ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1852759 - in /webservices/wss4j/trunk: ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/ ws-security-policy-stax/src/test/java/o...
Date Fri, 01 Feb 2019 16:34:14 GMT
Author: coheigea
Date: Fri Feb  1 16:34:14 2019
New Revision: 1852759

URL: http://svn.apache.org/viewvc?rev=1852759&view=rev
Log:
Fix to select the correct SOAP namespace for streaming policy validation

Modified:
    webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ContentEncryptedElementsAssertionState.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedElementsAssertionState.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedPartsAssertionState.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredElementsAssertionState.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredPartsAssertionState.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignatureProtectionAssertionState.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignedElementsAssertionState.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignedPartsAssertionState.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingTest.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/SymmetricBindingTest.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TokenProtectionTest.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingTest.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/VulnerabliltyVectorsTest.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/InboundWSSec.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ContentEncryptedElementsAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ContentEncryptedElementsAssertionState.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ContentEncryptedElementsAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ContentEncryptedElementsAssertionState.java Fri Feb  1 16:34:14 2019
@@ -83,7 +83,7 @@ public class ContentEncryptedElementsAss
         Iterator<List<QName>> pathElementIterator = pathElements.iterator();
         while (pathElementIterator.hasNext()) {
             List<QName> pathElements = pathElementIterator.next();
-            if (WSSUtils.pathMatches(pathElements, contentEncryptedElementSecurityEvent.getElementPath(), true, false)) {
+            if (WSSUtils.pathMatches(pathElements, contentEncryptedElementSecurityEvent.getElementPath())) {
                 if (contentEncryptedElementSecurityEvent.isEncrypted()) {
                     setAsserted(true);
                     policyAsserter.assertPolicy(getAssertion());

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedElementsAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedElementsAssertionState.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedElementsAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedElementsAssertionState.java Fri Feb  1 16:34:14 2019
@@ -85,7 +85,7 @@ public class EncryptedElementsAssertionS
         Iterator<List<QName>> pathElementIterator = pathElements.iterator();
         while (pathElementIterator.hasNext()) {
             List<QName> pathElements = pathElementIterator.next();
-            if (WSSUtils.pathMatches(pathElements, encryptedElementSecurityEvent.getElementPath(), true, false)) {
+            if (WSSUtils.pathMatches(pathElements, encryptedElementSecurityEvent.getElementPath())) {
                 if (encryptedElementSecurityEvent.isEncrypted()) {
                     setAsserted(true);
                     policyAsserter.assertPolicy(getAssertion());

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedPartsAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedPartsAssertionState.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedPartsAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedPartsAssertionState.java Fri Feb  1 16:34:14 2019
@@ -47,11 +47,12 @@ public class EncryptedPartsAssertionStat
     private int encryptedAttachmentCount;
     private boolean encryptedAttachmentRequired;
     private PolicyAsserter policyAsserter;
+    private final boolean soap12;
 
     public EncryptedPartsAssertionState(
         AbstractSecurityAssertion assertion,
         PolicyAsserter policyAsserter,
-        boolean asserted, int attachmentCount) {
+        boolean asserted, int attachmentCount, boolean soap12) {
         super(assertion, asserted);
         this.attachmentCount = attachmentCount;
 
@@ -63,6 +64,8 @@ public class EncryptedPartsAssertionStat
         if (asserted) {
             policyAsserter.assertPolicy(getAssertion());
         }
+
+        this.soap12 = soap12;
     }
 
     @Override
@@ -106,11 +109,15 @@ public class EncryptedPartsAssertionStat
             Header header = encryptedParts.getHeaders().get(i);
             QName headerQName = new QName(header.getNamespace(), header.getName() == null ? "" : header.getName());
 
-            List<QName> header11Path = new LinkedList<>();
-            header11Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
-            header11Path.add(headerQName);
+            List<QName> headerPath = new LinkedList<>();
+            if (soap12) {
+                headerPath.addAll(WSSConstants.SOAP_12_HEADER_PATH);
+            } else {
+                headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
+            }
+            headerPath.add(headerQName);
 
-            if (WSSUtils.pathMatches(header11Path, encryptedPartSecurityEvent.getElementPath(), true, header.getName() == null)) {
+            if (WSSUtils.pathMatches(headerPath, encryptedPartSecurityEvent.getElementPath(), header.getName() == null)) {
                 if (encryptedPartSecurityEvent.isEncrypted()) {
                     setAsserted(true);
                     policyAsserter.assertPolicy(getAssertion());

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredElementsAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredElementsAssertionState.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredElementsAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredElementsAssertionState.java Fri Feb  1 16:34:14 2019
@@ -91,7 +91,7 @@ public class RequiredElementsAssertionSt
         while (elementMapIterator.hasNext()) {
             Map.Entry<List<QName>, Boolean> next = elementMapIterator.next();
             List<QName> qNameList = next.getKey();
-            if (WSSUtils.pathMatches(qNameList, requiredElementSecurityEvent.getElementPath(), true, false)) {
+            if (WSSUtils.pathMatches(qNameList, requiredElementSecurityEvent.getElementPath())) {
                 next.setValue(Boolean.TRUE);
                 break;
             }

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredPartsAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredPartsAssertionState.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredPartsAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RequiredPartsAssertionState.java Fri Feb  1 16:34:14 2019
@@ -44,10 +44,12 @@ public class RequiredPartsAssertionState
 
     private final Map<Header, Boolean> headers = new HashMap<>();
     private PolicyAsserter policyAsserter;
+    private final boolean soap12;
 
     public RequiredPartsAssertionState(AbstractSecurityAssertion assertion,
                                        PolicyAsserter policyAsserter,
-                                       boolean asserted) {
+                                       boolean asserted,
+                                       boolean soap12) {
         super(assertion, asserted);
 
         RequiredParts requiredParts = (RequiredParts) assertion;
@@ -64,6 +66,8 @@ public class RequiredPartsAssertionState
         if (asserted) {
             policyAsserter.assertPolicy(getAssertion());
         }
+
+        this.soap12 = soap12;
     }
 
