
+    protected void decodeEncryptionParameter(RequestData reqData)
         throws WSSecurityException {
         Object mc = reqData.getMsgContext();
 
@@ -691,19 +691,19 @@ public abstract class WSHandler {
         String encSymAlgo = getString(WSHandlerConstants.ENC_SYM_ALGO, mc);
         actionToken.setSymmetricAlgorithm(encSymAlgo);
 
-        String encKeyTransport = 
+        String encKeyTransport =
             getString(WSHandlerConstants.ENC_KEY_TRANSPORT, mc);
         actionToken.setKeyTransportAlgorithm(encKeyTransport);
-        
+
         String derivedKeyReference = getString(WSHandlerConstants.DERIVED_TOKEN_REFERENCE, mc);
         actionToken.setDerivedKeyTokenReference(derivedKeyReference);
-        
+
         String derivedKeyIdentifier = getString(WSHandlerConstants.DERIVED_TOKEN_KEY_ID, mc);
         if (derivedKeyIdentifier != null) {
             Integer id = WSHandlerConstants.getKeyIdentifier(derivedKeyIdentifier);
             actionToken.setDerivedKeyIdentifier(id);
         }
-        
+
         String derivedKeyLength = getString(WSHandlerConstants.DERIVED_ENCRYPTION_KEY_LENGTH, mc);
         if (derivedKeyLength != null) {
             try {
@@ -715,27 +715,27 @@ public abstract class WSHandler {
                 LOG.warn("Error in configuring a derived key length: " + e.getMessage());
             }
         }
-        
-        boolean use200512Namespace = 
+
+        boolean use200512Namespace =
             decodeBooleanConfigValue(mc, WSHandlerConstants.USE_2005_12_NAMESPACE, true);
         reqData.setUse200512Namespace(use200512Namespace);
-        
-        boolean getSecretKeyFromCallbackHandler = 
+
+        boolean getSecretKeyFromCallbackHandler =
             decodeBooleanConfigValue(mc, WSHandlerConstants.GET_SECRET_KEY_FROM_CALLBACK_HANDLER, false);
         actionToken.setGetSymmetricKeyFromCallbackHandler(getSecretKeyFromCallbackHandler);
-        
+
         String digestAlgo = getString(WSHandlerConstants.ENC_DIGEST_ALGO, mc);
         actionToken.setDigestAlgorithm(digestAlgo);
 
         String mgfAlgo = getString(WSHandlerConstants.ENC_MGF_ALGO, mc);
         actionToken.setMgfAlgorithm(mgfAlgo);
-        
+
         String encSymEncKey = getString(WSHandlerConstants.ENC_SYM_ENC_KEY, mc);
         if (encSymEncKey != null) {
             boolean encSymEndKeyBoolean = Boolean.parseBoolean(encSymEncKey);
             actionToken.setEncSymmetricEncryptionKey(encSymEndKeyBoolean);
         }
-        
+
         String encUser = getString(WSHandlerConstants.ENCRYPTION_USER, mc);
         if (encUser != null) {
             actionToken.setUser(encUser);
@@ -744,7 +744,7 @@ public abstract class WSHandler {
         }
         if (actionToken.isEncSymmetricEncryptionKey() && actionToken.getUser() == null) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
-                    "empty", 
+                    "empty",
                     new Object[] {"WSHandler: Encryption: no username"});
         }
 
