You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by bi...@apache.org on 2020/04/15 16:08:18 UTC
[axis-axis2-java-rampart] branch RAMPART-289 created (now ad4f59f)
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a change to branch RAMPART-289
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git.
at ad4f59f Make the patch compile.
This branch includes the following new commits:
new 5f0e39d Create development branch for RAMPART-289.
new 64584cc Create development branch for RAMPART-289.
new f2febb5 RAMPART-289: Apply patch provided by Todd Wolff.
new f64557f Merge changes up to r1052171 from trunk.
new 0190820 Rename variable to match the code on the trunk.
new 82fe90d Merge r1052172 from the trunk.
new ef0ad87 Merge changes up to r1240267 from trunk.
new dbb633e Merge r1240268 from trunk.
new 27ac5d2 Merge remaining changes from trunk.
new ad4f59f Make the patch compile.
The 10 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[axis-axis2-java-rampart] 08/10: Merge r1240268 from trunk.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-289
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit dbb633e41dde949cf2fe8b57a58e17e4ad9e7c8f
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Mon Jan 30 17:44:41 2017 +0000
Merge r1240268 from trunk.
---
.../ExtendedPolicyValidatorCallbackHandler.java | 24 +
.../rampart/PolicyBasedResultsValidator.java | 694 ++++++++++---------
.../java/org/apache/rampart/RampartConstants.java | 3 +
.../java/org/apache/rampart/RampartEngine.java | 33 +-
.../org/apache/rampart/RampartMessageData.java | 54 +-
.../org/apache/rampart/TokenCallbackHandler.java | 4 +-
.../rampart/builder/AsymmetricBindingBuilder.java | 238 ++++---
.../org/apache/rampart/builder/BindingBuilder.java | 318 +++++----
.../rampart/builder/SymmetricBindingBuilder.java | 152 +++--
.../rampart/builder/TransportBindingBuilder.java | 194 +++---
.../main/java/org/apache/rampart/errors.properties | 5 +-
.../rampart/handler/CertificateValidator.java | 45 ++
.../handler/PostDispatchVerificationHandler.java | 4 +-
.../apache/rampart/handler/RampartReceiver.java | 10 +-
.../apache/rampart/handler/WSDoAllReceiver.java | 39 +-
.../org/apache/rampart/handler/WSDoAllSender.java | 27 +-
.../handler/config/InflowConfiguration.java | 21 +
.../handler/config/OutflowConfiguration.java | 21 +
.../apache/rampart/policy/RampartPolicyData.java | 62 +-
.../rampart/policy/model/OptimizePartsConfig.java | 11 +-
.../apache/rampart/saml/SAML1AssertionHandler.java | 12 +-
.../org/apache/rampart/util/MessageOptimizer.java | 25 +-
.../java/org/apache/rampart/util/RampartUtil.java | 750 ++++++++++++---------
.../src/main/java/org/apache/rahas/PWCallback.java | 14 +-
.../main/java/org/apache/rampart/PWCallback.java | 18 +-
.../apache/axis2/oasis/ping/PingPortSkeleton.java | 31 +-
.../axis2/security/InteropScenarioClient.java | 7 +-
.../src/org/apache/axis2/security/PWCallback.java | 10 +-
.../org/apache/axis2/security/Scenario4Test.java | 9 +-
.../org/apache/axis2/security/Scenario5Test.java | 4 +-
.../test/java/org/apache/rampart/RampartTest.java | 4 +-
.../src/test/resources/security/s2a.service.xml | 2 +-
.../test/resources/security/s4.client.axis2.xml | 5 +-
.../src/test/resources/security/s4.service.xml | 5 +-
.../test/resources/security/s5.client.axis2.xml | 4 +-
.../org/apache/rampart/MessageBuilderTestBase.java | 3 +-
.../java/org/apache/rampart/RampartEngineTest.java | 33 +-
.../java/org/apache/rampart/TestCBHandler.java | 44 +-
.../rampart-tests/test-resources/PWCallback.java | 8 +-
.../src/main/java/org/apache/rahas/RahasData.java | 31 +-
.../java/org/apache/rahas/client/STSClient.java | 30 +-
.../main/java/org/apache/rahas/errors.properties | 5 +-
.../org/apache/rahas/impl/SAML2TokenIssuer.java | 19 +-
.../org/apache/rahas/impl/SAMLTokenIssuer.java | 49 +-
.../apache/rahas/impl/SAMLTokenIssuerConfig.java | 11 +-
.../org/apache/rahas/impl/SAMLTokenRenewer.java | 11 +-
.../org/apache/rahas/impl/SAMLTokenValidator.java | 6 +-
.../org/apache/rahas/impl/TokenIssuerUtil.java | 13 +-
.../org/apache/rahas/impl/util/CommonUtil.java | 140 ++++
.../org/apache/rahas/impl/util/SAML2Utils.java | 13 +-
.../java/org/apache/rahas/impl/util/SAMLUtils.java | 22 +-
.../apache/rahas/impl/SAML2TokenIssuerTest.java | 73 ++
.../org/apache/rahas/impl/util/SAMLUtilsTest.java | 37 +-
.../java/org/apache/rahas/test/util/TestUtil.java | 61 ++
pom.xml | 22 +-
55 files changed, 2060 insertions(+), 1430 deletions(-)
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/ExtendedPolicyValidatorCallbackHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/ExtendedPolicyValidatorCallbackHandler.java
new file mode 100644
index 0000000..6bd2f59
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/ExtendedPolicyValidatorCallbackHandler.java
@@ -0,0 +1,24 @@
+package org.apache.rampart;
+
+import org.apache.ws.security.WSSecurityEngineResult;
+
+import java.util.List;
+import java.util.Vector;
+
+/**
+ * This is an extension of the PolicyValidatorCallbackHandler. PolicyValidatorCallbackHandler uses Vector
+ * to pass processing results. But Lists are better than Vectors as its performance is better. Therefore we
+ * introduce a new method in ExtendedPolicyValidatorCallbackHandler. Since we do not want to change the original
+ * interface (as it might cause existing users to change their code) we are introducing a new interface.
+ */
+public interface ExtendedPolicyValidatorCallbackHandler extends PolicyValidatorCallbackHandler {
+
+ /**
+ * Validate policy based results.
+ *
+ * @param data validator data
+ * @param results policy based ws-security results
+ * @throws RampartException Rampart exception
+ */
+ public abstract void validate(ValidatorData data, List<WSSecurityEngineResult> results) throws RampartException;
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index 0bb2863..13f36bb 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -27,6 +27,8 @@ import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.SPConstants;
import org.apache.ws.secpolicy.model.*;
import org.apache.ws.security.*;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Element;
@@ -37,17 +39,24 @@ import org.jaxen.JaxenException;
import javax.xml.namespace.QName;
import java.math.BigInteger;
+import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.*;
-public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandler {
+public class PolicyBasedResultsValidator implements ExtendedPolicyValidatorCallbackHandler {
private static Log log = LogFactory.getLog(PolicyBasedResultsValidator.class);
+
+ public void validate(ValidatorData data, Vector results)
+ throws RampartException {
+ List<WSSecurityEngineResult> resultsList = new ArrayList<WSSecurityEngineResult>(results);
+ this.validate(data, resultsList);
+ }
/**
* {@inheritDoc}
*/
- public void validate(ValidatorData data, Vector results)
+ public void validate(ValidatorData data, List<WSSecurityEngineResult> results)
throws RampartException {
RampartMessageData rmd = data.getRampartMessageData();
@@ -72,49 +81,60 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
}
//sig/encr
- Vector encryptedParts = RampartUtil.getEncryptedParts(rmd);
+ List<WSEncryptionPart> encryptedParts = RampartUtil.getEncryptedParts(rmd);
if(rpd != null && rpd.isSignatureProtection() && isSignatureRequired(rmd)) {
String sigId = RampartUtil.getSigElementId(rmd);
-
- encryptedParts.add(new WSEncryptionPart(WSConstants.SIG_LN,
- WSConstants.SIG_NS, "Element"));
+
+ encryptedParts.add(RampartUtil.createEncryptionPart(WSConstants.SIG_LN, sigId, WSConstants.SIG_NS,
+ RampartConstants.XML_ENCRYPTION_MODIFIER_ELEMENT));
}
- Vector signatureParts = RampartUtil.getSignedParts(rmd);
+ List<WSEncryptionPart> signatureParts = RampartUtil.getSignedParts(rmd);
//Timestamp is not included in sig parts
- if (tsResult != null || !rpd.isIncludeTimestampOptional()) {
- if (rpd != null && rpd.isIncludeTimestamp()
- && !rpd.isTransportBinding()) {
- signatureParts.add(new WSEncryptionPart("timestamp"));
- }
- }
-
+ if (rpd != null) {
+ if (tsResult != null || !rpd.isIncludeTimestampOptional()) {
+ if (rpd.isIncludeTimestamp()
+ && !rpd.isTransportBinding()) {
+ signatureParts.add(RampartUtil.createEncryptionPart(WSConstants.TIMESTAMP_TOKEN_LN, "timestamp"));
+ }
+ }
+ }
+
if(!rmd.isInitiator()) {
//Just an indicator for EndorsingSupportingToken signature
- SupportingToken endSupportingToken = rpd.getEndorsingSupportingTokens();
+ SupportingToken endSupportingToken = null;
+ if (rpd != null) {
+ endSupportingToken = rpd.getEndorsingSupportingTokens();
+ }
+
if(endSupportingToken != null && !endSupportingToken.isOptional()) {
SignedEncryptedParts endSignedParts = endSupportingToken.getSignedParts();
if((endSignedParts != null && !endSignedParts.isOptional() &&
(endSignedParts.isBody() ||
endSignedParts.getHeaders().size() > 0)) ||
rpd.isIncludeTimestamp()) {
- signatureParts.add(
- new WSEncryptionPart("EndorsingSupportingTokens"));
+
+ signatureParts.add(RampartUtil.createEncryptionPart("EndorsingSupportingTokens",
+ "EndorsingSupportingTokens"));
}
}
//Just an indicator for SignedEndorsingSupportingToken signature
- SupportingToken sgndEndSupportingToken = rpd.getSignedEndorsingSupportingTokens();
+ SupportingToken sgndEndSupportingToken = null;
+ if (rpd != null) {
+ sgndEndSupportingToken = rpd.getSignedEndorsingSupportingTokens();
+ }
if(sgndEndSupportingToken != null && !sgndEndSupportingToken.isOptional()) {
SignedEncryptedParts sgndEndSignedParts = sgndEndSupportingToken.getSignedParts();
if((sgndEndSignedParts != null && !sgndEndSignedParts.isOptional() &&
(sgndEndSignedParts.isBody() ||
sgndEndSignedParts.getHeaders().size() > 0)) ||
rpd.isIncludeTimestamp()) {
- signatureParts.add(
- new WSEncryptionPart("SignedEndorsingSupportingTokens"));
+
+ signatureParts.add(RampartUtil.createEncryptionPart("SignedEndorsingSupportingTokens",
+ "SignedEndorsingSupportingTokens"));
}
}
//Add an indicator for Encrypted Supporting Tokens
@@ -134,14 +154,15 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