     @Override
@@ -83,11 +87,15 @@ public class RequiredPartsAssertionState
             Header header = next.getKey();
             QName headerQName = new QName(header.getNamespace(), header.getName() == null ? "" : header.getName());
 
-            List<QName> header11Path = new LinkedList<>();
-            header11Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
-            header11Path.add(headerQName);
+            List<QName> headerPath = new LinkedList<>();
+            if (soap12) {
+                headerPath.addAll(WSSConstants.SOAP_12_HEADER_PATH);
+            } else {
+                headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
+            }
+            headerPath.add(headerQName);
 
-            if (WSSUtils.pathMatches(header11Path, requiredPartSecurityEvent.getElementPath(), true, header.getName() == null)) {
+            if (WSSUtils.pathMatches(headerPath, requiredPartSecurityEvent.getElementPath(), header.getName() == null)) {
                 next.setValue(Boolean.TRUE);
                 break;
             }

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignatureProtectionAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignatureProtectionAssertionState.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignatureProtectionAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignatureProtectionAssertionState.java Fri Feb  1 16:34:14 2019
@@ -107,7 +107,7 @@ public class SignatureProtectionAssertio
             Iterator<List<QName>> pathElementsIterator = elementPaths.iterator();
             while (pathElementsIterator.hasNext()) {
                 List<QName> qNameList = pathElementsIterator.next();
-                if (WSSUtils.pathMatches(qNameList, encryptedElementSecurityEvent.getElementPath(), true, false)) {
+                if (WSSUtils.pathMatches(qNameList, encryptedElementSecurityEvent.getElementPath())) {
                     encryptedElementEvents.add(encryptedElementSecurityEvent);
                 }
             }

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignedElementsAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignedElementsAssertionState.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignedElementsAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignedElementsAssertionState.java Fri Feb  1 16:34:14 2019
@@ -90,7 +90,7 @@ public class SignedElementsAssertionStat
         Iterator<List<QName>> pathElementIterator = pathElements.iterator();
         while (pathElementIterator.hasNext()) {
             List<QName> pathElements = pathElementIterator.next();
-            if (WSSUtils.pathMatches(pathElements, signedSecurityEvent.getElementPath(), true, false)) {
+            if (WSSUtils.pathMatches(pathElements, signedSecurityEvent.getElementPath())) {
                 if (signedSecurityEvent.isSigned()) {
                     setAsserted(true);
                     policyAsserter.assertPolicy(getAssertion());

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignedPartsAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignedPartsAssertionState.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignedPartsAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignedPartsAssertionState.java Fri Feb  1 16:34:14 2019
@@ -47,10 +47,11 @@ public class SignedPartsAssertionState e
     private int signedAttachmentCount;
     private boolean signedAttachmentRequired;
     private PolicyAsserter policyAsserter;
+    private final boolean soap12;
 
     public SignedPartsAssertionState(
         AbstractSecurityAssertion assertion, PolicyAsserter policyAsserter,
-        boolean asserted, int attachmentCount
+        boolean asserted, int attachmentCount, boolean soap12
     ) {
         super(assertion, asserted);
         this.attachmentCount = attachmentCount;
@@ -63,6 +64,8 @@ public class SignedPartsAssertionState e
         if (asserted) {
             policyAsserter.assertPolicy(getAssertion());
         }
+
+        this.soap12 = soap12;
     }
 
     @Override
@@ -88,8 +91,9 @@ public class SignedPartsAssertionState e
             }
         }
 
+        List<QName> bodyPath = soap12 ? WSSConstants.SOAP_12_BODY_PATH : WSSConstants.SOAP_11_BODY_PATH;
         if (signedParts.isBody()
-                && WSSUtils.pathMatches(WSSConstants.SOAP_11_BODY_PATH, signedPartSecurityEvent.getElementPath(), true, false)) {
+                && WSSUtils.pathMatches(bodyPath, signedPartSecurityEvent.getElementPath())) {
             if (signedPartSecurityEvent.isSigned()) {
                 setAsserted(true);
                 policyAsserter.assertPolicy(getAssertion());
@@ -118,11 +122,15 @@ public class SignedPartsAssertionState e
                 Header header = signedParts.getHeaders().get(i);
                 QName headerQName = new QName(header.getNamespace(), header.getName() == null ? "" : header.getName());
 
-                List<QName> header11Path = new LinkedList<>();
-                header11Path.addAll(WSSConstants.SOAP_11_HEADER_PATH);
-                header11Path.add(headerQName);
+                List<QName> headerPath = new LinkedList<>();
+                if (soap12) {
+                    headerPath.addAll(WSSConstants.SOAP_12_HEADER_PATH);
+                } else {
+                    headerPath.addAll(WSSConstants.SOAP_11_HEADER_PATH);
+                }
+                headerPath.add(headerQName);
 
-                if (WSSUtils.pathMatches(header11Path, signedPartSecurityEvent.getElementPath(), true, header.getName() == null)) {
+                if (WSSUtils.pathMatches(headerPath, signedPartSecurityEvent.getElementPath(), header.getName() == null)) {
                     if (signedPartSecurityEvent.isSigned()) {
                         setAsserted(true);
                         policyAsserter.assertPolicy(getAssertion());

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java Fri Feb  1 16:34:14 2019
@@ -52,10 +52,12 @@ public class TokenProtectionAssertionSta
     private final List<SignedElementSecurityEvent> signedElementEvents = new ArrayList<>();
     private final List<TokenSecurityEvent<? extends SecurityToken>> tokenSecurityEvents = new ArrayList<>();
     private PolicyAsserter policyAsserter;
+    private final boolean soap12;
 
     public TokenProtectionAssertionState(Assertion assertion,
                                          PolicyAsserter policyAsserter,
-                                         boolean initialAssertionState) {
+                                         boolean initialAssertionState,
+                                         boolean soap12) {
         super(assertion, initialAssertionState);
 
         this.policyAsserter = policyAsserter;
@@ -67,6 +69,8 @@ public class TokenProtectionAssertionSta
             String namespace = getAssertion().getName().getNamespaceURI();
             policyAsserter.assertPolicy(new QName(namespace, SPConstants.PROTECT_TOKENS));
         }
+
+        this.soap12 = soap12;
     }
 