@@ -758,8 +758,8 @@ public abstract class WSHandler {
         if (encParts != null) {
             splitEncParts(false, encParts, actionToken.getParts(), reqData);
         }
-        
-        boolean includeToken = 
+
+        boolean includeToken =
             decodeBooleanConfigValue(mc, WSHandlerConstants.INCLUDE_ENCRYPTION_TOKEN, false);
         actionToken.setIncludeToken(includeToken);
     }
@@ -788,9 +788,9 @@ public abstract class WSHandler {
         }
         return defaultTimeToLive;
     }
-    
+
     /**
-     * Decode the FutureTimeToLive parameter for either a Timestamp or a UsernameToken Created 
+     * Decode the FutureTimeToLive parameter for either a Timestamp or a UsernameToken Created
      * element, depending on the boolean argument
      */
     protected int decodeFutureTimeToLive(RequestData reqData, boolean timestamp) {
@@ -813,7 +813,7 @@ public abstract class WSHandler {
         }
         return defaultFutureTimeToLive;
     }
-    
+
     protected String decodePasswordType(RequestData reqData) throws WSSecurityException {
         String type = getString(WSHandlerConstants.PASSWORD_TYPE, reqData.getMsgContext());
         if (type != null) {
@@ -825,7 +825,7 @@ public abstract class WSHandler {
         }
         return null;
     }
-    
+
     protected boolean decodeBooleanConfigValue(
         Object messageContext, String configTag, boolean defaultToTrue
     ) throws WSSecurityException {
@@ -837,7 +837,7 @@ public abstract class WSHandler {
         }
         if ("0".equals(value) || "false".equals(value)) {
             return false;
-        } 
+        }
         if ("1".equals(value) || "true".equals(value)) {
             return true;
         }
@@ -847,77 +847,77 @@ public abstract class WSHandler {
                 new Object[] {"WSHandler: illegal " + configTag + " parameter"}
         );
     }
-    
+
     /**
      * Hook to allow subclasses to load their Signature creation Crypto however they see
-     * fit. 
-     * 
+     * fit.
+     *
      * @param requestData the RequestData object
      * @return a Crypto instance to use for Signature creation
      */
     public Crypto loadSignatureCrypto(RequestData requestData) throws WSSecurityException {
-        return 
+        return
             loadCrypto(
                 WSHandlerConstants.SIG_PROP_FILE,
                 WSHandlerConstants.SIG_PROP_REF_ID,
                 requestData
             );
     }
-    
+
     /**
      * Hook to allow subclasses to load their Signature verification Crypto however they see
-     * fit. 
-     * 
+     * fit.
+     *
      * @param requestData the RequestData object
      * @return a Crypto instance to use for Signature verification
      */
-    public Crypto loadSignatureVerificationCrypto(RequestData requestData) 
+    public Crypto loadSignatureVerificationCrypto(RequestData requestData)
         throws WSSecurityException {
-        return 
+        return
             loadCrypto(
                 WSHandlerConstants.SIG_VER_PROP_FILE,
                 WSHandlerConstants.SIG_VER_PROP_REF_ID,
                 requestData
             );
     }
-    
+
     /**
      * Hook to allow subclasses to load their Decryption Crypto however they see
-     * fit. 
-     * 
+     * fit.
+     *
      * @param requestData the RequestData object
      * @return a Crypto instance to use for Decryption creation/verification
      */
     protected Crypto loadDecryptionCrypto(RequestData requestData) throws WSSecurityException {
-        return 
+        return
             loadCrypto(
                 WSHandlerConstants.DEC_PROP_FILE,
                 WSHandlerConstants.DEC_PROP_REF_ID,
                 requestData
             );
     }
-    
+
     /**
      * Hook to allow subclasses to load their Encryption Crypto however they see
-     * fit. 
-     * 
+     * fit.
+     *
      * @param requestData the RequestData object
      * @return a Crypto instance to use for Encryption creation/verification
      */
     protected Crypto loadEncryptionCrypto(RequestData requestData) throws WSSecurityException {
-        return 
+        return
             loadCrypto(
                 WSHandlerConstants.ENC_PROP_FILE,
                 WSHandlerConstants.ENC_PROP_REF_ID,
                 requestData
             );
     }
-    
+
     /**
      * Load a Crypto instance. Firstly, it tries to use the cryptoPropertyRefId tag to retrieve
-     * a Crypto object via a custom reference Id. Failing this, it tries to load the crypto 
+     * a Crypto object via a custom reference Id. Failing this, it tries to load the crypto
      * instance via the cryptoPropertyFile tag.
-     * 
+     *
      * @param requestData the RequestData object
      * @return a Crypto instance to use for Encryption creation/verification
      */
@@ -928,7 +928,7 @@ public abstract class WSHandler {
     ) throws WSSecurityException {
         Object mc = requestData.getMsgContext();
         Crypto crypto = null;
-        
+
         //
         // Try the Property Ref Id first
         //
@@ -953,7 +953,7 @@ public abstract class WSHandler {
                 );
             }
         }
-        
+
         //
         // Now try loading the properties file
         //
@@ -971,7 +971,7 @@ public abstract class WSHandler {
                          + cryptoPropertyFile + " could not be loaded or found"
                     );
                 }
-            } 
+            }
         }
 
         return crypto;
@@ -985,22 +985,22 @@ public abstract class WSHandler {
      * @return A Crypto instance that has been loaded
      */
     protected Crypto loadCryptoFromPropertiesFile(
-        String propFilename, 
+        String propFilename,
         RequestData reqData
     ) throws WSSecurityException {
         ClassLoader classLoader = this.getClassLoader(reqData.getMsgContext());
         Properties properties = CryptoFactory.getProperties(propFilename, classLoader);
-        return 
+        return
             CryptoFactory.getInstance(
                 properties, classLoader, getPasswordEncryptor(reqData)
             );
     }
 
