You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/05/20 18:00:35 UTC
svn commit: r1484509 - in
/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j:
PolicyBasedWSS4JStaxOutInterceptor.java
policyhandlers/AbstractStaxBindingHandler.java
policyhandlers/StaxTransportBindingHandler.java
Author: coheigea
Date: Mon May 20 16:00:35 2013
New Revision: 1484509
URL: http://svn.apache.org/r1484509
Log:
Added initial attempt at configuring SecurityPolicy for the transport binding outbound
Added:
cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
Modified:
cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java?rev=1484509&r1=1484508&r2=1484509&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java Mon May 20 16:00:35 2013
@@ -26,7 +26,6 @@ import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
-import java.util.Map;
import java.util.Properties;
import java.util.logging.Logger;
@@ -44,19 +43,14 @@ import org.apache.cxf.service.model.Endp
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.cxf.ws.security.wss4j.policyhandlers.StaxTransportBindingHandler;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.SPConstants;
-import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
-import org.apache.wss4j.policy.model.AbstractBinding;
-import org.apache.wss4j.policy.model.UsernameToken;
-import org.apache.wss4j.policy.model.UsernameToken.PasswordType;
/**
*
@@ -332,13 +326,6 @@ public class PolicyBasedWSS4JStaxOutInte
return signCrypto;
}
- private void configureActions(
- AssertionInfoMap aim, SoapMessage message
- ) throws WSSecurityException {
- configureUsernameToken(aim, message);
- configureTimestamp(aim, message);
- }
-
@Override
protected void configureProperties(SoapMessage msg) throws WSSecurityException {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
@@ -346,110 +333,13 @@ public class PolicyBasedWSS4JStaxOutInte
checkSymmetricBinding(aim, msg);
checkTransportBinding(aim, msg);
- configureActions(aim, msg);
-
- super.configureProperties(msg);
- }
-
- private void configureUsernameToken(
- AssertionInfoMap aim, SoapMessage message
- ) throws WSSecurityException {
- Map<String, Object> config = getProperties();
-
- Collection<AssertionInfo> ais =
- getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
- if (ais != null && ais.size() > 0) {
- UsernameToken usernameToken = (UsernameToken)ais.iterator().next().getAssertion();
- IncludeTokenType includeToken = usernameToken.getIncludeTokenType();
- if (!isTokenRequired(includeToken, message)) {
- return;
- }
-
- // Action
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION,
- action + " " + ConfigurationConstants.USERNAME_TOKEN);
- } else {
- config.put(ConfigurationConstants.ACTION,
- ConfigurationConstants.USERNAME_TOKEN);
- }
-
- // Password Type
- PasswordType passwordType = usernameToken.getPasswordType();
- if (passwordType == PasswordType.HashPassword) {
- config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
- } else if (passwordType == PasswordType.NoPassword) {
- config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_NONE);
- } else {
- config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
- }
-
- // Nonce + Created
- if (usernameToken.isNonce()) {
- config.put(ConfigurationConstants.ADD_USERNAMETOKEN_NONCE, "true");
- }
- if (usernameToken.isCreated()) {
- config.put(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, "true");
- }
- }
- }
-
- private void configureTimestamp(
- AssertionInfoMap aim, SoapMessage message
- ) throws WSSecurityException {
- Map<String, Object> config = getProperties();
-
- AbstractBinding binding = getBinding(aim);
- if (binding != null && binding.isIncludeTimestamp()) {
- // Action
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION,
- action + " " + ConfigurationConstants.TIMESTAMP);
- } else {
- config.put(ConfigurationConstants.ACTION,
- ConfigurationConstants.TIMESTAMP);
- }
- }
- }
-
- private AbstractBinding getBinding(
- AssertionInfoMap aim
- ) throws WSSecurityException {
Collection<AssertionInfo> ais =
getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
- if (ais != null && ais.size() > 0) {
- return (AbstractBinding)ais.iterator().next().getAssertion();
+ if (!ais.isEmpty()) {
+ new StaxTransportBindingHandler(getProperties(), msg).handleBinding();
}
- ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
- if (ais != null && ais.size() > 0) {
- return (AbstractBinding)ais.iterator().next().getAssertion();
- }
-
- ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
- if (ais != null && ais.size() > 0) {
- return (AbstractBinding)ais.iterator().next().getAssertion();
- }
-
- return null;
+ super.configureProperties(msg);
}
- private boolean isTokenRequired(IncludeTokenType includeToken, SoapMessage soapMessage) {
- if (includeToken == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