     @Override
@@ -201,12 +205,16 @@ public class TokenProtectionAssertionSta
     private boolean signsMainSignature(SecurityToken securityToken) throws XMLSecurityException {
 
         List<QName> signaturePath = new LinkedList<>();
-        signaturePath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        if (soap12) {
+            signaturePath.addAll(WSSConstants.SOAP_12_WSSE_SECURITY_HEADER_PATH);
+        } else {
+            signaturePath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
+        }
         signaturePath.add(WSSConstants.TAG_dsig_Signature);
 
         for (int i = 0; i < signedElementEvents.size(); i++) {
             SignedElementSecurityEvent signedElementSecurityEvent = signedElementEvents.get(i);
-            if (WSSUtils.pathMatches(signedElementSecurityEvent.getElementPath(), signaturePath, true, false)) {
+            if (WSSUtils.pathMatches(signedElementSecurityEvent.getElementPath(), signaturePath)) {
                 SecurityToken signingSecurityToken = getEffectiveSignatureToken(signedElementSecurityEvent.getSecurityToken());
                 //todo ATM me just check if the token signs a signature but we don't know if it's the main signature
                 if (signingSecurityToken != null && signingSecurityToken.getId().equals(securityToken.getId())) {

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcer.java Fri Feb  1 16:34:14 2019
@@ -143,19 +143,16 @@ public class PolicyEnforcer implements S
     private boolean noSecurityHeader;
     private boolean faultOccurred;
     private final PolicyAsserter policyAsserter;
+    private boolean soap12;
 
     public PolicyEnforcer(List<OperationPolicy> operationPolicies, String soapAction, boolean initiator,
-                          String actorOrRole, int attachmentCount) throws WSSPolicyException {
-        this(operationPolicies, soapAction, initiator, actorOrRole, attachmentCount, null);
-    }
-
-    public PolicyEnforcer(List<OperationPolicy> operationPolicies, String soapAction, boolean initiator,
-                          String actorOrRole, int attachmentCount, PolicyAsserter policyAsserter
+                          String actorOrRole, int attachmentCount, PolicyAsserter policyAsserter, boolean soap12
     ) throws WSSPolicyException {
         this.operationPolicies = operationPolicies;
         this.initiator = initiator;
         this.actorOrRole = actorOrRole;
         this.attachmentCount = attachmentCount;
+        this.soap12 = soap12;
         assertionStateMap = new LinkedList<>();
         failedAssertionStateMap = new LinkedList<>();
 
@@ -319,7 +316,7 @@ public class PolicyEnforcer implements S
             assertableList.add(new ContentEncryptedElementsAssertionState(abstractSecurityAssertion, policyAsserter, true));
         } else if (abstractSecurityAssertion instanceof EncryptedParts) {
             // initialized with asserted=true with the same reason as by the EncryptedParts above
-            assertableList.add(new EncryptedPartsAssertionState(abstractSecurityAssertion, policyAsserter, true, attachmentCount));
+            assertableList.add(new EncryptedPartsAssertionState(abstractSecurityAssertion, policyAsserter, true, attachmentCount, soap12));
         } else if (abstractSecurityAssertion instanceof EncryptedElements) {
             // initialized with asserted=true with the same reason as by the EncryptedParts above
             assertableList.add(new EncryptedElementsAssertionState(abstractSecurityAssertion, policyAsserter, true));
@@ -328,14 +325,14 @@ public class PolicyEnforcer implements S
             // therefore these element are also signed
             // the test if it is really signed is done via the PolicyInputProcessor which emits SignedElementEvents for
             // unsigned elements with the unsigned flag
-            assertableList.add(new SignedPartsAssertionState(abstractSecurityAssertion, policyAsserter, true, attachmentCount));
+            assertableList.add(new SignedPartsAssertionState(abstractSecurityAssertion, policyAsserter, true, attachmentCount, soap12));
         } else if (abstractSecurityAssertion instanceof SignedElements) {
             // initialized with asserted=true with the same reason as by the SignedParts above
             assertableList.add(new SignedElementsAssertionState(abstractSecurityAssertion, policyAsserter, true));
         } else if (abstractSecurityAssertion instanceof RequiredElements) {
             assertableList.add(new RequiredElementsAssertionState(abstractSecurityAssertion, policyAsserter, false));
         } else if (abstractSecurityAssertion instanceof RequiredParts) {
-            assertableList.add(new RequiredPartsAssertionState(abstractSecurityAssertion, policyAsserter, false));
+            assertableList.add(new RequiredPartsAssertionState(abstractSecurityAssertion, policyAsserter, false, soap12));
         } else if (abstractSecurityAssertion instanceof UsernameToken) {
             assertableList.add(new UsernameTokenAssertionState(abstractSecurityAssertion, !tokenRequired, policyAsserter, initiator));
         } else if (abstractSecurityAssertion instanceof IssuedToken) {
@@ -385,14 +382,18 @@ public class PolicyEnforcer implements S
                     assertableList.add(new OnlySignEntireHeadersAndBodyAssertionState(abstractSecurityAssertion, policyAsserter,
                                                                                       true, actorOrRole));
                 }
-                assertableList.add(new TokenProtectionAssertionState(abstractSecurityAssertion, policyAsserter, true));
+                assertableList.add(new TokenProtectionAssertionState(abstractSecurityAssertion, policyAsserter, true, soap12));
             }
 