if(encryptedSupportingToken != null) {
encryptedParts.add(new WSEncryptionPart("EncryptedSupportingToken"));
}
- Vector supportingToks = rpd.getSupportingTokensList();
- for (int i = 0; i < supportingToks.size(); i++) {
- SupportingToken supportingToken = (SupportingToken) supportingToks.get(i);
- if (supportingToken != null && !supportingToken.isOptional()) {
- SupportingPolicyData policyData = new SupportingPolicyData();
- policyData.build(supportingToken);
- encryptedParts.addAll(RampartUtil.getSupportingEncryptedParts(rmd, policyData));
- signatureParts.addAll(RampartUtil.getSupportingSignedParts(rmd, policyData));
+ if (rpd != null) {
+ List<SupportingToken> supportingToks = rpd.getSupportingTokensList();
+ for (SupportingToken supportingToken : supportingToks) {
+ if (supportingToken != null && !supportingToken.isOptional()) {
+ SupportingPolicyData policyData = new SupportingPolicyData();
+ policyData.build(supportingToken);
+ encryptedParts.addAll(RampartUtil.getSupportingEncryptedParts(rmd, policyData));
+ signatureParts.addAll(RampartUtil.getSupportingSignedParts(rmd, policyData));
+ }
}
}
SupportingToken supportingToken = rpd.getEncryptedSupportingTokens();
@@ -196,11 +217,11 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
}
validateEncrSig(data,encryptedParts, signatureParts, results);
-
- if(!rpd.isTransportBinding()) {
+
+ if(rpd != null && !rpd.isTransportBinding()) {
validateProtectionOrder(data, results, encryptedParts);
- }
-
+ }
+
validateEncryptedParts(data, encryptedParts, results);
validateSignedPartsHeaders(data, signatureParts, results);
@@ -265,16 +286,17 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
* @param encryptedParts
* @param signatureParts
*/
- protected void validateEncrSig(ValidatorData data,Vector encryptedParts, Vector signatureParts, Vector results)
+ protected void validateEncrSig(ValidatorData data,List<WSEncryptionPart> encryptedParts,
+ List<WSEncryptionPart> signatureParts, List<WSSecurityEngineResult> results)
throws RampartException {
- ArrayList actions = getSigEncrActions(results);
+ List<Integer> actions = getSigEncrActions(results);
boolean sig = false;
boolean encr = false;
- for (Iterator iter = actions.iterator(); iter.hasNext();) {
- Integer act = (Integer) iter.next();
- if(act.intValue() == WSConstants.SIGN) {
+ for (Object action : actions) {
+ Integer act = (Integer) action;
+ if (act == WSConstants.SIGN) {
sig = true;
- } else if(act.intValue() == WSConstants.ENCR) {
+ } else if (act == WSConstants.ENCR) {
encr = true;
}
}
@@ -303,12 +325,12 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
if(encr && encryptedParts.size() == 0) {
//Check whether its just an encrypted key
- ArrayList list = this.getResults(results, WSConstants.ENCR);
+ List<WSSecurityEngineResult> list = this.getResults(results, WSConstants.ENCR);
+
boolean encrDataFound = false;
- for (Iterator iter = list.iterator(); iter.hasNext();) {
- WSSecurityEngineResult result = (WSSecurityEngineResult) iter.next();
- ArrayList dataRefURIs = (ArrayList)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
- if ( dataRefURIs != null && dataRefURIs.size() != 0) {
+ for (WSSecurityEngineResult result : list) {
+ ArrayList dataRefURIs = (ArrayList) result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+ if (dataRefURIs != null && dataRefURIs.size() != 0) {
encrDataFound = true;
}
}
@@ -328,14 +350,13 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
* @param data
* @param results
*/
- protected void validateSupportingTokens(ValidatorData data, Vector results)
+ protected void validateSupportingTokens(ValidatorData data, List<WSSecurityEngineResult> results)
throws RampartException {
//Check for UsernameToken
RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
- Vector supportingToks = rpd.getSupportingTokensList();
- for (int i = 0; i < supportingToks.size(); i++) {
- SupportingToken suppTok = (SupportingToken) supportingToks.get(i);
+ List<SupportingToken> supportingTokens = rpd.getSupportingTokensList();
+ for (SupportingToken suppTok : supportingTokens) {
handleSupportingTokens(results, suppTok);
}
SupportingToken signedSuppToken = rpd.getSignedSupportingTokens();
@@ -351,33 +372,33 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
* @param suppTok
* @throws RampartException
*/
- protected void handleSupportingTokens(Vector results, SupportingToken suppTok) throws RampartException {
+ protected void handleSupportingTokens(List<WSSecurityEngineResult> results, SupportingToken suppTok) throws RampartException {
if(suppTok == null) {
return;
}
ArrayList tokens = suppTok.getTokens();
- for (Iterator iter = tokens.iterator(); iter.hasNext();) {
- Token token = (Token) iter.next();
- if(token instanceof UsernameToken) {
+ for (Object objectToken : tokens) {
+ Token token = (Token) objectToken;
+ if (token instanceof UsernameToken) {
UsernameToken ut = (UsernameToken) token;
//Check presence of a UsernameToken
WSSecurityEngineResult utResult = WSSecurityUtil.fetchActionResult(results, WSConstants.UT);
- if(utResult == null && !ut.isOptional()) {
+ if (utResult == null && !ut.isOptional()) {
throw new RampartException("usernameTokenMissing");
}
-
- } else if ( token instanceof IssuedToken ) {
+
+ } else if (token instanceof IssuedToken) {
//TODO is is enough to check for ST_UNSIGNED results ??
WSSecurityEngineResult samlResult = WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
- if(samlResult == null) {
+ if (samlResult == null) {
throw new RampartException("samlTokenMissing");
}
- } else if ( token instanceof X509Token) {
+ } else if (token instanceof X509Token) {
X509Token x509Token = (X509Token) token;
WSSecurityEngineResult x509Result = WSSecurityUtil.fetchActionResult(results, WSConstants.BST);
- if(x509Result == null && !x509Token.isOptional()) {
+ if (x509Result == null && !x509Token.isOptional()) {
throw new RampartException("binaryTokenMissing");
}
}
@@ -391,11 +412,11 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
* @param data
* @param results
*/
- protected void validateProtectionOrder(ValidatorData data, Vector results, Vector encryptedParts)
+ protected void validateProtectionOrder(ValidatorData data, List<WSSecurityEngineResult> results), Vector encryptedParts)
throws RampartException {
String protectionOrder = data.getRampartMessageData().getPolicyData().getProtectionOrder();
- ArrayList sigEncrActions = this.getSigEncrActions(results);
+ List<Integer> sigEncrActions = this.getSigEncrActions(results);
if(sigEncrActions.size() < 2) {
//There are no results to COMPARE
@@ -404,12 +425,12 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
boolean sigNotPresent = true;
boolean encrNotPresent = true;
-
- for (Iterator iter = sigEncrActions.iterator(); iter.hasNext();) {
- Integer act = (Integer) iter.next();
- if(act.intValue() == WSConstants.SIGN) {
+
+ for (Object sigEncrAction : sigEncrActions) {
+ Integer act = (Integer) sigEncrAction;
+ if (act == WSConstants.SIGN) {
sigNotPresent = false;
- } else if(act.intValue() == WSConstants.ENCR) {
+ } else if (act == WSConstants.ENCR) {
encrNotPresent = false;
}
}
@@ -427,11 +448,11 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
for (Iterator iter = sigEncrActions.iterator();
iter.hasNext() || !done;) {
Integer act = (Integer) iter.next();
- if(act.intValue() == WSConstants.ENCR && ! sigFound ) {
+ if(act == WSConstants.ENCR && ! sigFound ) {
// We found ENCR and SIGN has not been found - break and fail
break;
}
- if(act.intValue() == WSConstants.SIGN) {
+ if(act == WSConstants.SIGN) {
sigFound = true;
} else if(sigFound) {
//We have an ENCR action after sig
@@ -441,9 +462,9 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
} else {
boolean encrFound = false;
- for (Iterator iter = sigEncrActions.iterator(); iter.hasNext();) {
- Integer act = (Integer) iter.next();
- if(act.intValue() == WSConstants.SIGN && ! encrFound ) {
+ for (Object sigEncrAction : sigEncrActions) {
+ Integer act = (Integer) sigEncrAction;
+ if (act == WSConstants.SIGN && !encrFound) {
boolean messageEncryptionsFound = false;
boolean encryptedSupportingTokensFound = false;
Iterator iter2 = encryptedParts.iterator();
@@ -473,9 +494,9 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
break;
}
}
- if(act.intValue() == WSConstants.ENCR) {
+ if (act == WSConstants.ENCR) {
encrFound = true;
- } else if(encrFound) {
+ } else if (encrFound) {
//We have an ENCR action after sig
done = true;
}
@@ -488,22 +509,23 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
}
- protected ArrayList getSigEncrActions(Vector results) {
- ArrayList sigEncrActions = new ArrayList();
- for (Iterator iter = results.iterator(); iter.hasNext();) {
- Integer actInt = (Integer) ((WSSecurityEngineResult) iter.next())
+ protected List<Integer> getSigEncrActions(List<WSSecurityEngineResult> results) {
+ List<Integer> sigEncrActions = new ArrayList<Integer>();
+ for (WSSecurityEngineResult result : results) {
+ Integer action = (Integer) (result)
.get(WSSecurityEngineResult.TAG_ACTION);
- int action = actInt.intValue();
- if(WSConstants.SIGN == action || WSConstants.ENCR == action) {
- sigEncrActions.add(Integer.valueOf(action));
+
+ if (WSConstants.SIGN == action || WSConstants.ENCR == action) {
+ sigEncrActions.add(action);
}
-
+
}
return sigEncrActions;
}
- protected void validateEncryptedParts(ValidatorData data, Vector encryptedParts, Vector results)
- throws RampartException {
+ protected void validateEncryptedParts(ValidatorData data,
+ List<WSEncryptionPart> encryptedParts, List<WSSecurityEngineResult> results)
+ throws RampartException {
RampartMessageData rmd = data.getRampartMessageData();
@@ -517,28 +539,23 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
rpd.getDeclaredNamespaces());
Map decryptedElements = new HashMap();
- for (int i = 0; i < encrRefs.size() ; i++) {
- WSDataRef dataRef = (WSDataRef)encrRefs.get(i);
+ for (Object encrRef : encrRefs) {
+ WSDataRef dataRef = (WSDataRef) encrRef;
- if(dataRef == null || dataRef.getXpath() == null) {
+ if (dataRef == null || dataRef.getXpath() == null) {