- return false;
- } else if (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
- return true;
- } else {
- boolean initiator = MessageUtils.isRequestor(soapMessage);
- if (initiator && (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
- || includeToken == IncludeTokenType.INCLUDE_TOKEN_ONCE)) {
- return true;
- } else if (!initiator && includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
- return true;
- }
- return false;
- }
- }
}
Added: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1484509&view=auto
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (added)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Mon May 20 16:00:35 2013
@@ -0,0 +1,627 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.policyhandlers;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.i18n.Message;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.policy.PolicyException;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.neethi.Assertion;
+import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
+import org.apache.wss4j.policy.model.AbstractBinding;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AbstractTokenWrapper;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.Layout;
+import org.apache.wss4j.policy.model.Layout.LayoutType;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SamlToken.SamlTokenType;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.UsernameToken.PasswordType;
+import org.apache.wss4j.policy.model.Wss10;
+import org.apache.wss4j.policy.model.Wss11;
+import org.apache.wss4j.policy.model.X509Token;
+import org.apache.wss4j.policy.model.X509Token.TokenType;
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.xml.security.stax.ext.SecurePart;
+import org.apache.xml.security.stax.ext.SecurePart.Modifier;
+
+/**
+ *
+ */
+public abstract class AbstractStaxBindingHandler {
+ private static final Logger LOG = LogUtils.getL7dLogger(AbstractStaxBindingHandler.class);
+ protected boolean timestampAdded;
+ protected Set<SecurePart> encryptedTokensList = new HashSet<SecurePart>();
+ private final Map<String, Object> properties;
+ private final SoapMessage message;
+
+ public AbstractStaxBindingHandler(Map<String, Object> properties, SoapMessage msg) {
+ this.properties = properties;
+ this.message = msg;
+ }
+
+ protected SecurePart addUsernameToken(UsernameToken usernameToken) {
+ IncludeTokenType includeToken = usernameToken.getIncludeTokenType();
+ if (!isTokenRequired(includeToken)) {
+ return null;
+ }
+
+ Map<String, Object> config = getProperties();
+
+ // Action
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION,
+ action + " " + ConfigurationConstants.USERNAME_TOKEN);
+ } else {
+ config.put(ConfigurationConstants.ACTION,
+ ConfigurationConstants.USERNAME_TOKEN);
+ }
+
+ // Password Type
+ PasswordType passwordType = usernameToken.getPasswordType();
+ if (passwordType == PasswordType.HashPassword) {
+ config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
+ } else if (passwordType == PasswordType.NoPassword) {
+ config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_NONE);
+ } else {
+ config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
+ }
+
+ // Nonce + Created
+ if (usernameToken.isNonce()) {
+ config.put(ConfigurationConstants.ADD_USERNAMETOKEN_NONCE, "true");
+ }
+ if (usernameToken.isCreated()) {
+ config.put(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, "true");
+ }
+
+ return new SecurePart(WSSConstants.TAG_wsse_UsernameToken, Modifier.Element);
+ }
+
+ protected SecurePart addSamlToken(SamlToken token) throws WSSecurityException {
+ IncludeTokenType includeToken = token.getIncludeTokenType();
+ if (!isTokenRequired(includeToken)) {
+ return null;
+ }
+
+ Map<String, Object> config = getProperties();
+
+ //
+ // Get the SAML CallbackHandler
+ //
+ Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
+
+ CallbackHandler handler = null;
+ if (o instanceof CallbackHandler) {
+ handler = (CallbackHandler)o;
+ } else if (o instanceof String) {
+ try {
+ handler = (CallbackHandler)ClassLoaderUtils
+ .loadClass((String)o, this.getClass()).newInstance();
+ } catch (Exception e) {
+ handler = null;
+ }
+ }
+ if (handler == null) {
+ policyNotAsserted(token, "No SAML CallbackHandler available");
+ return null;
+ }
+ config.put(ConfigurationConstants.SAML_CALLBACK_REF, handler);
+
+ // Action
+ boolean selfSignAssertion =
+ MessageUtils.getContextualBoolean(
+ message, SecurityConstants.SELF_SIGN_SAML_ASSERTION, false
+ );
+ String samlAction = ConfigurationConstants.SAML_TOKEN_UNSIGNED;
+ if (selfSignAssertion) {
+ samlAction = ConfigurationConstants.SAML_TOKEN_SIGNED;
+ }
+
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION, action + " " + samlAction);
+ } else {
+ config.put(ConfigurationConstants.ACTION, samlAction);
+ }
+
+ // TODO -> Set SAML Type from policy?