             //WSP1.3, 6.2 Timestamp Property
             assertableList.add(new IncludeTimeStampAssertionState(abstractBinding, policyAsserter, true));
             if (abstractBinding.isIncludeTimestamp()) {
                 List<QName> timestampElementPath = new LinkedList<>();
-                timestampElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+                if (soap12) {
+                    timestampElementPath.addAll(WSSConstants.SOAP_12_WSSE_SECURITY_HEADER_PATH);
+                } else {
+                    timestampElementPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
+                }
                 timestampElementPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
                 RequiredElementsAssertionState requiredElementsAssertionState =
                     new RequiredElementsAssertionState(abstractBinding, policyAsserter, false);
@@ -435,7 +436,11 @@ public class PolicyEnforcer implements S
                     if (initiator) {
                         //9 WSS: SOAP Message Security Options [Signature Confirmation]
                         List<QName> signatureConfirmationElementPath = new LinkedList<>();
-                        signatureConfirmationElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+                        if (soap12) {
+                            signatureConfirmationElementPath.addAll(WSSConstants.SOAP_12_WSSE_SECURITY_HEADER_PATH);
+                        } else {
+                            signatureConfirmationElementPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
+                        }
                         signatureConfirmationElementPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
                         RequiredElementsAssertionState requiredElementsAssertionState =
                             new RequiredElementsAssertionState(wss11, policyAsserter, false);
@@ -787,4 +792,5 @@ public class PolicyEnforcer implements S
     public void doFinal() throws WSSPolicyException {
         verifyPolicy();
     }
+
 }

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java Fri Feb  1 16:34:14 2019
@@ -431,11 +431,13 @@ public class PolicyEnforcerFactory {
      * @param roleOrActor The actor or role of the security processing. Must be set to the same value
      * as WSSSecurityProperties#setActor()
      * @param attachmentCount The number of Attachments received in the message
+     * @param Whether we are using SOAP 1.2 or not
      * @return the newly created PolicyEnforcer instance
      * @throws WSSPolicyException
      */
     public PolicyEnforcer newPolicyEnforcer(String soapAction, boolean initiator,
-                                            String roleOrActor, int attachmentCount) throws WSSPolicyException {
-        return new PolicyEnforcer(this.operationPolicies, soapAction, initiator, roleOrActor, attachmentCount);
+                                            String roleOrActor, int attachmentCount,
+                                            boolean soap12) throws WSSPolicyException {
+        return new PolicyEnforcer(this.operationPolicies, soapAction, initiator, roleOrActor, attachmentCount, null, soap12);
     }
 }

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AbstractPolicyTestBase.java Fri Feb  1 16:34:14 2019
@@ -104,7 +104,7 @@ public class AbstractPolicyTestBase exte
             element.appendChild(policyNode);
         }
         PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(document, customAssertionBuilders);
-        PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("", false, null, 0);
+        PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("", false, null, 0, false);
 
         return policyEnforcer;
     }

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingTest.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingTest.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/AsymmetricBindingTest.java Fri Feb  1 16:34:14 2019
@@ -67,7 +67,7 @@ public class AsymmetricBindingTest exten
 
         RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
         List<QName> headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
         requiredElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
@@ -89,13 +89,13 @@ public class AsymmetricBindingTest exten
         protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
         EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_dsig_Signature);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
         encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
@@ -236,7 +236,7 @@ public class AsymmetricBindingTest exten
         protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
         EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, false, protectionOrder);
         List<QName> headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_dsig_Signature);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
@@ -290,14 +290,14 @@ public class AsymmetricBindingTest exten
         protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
         EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         List<QName> headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_dsig_Signature);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
 
         encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
@@ -363,14 +363,14 @@ public class AsymmetricBindingTest exten
         protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
         EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         List<QName> headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_dsig_Signature);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
 
         encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
@@ -379,7 +379,7 @@ public class AsymmetricBindingTest exten
         QName elementName = WSSConstants.TAG_WSSE_USERNAME;
         signedPartSecurityEvent.setXmlSecEvent(XMLSecEventFactory.createXmlSecStartElement(elementName, null, null));
         List<QName> elementPath = new ArrayList<>();
-        elementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        elementPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         elementPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
         elementPath.add(elementName);
         signedPartSecurityEvent.setElementPath(elementPath);

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/SymmetricBindingTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/SymmetricBindingTest.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/SymmetricBindingTest.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/SymmetricBindingTest.java Fri Feb  1 16:34:14 2019
@@ -68,7 +68,7 @@ public class SymmetricBindingTest extend
 
         RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
         List<QName> headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
         requiredElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
@@ -93,14 +93,14 @@ public class SymmetricBindingTest extend
         protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
         EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_dsig_Signature);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
 
         encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
@@ -250,7 +250,7 @@ public class SymmetricBindingTest extend
         protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
         EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, false, protectionOrder);
         List<QName> headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_dsig_Signature);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
@@ -306,14 +306,14 @@ public class SymmetricBindingTest extend
         protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
         EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         List<QName> headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_dsig_Signature);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
 
         encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TokenProtectionTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TokenProtectionTest.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TokenProtectionTest.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TokenProtectionTest.java Fri Feb  1 16:34:14 2019
@@ -85,11 +85,11 @@ public class TokenProtectionTest extends
         protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
 
         List<QName> bstPath = new ArrayList<>();
-        bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
 
         List<QName> sigPath = new ArrayList<>();
-        sigPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        sigPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         sigPath.add(WSSConstants.TAG_dsig_Signature);
 
         List<SecurityToken> securityTokens = new LinkedList<>();
@@ -164,11 +164,11 @@ public class TokenProtectionTest extends
         protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
 
         List<QName> bstPath = new ArrayList<>();
-        bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
 
         List<QName> sigPath = new ArrayList<>();
-        sigPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        sigPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         sigPath.add(WSSConstants.TAG_dsig_Signature);
 