continue;
}
try {
XPath xp = new AXIOMXPath(dataRef.getXpath());
- Iterator nsIter = namespaces.iterator();
-
- while (nsIter.hasNext())
- {
- OMNamespace tmpNs = (OMNamespace)nsIter.next();
+ for (Object namespaceObject : namespaces) {
+ OMNamespace tmpNs = (OMNamespace) namespaceObject;
xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
}
- Iterator nodesIterator = xp.selectNodes(envelope).iterator();
-
- while (nodesIterator.hasNext()) {
- decryptedElements.put(nodesIterator.next(), Boolean.valueOf(dataRef.isContent()));
+ for (Object o : xp.selectNodes(envelope)) {
+ decryptedElements.put(o, dataRef.isContent());
}
@@ -549,7 +566,6 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
}
-
//Check for encrypted body
if(rpd.isEncryptBody()&& !rpd.isEncryptBodyOptional()) {
@@ -559,10 +575,8 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
}
}
- for (int i = 0 ; i < encryptedParts.size() ; i++) {
-
- WSEncryptionPart encPart = (WSEncryptionPart)encryptedParts.get(i);
-
+ for (WSEncryptionPart encryptedPart : encryptedParts) {
+
// ignore place holders for encrypted supporting
// tokens
if (encPart.getId() != null && encPart.getId().equals("EncryptedSupportingToken")) {
@@ -570,39 +584,36 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
}
//This is the encrypted Body and we already checked encrypted body
- if (encPart.getType() == WSConstants.PART_TYPE_BODY) {
+ if (encryptedPart.getName().equals(WSConstants.ELEM_BODY)) {
continue;
}
-
- if ((WSConstants.SIG_LN.equals(encPart.getName()) &&
- WSConstants.SIG_NS.equals(encPart.getNamespace()))
- || encPart.getType() == WSConstants.PART_TYPE_HEADER ) {
- if (!isRefIdPresent(encrRefs, new QName(encPart.getNamespace(),encPart.getName()))) {
- throw new RampartException("encryptedPartMissing",
- new String[]{encPart.getNamespace()+":"+encPart.getName()});
+
+ if ((WSConstants.SIG_LN.equals(encryptedPart.getName()) &&
+ WSConstants.SIG_NS.equals(encryptedPart.getNamespace()))
+ || encryptedPart.getEncModifier().equals(WSConstants.ELEM_HEADER)) {
+ if (!isRefIdPresent(encrRefs, new QName(encryptedPart.getNamespace(), encryptedPart.getName()))) {
+ throw new RampartException("encryptedPartMissing",
+ new String[]{encryptedPart.getNamespace() + ":" + encryptedPart.getName()});
}
continue;
}
// it is not a header or body part... verify encrypted xpath elements
- String xpath = encPart.getXpath();
+ String xpath = encryptedPart.getXpath();
boolean found = false;
try {
XPath xp = new AXIOMXPath(xpath);
- Iterator nsIter = namespaces.iterator();
- while (nsIter.hasNext()) {
- OMNamespace tmpNs = (OMNamespace) nsIter.next();
+ for (Object namespaceObject : namespaces) {
+ OMNamespace tmpNs = (OMNamespace) namespaceObject;
xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
}
- Iterator nodesIterator = xp.selectNodes(envelope).iterator();
-
- while (nodesIterator.hasNext()) {
- Object result = decryptedElements.get(nodesIterator.next());
+ for (Object o : xp.selectNodes(envelope)) {
+ Object result = decryptedElements.get(o);
if (result != null &&
- ("Element".equals(encPart.getEncModifier())
- ^ ((Boolean) result).booleanValue())) {
+ ("Element".equals(encryptedPart.getEncModifier())
+ ^ (Boolean) result)) {
found = true;
break;
}
@@ -617,8 +628,8 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
} catch (JaxenException e) {
// This has to be changed to propagate an instance of a RampartException up
throw new RampartException("An error occurred while searching for decrypted elements.", e);
- }
-
+ }
+
}
}
@@ -630,21 +641,18 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
RampartPolicyData rpd = rmd.getPolicyData();
SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
-
- Iterator elementsIter = rpd.getRequiredElements().iterator();
-
- while (elementsIter.hasNext()) {
-
- String expression = (String) elementsIter.next();
-
- if ( !RampartUtil.checkRequiredElements(envelope, rpd.getDeclaredNamespaces(), expression)) {
- throw new RampartException("requiredElementsMissing", new String[] { expression } );
+
+ for (String expression : rpd.getRequiredElements()) {
+
+ if (!RampartUtil.checkRequiredElements(envelope, rpd.getDeclaredNamespaces(), expression)) {
+ throw new RampartException("requiredElementsMissing", new String[]{expression});
}
}
}
- protected void validateSignedPartsHeaders(ValidatorData data, Vector signatureParts, Vector results)
+ protected void validateSignedPartsHeaders(ValidatorData data, List<WSEncryptionPart> signatureParts,
+ List<WSSecurityEngineResult> results)
throws RampartException {
RampartMessageData rmd = data.getRampartMessageData();
@@ -654,82 +662,82 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
WSSecurityEngineResult[] actionResults = fetchActionResults(results, WSConstants.SIGN);
// Find elements that are signed
- Vector actuallySigned = new Vector();
+ List<QName> actuallySigned = new ArrayList<QName>();
if (actionResults != null) {
- for (int j = 0; j < actionResults.length; j++) {
-
- WSSecurityEngineResult actionResult = actionResults[j];
- List wsDataRefs = (List)actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
-
+ for (WSSecurityEngineResult actionResult : actionResults) {
+
+ List wsDataRefs = (List) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+
// if header was encrypted before it was signed, protected
// element is 'EncryptedHeader.' the actual element is
// first child element
- for (Iterator k = wsDataRefs.iterator(); k.hasNext();) {
- WSDataRef wsDataRef = (WSDataRef)k.next();
+ for (Object objectDataReference : wsDataRefs) {
+ WSDataRef wsDataRef = (WSDataRef) objectDataReference;
Element protectedElement = wsDataRef.getProtectedElement();
if (protectedElement.getLocalName().equals("EncryptedHeader")) {
NodeList nodeList = protectedElement.getChildNodes();
for (int x = 0; x < nodeList.getLength(); x++) {
if (nodeList.item(x).getNodeType() == Node.ELEMENT_NODE) {
- String ns = ((Element)nodeList.item(x)).getNamespaceURI();
- String ln = ((Element)nodeList.item(x)).getLocalName();
- actuallySigned.add(new QName(ns,ln));
+ String ns = (nodeList.item(x)).getNamespaceURI();
+ String ln = (nodeList.item(x)).getLocalName();
+ actuallySigned.add(new QName(ns, ln));
break;
}
- }
+ }
} else {
String ns = protectedElement.getNamespaceURI();
String ln = protectedElement.getLocalName();
- actuallySigned.add(new QName(ns,ln));
+ actuallySigned.add(new QName(ns, ln));
}
}
-
+
}
}
-
- for(int i=0; i<signatureParts.size(); i++) {
- WSEncryptionPart wsep = (WSEncryptionPart) signatureParts.get( i );
-
- if (wsep.getType() == WSConstants.PART_TYPE_BODY) {
-
+
+ for (WSEncryptionPart wsep : signatureParts) {
+ if (wsep.getName().equals(WSConstants.ELEM_BODY)) {
+
QName bodyQName;
-
+
if (WSConstants.URI_SOAP11_ENV.equals(envelope.getNamespaceURI())) {
bodyQName = new SOAP11Constants().getBodyQName();
} else {
bodyQName = new SOAP12Constants().getBodyQName();
}
-
+
if (!actuallySigned.contains(bodyQName) && !rmd.getPolicyData().isSignBodyOptional()) {
// soap body is not signed
throw new RampartException("bodyNotSigned");
}
-
- } else if (wsep.getType() == WSConstants.PART_TYPE_HEADER ||
- wsep.getType() == WSConstants.PART_TYPE_ELEMENT) {
-
- Element element = (Element) WSSecurityUtil.findElement(
- envelope, wsep.getName(), wsep.getNamespace() );
-
- if( element == null ) {
+
+ } else if (wsep.getName().equals(WSConstants.ELEM_HEADER) ||
+ wsep.getXpath() != null) {
+ // TODO earlier this was wsep.getType() == WSConstants.PART_TYPE_ELEMENT
+ // This means that encrypted element of an XPath expression type. Therefore we are checking
+ // now whether an XPath expression exists. - Verify
+
+ Element element = WSSecurityUtil.findElement(
+ envelope, wsep.getName(), wsep.getNamespace());
+
+ if (element == null) {
// The signedpart header or element we are checking is not present in
// soap envelope - this is allowed
continue;
}
-
+
// header or the element present in soap envelope - verify that it is part of signature
- if( actuallySigned.contains( new QName(element.getNamespaceURI(), element.getLocalName())) ) {
+ if (actuallySigned.contains(new QName(element.getNamespaceURI(), element.getLocalName()))) {
continue;
}
-
- String msg = wsep.getType() == WSConstants.PART_TYPE_HEADER ?
- "signedPartHeaderNotSigned" : "signedElementNotSigned";
-
+
+ String msg = wsep.getXpath() != null ?
+ "signedPartHeaderNotSigned" : "signedElementNotSigned";
+
// header or the element defined in policy is present but not signed
- throw new RampartException(msg, new String[] { wsep.getNamespace()+":"+wsep.getName() });
-
- }
+ throw new RampartException(msg, new String[]{wsep.getNamespace() + ":" + wsep.getName()});
+
+ }
}
}
@@ -746,11 +754,12 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
/*
* Verify that ts->Created is before 'now'
* - testing that timestamp has not expired ('now' is before ts->Expires) is handled earlier by WSS4J
+ * TODO must write unit tests
*/
protected boolean verifyTimestamp(Timestamp timestamp, RampartMessageData rmd) throws RampartException {
- Calendar cre = timestamp.getCreated();
- if (cre != null) {
+ Date createdTime = timestamp.getCreated();
+ if (createdTime != null) {
long now = Calendar.getInstance().getTimeInMillis();
// adjust 'now' with allowed timeskew
@@ -760,7 +769,7 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
}
// fail if ts->Created is after 'now'
- if( cre.getTimeInMillis() > now ) {
+ if( createdTime.getTime() > now ) {
return false;
}
}
@@ -779,8 +788,9 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
* 3. Verify the trust path for those certificates found because the search for the issuer might be fooled by a phony DN (String!)
*
* @param cert the certificate that should be validated against the keystore
+ * @param rmd To get signature keystore information.
* @return true if the certificate is trusted, false if not (AxisFault is thrown for exceptions during CertPathValidation)
- * @throws WSSecurityException
+ * @throws RampartException If an error occurred during validation.