+ QName qname = WSSConstants.TAG_saml2_Assertion;
+ SamlTokenType tokenType = token.getSamlTokenType();
+ if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
+ qname = WSSConstants.TAG_saml_Assertion;
+ }
+
+ return new SecurePart(qname, Modifier.Element);
+ }
+
+ protected void policyNotAsserted(Assertion assertion, String reason) {
+ if (assertion == null) {
+ return;
+ }
+ LOG.log(Level.FINE, "Not asserting " + assertion.getName() + ": " + reason);
+ AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+ Collection<AssertionInfo> ais = aim.get(assertion.getName());
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ if (ai.getAssertion() == assertion) {
+ ai.setNotAsserted(reason);
+ }
+ }
+ }
+ if (!assertion.isOptional()) {
+ throw new PolicyException(new Message(reason, LOG));
+ }
+ }
+
+ protected void configureTimestamp(AssertionInfoMap aim) {
+ Map<String, Object> config = getProperties();
+
+ AbstractBinding binding = getBinding(aim);
+ if (binding != null && binding.isIncludeTimestamp()) {
+ // Action
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION,
+ action + " " + ConfigurationConstants.TIMESTAMP);
+ } else {
+ config.put(ConfigurationConstants.ACTION,
+ ConfigurationConstants.TIMESTAMP);
+ }
+
+ timestampAdded = true;
+ }
+ }
+
+ protected void configureLayout(AssertionInfoMap aim) {
+ Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.LAYOUT);
+ for (AssertionInfo ai : ais) {
+ Layout layout = (Layout)ai.getAssertion();
+ ai.setAsserted(true);
+ if (layout.getLayoutType() == LayoutType.LaxTsLast) {
+ // TODO re-order action list
+ } else if (layout.getLayoutType() == LayoutType.LaxTsFirst) {
+ // TODO re-order action list
+ }
+ }
+ }
+
+ protected AbstractBinding getBinding(AssertionInfoMap aim) {
+ Collection<AssertionInfo> ais =
+ getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+ if (ais != null && ais.size() > 0) {
+ return (AbstractBinding)ais.iterator().next().getAssertion();
+ }
+
+ ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+ if (ais != null && ais.size() > 0) {
+ return (AbstractBinding)ais.iterator().next().getAssertion();
+ }
+
+ ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+ if (ais != null && ais.size() > 0) {
+ return (AbstractBinding)ais.iterator().next().getAssertion();
+ }
+
+ return null;
+ }
+
+ protected boolean isRequestor() {
+ return MessageUtils.isRequestor(message);
+ }
+
+ protected boolean isTokenRequired(IncludeTokenType includeToken) {
+ if (includeToken == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
+ return false;
+ } else if (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
+ return true;
+ } else {
+ boolean initiator = MessageUtils.isRequestor(message);
+ if (initiator && (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
+ || includeToken == IncludeTokenType.INCLUDE_TOKEN_ONCE)) {
+ return true;
+ } else if (!initiator && includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
+ return true;
+ }
+ return false;
+ }
+ }
+
+ protected Collection<AssertionInfo> getAllAssertionsByLocalname(
+ AssertionInfoMap aim,
+ String localname
+ ) {
+ Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
+ Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
+
+ if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
+ Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+ if (sp11Ais != null) {
+ ais.addAll(sp11Ais);
+ }
+ if (sp12Ais != null) {
+ ais.addAll(sp12Ais);
+ }
+ return ais;
+ }
+
+ return Collections.emptySet();
+ }
+
+ protected Map<String, Object> getProperties() {
+ return properties;
+ }
+
+ protected SoapMessage getMessage() {
+ return message;
+ }
+
+ protected void configureSignature(
+ AbstractTokenWrapper wrapper, AbstractToken token, boolean attached
+ ) throws WSSecurityException {
+ Map<String, Object> config = getProperties();
+
+ if (token instanceof X509Token) {
+ X509Token x509Token = (X509Token) token;