     /**
-     * Get a CallbackHandler instance. First try to get an instance via the 
-     * callbackHandlerRef on the message context. Failing that, try to load a new 
+     * Get a CallbackHandler instance. First try to get an instance via the
+     * callbackHandlerRef on the message context. Failing that, try to load a new
      * instance of the CallbackHandler via the callbackHandlerClass argument.
-     * 
+     *
      * @param callbackHandlerClass The class name of the CallbackHandler instance
      * @param callbackHandlerRef The reference name of the CallbackHandler instance
      * @param requestData The RequestData which supplies the message context
@@ -1025,23 +1025,23 @@ public abstract class WSHandler {
         }
         return cbHandler;
     }
-    
+
     /**
      * Get a CallbackHandler instance to obtain passwords.
      * @param reqData The RequestData which supplies the message context
      * @return the CallbackHandler instance to obtain passwords.
      * @throws WSSecurityException
      */
-    public CallbackHandler getPasswordCallbackHandler(RequestData reqData) 
+    public CallbackHandler getPasswordCallbackHandler(RequestData reqData)
         throws WSSecurityException {
-        return 
+        return
             getCallbackHandler(
                 WSHandlerConstants.PW_CALLBACK_CLASS,
                 WSHandlerConstants.PW_CALLBACK_REF,
                 reqData
             );
     }
-    
+
     /**
      * Load a CallbackHandler instance.
      * @param callbackHandlerClass The class name of the CallbackHandler instance
@@ -1057,14 +1057,14 @@ public abstract class WSHandler {
         Class<? extends CallbackHandler> cbClass = null;
         CallbackHandler cbHandler = null;
         try {
-            cbClass = 
-                Loader.loadClass(getClassLoader(requestData.getMsgContext()), 
+            cbClass =
+                Loader.loadClass(getClassLoader(requestData.getMsgContext()),
                                  callbackHandlerClass,
                                  CallbackHandler.class);
         } catch (ClassNotFoundException e) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e,
                     "empty",
-                    new Object[] {"WSHandler: cannot load callback handler class: " 
+                    new Object[] {"WSHandler: cannot load callback handler class: "
                     + callbackHandlerClass}
             );
         }
@@ -1073,14 +1073,14 @@ public abstract class WSHandler {
         } catch (Exception e) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e,
                     "empty",
-                    new Object[] {"WSHandler: cannot create instance of callback handler: " 
+                    new Object[] {"WSHandler: cannot create instance of callback handler: "
                     + callbackHandlerClass
                     }
             );
         }
         return cbHandler;
     }
-    
+
     protected PasswordEncryptor getPasswordEncryptor(RequestData requestData) {
         PasswordEncryptor passwordEncryptor = requestData.getPasswordEncryptor();
         if (passwordEncryptor == null) {
@@ -1102,10 +1102,10 @@ public abstract class WSHandler {
                 passwordEncryptor = new JasyptPasswordEncryptor(callbackHandler);
             }
         }
-        
+
         return passwordEncryptor;
     }
-    
+
     /**
      * Get a password callback (WSPasswordCallback object) from a CallbackHandler instance
      * @param username The username to supply to the CallbackHandler
@@ -1121,8 +1121,8 @@ public abstract class WSHandler {
          CallbackHandler callbackHandler,
          RequestData requestData
     ) throws WSSecurityException {
-        
-        if (callbackHandler != null) { 
+
+        if (callbackHandler != null) {
             return performPasswordCallback(callbackHandler, username, doAction);
         } else {
             //
@@ -1133,7 +1133,7 @@ public abstract class WSHandler {
             if (password == null) {
                 String err = "provided null or empty password";
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
-                        "empty", 
+                        "empty",
                         new Object[] {"WSHandler: application " + err});
             }
             WSPasswordCallback pwCb = constructPasswordCallback(username, doAction);
@@ -1252,7 +1252,7 @@ public abstract class WSHandler {
                 encPart = new WSEncryptionPart(element, nmSpace, mode);
             } else {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
-                        "empty", 
+                        "empty",
                         new Object[] {"WSHandler: wrong part definition: " + tmpS});
             }
             encPart.setRequired(required);
@@ -1263,11 +1263,11 @@ public abstract class WSHandler {
     @SuppressWarnings("unchecked")
     private void handleSpecialUser(RequestData reqData) {
         EncryptionActionToken actionToken = reqData.getEncryptionToken();
-        if (actionToken == null 
+        if (actionToken == null
             || !WSHandlerConstants.USE_REQ_SIG_CERT.equals(actionToken.getUser())) {
             return;
         }
-        List<WSHandlerResult> results = 
+        List<WSHandlerResult> results =
             (List<WSHandlerResult>) getProperty(
                 reqData.getMsgContext(), WSHandlerConstants.RECV_RESULTS
             );
@@ -1292,7 +1292,7 @@ public abstract class WSHandler {
             for (WSSecurityEngineResult wser : wsSecEngineResults) {
                 Integer wserAction = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
                 if (wserAction != null && wserAction.intValue() == WSConstants.SIGN) {
-                    X509Certificate cert = 
+                    X509Certificate cert =
                         (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
                     actionToken.setCertificate(cert);
                     return;
@@ -1301,7 +1301,7 @@ public abstract class WSHandler {
         }
     }
 