*/
protected boolean verifyTrust(X509Certificate cert, RampartMessageData rmd) throws RampartException {
@@ -789,158 +799,198 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
return false;
}
- String[] aliases = null;
- String alias = null;
- X509Certificate[] certs;
+ Crypto crypto = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader());
- String subjectString = cert.getSubjectDN().getName();
- String issuerString = cert.getIssuerDN().getName();
- BigInteger issuerSerial = cert.getSerialNumber();
-
- boolean doDebug = log.isDebugEnabled();
- if (doDebug) {
- log.debug("WSHandler: Transmitted certificate has subject " +
- subjectString);
- log.debug("WSHandler: Transmitted certificate has issuer " +
- issuerString + " (serial " + issuerSerial + ")");
- }
+ // TODO removing this with WSS4J 1.6 migration. We do not have a way to get alias
+ // Therefore cannot set alias to message context. What will be affected from this ?
+ // rmd.getMsgContext().setProperty(RampartMessageData.SIGNATURE_CERT_ALIAS, alias);
- // FIRST step
- // Search the keystore for the transmitted certificate
+ // TODO this validation we are doing in SignatureProcessor.handleToken (WSS4J) So why we need to do again ?
+ // investigate
- // Search the keystore for the alias of the transmitted certificate
- try {
- alias = RampartUtil.getSignatureCrypto(
- rmd.getPolicyData().getRampartConfig(),
- rmd.getCustomClassLoader()).getAliasForX509Cert(
- issuerString, issuerSerial);
- } catch (WSSecurityException ex) {
- throw new RampartException("cannotFindAliasForCert", new String[]{subjectString}, ex);
- }
+ return isCertificateTrusted(cert, crypto);
- if (alias != null) {
- // Retrieve the certificate for the alias from the keystore
- try {
- certs = RampartUtil.getSignatureCrypto(
- rmd.getPolicyData().getRampartConfig(),
- rmd.getCustomClassLoader()).getCertificates(alias);
- } catch (WSSecurityException ex) {
- throw new RampartException("noCertForAlias", new String[] {alias}, ex);
- }
+ }
- // If certificates have been found, the certificates must be compared
- // to ensure against phony DNs (compare encoded form including signature)
- if (certs != null && certs.length > 0 && cert.equals(certs[0])) {
- if (doDebug) {
- log.debug("Direct trust for certificate with " + subjectString);
- }
- // Set the alias of the cert used for the msg. sig. as a msg. cxt. property
- rmd.getMsgContext().setProperty(RampartMessageData.SIGNATURE_CERT_ALIAS, alias);
- return true;
- }
- } else {
- if (doDebug) {
- log.debug("No alias found for subject from issuer with " + issuerString + " (serial " + issuerSerial + ")");
- }
+
+ /**
+ * TODO - This is directly copied from WSS4J (SignatureTrustValidator).
+ * We need to use to Validators instead of following code. REFACTOR later.
+ *
+ * Evaluate whether a given certificate should be trusted.
+ *
+ * Policy used in this implementation:
+ * 1. Search the keystore for the transmitted certificate
+ * 2. Search the keystore for a connection to the transmitted certificate
+ * (that is, search for certificate(s) of the issuer of the transmitted certificate
+ * 3. Verify the trust path for those certificates found because the search for the issuer
+ * might be fooled by a phony DN (String!)
+ *
+ * @param cert the certificate that should be validated against the keystore
+ * @param crypto A crypto instance to use for trust validation
+ * @return true if the certificate is trusted, false if not
+ * @throws RampartException If an error occurred during validation.
+ */
+ protected boolean isCertificateTrusted(
+ X509Certificate cert,
+ Crypto crypto
+ ) throws RampartException {
+ String subjectString = cert.getSubjectX500Principal().getName();
+ String issuerString = cert.getIssuerX500Principal().getName();
+ BigInteger issuerSerial = cert.getSerialNumber();
+
+ if (log.isDebugEnabled()) {
+ log.debug("Transmitted certificate has subject " + subjectString);
+ log.debug(
+ "Transmitted certificate has issuer " + issuerString + " (serial "
+ + issuerSerial + ")"
+ );
}
- // SECOND step
- // Search for the issuer of the transmitted certificate in the keystore
+ //
+ // FIRST step - Search the keystore for the transmitted certificate
+ //
+ if (isCertificateInKeyStore(crypto, cert)) {
+ return true;
+ }
- // Search the keystore for the alias of the transmitted certificates issuer
+ //
+ // SECOND step - Search for the issuer cert (chain) of the transmitted certificate in the
+ // keystore or the truststore
+ //
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.SUBJECT_DN);
+ cryptoType.setSubjectDN(issuerString);
+ X509Certificate[] foundCerts = new X509Certificate[0];
try {
- aliases = RampartUtil.getSignatureCrypto(
- rmd.getPolicyData().getRampartConfig(),
- rmd.getCustomClassLoader()).getAliasesForDN(issuerString);
- } catch (WSSecurityException ex) {
- throw new RampartException("cannotFindAliasForCert", new String[]{issuerString}, ex);
+ foundCerts = crypto.getX509Certificates(cryptoType);
+ } catch (WSSecurityException e) {
+ throw new RampartException("noCertForSubject", e);
}
- // If the alias has not been found, the issuer is not in the keystore
+ // If the certs have not been found, the issuer is not in the keystore/truststore
// As a direct result, do not trust the transmitted certificate
- if (aliases == null || aliases.length < 1) {
- if (doDebug) {
- log.debug("No aliases found in keystore for issuer " + issuerString + " of certificate for " + subjectString);
+ if (foundCerts == null || foundCerts.length < 1) {
+ if (log.isDebugEnabled()) {
+ log.debug(
+ "No certs found in keystore for issuer " + issuerString
+ + " of certificate for " + subjectString
+ );
}
return false;
}
+ //
// THIRD step
- // Check the certificate trust path for every alias of the issuer found in the keystore
- for (int i = 0; i < aliases.length; i++) {
- alias = aliases[i];
+ // Check the certificate trust path for the issuer cert chain
+ //
+ if (log.isDebugEnabled()) {
+ log.debug(
+ "Preparing to validate certificate path for issuer " + issuerString
+ );
+ }
+ //
+ // Form a certificate chain from the transmitted certificate
+ // and the certificate(s) of the issuer from the keystore/truststore
+ //
+ X509Certificate[] x509certs = new X509Certificate[foundCerts.length + 1];
+ x509certs[0] = cert;
+ for (int j = 0; j < foundCerts.length; j++) {
+ x509certs[j + 1] = (X509Certificate)foundCerts[j];
+ }
- if (doDebug) {
- log.debug("Preparing to validate certificate path with alias " + alias + " for issuer " + issuerString);
+ //
+ // Use the validation method from the crypto to check whether the subjects'
+ // certificate was really signed by the issuer stated in the certificate
+ //
+ // TODO we need to configure enable revocation ...
+ try {
+ if (crypto.verifyTrust(x509certs, false)) {
+ if (log.isDebugEnabled()) {
+ log.debug(
+ "Certificate path has been verified for certificate with subject "
+ + subjectString
+ );
+ }
+ return true;
}
+ } catch (WSSecurityException e) {
+ throw new RampartException("certPathVerificationFailed", e);
+ }
- // Retrieve the certificate(s) for the alias from the keystore
- try {
- certs = RampartUtil.getSignatureCrypto(
- rmd.getPolicyData().getRampartConfig(),
- rmd.getCustomClassLoader()).getCertificates(alias);
- } catch (WSSecurityException ex) {
- throw new RampartException("noCertForAlias", new String[] {alias}, ex);
- }
+ if (log.isDebugEnabled()) {
+ log.debug(
+ "Certificate path could not be verified for certificate with subject "
+ + subjectString
+ );
+ }
+ return false;
+ }
- // If no certificates have been found, there has to be an error:
- // The keystore can find an alias but no certificate(s)
- if (certs == null || certs.length < 1) {
- throw new RampartException("noCertForAlias", new String[] {alias});
- }
+ /**
+ * Check to see if the certificate argument is in the keystore
+ * TODO Directly copied from WSS4J (SignatureTrustValidator) - Optimize later
+ * @param crypto A Crypto instance to use for trust validation
+ * @param cert The certificate to check
+ * @return true if cert is in the keystore
+ * @throws RampartException If certificates are not found for given issuer and serial number.
+ */
+ protected boolean isCertificateInKeyStore(
+ Crypto crypto,
+ X509Certificate cert
+ ) throws RampartException {
+ String issuerString = cert.getIssuerX500Principal().getName();
+ BigInteger issuerSerial = cert.getSerialNumber();
- // Form a certificate chain from the transmitted certificate
- // and the certificate(s) of the issuer from the keystore
- // First, create new array
- X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
- // Then add the first certificate ...