+ TokenType tokenType = x509Token.getTokenType();
+ if (tokenType == TokenType.WssX509PkiPathV1Token10
+ || tokenType == TokenType.WssX509PkiPathV1Token11) {
+ config.put(ConfigurationConstants.USE_SINGLE_CERTIFICATE, "false");
+ }
+ }
+
+ // boolean alsoIncludeToken = false;
+ /* TODO if (token instanceof IssuedToken || token instanceof SamlToken) {
+ SecurityToken securityToken = getSecurityToken();
+ String tokenType = securityToken.getTokenType();
+
+ Element ref;
+ if (attached) {
+ ref = securityToken.getAttachedReference();
+ } else {
+ ref = securityToken.getUnattachedReference();
+ }
+
+ if (ref != null) {
+ SecurityTokenReference secRef =
+ new SecurityTokenReference(cloneElement(ref), new BSPEnforcer());
+ sig.setSecurityTokenReference(secRef);
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ } else {
+ int type = attached ? WSConstants.CUSTOM_SYMM_SIGNING
+ : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
+ if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+ || WSConstants.SAML_NS.equals(tokenType)) {
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+ || WSConstants.SAML2_NS.equals(tokenType)) {
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ } else {
+ sig.setCustomTokenValueType(tokenType);
+ sig.setKeyIdentifierType(type);
+ }
+ }
+
+ String sigTokId;
+ if (attached) {
+ sigTokId = securityToken.getWsuId();
+ if (sigTokId == null) {
+ sigTokId = securityToken.getId();
+ }
+ if (sigTokId.startsWith("#")) {
+ sigTokId = sigTokId.substring(1);
+ }
+ } else {
+ sigTokId = securityToken.getId();
+ }
+
+ sig.setCustomTokenId(sigTokId);
+ } else {
+ */
+ config.put(ConfigurationConstants.SIG_KEY_ID, getKeyIdentifierType(wrapper, token));
+ /*
+ * TODO
+ // Find out do we also need to include the token as per the Inclusion requirement
+ if (token instanceof X509Token
+ && token.getIncludeTokenType() != IncludeTokenType.INCLUDE_TOKEN_NEVER
+ && (sig.getKeyIdentifierType() != WSConstants.BST_DIRECT_REFERENCE
+ && sig.getKeyIdentifierType() != WSConstants.KEY_VALUE)) {
+ alsoIncludeToken = true;
+ }
+ */
+ // }
+
+ AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+ AbstractBinding binding = getBinding(aim);
+ config.put(ConfigurationConstants.SIG_ALGO,
+ binding.getAlgorithmSuite().getAsymmetricSignature());
+ AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+ config.put(ConfigurationConstants.SIG_DIGEST_ALGO, algType.getDigest());
+ // sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
+
+ //if (alsoIncludeToken) {
+ // includeToken(user, crypto, sig);
+ //}
+ }
+
+ private String getKeyIdentifierType(AbstractTokenWrapper wrapper, AbstractToken token) {
+
+ String identifier = null;
+ if (token instanceof X509Token) {
+ X509Token x509Token = (X509Token)token;
+ if (x509Token.isRequireIssuerSerialReference()) {
+ identifier = "IssuerSerial";
+ } else if (x509Token.isRequireKeyIdentifierReference()) {
+ identifier = "SKIKeyIdentifier";
+ } else if (x509Token.isRequireThumbprintReference()) {
+ identifier = "Thumbprint";
+ }
+ } else if (token instanceof KeyValueToken) {
+ identifier = "KeyValue";
+ }
+
+ if (identifier != null) {
+ return identifier;
+ }
+
+ if (token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
+ Wss10 wss = getWss10();
+ if (wss == null || wss.isMustSupportRefKeyIdentifier()) {
+ return "SKIKeyIdentifier";
+ } else if (wss.isMustSupportRefIssuerSerial()) {
+ return "IssuerSerial";
+ } else if (wss instanceof Wss11
+ && ((Wss11) wss).isMustSupportRefThumbprint()) {
+ return "Thumbprint";
+ }
+ } else {
+ return "DirectReference";
+ }
+
+ return "IssuerSerial";
+ }
+
+ protected Wss10 getWss10() {
+ AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+ Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.WSS10);
+ if (!ais.isEmpty()) {
+ for (AssertionInfo ai : ais) {
+ return (Wss10)ai.getAssertion();
+ }
+ }
+
+ ais = getAllAssertionsByLocalname(aim, SPConstants.WSS11);