-    protected void decodeSignatureParameter2(RequestData reqData) 
+    protected void decodeSignatureParameter2(RequestData reqData)
         throws WSSecurityException {
         if (reqData.getSigVerCrypto() == null) {
             reqData.setSigVerCrypto(loadSignatureVerificationCrypto(reqData));
@@ -1309,18 +1309,18 @@ public abstract class WSHandler {
         if (reqData.getSigVerCrypto() == null) {
             reqData.setSigVerCrypto(loadSignatureCrypto(reqData));
         }
-        boolean enableRevocation = 
+        boolean enableRevocation =
             decodeBooleanConfigValue(
                 reqData.getMsgContext(), WSHandlerConstants.ENABLE_REVOCATION, false
             );
         reqData.setEnableRevocation(enableRevocation);
-        
-        String certConstraints = 
+
+        String certConstraints =
             getString(WSHandlerConstants.SIG_SUBJECT_CERT_CONSTRAINTS, reqData.getMsgContext());
         if (certConstraints != null) {
             String[] certConstraintsList = certConstraints.split(",");
             if (certConstraintsList != null) {
-                Collection<Pattern> subjectCertConstraints = 
+                Collection<Pattern> subjectCertConstraints =
                     new ArrayList<>(certConstraintsList.length);
                 for (String certConstraint : certConstraintsList) {
                     try {
@@ -1333,8 +1333,8 @@ public abstract class WSHandler {
                 reqData.setSubjectCertConstraints(subjectCertConstraints);
             }
         }
-        
-        boolean expandXOP = 
+
+        boolean expandXOP =
             decodeBooleanConfigValue(
                 reqData.getMsgContext(), WSHandlerConstants.EXPAND_XOP_INCLUDE_FOR_SIGNATURE, true
             );
@@ -1345,15 +1345,15 @@ public abstract class WSHandler {
      * Set and check the decryption specific parameters, if necessary
      * take over signature crypto instance.
      */
-    protected void decodeDecryptionParameter(RequestData reqData) 
+    protected void decodeDecryptionParameter(RequestData reqData)
         throws WSSecurityException {
         if (reqData.getDecCrypto() == null) {
             reqData.setDecCrypto(loadDecryptionCrypto(reqData));
         }
-        
-        boolean allowRsa15 = 
+
+        boolean allowRsa15 =
             decodeBooleanConfigValue(
-                reqData.getMsgContext(), WSHandlerConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, 
+                reqData.getMsgContext(), WSHandlerConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM,
                 false
             );
         reqData.setAllowRSA15KeyTransportAlgorithm(allowRsa15);
@@ -1364,11 +1364,11 @@ public abstract class WSHandler {
      * there, via {@link #getProperty(Object, String)}
      *
      * @param key the key to search for. May not be null.
-     * @param mc the message context to search. 
+     * @param mc the message context to search.
      * @return the value found.
      * @throws IllegalArgumentException if <code>key</code> is null.
      */
-    public String getString(String key, Object mc) { 
+    public String getString(String key, Object mc) {
         if (key == null) {
             throw new IllegalArgumentException("Key cannot be null");
         }
@@ -1401,7 +1401,7 @@ public abstract class WSHandler {
 
     /**
      * Returns the classloader to be used for loading the callback class
-     * @param msgCtx The MessageContext 
+     * @param msgCtx The MessageContext
      * @return class loader
      */
     public ClassLoader getClassLoader(Object msgCtx) {
@@ -1415,7 +1415,7 @@ public abstract class WSHandler {
     public abstract Object getOption(String key);
     public abstract Object getProperty(Object msgContext, String key);
 
-    public abstract void setProperty(Object msgContext, String key, 
+    public abstract void setProperty(Object msgContext, String key,
             Object value);
 
 

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java?rev=1720192&r1=1720191&r2=1720192&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerConstants.java Tue Dec 15 16:40:37 2015
@@ -30,11 +30,11 @@ import java.util.Map;
  * data of the WS handler.
  */
 public final class WSHandlerConstants extends ConfigurationConstants {
-    
+
     private WSHandlerConstants() {
         super();
     }
-    
+
     /**
      * Perform no action.
      */
@@ -43,19 +43,19 @@ public final class WSHandlerConstants ex
     /**
      * This is an alternative to specifying an "action" String. This Object should be a
      * list of HandlerAction objects, which associate an "action" Integer with a corresponding
-     * SecurityActionToken object. This allows for more control over keys etc. used for 
+     * SecurityActionToken object. This allows for more control over keys etc. used for
      * different actions.
      */
     public static final String HANDLER_ACTIONS = "handlerActions";
-    
+
     /**
      * Set the value of this parameter to true to treat passwords as binary values
      * for Username Tokens. The default value is "false".
-     * 
+     *
      * This is needed to properly handle password equivalence for UsernameToken
-     * passwords.  Binary passwords are Base64 encoded so they can be treated as 
+     * passwords.  Binary passwords are Base64 encoded so they can be treated as
      * strings in most places, but when the password digest is calculated or a key
-     * is derived from the password, the password will be Base64 decoded before 
+     * is derived from the password, the password will be Base64 decoded before
      * being used. This is most useful for hashed passwords as password equivalents.
      */
     public static final String USE_ENCODED_PASSWORDS = "useEncodedPasswords";
@@ -63,20 +63,20 @@ public final class WSHandlerConstants ex
     //
     // Internal storage constants
     //
-    
+
     /**
      * The WSHandler stores a result <code>List</code> in this property.
      */
     public static final String RECV_RESULTS = "RECV_RESULTS";
-    
+
     /**
      * internally used property names to store values inside the message context
      * that must have the same lifetime as a message (request/response model).
      */
     public static final String SEND_SIGV = "_sendSignatureValues_";
-    
+
     /**
-     * 
+     *
      */
     public static final String SIG_CONF_DONE = "_sigConfDone_";
 
@@ -109,7 +109,7 @@ public final class WSHandlerConstants ex
         keyIdentifier.put("EncryptedKeySHA1", WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
         keyIdentifier.put("KeyValue", WSConstants.KEY_VALUE);
     }
-    
+
     /**
      * Get the key identifier type corresponding to the parameter. This is intended for internal
      * use only. Valid values for "parameter" are:
@@ -121,7 +121,7 @@ public final class WSHandlerConstants ex
      *  - "KeyValue"
      *  - "EmbeddedKeyName"
      *  - "EncryptedKeySHA1"
-     * 
+     *
      * @param parameter
      * @return the key identifier type corresponding to the parameter
      */