- x509certs[0] = cert;
- // ... and the other certificates
- for (int j = 0; j < certs.length; j++) {
- cert = certs[j];
- x509certs[j + 1] = cert;
- }
- certs = x509certs;
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
+ cryptoType.setIssuerSerial(issuerString, issuerSerial);
+ X509Certificate[] foundCerts = new X509Certificate[0];
+ try {
+ foundCerts = crypto.getX509Certificates(cryptoType);
+ } catch (WSSecurityException e) {
+ throw new RampartException("noCertificatesForIssuer", new String[]{issuerString,
+ issuerSerial.toString()}, e);
+ }
- // Use the validation method from the crypto to check whether the subjects certificate was really signed by the issuer stated in the certificate
- try {
- if (RampartUtil.getSignatureCrypto(
- rmd.getPolicyData().getRampartConfig(),
- rmd.getCustomClassLoader()).validateCertPath(certs)) {
- if (doDebug) {
- log.debug("WSHandler: Certificate path has been verified for certificate with subject " + subjectString);
- }
- return true;
- }
- } catch (WSSecurityException ex) {
- throw new RampartException("certPathVerificationFailed", new String[]{subjectString}, ex);
+ //
+ // If a certificate has been found, the certificates must be compared
+ // to ensure against phony DNs (compare encoded form including signature)
+ //
+ if (foundCerts != null && foundCerts[0] != null && foundCerts[0].equals(cert)) {
+ if (log.isDebugEnabled()) {
+ log.debug(
+ "Direct trust for certificate with " + cert.getSubjectX500Principal().getName()
+ );
}
+ return true;
}
-
- if (doDebug) {
- log.debug("WSHandler: Certificate path could not be verified for certificate with subject " + subjectString);
+ if (log.isDebugEnabled()) {
+ log.debug(
+ "No certificate found for subject from issuer with " + issuerString
+ + " (serial " + issuerSerial + ")"
+ );
}
return false;
}
- protected ArrayList getEncryptedReferences(Vector results) {
+ protected ArrayList getEncryptedReferences(List<WSSecurityEngineResult> results) {
//there can be multiple ref lists
- ArrayList encrResults = getResults(results, WSConstants.ENCR);
+ List<WSSecurityEngineResult> encrResults = getResults(results, WSConstants.ENCR);
ArrayList refs = new ArrayList();
-
- for (Iterator iter = encrResults.iterator(); iter.hasNext();) {
- WSSecurityEngineResult engineResult = (WSSecurityEngineResult) iter.next();
+
+ for (WSSecurityEngineResult engineResult : encrResults) {
ArrayList dataRefUris = (ArrayList) engineResult
.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
-
+
//take only the ref list processing results
- if(dataRefUris != null) {
+ if (dataRefUris != null) {
for (Iterator iterator = dataRefUris.iterator(); iterator
- .hasNext();) {
+ .hasNext(); ) {
WSDataRef uri = (WSDataRef) iterator.next();
refs.add(uri);
}
@@ -952,16 +1002,16 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
- protected ArrayList getResults(Vector results, int action) {
-
- ArrayList list = new ArrayList();
+ protected List<WSSecurityEngineResult> getResults(List<WSSecurityEngineResult> results, int action) {
- for (int i = 0; i < results.size(); i++) {
+ List<WSSecurityEngineResult> list = new ArrayList<WSSecurityEngineResult>();
+
+ for (WSSecurityEngineResult result : results) {
// Check the result of every action whether it matches the given
// action
- Integer actInt = (Integer)((WSSecurityEngineResult) results.get(i)).get(WSSecurityEngineResult.TAG_ACTION);
- if (actInt.intValue() == action) {
- list.add((WSSecurityEngineResult) results.get(i));
+ Integer actInt = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
+ if (actInt == action) {
+ list.add(result);
}
}
@@ -975,9 +1025,8 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
- Vector supportingToks = rpd.getSupportingTokensList();
- for (int i = 0; i < supportingToks.size(); i++) {
- SupportingToken suppTok = (SupportingToken) supportingToks.get(i);
+ List<SupportingToken> supportingToks = rpd.getSupportingTokensList();
+ for (SupportingToken suppTok : supportingToks) {
if (isUsernameTokenPresent(suppTok)) {
return true;
}
@@ -994,13 +1043,9 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
}
SupportingToken endSuppToken = rpd.getEndorsingSupportingTokens();
- if(isUsernameTokenPresent(endSuppToken)){
- return true;
- }
-
- return false;
-
-
+ return isUsernameTokenPresent(endSuppToken);
+
+
}
protected boolean isUsernameTokenPresent(SupportingToken suppTok) {
@@ -1024,22 +1069,24 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
if(id != null && id.charAt(0) == '#') {
id = id.substring(1);
- }
+ }
+
+ for (Object aRefList : refList) {
+ WSDataRef dataRef = (WSDataRef) aRefList;
- for (int i = 0; i < refList.size() ; i++) {
- WSDataRef dataRef = (WSDataRef)refList.get(i);
-
//ArrayList can contain null elements
- if(dataRef == null) {
+ if (dataRef == null) {
continue;
}
//Try to get the wsuId of the decrypted element
String dataRefUri = dataRef.getWsuId();
//If not found, try the reference Id of encrypted element ( we set the same Id when we
// decrypted element in WSS4J)
- if (dataRefUri == null) {
- dataRefUri = dataRef.getDataref();
- }
+ // TODO wsu id must present. We need to find the scenario where it is not set
+ // if (dataRefUri == null) {
+ // dataRefUri = dataRef.getProtectedElement().getAttribute("Id"); // TODO check whether this is correct
+ // earlier it was dataRefUri = dataRef.getDataref();
+ //}
if (dataRefUri != null && dataRefUri.equals(id)) {
return true;
}
@@ -1049,38 +1096,37 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
}
- public static WSSecurityEngineResult[] fetchActionResults(Vector wsResultVector, int action) {
- List wsResult = new ArrayList();
+ public static WSSecurityEngineResult[] fetchActionResults(List<WSSecurityEngineResult> wsSecurityEngineResults, int action) {
+ List<WSSecurityEngineResult> wsResult = new ArrayList<WSSecurityEngineResult>();
// Find the part of the security result that matches the given action
- for (int i = 0; i < wsResultVector.size(); i++) {
+ for (WSSecurityEngineResult wsSecurityEngineResult : wsSecurityEngineResults) {
// Check the result of every action whether it matches the given action
- WSSecurityEngineResult result = (WSSecurityEngineResult) wsResultVector.get(i);
- int resultAction = ((java.lang.Integer) result.get(WSSecurityEngineResult.TAG_ACTION))
- .intValue();
+ WSSecurityEngineResult result = (WSSecurityEngineResult) wsSecurityEngineResult;
+ int resultAction = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
if (resultAction == action) {
- wsResult.add((WSSecurityEngineResult) wsResultVector.get(i));
+ wsResult.add(wsSecurityEngineResult);
}
}
- return (WSSecurityEngineResult[]) wsResult.toArray(new WSSecurityEngineResult[wsResult
+ return wsResult.toArray(new WSSecurityEngineResult[wsResult
.size()]);
}
private boolean isRefIdPresent(ArrayList refList , QName qname) {
-
- for (int i = 0; i < refList.size() ; i++) {
- WSDataRef dataRef = (WSDataRef)refList.get(i);
-
+
+ for (Object aRefList : refList) {
+ WSDataRef dataRef = (WSDataRef) aRefList;
+
//ArrayList can contain null elements
- if(dataRef == null) {
+ if (dataRef == null) {
continue;
}
//QName of the decrypted element
QName dataRefQName = dataRef.getName();
- if ( dataRefQName != null && dataRefQName.equals(qname)) {
- return true;
+ if (dataRefQName != null && dataRefQName.equals(qname)) {
+ return true;
}
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java
index 6824d09..e280d74 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java
@@ -7,4 +7,7 @@ public class RampartConstants {
public static final String SEC_FAULT = "SECURITY_VALIDATION_FAILURE";
public static final String MERLIN_CRYPTO_IMPL = "org.apache.ws.security.components.crypto.Merlin";
public static final String MERLIN_CRYPTO_IMPL_CACHE_KEY = "org.apache.ws.security.crypto.merlin.file";
+
+ public static final String XML_ENCRYPTION_MODIFIER_CONTENT = "Content";
+ public static final String XML_ENCRYPTION_MODIFIER_ELEMENT = "Element";
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
index 22a689e..823aa6c 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@ -37,18 +37,12 @@ import org.apache.rampart.saml.SAMLAssertionHandlerFactory;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityEngine;
-import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.ws.security.*;
import org.apache.ws.security.components.crypto.Crypto;
import javax.xml.namespace.QName;
import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.Vector;
+import java.util.*;
public class RampartEngine {
@@ -56,7 +50,7 @@ public class RampartEngine {
private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
private static ServiceNonceCache serviceNonceCache = new ServiceNonceCache();
- public Vector process(MessageContext msgCtx) throws WSSPolicyException,
+ public List<WSSecurityEngineResult> process(MessageContext msgCtx) throws WSSPolicyException,
RampartException, WSSecurityException, AxisFault {
boolean dotDebug = tlog.isDebugEnabled();
@@ -91,7 +85,7 @@ public class RampartEngine {
}
- Vector results;
+ List<WSSecurityEngineResult> results;
WSSecurityEngine engine = new WSSecurityEngine();
@@ -102,7 +96,7 @@ public class RampartEngine {
throw new RampartException("missingSOAPHeader");
}
- ArrayList headerBlocks = header.getHeaderBlocksWithNSURI(WSConstants.WSSE_NS);
+ ArrayList headerBlocks = header.getHeaderBlocksWithNSURI(WSConstants.WSSE_NS);
SOAPHeaderBlock secHeader = null;
//Issue is axiom - a returned collection must not be null
if(headerBlocks != null) {
@@ -150,6 +144,7 @@ public class RampartEngine {
}
} else {
+
log.debug("Processing security header in normal path");
results = engine.processSecurityHeader(rmd.getDocument(),
actorValue,
@@ -201,7 +196,7 @@ public class RampartEngine {
throw new RampartException(
"errorInAddingTokenIntoStore", e);
}
- } else if (WSConstants.UT == actInt.intValue()) {
+ } else if (WSConstants.UT == actInt) {
WSUsernameTokenPrincipal userNameTokenPrincipal = (WSUsernameTokenPrincipal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
@@ -238,7 +233,7 @@ public class RampartEngine {
serviceNonceCache.addNonceForService(serviceEndpointName, username, userNameTokenPrincipal.getNonce(), nonceLifeTimeInSeconds);
}
- } else if (WSConstants.SIGN == actInt.intValue()) {
+ } else if (WSConstants.SIGN == actInt) {
X509Certificate cert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
if (rpd.isAsymmetricBinding() && cert == null && rpd.getInitiatorToken() != null
@@ -266,8 +261,16 @@ public class RampartEngine {
Axis2Util.useDOOM(false);
PolicyValidatorCallbackHandler validator = RampartUtil.getPolicyValidatorCB(msgCtx, rpd);
-
- validator.validate(data, results);
+
+ if (validator instanceof ExtendedPolicyValidatorCallbackHandler) {
+ ExtendedPolicyValidatorCallbackHandler extendedPolicyValidatorCallbackHandler
+ = (ExtendedPolicyValidatorCallbackHandler)validator;
+ extendedPolicyValidatorCallbackHandler.validate(data,results);
+ } else {
+ Vector resultsVector = new Vector(results);
+ validator.validate(data, resultsVector);
+ }
+
if(dotDebug){
t3 = System.currentTimeMillis();
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
index ea22d49..8fe4688 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
@@ -59,7 +59,6 @@ import org.w3c.dom.Document;
import java.util.ArrayList;
import java.util.List;
-import java.util.Vector;
public class RampartMessageData {
@@ -349,15 +348,15 @@ public class RampartMessageData {
// This is not the default behavior, we clone the default WSSConfig to prevent this
// affecting globally
- if (timestampPrecisionInMilliseconds == WSSConfig.getDefaultWSConfig()
+ if (timestampPrecisionInMilliseconds == WSSConfig.getNewInstance()
.isPrecisionInMilliSeconds()) {
- this.config = WSSConfig.getDefaultWSConfig();
+ this.config = WSSConfig.getNewInstance();
} else {
this.config = RampartUtil.getWSSConfigInstance();
this.config.setPrecisionInMilliSeconds(timestampPrecisionInMilliseconds);
}
} else {
- this.config = WSSConfig.getDefaultWSConfig();
+ this.config = WSSConfig.getNewInstance();
}
// To handle scenarios where password type is not set by default.