         List<SecurityToken> securityTokens = new LinkedList<>();
@@ -242,7 +242,7 @@ public class TokenProtectionTest extends
         X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
         X509SecurityTokenImpl securityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
         List<QName> path = new ArrayList<>();
-        path.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        path.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         path.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
         securityToken.setElementPath(path);
         securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE);
@@ -288,7 +288,7 @@ public class TokenProtectionTest extends
         X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
         X509SecurityTokenImpl securityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
         List<QName> path = new ArrayList<>();
-        path.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        path.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         path.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
         securityToken.setElementPath(path);
         securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE);
@@ -334,7 +334,7 @@ public class TokenProtectionTest extends
         X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
         X509SecurityTokenImpl securityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
         List<QName> path = new ArrayList<>();
-        path.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        path.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         path.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
         securityToken.setElementPath(path);
         securityToken.addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE);
@@ -382,7 +382,7 @@ public class TokenProtectionTest extends
         protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
 
         List<QName> bstPath = new ArrayList<>();
-        bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
 
         List<SecurityToken> securityTokens = new LinkedList<>();
@@ -458,11 +458,11 @@ public class TokenProtectionTest extends
         protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
 
         List<QName> bstPath = new ArrayList<>();
-        bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
 
         List<QName> sigPath = new ArrayList<>();
-        sigPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        sigPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         sigPath.add(WSSConstants.TAG_dsig_Signature);
 
         for (int i = 0; i < tokenUsages.size(); i++) {
@@ -520,15 +520,15 @@ public class TokenProtectionTest extends
         protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
 
         List<QName> bstPath = new ArrayList<>();
-        bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
 
         List<QName> ekPath = new ArrayList<>();
-        ekPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        ekPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         ekPath.add(WSSConstants.TAG_xenc_EncryptedKey);
 
         List<QName> sigPath = new ArrayList<>();
-        sigPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        sigPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         sigPath.add(WSSConstants.TAG_dsig_Signature);
 
         X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
@@ -587,15 +587,15 @@ public class TokenProtectionTest extends
         protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
 
         List<QName> bstPath = new ArrayList<>();
-        bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
 
         List<QName> ekPath = new ArrayList<>();
-        ekPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        ekPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         ekPath.add(WSSConstants.TAG_xenc_EncryptedKey);
 
         List<QName> sigPath = new ArrayList<>();
-        sigPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        sigPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         sigPath.add(WSSConstants.TAG_dsig_Signature);
 
         X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);
@@ -660,15 +660,15 @@ public class TokenProtectionTest extends
         protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
 
         List<QName> bstPath = new ArrayList<>();
-        bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
 
         List<QName> ekPath = new ArrayList<>();
-        ekPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        ekPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         ekPath.add(WSSConstants.TAG_xenc_EncryptedKey);
 
         List<QName> sigPath = new ArrayList<>();
-        sigPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        sigPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         sigPath.add(WSSConstants.TAG_dsig_Signature);
 
         X509SecurityTokenImpl x509SecurityToken = getX509Token(WSSecurityTokenConstants.X509V3Token);

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingTest.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingTest.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/TransportBindingTest.java Fri Feb  1 16:34:14 2019
@@ -60,7 +60,7 @@ public class TransportBindingTest extend
 
         RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
         List<QName> headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
         requiredElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
@@ -80,14 +80,14 @@ public class TransportBindingTest extend
         protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
         EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_dsig_Signature);
         requiredElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
 
         encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
         requiredElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
@@ -156,7 +156,7 @@ public class TransportBindingTest extend
 
         RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
         List<QName> headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
         requiredElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
@@ -172,7 +172,7 @@ public class TransportBindingTest extend
         protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
         EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, false, protectionOrder);
         headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_dsig_Signature);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
@@ -203,7 +203,7 @@ public class TransportBindingTest extend
 
         RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent();
         List<QName> headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
         requiredElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
@@ -219,14 +219,14 @@ public class TransportBindingTest extend
         protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
         EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_dsig_Signature);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
 
         encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(null, true, protectionOrder);
         headerPath = new ArrayList<>();
-        headerPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        headerPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         headerPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
         encryptedElementSecurityEvent.setElementPath(headerPath);
         policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/VulnerabliltyVectorsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/VulnerabliltyVectorsTest.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/VulnerabliltyVectorsTest.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/VulnerabliltyVectorsTest.java Fri Feb  1 16:34:14 2019
@@ -86,7 +86,7 @@ public class VulnerabliltyVectorsTest ex
         inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
 
         PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/actionSpoofing.wsdl"));
-        PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("emptyPolicy", false, null, 0);
+        PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("emptyPolicy", false, null, 0, false);
         inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
 
         try {
@@ -138,7 +138,7 @@ public class VulnerabliltyVectorsTest ex
         inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
 
         PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/actionSpoofing.wsdl"));
-        PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("goodPolicy", false, null, 0);
+        PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer("goodPolicy", false, null, 0, false);
         inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, inSecurityProperties));
 
         try {

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSConstants.java Fri Feb  1 16:34:14 2019
@@ -271,7 +271,8 @@ public class WSSConstants extends XMLSec
     public static final List<QName> SOAP_12_BODY_PATH = new ArrayList<>(2);
     public static final List<QName> SOAP_11_HEADER_PATH = new ArrayList<>(2);
     public static final List<QName> SOAP_12_HEADER_PATH = new ArrayList<>(2);
-    public static final List<QName> WSSE_SECURITY_HEADER_PATH = new ArrayList<>(3);
+    public static final List<QName> SOAP_11_WSSE_SECURITY_HEADER_PATH = new ArrayList<>(3);
+    public static final List<QName> SOAP_12_WSSE_SECURITY_HEADER_PATH = new ArrayList<>(3);
 
     static {
         SOAP_11_BODY_PATH.add(WSSConstants.TAG_SOAP11_ENVELOPE);
@@ -286,8 +287,11 @@ public class WSSConstants extends XMLSec
         SOAP_12_HEADER_PATH.add(WSSConstants.TAG_SOAP12_ENVELOPE);
         SOAP_12_HEADER_PATH.add(WSSConstants.TAG_SOAP12_HEADER);
 