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerResult.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerResult.java?rev=1720192&r1=1720191&r2=1720192&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerResult.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandlerResult.java Tue Dec 15 16:40:37 2015
@@ -33,7 +33,7 @@ public class WSHandlerResult {
      * constructor
      * @param actor
      * @param results
-     */ 
+     */
     public WSHandlerResult(String actor, List<WSSecurityEngineResult> results,
                            Map<Integer, List<WSSecurityEngineResult>> actionResults) {
         this.actor = actor;
@@ -56,7 +56,7 @@ public class WSHandlerResult {
     public List<WSSecurityEngineResult> getResults() {
         return wsSecurityResults;
     }
-    
+
     public Map<Integer, List<WSSecurityEngineResult>> getActionResults() {
         return actionResults;
     }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java?rev=1720192&r1=1720191&r2=1720192&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java Tue Dec 15 16:40:37 2015
@@ -51,17 +51,17 @@ public class WSSecBase {
     private WsuIdAllocator idAllocator;
     private final List<WSEncryptionPart> parts = new ArrayList<>();
 
-    
+
     public WSSecBase() {
     }
-    
+
     /**
      * @param callbackLookup The CallbackLookup object to retrieve elements
      */
     public void setCallbackLookup(CallbackLookup callbackLookup) {
         this.callbackLookup = callbackLookup;
     }
-    
+
     /**
      * Get which parts of the message to encrypt/sign.
      */
@@ -70,15 +70,15 @@ public class WSSecBase {
     }
 
     /**
-     * Sets which key identifier to use. 
-     * 
-     * <p/> 
-     * 
+     * Sets which key identifier to use.
+     *
+     * <p/>
+     *
      * Defines the key identifier type to
      * use in the {@link WSSecSignature#prepare(Document, Crypto, WSSecHeader) method} or
      * the {@link WSSecEncrypt#prepare(Document, Crypto) method} function to
      * set up the key identification elements.
-     * 
+     *
      * @param keyIdType
      * @see WSConstants#ISSUER_SERIAL
      * @see WSConstants#BST_DIRECT_REFERENCE
@@ -93,7 +93,7 @@ public class WSSecBase {
 
     /**
      * Gets the value of the <code>keyIdentifierType</code>.
-     * 
+     *
      * @return The <code>keyIdentifyerType</code>.
      * @see WSConstants#ISSUER_SERIAL
      * @see WSConstants#BST_DIRECT_REFERENCE
@@ -107,7 +107,7 @@ public class WSSecBase {
     public void setAttachmentCallbackHandler(CallbackHandler attachmentCallbackHandler) {
         this.attachmentCallbackHandler = attachmentCallbackHandler;
     }
-    
+
     public void setStoreBytesInAttachment(boolean storeBytesInAttachment) {
         this.storeBytesInAttachment = storeBytesInAttachment;
     }
@@ -117,7 +117,7 @@ public class WSSecBase {
      * <code>wsu:Id</code> in the SOAP body element. If one is found, the
      * value of the <code>wsu:Id</code> attribute is returned. Otherwise the
      * method generates a new <code>wsu:Id</code> and an appropriate value.
-     * 
+     *
      * @param doc The SOAP envelope as <code>Document</code>
      * @return The value of the <code>wsu:Id</code> attribute of the SOAP body
      * @throws Exception
@@ -157,7 +157,7 @@ public class WSSecBase {
                 id = bodyElement.getAttributeNS(null, "ID");
             }
         }
-        
+
         if (id == null || id.length() == 0) {
             id = getIdAllocator().createId("id-", bodyElement);
             String prefix = XMLUtils.setNamespace(bodyElement, newAttrNs, newAttrPrefix);
@@ -165,12 +165,12 @@ public class WSSecBase {
         }
         return id;
     }
-    
+
     /**
-     * Set the user and password info. 
-     * 
+     * Set the user and password info.
+     *
      * Both information is used to get the user's private signing key.
-     * 
+     *
      * @param user
      *            This is the user's alias name in the keystore that identifies
      *            the private key to sign the document
@@ -193,5 +193,5 @@ public class WSSecBase {
     public void setIdAllocator(WsuIdAllocator idAllocator) {
         this.idAllocator = idAllocator;
     }
-    
+
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java?rev=1720192&r1=1720191&r2=1720192&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKEncrypt.java Tue Dec 15 16:40:37 2015
@@ -47,7 +47,7 @@ public class WSSecDKEncrypt extends WSSe
     private int derivedKeyLength = -1;
 
     private List<Element> attachmentEncryptedDataElements;
-    
+
     public WSSecDKEncrypt() {
         super();
     }
@@ -60,7 +60,7 @@ public class WSSecDKEncrypt extends WSSe
     }
 
     public Document build(Document doc, WSSecHeader secHeader) throws WSSecurityException {
-        
+
         //
         // Setup the encrypted key
         //
@@ -69,7 +69,7 @@ public class WSSecDKEncrypt extends WSSe
         // prepend elements in the right order to the security header
         //
         prependDKElementToHeader(secHeader);
-                
+
         Element externRefList = encrypt();
 
         addAttachmentEncryptedDataElements(secHeader);
@@ -78,7 +78,7 @@ public class WSSecDKEncrypt extends WSSe
 
         return doc;
     }
-    
+
     public void addAttachmentEncryptedDataElements(WSSecHeader secHeader) {
         if (attachmentEncryptedDataElements != null) {
             for (int i = 0; i < attachmentEncryptedDataElements.size(); i++) {
@@ -89,31 +89,31 @@ public class WSSecDKEncrypt extends WSSe
             }
         }
     }
-    
+
     public Element encrypt() throws WSSecurityException {
         if (getParts().isEmpty()) {
             getParts().add(WSSecurityUtil.getDefaultEncryptionPart(document));
         }
-        
+
         return encryptForExternalRef(null, getParts());
     }
 