@@ -578,19 +577,17 @@ public class RampartMessageData {
//Pick the first SAML token
//TODO : This is a hack , MUST FIX
//get the sec context id from the req msg ctx
- Vector results = (Vector)this.msgContext.getProperty(WSHandlerConstants.RECV_RESULTS);
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult = (WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
-
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
- .get(j);
- final Integer actInt =
- (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
- if(WSConstants.ST_UNSIGNED == actInt.intValue()) {
+ List<WSHandlerResult> results
+ = (List<WSHandlerResult>)this.msgContext.getProperty(WSHandlerConstants.RECV_RESULTS);
+ for (WSHandlerResult result : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = result.getResults();
+
+ for (WSSecurityEngineResult wsSecEngineResult : wsSecEngineResults) {
+ final Integer actInt =
+ (Integer) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ACTION);
+ if (WSConstants.ST_UNSIGNED == actInt) {
final Object assertion =
- wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ wsSecEngineResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
SAMLAssertionHandler samlAssertionHandler
= SAMLAssertionHandlerFactory.createAssertionHandler(assertion);
@@ -621,20 +618,17 @@ public class RampartMessageData {
id = (String) RampartUtil.getContextMap(this.msgContext).get(contextIdentifierKey);
} else {
//get the sec context id from the req msg ctx
- Vector results = (Vector)this.msgContext.getProperty(WSHandlerConstants.RECV_RESULTS);
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult = (WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
-
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
- .get(j);
- final Integer actInt =
- (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
- if(WSConstants.SCT == actInt.intValue()) {
- final SecurityContextToken sct =
- ((SecurityContextToken) wser
- .get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN));
+ List<WSHandlerResult> results = (List<WSHandlerResult>)this.msgContext.getProperty(WSHandlerConstants.RECV_RESULTS);
+ for (WSHandlerResult result : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = result.getResults();
+
+ for (WSSecurityEngineResult wsSecEngineResult : wsSecEngineResults) {
+ final Integer actInt =
+ (Integer) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ACTION);
+ if (WSConstants.SCT == actInt) {
+ final SecurityContextToken sct =
+ ((SecurityContextToken) wsSecEngineResult
+ .get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN));
id = sct.getID();
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
index c74d1b5..9cebf67 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
@@ -51,7 +51,7 @@ public class TokenCallbackHandler implements CallbackHandler {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
- String id = pc.getIdentifer();
+ String id = pc.getIdentifier();
if((pc.getUsage() == WSPasswordCallback.SECURITY_CONTEXT_TOKEN ||
pc.getUsage() == WSPasswordCallback.CUSTOM_TOKEN) &&
@@ -69,7 +69,7 @@ public class TokenCallbackHandler implements CallbackHandler {
e.printStackTrace();
throw new IOException(e.getMessage());
}
- } else if (pc.getUsage() == WSPasswordCallback.ENCRYPTED_KEY_TOKEN){
+ } else if (pc.getUsage() == WSPasswordCallback.SECRET_KEY){
try {
String[] tokenIdentifiers = this.store.getTokenIdentifiers();
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
index 8cc87df..69473be 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
@@ -34,9 +34,11 @@ import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSSecDKEncrypt;
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncrypt;
@@ -45,18 +47,13 @@ import org.apache.ws.security.message.WSSecSignature;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Vector;
+import javax.xml.crypto.dsig.Reference;
+import java.util.*;
public class AsymmetricBindingBuilder extends BindingBuilder {
private static Log log = LogFactory.getLog(AsymmetricBindingBuilder.class);
- private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
-
- private Token sigToken;
-
- private WSSecSignature sig;
+ private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
private WSSecEncryptedKey encrKey;
@@ -64,7 +61,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
private byte[] encryptedKeyValue;
- private Vector signatureValues = new Vector();
+ private List<byte[]> signatureValues = new ArrayList<byte[]>();
private Element encrTokenElement;
@@ -72,9 +69,12 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
private Element encrDKTElement;
- private Vector sigParts = new Vector();
+ private List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
- private Element signatureElement;
+ private Element signatureElement;
+
+ private Element refList;
+
public void build(RampartMessageData rmd) throws RampartException {
log.debug("AsymmetricBindingBuilder build invoked");
@@ -84,7 +84,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
this.addTimestamp(rmd);
}
- if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ if (RampartUtil.encryptFirst(rpd)) {
this.doEncryptBeforeSig(rmd);
} else {
this.doSignBeforeEncrypt(rmd);
@@ -110,7 +110,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
*/
Element encrDKTokenElem = null;
WSSecEncrypt encr = null;
- Element refList = null;
+ refList = null;
WSSecDKEncrypt dkEncr = null;
/*
@@ -122,7 +122,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
} else {
encryptionToken = rpd.getInitiatorToken();
}
- Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+ List<WSEncryptionPart> encrParts = RampartUtil.getEncryptedParts(rmd);
//Signed parts are determined before encryption because encrypted signed headers
//will not be included otherwise
@@ -190,16 +190,18 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
}
- RampartUtil.appendChildToSecHeader(rmd, refList);
+ refList = RampartUtil.appendChildToSecHeader(rmd, refList);
if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
}
-
+
this.setInsertionLocation(encrTokenElement);
RampartUtil.handleEncryptedSignedHeaders(encrParts, this.sigParts, doc);
-
+
+ // TODO may contain deifferent types of objects as values, therefore cannot use strongly type maps
+ // need to figure out a way
HashMap sigSuppTokMap = null;
HashMap endSuppTokMap = null;
HashMap sgndEndSuppTokMap = null;
@@ -208,8 +210,8 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
HashMap sgndEndEncSuppTokMap = null;
if(this.timestampElement != null){
- sigParts.add(new WSEncryptionPart(RampartUtil
- .addWsuIdToElement((OMElement) this.timestampElement)));
+ sigParts.add(RampartUtil.createEncryptionPart(WSConstants.TIMESTAMP_TOKEN_LN,
+ RampartUtil.addWsuIdToElement((OMElement) this.timestampElement)));
}
if (rmd.isInitiator()) {
@@ -233,9 +235,9 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
- Vector supportingToks = rpd.getSupportingTokensList();
- for (int i = 0; i < supportingToks.size(); i++) {
- this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ List<SupportingToken> supportingToks = rpd.getSupportingTokensList();
+ for (SupportingToken supportingTok : supportingToks) {
+ this.handleSupportingTokens(rmd, supportingTok);
}
SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
@@ -258,21 +260,23 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
if (rmd.isInitiator()) {
-
- endSuppTokMap.putAll(endEncSuppTokMap);
+
+ if (endSuppTokMap != null) {
+ endSuppTokMap.putAll(endEncSuppTokMap);
+ }
// Do endorsed signatures
- Vector endSigVals = this.doEndorsedSignatures(rmd,
+ List<byte[]> endSigVals = this.doEndorsedSignatures(rmd,
endSuppTokMap);
- for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
- signatureValues.add(iter.next());
+ for (byte[] endSigVal : endSigVals) {
+ signatureValues.add(endSigVal);
}
sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
// Do signed endorsing signatures
- Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
+ List<byte[]> sigEndSigVals = this.doEndorsedSignatures(rmd,
sgndEndSuppTokMap);
- for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
- signatureValues.add(iter.next());
+ for (byte[] sigEndSigVal : sigEndSigVals) {
+ signatureValues.add(sigEndSigVal);
}
}
@@ -288,15 +292,16 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
if(tlog.isDebugEnabled()){
t3 = System.currentTimeMillis();
}
- Vector secondEncrParts = new Vector();
+
+ List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
// Now encrypt the signature using the above token
secondEncrParts.add(new WSEncryptionPart(this.mainSigId,
"Element"));
if(rmd.isInitiator()) {
- for (int i = 0 ; i < encryptedTokensIdList.size(); i++) {
- secondEncrParts.add(new WSEncryptionPart((String)encryptedTokensIdList.get(i),"Element"));
+ for (String anEncryptedTokensIdList : encryptedTokensIdList) {
+ secondEncrParts.add(new WSEncryptionPart(anEncryptedTokensIdList, "Element"));
}
}
@@ -389,9 +394,9 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
- Vector supportingToks = rpd.getSupportingTokensList();
- for (int i = 0; i < supportingToks.size(); i++) {
- this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ List<SupportingToken> supportingToks = rpd.getSupportingTokensList();
+ for (SupportingToken supportingTok : supportingToks) {
+ this.handleSupportingTokens(rmd, supportingTok);
}
SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
@@ -414,19 +419,17 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
this.doSignature(rmd);
}
- Vector supportingToks = rpd.getSupportingPolicyData();
- for (int i = 0; i < supportingToks.size(); i++) {
- SupportingPolicyData policyData = null;
- if (supportingToks.get(i) != null) {
- policyData = (SupportingPolicyData) supportingToks.get(i);
- Vector supportingSigParts = RampartUtil.getSupportingSignedParts(rmd,
+ List<SupportingPolicyData> supportingToks = rpd.getSupportingPolicyData();
+ for (SupportingPolicyData policyData : supportingToks) {
+ if (policyData != null) { // TODO do we need this null check ?
+ List<WSEncryptionPart> supportingSigParts = RampartUtil.getSupportingSignedParts(rmd,
policyData);
if (supportingSigParts.size() > 0
&& ((rmd.isInitiator() && rpd.getInitiatorToken() != null) || (!rmd
- .isInitiator() && rpd.getRecipientToken() != null))) {
+ .isInitiator() && rpd.getRecipientToken() != null))) {
// Do signature for policies defined under SupportingToken.
- this.doSupportingSignature(rmd, supportingSigParts,policyData);
+ this.doSupportingSignature(rmd, supportingSigParts, policyData);
}
}
}
@@ -436,21 +439,25 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
if (rmd.isInitiator()) {
// Adding the endorsing encrypted supporting tokens to endorsing supporting tokens
- endSuppTokMap.putAll(endEncSuppTokMap);
+ if (endSuppTokMap != null) {
+ endSuppTokMap.putAll(endEncSuppTokMap);
+ }
// Do endorsed signatures
- Vector endSigVals = this.doEndorsedSignatures(rmd,
+ List<byte[]> endSigVals = this.doEndorsedSignatures(rmd,
endSuppTokMap);
- for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
- signatureValues.add(iter.next());
+ for (byte[] endSigVal : endSigVals) {
+ signatureValues.add(endSigVal);
}
//Adding the signed endorsed encrypted tokens to signed endorsed supporting tokens
- sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
+ if (sgndEndSuppTokMap != null) {
+ sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
+ }
// Do signed endorsing signatures
- Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
+ List<byte[]> sigEndSigVals = this.doEndorsedSignatures(rmd,
sgndEndSuppTokMap);
- for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
- signatureValues.add(iter.next());
+ for (byte[] sigEndSigVal : sigEndSigVals) {
+ signatureValues.add(sigEndSigVal);
}
}
@@ -458,7 +465,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
t1 = System.currentTimeMillis();
}
- Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+ List<WSEncryptionPart> encrParts = RampartUtil.getEncryptedParts(rmd);
//Check for signature protection
if(rpd.isSignatureProtection() && this.mainSigId != null) {
@@ -466,8 +473,8 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
if(rmd.isInitiator()) {
- for (int i = 0 ; i < encryptedTokensIdList.size(); i++) {
- encrParts.add(new WSEncryptionPart((String)encryptedTokensIdList.get(i),"Element"));
+ for (String anEncryptedTokensIdList : encryptedTokensIdList) {
+ encrParts.add(new WSEncryptionPart(anEncryptedTokensIdList, "Element"));
}
}
@@ -570,13 +577,11 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
}
- Vector supportingTokens = rpd.getSupportingPolicyData();
- for (int i = 0; i < supportingTokens.size(); i++) {
- SupportingPolicyData policyData = null;
- if (supportingTokens.get(i) != null) {
- policyData = (SupportingPolicyData) supportingTokens.get(i);
+ List<SupportingPolicyData> supportingTokens = rpd.getSupportingPolicyData();
+ for (SupportingPolicyData policyData : supportingTokens) {
+ if (policyData != null) { // TODO do we need this null check ?