+ if (!ais.isEmpty()) {
+ for (AssertionInfo ai : ais) {
+ return (Wss10)ai.getAssertion();
+ }
+ }
+
+ return null;
+ }
+
+ protected Map<AbstractToken, Object> handleSupportingTokens(
+ Collection<Assertion> tokens,
+ boolean endorse
+ ) throws WSSecurityException {
+ Map<AbstractToken, Object> ret = new HashMap<AbstractToken, Object>();
+ if (tokens != null) {
+ for (Assertion pa : tokens) {
+ if (pa instanceof SupportingTokens) {
+ handleSupportingTokens((SupportingTokens)pa, endorse, ret);
+ }
+ }
+ }
+ return ret;
+ }
+
+ protected Map<AbstractToken, Object> handleSupportingTokens(
+ SupportingTokens suppTokens,
+ boolean endorse
+ ) throws WSSecurityException {
+ return handleSupportingTokens(suppTokens, endorse, new HashMap<AbstractToken, Object>());
+ }
+
+ protected Map<AbstractToken, Object> handleSupportingTokens(
+ SupportingTokens suppTokens,
+ boolean endorse,
+ Map<AbstractToken, Object> ret
+ ) throws WSSecurityException {
+ if (suppTokens == null) {
+ return ret;
+ }
+ for (AbstractToken token : suppTokens.getTokens()) {
+ if (token instanceof UsernameToken) {
+ handleUsernameTokenSupportingToken(
+ (UsernameToken)token, endorse, suppTokens.isEncryptedToken(), ret
+ );
+ /* TODO else if (isRequestor()
+ && (token instanceof IssuedToken
+ || token instanceof SecureConversationToken
+ || token instanceof SecurityContextToken
+ || token instanceof KerberosToken)) {
+ //ws-trust/ws-sc stuff.......
+ SecurityToken secToken = getSecurityToken();
+ if (secToken == null) {
+ policyNotAsserted(token, "Could not find IssuedToken");
+ }
+ Element clone = cloneElement(secToken.getToken());
+ secToken.setToken(clone);
+ addSupportingElement(clone);
+
+ String id = secToken.getId();
+ if (id != null && id.charAt(0) == '#') {
+ id = id.substring(1);
+ }
+ if (suppTokens.isEncryptedToken()) {
+ WSEncryptionPart part = new WSEncryptionPart(id, "Element");
+ part.setElement(clone);
+ encryptedTokensList.add(part);
+ }
+
+ if (secToken.getX509Certificate() == null) {
+ ret.put(token, new WSSecurityTokenHolder(wssConfig, secToken));
+ } else {
+ WSSecSignature sig = new WSSecSignature(wssConfig);
+ sig.setX509Certificate(secToken.getX509Certificate());
+ sig.setCustomTokenId(id);
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ String tokenType = secToken.getTokenType();
+ if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+ || WSConstants.SAML_NS.equals(tokenType)) {
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+ } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+ || WSConstants.SAML2_NS.equals(tokenType)) {
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+ } else if (tokenType != null) {
+ sig.setCustomTokenValueType(tokenType);
+ } else {
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+ }
+ sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
+ sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
+
+ Crypto crypto = secToken.getCrypto();
+ String uname = null;
+ try {
+ uname = crypto.getX509Identifier(secToken.getX509Certificate());
+ } catch (WSSecurityException e1) {
+ LOG.log(Level.FINE, e1.getMessage(), e1);
+ throw new Fault(e1);
+ }
+
+ String password = getPassword(uname, token, WSPasswordCallback.Usage.SIGNATURE);
+ sig.setUserInfo(uname, password);
+ try {
+ sig.prepare(saaj.getSOAPPart(), secToken.getCrypto(), secHeader);
+ } catch (WSSecurityException e) {
+ LOG.log(Level.FINE, e.getMessage(), e);
+ throw new Fault(e);
+ }
+
+ ret.put(token, sig);
+ }
+
+ } */
+ } else if (token instanceof X509Token || token instanceof KeyValueToken) {
+ configureSignature(suppTokens, token, false);
+ if (suppTokens.isEncryptedToken()) {
+ SecurePart part =
+ new SecurePart(WSSConstants.TAG_wsse_BinarySecurityToken, Modifier.Element);
+ encryptedTokensList.add(part);
+ }
+ ret.put(token, new SecurePart(WSSConstants.TAG_dsig_Signature, Modifier.Element));
+ } else if (token instanceof SamlToken) {