     /**
      * Encrypt one or more parts or elements of the message (external).
-     * 
+     *
      * This method takes a vector of <code>WSEncryptionPart</code> object that
      * contain information about the elements to encrypt. The method call the
      * encryption method, takes the reference information generated during
      * encryption and add this to the <code>xenc:Reference</code> element.
      * This method can be called after <code>prepare()</code> and can be
      * called multiple times to encrypt a number of parts or elements.
-     * 
+     *
      * The method generates a <code>xenc:Reference</code> element that <i>must</i>
      * be added to the SecurityHeader. See <code>addExternalRefElement()</code>.
-     * 
+     *
      * If the <code>dataRef</code> parameter is <code>null</code> the method
      * creates and initializes a new Reference element.
-     * 
+     *
      * @param dataRef A <code>xenc:Reference</code> element or <code>null</code>
      * @param references A list containing WSEncryptionPart objects
      * @return Returns the updated <code>xenc:Reference</code> element
@@ -121,28 +121,28 @@ public class WSSecDKEncrypt extends WSSe
      */
     public Element encryptForExternalRef(Element dataRef, List<WSEncryptionPart> references)
         throws WSSecurityException {
-        
+
         KeyInfo keyInfo = createKeyInfo();
 
         SecretKey key = getDerivedKey(symEncAlgo);
 
-        List<String> encDataRefs = 
+        List<String> encDataRefs =
             WSSecEncrypt.doEncryption(
-                document, getIdAllocator(), keyInfo, key, symEncAlgo, references, callbackLookup, 
+                document, getIdAllocator(), keyInfo, key, symEncAlgo, references, callbackLookup,
                 attachmentCallbackHandler, attachmentEncryptedDataElements, storeBytesInAttachment
             );
         if (dataRef == null) {
-            dataRef = 
+            dataRef =
                 document.createElementNS(
                     WSConstants.ENC_NS, WSConstants.ENC_PREFIX + ":ReferenceList"
                 );
         }
         return WSSecEncrypt.createDataRefList(document, dataRef, encDataRefs);
     }
-    
+
     /**
      * Create a KeyInfo object
-     * @throws ConversationException 
+     * @throws ConversationException
      */
     private KeyInfo createKeyInfo() throws WSSecurityException {
         KeyInfo keyInfo = new KeyInfo(document);
@@ -150,8 +150,8 @@ public class WSSecDKEncrypt extends WSSe
         secToken.addWSSENamespace();
         Reference ref = new Reference(document);
         ref.setURI("#" + getId());
-        String ns = 
-            ConversationConstants.getWSCNs(getWscVersion()) 
+        String ns =
+            ConversationConstants.getWSCNs(getWscVersion())
                 + ConversationConstants.TOKEN_TYPE_DERIVED_KEY_TOKEN;
         ref.setValueType(ns);
         secToken.setReference(ref);
@@ -161,17 +161,17 @@ public class WSSecDKEncrypt extends WSSe
         keyInfoElement.setAttributeNS(
             WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS
         );
-        
+
         return keyInfo;
     }
-    
+
     /**
      * Adds (prepends) the external Reference element to the Security header.
-     * 
+     *
      * The reference element <i>must</i> be created by the
      * <code>encryptForExternalRef() </code> method. The method adds the
      * reference element in the SecurityHeader.
-     * 
+     *
      * @param referenceList The external <code>enc:Reference</code> element
      * @param secHeader The security header.
      */
@@ -181,8 +181,8 @@ public class WSSecDKEncrypt extends WSSe
             if (node != null && Node.ELEMENT_NODE == node.getNodeType()) {
                 secHeader.getSecurityHeader().insertBefore(referenceList, node);
             } else {
-                // If (at this moment) DerivedKeyToken is the LAST element of 
-                // the security header 
+                // If (at this moment) DerivedKeyToken is the LAST element of
+                // the security header
                 secHeader.getSecurityHeader().appendChild(referenceList);
             }
         }
@@ -198,10 +198,10 @@ public class WSSecDKEncrypt extends WSSe
     }
 
     protected int getDerivedKeyLength() throws WSSecurityException{
-        return derivedKeyLength > 0 ? derivedKeyLength : 
+        return derivedKeyLength > 0 ? derivedKeyLength :
             KeyUtils.getKeyLength(symEncAlgo);
     }
-    
+
     public void setDerivedKeyLength(int keyLength) {
         derivedKeyLength = keyLength;
     }

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java?rev=1720192&r1=1720191&r2=1720192&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecDKSign.java Tue Dec 15 16:40:37 2015
@@ -56,19 +56,19 @@ import org.apache.wss4j.dom.util.WSSecur
  */
 public class WSSecDKSign extends WSSecDerivedKeyBase {
 