-        WSSE_SECURITY_HEADER_PATH.addAll(SOAP_11_HEADER_PATH);
-        WSSE_SECURITY_HEADER_PATH.add(WSSConstants.TAG_WSSE_SECURITY);
+        SOAP_11_WSSE_SECURITY_HEADER_PATH.addAll(SOAP_11_HEADER_PATH);
+        SOAP_11_WSSE_SECURITY_HEADER_PATH.add(WSSConstants.TAG_WSSE_SECURITY);
+
+        SOAP_12_WSSE_SECURITY_HEADER_PATH.addAll(SOAP_12_HEADER_PATH);
+        SOAP_12_WSSE_SECURITY_HEADER_PATH.add(WSSConstants.TAG_WSSE_SECURITY);
 
     }
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java Fri Feb  1 16:34:14 2019
@@ -116,6 +116,7 @@ public class WSSSecurityProperties exten
 
     private CallbackHandler attachmentCallbackHandler;
     private Object msgContext;
+    private boolean soap12;
 
     public WSSSecurityProperties() {
         super();
@@ -175,6 +176,7 @@ public class WSSSecurityProperties exten
         this.msgContext = wssSecurityProperties.msgContext;
         this.audienceRestrictions = wssSecurityProperties.audienceRestrictions;
         this.requireTimestampExpires = wssSecurityProperties.requireTimestampExpires;
+        this.soap12 = wssSecurityProperties.soap12;
     }
 
     /**
@@ -949,4 +951,12 @@ public class WSSSecurityProperties exten
     public void setRequireTimestampExpires(boolean requireTimestampExpires) {
         this.requireTimestampExpires = requireTimestampExpires;
     }
+
+    public boolean isSoap12() {
+        return soap12;
+    }
+
+    public void setSoap12(boolean soap12) {
+        this.soap12 = soap12;
+    }
 }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java Fri Feb  1 16:34:14 2019
@@ -61,6 +61,7 @@ public class InboundWSSecurityContextImp
     private boolean messageEncryptionTokenOccured = false;
     private boolean allowRSA15KeyTransportAlgorithm = false;
     private boolean disableBSPEnforcement;
+    private boolean soap12;
 
     private List<BSPRule> ignoredBSPRules = Collections.emptyList();
 
@@ -262,14 +263,16 @@ public class InboundWSSecurityContextImp
             List<InboundSecurityToken> signingSecurityTokens =
                 isSignedToken(tokenSecurityEvent, securityEventDeque, httpsTokenSecurityEvent);
 
+            List<QName> securityHeader =
+                soap12 ? WSSConstants.SOAP_12_WSSE_SECURITY_HEADER_PATH : WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH;
             List<QName> signatureElementPath = new ArrayList<>(4);
-            signatureElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+            signatureElementPath.addAll(securityHeader);
             signatureElementPath.add(WSSConstants.TAG_dsig_Signature);
             boolean signsSignature = signsElement(tokenSecurityEvent, signatureElementPath, securityEventDeque);
             boolean encryptsSignature = encryptsElement(tokenSecurityEvent, signatureElementPath, securityEventDeque);
 
             List<QName> signatureConfirmationElementPath = new ArrayList<>(4);
-            signatureConfirmationElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+            signatureConfirmationElementPath.addAll(securityHeader);
             signatureConfirmationElementPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
             boolean signsSignatureConfirmation =
                 signsElement(tokenSecurityEvent, signatureConfirmationElementPath, securityEventDeque);
@@ -277,12 +280,12 @@ public class InboundWSSecurityContextImp
                 encryptsElement(tokenSecurityEvent, signatureConfirmationElementPath, securityEventDeque);
 
             List<QName> timestampElementPath = new ArrayList<>(4);
-            timestampElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+            timestampElementPath.addAll(securityHeader);
             timestampElementPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
             boolean signsTimestamp = signsElement(tokenSecurityEvent, timestampElementPath, securityEventDeque);
 
             List<QName> usernameTokenElementPath = new ArrayList<>(4);
-            usernameTokenElementPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+            usernameTokenElementPath.addAll(securityHeader);
             usernameTokenElementPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
             boolean encryptsUsernameToken = encryptsElement(tokenSecurityEvent, usernameTokenElementPath, securityEventDeque);
 