+ SecurePart securePart = addSamlToken((SamlToken)token);
+ if (securePart != null) {
+ ret.put(token, securePart);
+ if (suppTokens.isEncryptedToken()) {
+ encryptedTokensList.add(securePart);
+ }
+ }
+ }
+ }
+ return ret;
+ }
+
+ protected void handleUsernameTokenSupportingToken(
+ UsernameToken token, boolean endorse, boolean encryptedToken, Map<AbstractToken, Object> ret
+ ) throws WSSecurityException {
+ if (endorse) {
+ /* TODO
+ WSSecUsernameToken utBuilder = addDKUsernameToken(token, true);
+ if (utBuilder != null) {
+ utBuilder.prepare(saaj.getSOAPPart());
+ addSupportingElement(utBuilder.getUsernameTokenElement());
+ ret.put(token, utBuilder);
+ if (encryptedToken) {
+ WSEncryptionPart part = new WSEncryptionPart(utBuilder.getId(), "Element");
+ part.setElement(utBuilder.getUsernameTokenElement());
+ encryptedTokensList.add(part);
+ }
+ }
+ */
+ } else {
+ SecurePart securePart = addUsernameToken(token);
+ if (securePart != null) {
+ ret.put(token, securePart);
+ //WebLogic and WCF always encrypt these
+ //See: http://e-docs.bea.com/wls/docs103/webserv_intro/interop.html
+ //encryptedTokensIdList.add(utBuilder.getId());
+ if (encryptedToken
+ || MessageUtils.getContextualBoolean(message,
+ SecurityConstants.ALWAYS_ENCRYPT_UT,
+ true)) {
+ encryptedTokensList.add(securePart);
+ }
+ }
+ }
+ }
+
+ protected void addSignatureConfirmation(List<SecurePart> sigParts) {
+ Wss10 wss10 = getWss10();
+
+ if (!(wss10 instanceof Wss11)
+ || !((Wss11)wss10).isRequireSignatureConfirmation()) {
+ //If we don't require sig confirmation simply go back :-)
+ return;
+ }
+
+ // Enable SignatureConfirmation
+ Map<String, Object> config = getProperties();
+ config.put(ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
+
+ if (sigParts != null) {
+ SecurePart securePart =
+ new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation, Modifier.Element);
+ sigParts.add(securePart);
+ }
+ }
+}
Added: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1484509&view=auto
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java (added)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java Mon May 20 16:00:35 2013
@@ -0,0 +1,362 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.policyhandlers;
+
+import java.util.Collection;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.xml.soap.SOAPException;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.Header;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SignedElements;
+import org.apache.wss4j.policy.model.SignedParts;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.TransportBinding;
+import org.apache.wss4j.policy.model.TransportToken;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.X509Token;
+import org.apache.wss4j.stax.ext.WSSConstants;
+
+/**
+ *
+ */
+public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
+
+ private static final Logger LOG = LogUtils.getL7dLogger(StaxTransportBindingHandler.class);
+
+ public StaxTransportBindingHandler(Map<String, Object> properties, SoapMessage msg) {
+ super(properties, msg);
+ }
+
+ public void handleBinding() {
+ AssertionInfoMap aim = getMessage().get(AssertionInfoMap.class);
+ configureTimestamp(aim);
+ configureLayout(aim);
+
+ if (this.isRequestor()) {
+ TransportBinding binding = (TransportBinding)getBinding(aim);
+ TransportToken token = binding.getTransportToken();
+ if (token.getToken() instanceof IssuedToken) {
+ // TODO
+ }
+
+ try {
+ handleNonEndorsingSupportingTokens(aim);
+ handleEndorsingSupportingTokens(aim);
+ } catch (Exception e) {
+ LOG.log(Level.FINE, e.getMessage(), e);
+ throw new Fault(e);
+ }
+ } else {
+ addSignatureConfirmation(null);
+ }
+ }
+
+ /**
+ * Handle the non-endorsing supporting tokens
+ */
+ private void handleNonEndorsingSupportingTokens(AssertionInfoMap aim) throws Exception {
+ Collection<AssertionInfo> ais;
+
+ ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