-    private static final org.slf4j.Logger LOG = 
+    private static final org.slf4j.Logger LOG =
         org.slf4j.LoggerFactory.getLogger(WSSecDKSign.class);
 
     private String sigAlgo = WSConstants.HMAC_SHA1;
     private String digestAlgo = WSConstants.SHA1;
     private String canonAlgo = WSConstants.C14N_EXCL_OMIT_COMMENTS;
     private byte[] signatureValue;
-    
+
     private String keyInfoUri;
     private SecurityTokenReference secRef;
     private String strUri;
     private WSDocInfo wsDocInfo;
-    
+
     private XMLSignatureFactory signatureFactory;
     private XMLSignature sig;
     private KeyInfo keyInfo;
@@ -81,7 +81,7 @@ public class WSSecDKSign extends WSSecDe
         super();
         init();
     }
-    
+
     private void init() {
         // Try to install the Santuario Provider - fall back to the JDK provider if this does
         // not work
@@ -91,9 +91,9 @@ public class WSSecDKSign extends WSSecDe
             signatureFactory = XMLSignatureFactory.getInstance("DOM");
         }
     }
-    
+
     public Document build(Document doc, WSSecHeader secHeader) throws WSSecurityException {
-        
+
         prepare(doc, secHeader);
         if (getParts().isEmpty()) {
             getParts().add(WSSecurityUtil.getDefaultEncryptionPart(document));
@@ -104,11 +104,11 @@ public class WSSecDKSign extends WSSecDe
                 }
             }
         }
-        
-        List<javax.xml.crypto.dsig.Reference> referenceList = 
+
+        List<javax.xml.crypto.dsig.Reference> referenceList =
             addReferencesToSign(getParts(), secHeader);
         computeSignature(referenceList);
-        
+
         //
         // prepend elements in the right order to the security header
         //
@@ -116,21 +116,21 @@ public class WSSecDKSign extends WSSecDe
 
         return doc;
     }
-    
+
     public void prepare(Document doc, WSSecHeader secHeader) throws WSSecurityException {
         super.prepare(doc);
         wsDocInfo = new WSDocInfo(doc);
         securityHeader = secHeader.getSecurityHeader();
         sig = null;
-        
+
         try {
             C14NMethodParameterSpec c14nSpec = null;
             if (addInclusivePrefixes && canonAlgo.equals(WSConstants.C14N_EXCL_OMIT_COMMENTS)) {
-                List<String> prefixes = 
+                List<String> prefixes =
                     getInclusivePrefixes(secHeader.getSecurityHeader(), false);
                 c14nSpec = new ExcC14NParameterSpec(prefixes);
             }
-            
+
            c14nMethod = signatureFactory.newCanonicalizationMethod(canonAlgo, c14nSpec);
         } catch (Exception ex) {
             LOG.error("", ex);
@@ -140,29 +140,29 @@ public class WSSecDKSign extends WSSecDe
         }
 