@@ -462,7 +465,7 @@ public class InboundWSSecurityContextImp
                 if (signedElementSecurityEvent.isSigned()
                         && WSSUtils.pathMatches(
                         signedElementSecurityEvent.getElementPath(),
-                        ((InboundSecurityToken)tokenSecurityEvent.getSecurityToken()).getElementPath(), true, false)
+                        ((InboundSecurityToken)tokenSecurityEvent.getSecurityToken()).getElementPath(), false)
                         ) {
                     signingSecurityTokens.add((InboundSecurityToken)signedElementSecurityEvent.getSecurityToken());
                 }
@@ -504,7 +507,7 @@ public class InboundWSSecurityContextImp
                         && signedElementSecurityEvent.getXmlSecEvent() != null
                         && signedElementSecurityEvent.getXmlSecEvent()
                             == ((InboundSecurityToken)tokenSecurityEvent.getSecurityToken()).getXMLSecEvent()
-                        && !securityTokenList.contains((InboundSecurityToken)signedElementSecurityEvent.getSecurityToken())) {
+                        && !securityTokenList.contains(signedElementSecurityEvent.getSecurityToken())) {
                     securityTokenList.add((InboundSecurityToken)signedElementSecurityEvent.getSecurityToken());
                 }
             }
@@ -530,7 +533,7 @@ public class InboundWSSecurityContextImp
                         && encryptedElementSecurityEvent.getXmlSecEvent() != null
                         && encryptedElementSecurityEvent.getXmlSecEvent()
                             == ((InboundSecurityToken)tokenSecurityEvent.getSecurityToken()).getXMLSecEvent()
-                        && !securityTokenList.contains((InboundSecurityToken)encryptedElementSecurityEvent.getSecurityToken())) {
+                        && !securityTokenList.contains(encryptedElementSecurityEvent.getSecurityToken())) {
                     securityTokenList.add((InboundSecurityToken)encryptedElementSecurityEvent.getSecurityToken());
                 }
             }
@@ -548,7 +551,7 @@ public class InboundWSSecurityContextImp
                         && matchesTokenOrWrappedTokenId(tokenSecurityEvent.getSecurityToken(),
                         signedElementSecurityEvent.getSecurityToken().getId(),
                         SecurityTokenConstants.TokenUsage_Signature)
-                        && WSSUtils.pathMatches(elementPath, signedElementSecurityEvent.getElementPath(), true, false)) {
+                        && WSSUtils.pathMatches(elementPath, signedElementSecurityEvent.getElementPath(), false)) {
                     return true;
                 }
             }
@@ -580,7 +583,7 @@ public class InboundWSSecurityContextImp
                 EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
                 if (encryptedElementSecurityEvent.isEncrypted()
                         && encryptedElementSecurityEvent.getSecurityToken().getId().equals(tokenSecurityEvent.getSecurityToken().getId())
-                        && WSSUtils.pathMatches(elementPath, encryptedElementSecurityEvent.getElementPath(), true, false)) {
+                        && WSSUtils.pathMatches(elementPath, encryptedElementSecurityEvent.getElementPath(), false)) {
                     return true;
                 }
             } else if (WSSecurityEventConstants.ContentEncrypted.equals(securityEvent.getSecurityEventType())) {
@@ -591,7 +594,7 @@ public class InboundWSSecurityContextImp
                         && contentEncryptedElementSecurityEvent.getSecurityToken().getId().equals(tokenId)
                         && contentEncryptedElementSecurityEvent.getXmlSecEvent()
                             == ((InboundSecurityToken)tokenSecurityEvent.getSecurityToken()).getXMLSecEvent()
-                        && WSSUtils.pathMatches(elementPath, contentEncryptedElementSecurityEvent.getElementPath(), true, false)) {
+                        && WSSUtils.pathMatches(elementPath, contentEncryptedElementSecurityEvent.getElementPath(), false)) {
                     return true;
                 }
             }
@@ -635,6 +638,14 @@ public class InboundWSSecurityContextImp
         this.allowRSA15KeyTransportAlgorithm = allowRSA15KeyTransportAlgorithm;
     }
 
+    public boolean isSoap12() {
+        return soap12;
+    }
+
+    public void setSoap12(boolean soap12) {
+        this.soap12 = soap12;
+    }
+
     private static class MessageTokens {
         List<TokenSecurityEvent<? extends InboundSecurityToken>> messageSignatureTokens = Collections.emptyList();
         List<TokenSecurityEvent<? extends InboundSecurityToken>> messageEncryptionTokens = Collections.emptyList();

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java Fri Feb  1 16:34:14 2019
@@ -553,18 +553,14 @@ public class SAMLTokenInputHandler exten
 
             this.soap12 = soap12;
             if (soap12) {
-                saml1TokenPath = new ArrayList<>(WSSConstants.SOAP_12_HEADER_PATH);
-                saml1TokenPath.add(WSSConstants.TAG_WSSE_SECURITY);
+                saml1TokenPath = new ArrayList<>(WSSConstants.SOAP_12_WSSE_SECURITY_HEADER_PATH);
                 saml1TokenPath.add(WSSConstants.TAG_SAML_ASSERTION);
-                saml2TokenPath = new ArrayList<>(WSSConstants.SOAP_12_HEADER_PATH);
-                saml2TokenPath.add(WSSConstants.TAG_WSSE_SECURITY);
+                saml2TokenPath = new ArrayList<>(WSSConstants.SOAP_12_WSSE_SECURITY_HEADER_PATH);
                 saml2TokenPath.add(WSSConstants.TAG_SAML2_ASSERTION);
             } else {
-                saml1TokenPath = new ArrayList<>(WSSConstants.SOAP_11_HEADER_PATH);
-                saml1TokenPath.add(WSSConstants.TAG_WSSE_SECURITY);
+                saml1TokenPath = new ArrayList<>(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
                 saml1TokenPath.add(WSSConstants.TAG_SAML_ASSERTION);
-                saml2TokenPath = new ArrayList<>(WSSConstants.SOAP_11_HEADER_PATH);
-                saml2TokenPath.add(WSSConstants.TAG_WSSE_SECURITY);
+                saml2TokenPath = new ArrayList<>(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
                 saml2TokenPath.add(WSSConstants.TAG_SAML2_ASSERTION);
             }
         }

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/InboundWSSec.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/InboundWSSec.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/InboundWSSec.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/setup/InboundWSSec.java Fri Feb  1 16:34:14 2019
@@ -193,6 +193,7 @@ public class InboundWSSec {
         securityContextImpl.ignoredBSPRules(this.securityProperties.getIgnoredBSPRules());
         securityContextImpl.setDisableBSPEnforcement(this.securityProperties.isDisableBSPEnforcement());
         securityContextImpl.setAllowRSA15KeyTransportAlgorithm(this.securityProperties.isAllowRSA15KeyTransportAlgorithm());
+        securityContextImpl.setSoap12(this.securityProperties.isSoap12());
 
         if (!requestSecurityEvents.isEmpty()) {
             try {

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/utils/WSSUtils.java Fri Feb  1 16:34:14 2019
@@ -626,11 +626,10 @@ public class WSSUtils extends XMLSecurit
     }
 
     public static boolean pathMatches(List<QName> path1, List<QName> path2) {
-        return pathMatches(path1, path2, false, false);
+        return pathMatches(path1, path2, false);
     }
 