+ if (!ais.isEmpty()) {
+ for (AssertionInfo ai : ais) {
+ SupportingTokens sgndSuppTokens = (SupportingTokens)ai.getAssertion();
+ if (sgndSuppTokens != null) {
+ addSignedSupportingTokens(sgndSuppTokens);
+ }
+ ai.setAsserted(true);
+ }
+ }
+
+ ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+ if (!ais.isEmpty()) {
+ for (AssertionInfo ai : ais) {
+ SupportingTokens sgndSuppTokens = (SupportingTokens)ai.getAssertion();
+ if (sgndSuppTokens != null) {
+ addSignedSupportingTokens(sgndSuppTokens);
+ }
+ ai.setAsserted(true);
+ }
+ }
+
+ ais = getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_SUPPORTING_TOKENS);
+ if (!ais.isEmpty()) {
+ for (AssertionInfo ai : ais) {
+ SupportingTokens encrSuppTokens = (SupportingTokens)ai.getAssertion();
+ if (encrSuppTokens != null) {
+ addSignedSupportingTokens(encrSuppTokens);
+ }
+ ai.setAsserted(true);
+ }
+ }
+
+ ais = getAllAssertionsByLocalname(aim, SPConstants.SUPPORTING_TOKENS);
+ if (!ais.isEmpty()) {
+ for (AssertionInfo ai : ais) {
+ SupportingTokens suppTokens = (SupportingTokens)ai.getAssertion();
+ if (suppTokens != null && suppTokens.getTokens() != null
+ && suppTokens.getTokens().size() > 0) {
+ handleSupportingTokens(suppTokens, false);
+ }
+ ai.setAsserted(true);
+ }
+ }
+ }
+
+ private void addSignedSupportingTokens(SupportingTokens sgndSuppTokens)
+ throws Exception {
+ for (AbstractToken token : sgndSuppTokens.getTokens()) {
+ if (token instanceof UsernameToken) {
+ addUsernameToken((UsernameToken)token);
+ /*TODO
+ else if (token instanceof IssuedToken || token instanceof KerberosToken) {
+ SecurityToken secTok = getSecurityToken();
+
+ if (includeToken(token.getIncludeTokenType())) {
+ //Add the token
+ addEncryptedKeyElement(cloneElement(secTok.getToken()));
+ }
+ } */
+ } else if (token instanceof SamlToken) {
+ addSamlToken((SamlToken)token);
+ } else {
+ //REVISIT - not supported for signed. Exception?
+ }
+ }
+
+ }
+
+ /**
+ * Handle the endorsing supporting tokens
+ */
+ private void handleEndorsingSupportingTokens(AssertionInfoMap aim) throws Exception {
+ Collection<AssertionInfo> ais;
+
+ ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
+ if (!ais.isEmpty()) {
+ SupportingTokens sgndSuppTokens = null;
+ for (AssertionInfo ai : ais) {
+ sgndSuppTokens = (SupportingTokens)ai.getAssertion();
+ ai.setAsserted(true);
+ }
+ if (sgndSuppTokens != null) {
+ for (AbstractToken token : sgndSuppTokens.getTokens()) {
+ handleEndorsingToken(token, sgndSuppTokens);
+ }
+ }
+ }
+
+ ais = getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_SUPPORTING_TOKENS);
+ if (!ais.isEmpty()) {
+ SupportingTokens endSuppTokens = null;
+ for (AssertionInfo ai : ais) {
+ endSuppTokens = (SupportingTokens)ai.getAssertion();
+ ai.setAsserted(true);
+ }
+
+ if (endSuppTokens != null) {
+ for (AbstractToken token : endSuppTokens.getTokens()) {
+ handleEndorsingToken(token, endSuppTokens);
+ }
+ }
+ }
+ ais = getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+ if (!ais.isEmpty()) {
+ SupportingTokens endSuppTokens = null;
+ for (AssertionInfo ai : ais) {
+ endSuppTokens = (SupportingTokens)ai.getAssertion();
+ ai.setAsserted(true);
+ }
+
+ if (endSuppTokens != null) {
+ for (AbstractToken token : endSuppTokens.getTokens()) {
+ handleEndorsingToken(token, endSuppTokens);
+ }
+ }
+ }
+ ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+ if (!ais.isEmpty()) {
+ SupportingTokens endSuppTokens = null;
+ for (AssertionInfo ai : ais) {
+ endSuppTokens = (SupportingTokens)ai.getAssertion();
+ ai.setAsserted(true);
+ }
+
+ if (endSuppTokens != null) {
+ for (AbstractToken token : endSuppTokens.getTokens()) {
+ handleEndorsingToken(token, endSuppTokens);
+ }
+ }
+ }
+ }
+
+ private void handleEndorsingToken(
+ AbstractToken token, SupportingTokens wrapper
+ ) throws Exception {
+ /* TODO if (token instanceof IssuedToken
+ || token instanceof SecureConversationToken