         keyInfoUri = getIdAllocator().createSecureId("KI-", keyInfo);
-        
+
         secRef = new SecurityTokenReference(doc);
         strUri = getIdAllocator().createSecureId("STR-", secRef);
         secRef.setID(strUri);
-        
+
         Reference ref = new Reference(document);
         ref.setURI("#" + getId());
-        String ns = 
-            ConversationConstants.getWSCNs(getWscVersion()) 
+        String ns =
+            ConversationConstants.getWSCNs(getWscVersion())
             + ConversationConstants.TOKEN_TYPE_DERIVED_KEY_TOKEN;
         ref.setValueType(ns);
         secRef.setReference(ref);
-        
+
         XMLStructure structure = new DOMStructure(secRef.getElement());
         wsDocInfo.addTokenElement(secRef.getElement(), false);
         KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory();
-        keyInfo = 
+        keyInfo =
             keyInfoFactory.newKeyInfo(
                 java.util.Collections.singletonList(structure), keyInfoUri
             );
-        
+
     }
-    
+
     /**
      * Returns the SignatureElement.
      * The method can be called any time after <code>prepare()</code>.
@@ -174,37 +174,37 @@ public class WSSecDKSign extends WSSecDe
                 securityHeader, WSConstants.SIG_LN, WSConstants.SIG_NS
             );
     }
-    
+
     /**
      * This method adds references to the Signature.
-     * 
+     *
      * @param references The list of references to sign
      * @param secHeader The Security Header
      * @throws WSSecurityException
      */
     public List<javax.xml.crypto.dsig.Reference> addReferencesToSign(
-        List<WSEncryptionPart> references, 
+        List<WSEncryptionPart> references,
         WSSecHeader secHeader
     ) throws WSSecurityException {
-        return 
+        return
             addReferencesToSign(
-                document, 
+                document,
                 references,
                 wsDocInfo,
-                signatureFactory, 
-                secHeader, 
-                addInclusivePrefixes, 
+                signatureFactory,
+                secHeader,
+                addInclusivePrefixes,
                 digestAlgo
             );
     }
-    
+
     /**
      * Compute the Signature over the references.
-     * 
+     *
      * After references are set this method computes the Signature for them.
      * This method can be called any time after the references were set. See
      * <code>addReferencesToSign()</code>.
-     * 
+     *
      * @throws WSSecurityException
      */
     public void computeSignature(
@@ -212,35 +212,35 @@ public class WSSecDKSign extends WSSecDe
     ) throws WSSecurityException {
         computeSignature(referenceList, true, null);
     }
-    
+
     /**
      * Compute the Signature over the references.
-     * 
+     *
      * After references are set this method computes the Signature for them.
      * This method can be called any time after the references were set. See
      * <code>addReferencesToSign()</code>.
-     * 
+     *
      * @throws WSSecurityException
      */
     public void computeSignature(
-        List<javax.xml.crypto.dsig.Reference> referenceList, 
+        List<javax.xml.crypto.dsig.Reference> referenceList,
         boolean prepend,
         Element siblingElement
     ) throws WSSecurityException {
         try {
             java.security.Key key = getDerivedKey(sigAlgo);
-            SignatureMethod signatureMethod = 
+            SignatureMethod signatureMethod =
                 signatureFactory.newSignatureMethod(sigAlgo, null);
-            SignedInfo signedInfo = 
+            SignedInfo signedInfo =
                 signatureFactory.newSignedInfo(c14nMethod, signatureMethod, referenceList);
-            
+
             sig = signatureFactory.newXMLSignature(
-                    signedInfo, 
+                    signedInfo,
                     keyInfo,
                     null,
                     getIdAllocator().createId("SIG-", null),
                     null);
-            
+
             //
             // Figure out where to insert the signature element
             //
@@ -257,22 +257,22 @@ public class WSSecDKSign extends WSSecDe
             } else {
                 signContext = new DOMSignContext(key, securityHeader);
             }
-            
+
             signContext.putNamespacePrefix(WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
             if (WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(canonAlgo)) {
                 signContext.putNamespacePrefix(
-                    WSConstants.C14N_EXCL_OMIT_COMMENTS, 
+                    WSConstants.C14N_EXCL_OMIT_COMMENTS,
                     WSConstants.C14N_EXCL_OMIT_COMMENTS_PREFIX
                 );
             }
             signContext.setProperty(STRTransform.TRANSFORM_WS_DOC_INFO, wsDocInfo);
             wsDocInfo.setCallbackLookup(callbackLookup);
-            
+
             // Add the elements to sign to the Signature Context
             wsDocInfo.setTokensOnContext((DOMSignContext)signContext);
-            
+
             sig.sign(signContext);
-            
+
             signatureValue = sig.getSignatureValue().getValue();
         } catch (Exception ex) {
             LOG.error(ex.getMessage(), ex);
@@ -281,16 +281,16 @@ public class WSSecDKSign extends WSSecDe
             );
         }
     }
-    
+
     protected int getDerivedKeyLength() throws WSSecurityException {
-        return derivedKeyLength > 0 ? derivedKeyLength : 
+        return derivedKeyLength > 0 ? derivedKeyLength :
             KeyUtils.getKeyLength(sigAlgo);
     }
-    
+
     public void setDerivedKeyLength(int keyLength) {
         derivedKeyLength = keyLength;
     }
-    
+
     /**
      * Set the signature algorithm to use. The default is WSConstants.SHA1.
      * @param algorithm the signature algorithm to use.
@@ -298,17 +298,17 @@ public class WSSecDKSign extends WSSecDe
     public void setSignatureAlgorithm(String algorithm) {
         sigAlgo = algorithm;
     }
-    
+
     /**
      * @return the signature algorithm to use
      */
     public String getSignatureAlgorithm() {
         return sigAlgo;
     }
-    
+
     /**
      * Returns the the value of wsu:Id attribute of the Signature element.
-     * 
+     *
      * @return Return the wsu:Id of this token or null if the signature has not been generated.
      */
     public String getSignatureId() {
@@ -317,7 +317,7 @@ public class WSSecDKSign extends WSSecDe
         }
         return sig.getId();
     }
-    
+
     /**
      * Set the digest algorithm to use. The default is WSConstants.SHA1.
      * @param algorithm the digest algorithm to use.
@@ -325,7 +325,7 @@ public class WSSecDKSign extends WSSecDe
     public void setDigestAlgorithm(String algorithm) {
         digestAlgo = algorithm;
     }
-    
+
     /**
      * @return the digest algorithm to use
      */
@@ -339,14 +339,14 @@ public class WSSecDKSign extends WSSecDe
     public byte[] getSignatureValue() {
         return signatureValue;
     }
-    
+
     /**
      * Set the canonicalization method to use.
-     * 
+     *
      * If the canonicalization method is not set then the recommended Exclusive
      * XML Canonicalization is used by default Refer to WSConstants which
      * algorithms are supported.
-     * 
+     *
      * @param algo Is the name of the signature algorithm
      * @see WSConstants#C14N_OMIT_COMMENTS
      * @see WSConstants#C14N_WITH_COMMENTS
@@ -359,16 +359,16 @@ public class WSSecDKSign extends WSSecDe
 
     /**
      * Get the canonicalization method.
-     * 
+     *
      * If the canonicalization method was not set then Exclusive XML
      * Canonicalization is used by default.
-     * 
+     *
      * @return The string describing the canonicalization algorithm.
      */
     public String getSigCanonicalization() {
         return canonAlgo;
     }
-    
+
     public boolean isAddInclusivePrefixes() {
         return addInclusivePrefixes;
     }




Mime
View raw message