Token supportingEncrToken = policyData.getEncryptionToken();
- Vector supoortingEncrParts = RampartUtil.getSupportingEncryptedParts(rmd,
+ List<WSEncryptionPart> supoortingEncrParts = RampartUtil.getSupportingEncryptedParts(rmd,
policyData);
if (supportingEncrToken != null && supoortingEncrParts.size() > 0) {
@@ -594,7 +599,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
- private void doSupportingSignature(RampartMessageData rmd, Vector supportingSigParts,
+ private void doSupportingSignature(RampartMessageData rmd, List<WSEncryptionPart> supportingSigParts,
SupportingPolicyData supportingData) throws RampartException {
Token supportingSigToken;
@@ -625,13 +630,18 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
try {
supportingSig.setDigestAlgo(rmd.getPolicyData().getAlgorithmSuite().getDigest());
- supportingSig.addReferencesToSign(supportingSigParts, rmd.getSecHeader());
- supportingSig.computeSignature();
- supportingSignatureElement = supportingSig.getSignatureElement();
+ List<Reference> referenceList
+ = supportingSig.addReferencesToSign(supportingSigParts, rmd.getSecHeader());
- this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd, this
- .getInsertionLocation(), supportingSignatureElement));
+ /**
+ * Before migration it was - this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd, this
+ * .getInsertionLocation(), supportingSignatureElement));
+ *
+ * In this case we need to append <Signature>..</Signature> element to
+ * current insertion location
+ */
+ supportingSig.computeSignature(referenceList, false, this.getInsertionLocation());
} catch (WSSecurityException e) {
throw new RampartException("errorInSignatureWithX509Token", e);
@@ -655,12 +665,20 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
if(tlog.isDebugEnabled()){
t0 = System.currentTimeMillis();
}
+ Token sigToken;
if(rmd.isInitiator()) {
sigToken = rpd.getInitiatorToken();
} else {
sigToken = rpd.getRecipientToken();
}
+ /**
+ * Note : It doesn't make sense to use Derived Keys in an Asymmetric binding environment to sign messages.
+ * In asymmetric binding environment we always sign the message using sender's private key. We do *not*
+ * use a session/ephemeral key to sign the message. We always use PKC keys to sign and verify messages.
+ * Therefore we do not need to have following code segment.
+ * TODO Confirm and remove.
+ */
if (sigToken.isDerivedKeys()) {
// Set up the encrypted key to use
if(this.encrKey == null) {
@@ -668,6 +686,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
WSSecDKSign dkSign = new WSSecDKSign();
+
dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
// Set the algo info
@@ -686,21 +705,46 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
dkSign.setParts(sigParts);
- dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+ List<Reference> referenceList
+ = dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ /**
+ * Add <wsc:DerivedKeyToken>..</wsc:DerivedKeyToken> to security
+ * header. We need to add this just after Encrypted Key and just before <Signature>..</Signature>
+ * elements. (As a convention)
+ */
+
+ if (refList == null) {
+ //dkSign.appendDKElementToHeader(rmd.getSecHeader());
+ this.sigDKTElement = RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), dkSign.getdktElement());
+ this.setInsertionLocation(this.sigDKTElement);
+ // Do signature
+ /**
+ * Create and prepend signature
+ */
+ dkSign.computeSignature(referenceList, false, this.getInsertionLocation());
+ } else {
+ this.sigDKTElement = RampartUtil.insertSiblingBefore(rmd, refList, dkSign.getdktElement());
+ this.setInsertionLocation(this.sigDKTElement);
+
+ // Do signature
+ /**
+ * Create and append signature
+ */
+ dkSign.computeSignature(referenceList, true, this.getInsertionLocation());
+ }
- // Do signature
- dkSign.computeSignature();
+ if (RampartUtil.encryptFirst(rpd)) {
+ // always add encrypt elements after signature. Because we need to first verify the signature
+ // and decrypt at receiver end.
+ this.setInsertionLocation(dkSign.getSignatureElement());
+ } else {
+ // append timestamp element as next insertion location. Cos in sign and encrypt case the
+ // receiver first need to decrypt the message => The decryption keys should appear first.
+ this.setInsertionLocation(this.timestampElement);
+ }
- ;
- // Add elements to header
- this.sigDKTElement = RampartUtil.insertSiblingAfter(rmd,
- this.getInsertionLocation(), dkSign.getdktElement());
- this.setInsertionLocation(this.sigDKTElement);
-
- this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
- this.getInsertionLocation(), dkSign
- .getSignatureElement()));
-
this.mainSigId = RampartUtil
.addWsuIdToElement((OMElement) dkSign
.getSignatureElement());
@@ -715,7 +759,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
} else {
- sig = this.getSignatureBuilder(rmd, sigToken);
+ WSSecSignature sig = this.getSignatureBuilder(rmd, sigToken);
Element bstElem = sig.getBinarySecurityTokenElement();
if(bstElem != null) {
bstElem = RampartUtil.insertSiblingAfter(rmd, this
@@ -730,13 +774,28 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
try {
sig.setDigestAlgo(rpd.getAlgorithmSuite().getDigest());
- sig.addReferencesToSign(sigParts, rmd.getSecHeader());
- sig.computeSignature();
+
+ List<Reference> referenceList
+ = sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ // Do signature
+ if (this.refList == null) {
+ /**
+ * If <ReferenceData>..</ReferenceData> is null append <Signature>..</Signature> element
+ * to current insertion location.
+ */
+ sig.computeSignature(referenceList, false, this.getInsertionLocation());
+ } else {
+ /**
+ * If <ReferenceData>..</ReferenceData> is not null prepend <Signature>..</Signature> element
+ * to reference data.
+ */
+ sig.computeSignature(referenceList, true, this.refList);
+ }
signatureElement = sig.getSignatureElement();
- this.setInsertionLocation(RampartUtil.insertSiblingAfter(
- rmd, this.getInsertionLocation(), signatureElement));
+ this.setInsertionLocation(signatureElement);
this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) signatureElement);
} catch (WSSecurityException e) {
@@ -753,7 +812,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
private void doEncryptionWithSupportingToken(RampartPolicyData rpd, RampartMessageData rmd,
- Token encrToken, Document doc, Vector encrParts) throws RampartException {
+ Token encrToken, Document doc, List<WSEncryptionPart> encrParts) throws RampartException {
Element refList = null;
try {
if (!(encrToken instanceof X509Token)) {
@@ -815,10 +874,11 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
//Use the secret from the incoming EncryptedKey element
- Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ List<WSHandlerResult> resultsObj
+ = (List<WSHandlerResult>)rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
if(resultsObj != null) {
- encryptedKeyId = RampartUtil.getRequestEncryptedKeyId((Vector)resultsObj);
- encryptedKeyValue = RampartUtil.getRequestEncryptedKeyValue((Vector)resultsObj);
+ encryptedKeyId = RampartUtil.getRequestEncryptedKeyId(resultsObj);
+ encryptedKeyValue = RampartUtil.getRequestEncryptedKeyValue(resultsObj);
//In the case where we don't have the EncryptedKey in the
//request, for the control to have reached this state,
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
index 88c98fa..98e0fed 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
@@ -60,14 +60,10 @@ import org.w3c.dom.Element;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.crypto.dsig.Reference;
import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Set;
-import java.util.Vector;
+import java.util.*;
import java.util.Map.Entry;
public abstract class BindingBuilder {
@@ -77,7 +73,7 @@ public abstract class BindingBuilder {
protected String mainSigId = null;
- protected ArrayList encryptedTokensIdList = new ArrayList();
+ protected ArrayList<String> encryptedTokensIdList = new ArrayList<String>();
protected Element timestampElement;
@@ -223,7 +219,8 @@ public abstract class BindingBuilder {
try {
RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
RampartUtil.setEncryptionUser(rmd, encrKey);
- encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
+
+ //TODO we do not need to pass keysize as it is taken from algorithm it self - verify
encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));
@@ -338,7 +335,7 @@ public abstract class BindingBuilder {
sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
sig.setSigCanonicalization(algorithmSuite.getInclusiveC14n());
sig.setDigestAlgo(algorithmSuite.getDigest());
-
+
try {
sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rampartConfig, rmd.getCustomClassLoader()),
rmd.getSecHeader());
@@ -358,6 +355,7 @@ public abstract class BindingBuilder {
throws RampartException {
//Create the list to hold the tokens
+ // TODO putting different types of objects. Need to figure out a way to add single types of objects
HashMap endSuppTokMap = new HashMap();
if(suppTokens != null && suppTokens.getTokens() != null &&
@@ -365,70 +363,70 @@ public abstract class BindingBuilder {
log.debug("Processing supporting tokens");
ArrayList tokens = suppTokens.getTokens();
- for (Iterator iter = tokens.iterator(); iter.hasNext();) {
- Token token = (Token) iter.next();
+ for (Object objectToken : tokens) {
+ Token token = (Token) objectToken;
org.apache.rahas.Token endSuppTok = null;
- if(token instanceof IssuedToken && rmd.isInitiator()){
- String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token);
+ if (token instanceof IssuedToken && rmd.isInitiator()) {
+ String id = RampartUtil.getIssuedToken(rmd, (IssuedToken) token);
try {
endSuppTok = rmd.getTokenStorage().getToken(id);
} catch (TrustException e) {
- throw new RampartException("errorInRetrievingTokenId",
+ throw new RampartException("errorInRetrievingTokenId",
new String[]{id}, e);
}
-
- if(endSuppTok == null) {
- throw new RampartException("errorInRetrievingTokenId",
+
+ if (endSuppTok == null) {
+ throw new RampartException("errorInRetrievingTokenId",
new String[]{id});
}
-
+
//Add the token to the header
Element siblingElem = RampartUtil
.insertSiblingAfter(rmd, this.getInsertionLocation(),