+ || token instanceof SecurityContextToken
+ || token instanceof KerberosToken
+ || token instanceof SpnegoContextToken) {
+ addSig(doIssuedTokenSignature(token, wrapper));
+ } else */
+ if (token instanceof X509Token
+ || token instanceof KeyValueToken) {
+ doX509TokenSignature(token, wrapper);
+ } /* TODO else if (token instanceof SamlToken) {
+ SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)token);
+ assertionWrapper.toDOM(saaj.getSOAPPart());
+ storeAssertionAsSecurityToken(assertionWrapper);
+ addSig(doIssuedTokenSignature(token, wrapper));
+ } TODO else if (token instanceof UsernameToken) {
+ // Create a UsernameToken object for derived keys and store the security token
+ WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, true);
+ String id = usernameToken.getId();
+ byte[] secret = usernameToken.getDerivedKey();
+
+ Date created = new Date();
+ Date expires = new Date();
+ expires.setTime(created.getTime() + 300000);
+ SecurityToken tempTok =
+ new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires);
+ tempTok.setSecret(secret);
+ getTokenStore().add(tempTok);
+ message.setContextualProperty(SecurityConstants.TOKEN_ID, tempTok.getId());
+
+ addSig(doIssuedTokenSignature(token, wrapper));
+ }*/
+ }
+
+ private void doX509TokenSignature(AbstractToken token, SupportingTokens wrapper)
+ throws Exception {
+
+ signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
+
+ // Action
+ Map<String, Object> config = getProperties();
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION,
+ action + " " + ConfigurationConstants.SIGNATURE);
+ } else {
+ config.put(ConfigurationConstants.ACTION,
+ ConfigurationConstants.SIGNATURE);
+ }
+
+ /*TODO if (token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+ WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(wrapper, token);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ addTopDownElement(bstElem);
+ }
+ encrKey.appendToHeader(secHeader);
+
+ WSSecDKSign dkSig = new WSSecDKSign(wssConfig);
+
+ dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
+ dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+ AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+ dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
+
+ dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+
+ dkSig.prepare(doc, secHeader);
+
+ dkSig.setParts(sigParts);
+ List<Reference> referenceList = dkSig.addReferencesToSign(sigParts, secHeader);
+
+ //Do signature
+ dkSig.appendDKElementToHeader(secHeader);
+ dkSig.computeSignature(referenceList, false, null);
+
+ return dkSig.getSignatureValue();
+ } else {*/
+ configureSignature(wrapper, token, false);
+ // }
+ }
+
+ /**
+ * Identifies the portions of the message to be signed/encrypted.
+ */
+ private void signPartsAndElements(
+ SignedParts signedParts,
+ SignedElements signedElements
+ ) throws SOAPException {
+ Map<String, Object> properties = getProperties();
+ String parts = "";
+ if (properties.containsKey(ConfigurationConstants.SIGNATURE_PARTS)) {
+ parts = (String)properties.get(ConfigurationConstants.SIGNATURE_PARTS);
+ if (!parts.endsWith(";")) {
+ parts += ";";
+ }
+ }
+
+ // Add timestamp
+ if (timestampAdded) {
+ parts += "{Element}{" + WSSConstants.NS_WSU10 + "}Timestamp;";
+ }
+
+ // Add SignedParts
+ if (signedParts != null) {
+ if (signedParts.isBody()) {
+ parts += "{Element}{" + WSSConstants.NS_SOAP11 + "}Body;";
+ }
+
+ for (Header head : signedParts.getHeaders()) {
+ parts += "{Element}{" + head.getNamespace() + "}" + head.getName() + ";";
+ }
+ }
+ /*
+ * TODO
+ if (signedElements != null) {
+ // Handle SignedElements
+ try {
+ result.addAll(
+ this.getElements(
+ "Element", signedElements.getXPaths(), found, true
+ )
+ );
+ } catch (XPathExpressionException e) {
+ LOG.log(Level.FINE, e.getMessage(), e);
+ // REVISIT
+ }
+ }
+ */
+
+ properties.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
+ }
+
+
+}