-    public static boolean pathMatches(List<QName> path1, List<QName> path2,
-                                      boolean matchAnySoapNS, boolean lastElementWildCard) {
+    public static boolean pathMatches(List<QName> path1, List<QName> path2, boolean lastElementWildCard) {
         if (path1 == null) {
             throw new IllegalArgumentException("Internal error");
         }
@@ -642,12 +641,7 @@ public class WSSUtils extends XMLSecurit
         while (path1Iterator.hasNext()) {
             QName qName1 = path1Iterator.next();
             QName qName2 = path2Iterator.next();
-            if (matchAnySoapNS && (WSSConstants.NS_SOAP11.equals(qName1.getNamespaceURI())
-                    || WSSConstants.NS_SOAP12.equals(qName1.getNamespaceURI()))) {
-                if (!qName1.getLocalPart().equals(qName2.getLocalPart())) {
-                    return false;
-                }
-            } else if (!qName1.equals(qName2)) {
+            if (!qName1.equals(qName2)) {
                 if (!path1Iterator.hasNext() && lastElementWildCard) {
                     if (!qName1.getNamespaceURI().equals(qName2.getNamespaceURI())) {
                         return false;

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java?rev=1852759&r1=1852758&r2=1852759&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/InboundWSSecurityContextImplTest.java Fri Feb  1 16:34:14 2019
@@ -130,7 +130,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(timestampSecurityEvent);
 
         List<QName> timestampPath = new LinkedList<>();
-        timestampPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        timestampPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         timestampPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
 
         RequiredElementSecurityEvent timestampRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
@@ -138,7 +138,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(timestampRequiredElementSecurityEvent);
 
         List<QName> usernameTokenPath = new LinkedList<>();
-        usernameTokenPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        usernameTokenPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         usernameTokenPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
 
         XMLSecEvent usernameTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
@@ -159,7 +159,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(signatureConfirmationSecurityEvent);
 
         List<QName> scPath = new LinkedList<>();
-        scPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        scPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         scPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
 
         RequiredElementSecurityEvent scRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
@@ -167,7 +167,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(scRequiredElementSecurityEvent);
 
         List<QName> bstPath = new LinkedList<>();
-        bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
 
         XMLSecEvent signedEndorsingSupportingTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
@@ -288,7 +288,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(timestampSecurityEvent);
 
         List<QName> timestampPath = new LinkedList<>();
-        timestampPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        timestampPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         timestampPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
 
         RequiredElementSecurityEvent timestampRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
@@ -299,7 +299,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(signatureConfirmationSecurityEvent);
 
         List<QName> scPath = new LinkedList<>();
-        scPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        scPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         scPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
 
         RequiredElementSecurityEvent scRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
@@ -307,7 +307,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(scRequiredElementSecurityEvent);
 
         List<QName> bstPath = new LinkedList<>();
-        bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
 
         XMLSecEvent recipientTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
@@ -325,7 +325,7 @@ public class InboundWSSecurityContextImp
         protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
 
         List<QName> signaturePath = new LinkedList<>();
-        signaturePath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        signaturePath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         signaturePath.add(WSSConstants.TAG_dsig_Signature);
 
         EncryptedElementSecurityEvent signatureEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(recipientToken, true, protectionOrder);
@@ -333,7 +333,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(signatureEncryptedElementSecurityEvent);
 
         List<QName> usernameTokenPath = new LinkedList<>();
-        usernameTokenPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        usernameTokenPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         usernameTokenPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
 
         XMLSecEvent usernameTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
@@ -557,7 +557,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(timestampSecurityEvent);
 
         List<QName> timestampPath = new LinkedList<>();
-        timestampPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        timestampPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         timestampPath.add(WSSConstants.TAG_WSU_TIMESTAMP);
 
         RequiredElementSecurityEvent timestampRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
@@ -568,7 +568,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(signatureConfirmationSecurityEvent);
 
         List<QName> scPath = new LinkedList<>();
-        scPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        scPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         scPath.add(WSSConstants.TAG_WSSE11_SIG_CONF);
 
         RequiredElementSecurityEvent scRequiredElementSecurityEvent = new RequiredElementSecurityEvent();
@@ -576,7 +576,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(scRequiredElementSecurityEvent);
 
         List<QName> samlTokenPath = new LinkedList<>();
-        samlTokenPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        samlTokenPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         samlTokenPath.add(WSSConstants.TAG_SAML2_ASSERTION);
 
         XMLSecEvent samlTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
@@ -603,7 +603,7 @@ public class InboundWSSecurityContextImp
         protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
 
         List<QName> usernamePath = new LinkedList<>();
-        usernamePath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        usernamePath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         usernamePath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
 
         XMLSecEvent usernameTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);
@@ -614,7 +614,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(usernameEncryptedElementSecurityEvent);
 
         List<QName> usernameTokenPath = new LinkedList<>();
-        usernameTokenPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        usernameTokenPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         usernameTokenPath.add(WSSConstants.TAG_WSSE_USERNAME_TOKEN);
 
         UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
@@ -630,7 +630,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(usernameTokenSecurityEvent);
 
         List<QName> signaturePath = new LinkedList<>();
-        signaturePath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        signaturePath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         signaturePath.add(WSSConstants.TAG_dsig_Signature);
 
         EncryptedElementSecurityEvent signatureEncryptedElementSecurityEvent = new EncryptedElementSecurityEvent(samlSecurityToken, true, protectionOrder);
@@ -659,7 +659,7 @@ public class InboundWSSecurityContextImp
         inboundWSSecurityContext.registerSecurityEvent(signedUsernameTokenElementSecurityEvent);
 
         List<QName> bstPath = new LinkedList<>();
-        bstPath.addAll(WSSConstants.WSSE_SECURITY_HEADER_PATH);
+        bstPath.addAll(WSSConstants.SOAP_11_WSSE_SECURITY_HEADER_PATH);
         bstPath.add(WSSConstants.TAG_WSSE_BINARY_SECURITY_TOKEN);
 
         XMLSecEvent bstTokenXmlEvent = XMLSecEventFactory.createXmlSecStartElement(WSSConstants.TAG_WSSE_USERNAME_TOKEN, null, null);



Mime
View raw message