(Element) endSuppTok.getToken());
this.setInsertionLocation(siblingElem);
-
+
if (suppTokens.isEncryptedToken()) {
this.encryptedTokensIdList.add(endSuppTok.getId());
}
-
+
//Add the extracted token
endSuppTokMap.put(token, endSuppTok);
-
- } else if(token instanceof X509Token) {
-
- //We have to use a cert
- //Prepare X509 signature
- WSSecSignature sig = this.getSignatureBuilder(rmd, token);
- Element bstElem = sig.getBinarySecurityTokenElement();
- if(bstElem != null) {
- bstElem = RampartUtil.insertSiblingAfter(rmd,
- this.getInsertionLocation(), bstElem);
- this.setInsertionLocation(bstElem);
-
- SupportingPolicyData supportingPolcy = new SupportingPolicyData();
- supportingPolcy.build(suppTokens);
- supportingPolcy.setSignatureToken(token);
- supportingPolcy.setEncryptionToken(token);
- rmd.getPolicyData().addSupportingPolicyData(supportingPolcy);
-
- if (suppTokens.isEncryptedToken()) {
- this.encryptedTokensIdList.add(sig.getBSTTokenId());
- }
+
+ } else if (token instanceof X509Token) {
+
+ //We have to use a cert
+ //Prepare X509 signature
+ WSSecSignature sig = this.getSignatureBuilder(rmd, token);
+ Element bstElem = sig.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ bstElem = RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), bstElem);
+ this.setInsertionLocation(bstElem);
+
+ SupportingPolicyData supportingPolcy = new SupportingPolicyData();
+ supportingPolcy.build(suppTokens);
+ supportingPolcy.setSignatureToken(token);
+ supportingPolcy.setEncryptionToken(token);
+ rmd.getPolicyData().addSupportingPolicyData(supportingPolcy);
+
+ if (suppTokens.isEncryptedToken()) {
+ this.encryptedTokensIdList.add(sig.getBSTTokenId());
}
- endSuppTokMap.put(token, sig);
-
- } else if(token instanceof UsernameToken) {
- WSSecUsernameToken utBuilder = addUsernameToken(rmd, (UsernameToken)token);
-
+ }
+ endSuppTokMap.put(token, sig);
+
+ } else if (token instanceof UsernameToken) {
+ WSSecUsernameToken utBuilder = addUsernameToken(rmd, (UsernameToken) token);
+
utBuilder.prepare(rmd.getDocument());
-
+
//Add the UT
Element elem = utBuilder.getUsernameTokenElement();
elem = RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), elem);
-
+
encryptedTokensIdList.add(utBuilder.getId());
-
+
//Move the insert location to the next element
this.setInsertionLocation(elem);
Date now = new Date();
@@ -451,27 +449,28 @@ public abstract class BindingBuilder {
* @param sigParts
* @throws RampartException
*/
- protected Vector addSignatureParts(HashMap tokenMap, Vector sigParts) throws RampartException {
+ protected List<WSEncryptionPart> addSignatureParts(HashMap tokenMap, List<WSEncryptionPart> sigParts)
+ throws RampartException {
Set entrySet = tokenMap.entrySet();
-
- for (Iterator iter = entrySet.iterator(); iter.hasNext();) {
- Object tempTok = ((Entry)iter.next()).getValue();
+
+ for (Object anEntrySet : entrySet) {
+ Object tempTok = ((Entry) anEntrySet).getValue();
WSEncryptionPart part = null;
-
- if(tempTok instanceof org.apache.rahas.Token) {
-
+
+ if (tempTok instanceof org.apache.rahas.Token) {
+
part = new WSEncryptionPart(
((org.apache.rahas.Token) tempTok).getId());
-
- } else if(tempTok instanceof WSSecSignature) {
+
+ } else if (tempTok instanceof WSSecSignature) {
WSSecSignature tempSig = (WSSecSignature) tempTok;
- if(tempSig.getBSTTokenId() != null) {
+ if (tempSig.getBSTTokenId() != null) {
part = new WSEncryptionPart(tempSig.getBSTTokenId());
}
} else {
-
- throw new RampartException("UnsupportedTokenInSupportingToken");
+
+ throw new RampartException("UnsupportedTokenInSupportingToken");
}
sigParts.add(part);
}
@@ -489,45 +488,55 @@ public abstract class BindingBuilder {
}
- protected Vector doEndorsedSignatures(RampartMessageData rmd, HashMap tokenMap) throws RampartException {
+ protected List<byte[]> doEndorsedSignatures(RampartMessageData rmd, HashMap tokenMap) throws RampartException {
Set tokenSet = tokenMap.keySet();
- Vector sigValues = new Vector();
-
- for (Iterator iter = tokenSet.iterator(); iter.hasNext();) {
-
- Token token = (Token)iter.next();
-
+ List<byte[]> sigValues = new ArrayList<byte[]>();
+
+ for (Object aTokenSet : tokenSet) {
+
+ Token token = (Token) aTokenSet;
+
Object tempTok = tokenMap.get(token);
-
- Vector sigParts = new Vector();
+
+ // Migrating to a list
+ List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
sigParts.add(new WSEncryptionPart(this.mainSigId));
-
+
if (tempTok instanceof org.apache.rahas.Token) {
- org.apache.rahas.Token tok = (org.apache.rahas.Token)tempTok;
- if(rmd.getPolicyData().isTokenProtection()) {
+ org.apache.rahas.Token tok = (org.apache.rahas.Token) tempTok;
+ if (rmd.getPolicyData().isTokenProtection()) {
sigParts.add(new WSEncryptionPart(tok.getId()));
}
-
- this.doSymmSignature(rmd, token, (org.apache.rahas.Token)tempTok, sigParts);
-
+
+ this.doSymmSignature(rmd, token, (org.apache.rahas.Token) tempTok, sigParts);
+
} else if (tempTok instanceof WSSecSignature) {
- WSSecSignature sig = (WSSecSignature)tempTok;
- if(rmd.getPolicyData().isTokenProtection() &&
+ WSSecSignature sig = (WSSecSignature) tempTok;
+ if (rmd.getPolicyData().isTokenProtection() &&
sig.getBSTTokenId() != null) {
sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
}
-
+
try {
- sig.addReferencesToSign(sigParts, rmd.getSecHeader());
- sig.computeSignature();
-
- this.setInsertionLocation(RampartUtil.insertSiblingAfter(
- rmd,
- this.getInsertionLocation(),
- sig.getSignatureElement()));
-
+
+
+ List<Reference> referenceList
+ = sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ /**
+ * Before migration it was - this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd, this
+ * .getInsertionLocation(), supportingSignatureElement));
+ *
+ * In this case we need to append <Signature>..</Signature> element to
+ * current insertion location
+ */
+
+ sig.computeSignature(referenceList, false, this.getInsertionLocation());
+
+ this.setInsertionLocation(sig.getSignatureElement());
+
} catch (WSSecurityException e) {
throw new RampartException("errorInSignatureWithX509Token", e);
}
@@ -540,7 +549,8 @@ public abstract class BindingBuilder {
}
- protected byte[] doSymmSignature(RampartMessageData rmd, Token policyToken, org.apache.rahas.Token tok, Vector sigParts) throws RampartException {
+ protected byte[] doSymmSignature(RampartMessageData rmd, Token policyToken, org.apache.rahas.Token tok,
+ List<WSEncryptionPart> sigParts) throws RampartException {
Document doc = rmd.getDocument();
@@ -568,7 +578,7 @@ public abstract class BindingBuilder {
// Setting the AttachedReference or the UnattachedReference according to the flag
OMElement ref;
- if (attached == true) {
+ if (attached) {
ref = tok.getAttachedReference();
} else {
ref = tok.getUnattachedReference();
@@ -587,6 +597,7 @@ public abstract class BindingBuilder {
tokenRef.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken)tok).getSHA1());;
}
dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
+ tokenRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); // TODO check this
} else {
dkSign.setExternalKey(tok.getSecret(), tok.getId());
@@ -617,36 +628,45 @@ public abstract class BindingBuilder {
dkSign.setParts(sigParts);
- dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
-
- //Do signature
- dkSign.computeSignature();
+ List<Reference> referenceList
+ = dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
//Add elements to header
-
+ //Do signature
if (rpd.getProtectionOrder().equals(SPConstants.ENCRYPT_BEFORE_SIGNING) &&
- this.getInsertionLocation() == null ) {
- this.setInsertionLocation(RampartUtil
-
- .insertSiblingBefore(rmd,
- this.mainRefListElement,
- dkSign.getdktElement()));
-
- this.setInsertionLocation(RampartUtil.insertSiblingAfter(
- rmd,
- this.getInsertionLocation(),
- dkSign.getSignatureElement()));
+ this.mainRefListElement != null ) {
+
+ /**
+ * <xenc:ReferenceList>
+ * <xenc:DataReference URI="#EncDataId-2"/>
+ * </xenc:ReferenceList>
+ * If there is a reference list as above we need to first prepend reference list
+ * with the new derived key. Then we need to prepend Signature to newly added derived key.
+ */
+
+ // Add DeriveKey before ReferenceList
+ RampartUtil.insertSiblingBefore(rmd, this.mainRefListElement, dkSign.getdktElement());
+
+ // Insert signature before DerivedKey
+ dkSign.computeSignature(referenceList, true, dkSign.getdktElement());
+ this.setInsertionLocation(this.mainRefListElement);
} else {
- this.setInsertionLocation(RampartUtil
-
- .insertSiblingAfter(rmd,
- this.getInsertionLocation(),
- dkSign.getdktElement()));
-
- this.setInsertionLocation(RampartUtil.insertSiblingAfter(
- rmd,
- this.getInsertionLocation(),
- dkSign.getSignatureElement()));
+
+ /**
+ * Add <wsc:DerivedKeyToken>..</wsc:DerivedKeyToken> to security
+ * header.
+ */
+ dkSign.appendDKElementToHeader(rmd.getSecHeader());
+
+ this.setInsertionLocation(dkSign.getdktElement());
+
+ /**
+ * In this case we need to insert <Signature>..</Signature> element
+ * before this.mainRefListElement element. In other words we need to
+ * prepend <Signature>...</Signature> element to this.mainRefListElement.
+ */
+ dkSign.computeSignature(referenceList, false, this.getInsertionLocation());
+ this.setInsertionLocation(dkSign.getSignatureElement());
}
return dkSign.getSignatureValue();
@@ -677,8 +697,8 @@ public abstract class BindingBuilder {
}
} else if (policyToken instanceof IssuedToken) {
- sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
- + WSConstants.SAML_ASSERTION_ID);
+
+ sig.setCustomTokenValueType(RampartUtil.getSAML10AssertionNamespace());
sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
}
@@ -708,7 +728,7 @@ public abstract class BindingBuilder {
sig.setCustomTokenId(sigTokId);
sig.setSecretKey(tok.getSecret());
- sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
+ sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature()); // TODO what is the correct algorith ? For sure one is redundant
sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
sig.setDigestAlgo(algorithmSuite.getDigest());
sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
@@ -716,24 +736,35 @@ public abstract class BindingBuilder {
rmd.getSecHeader());
sig.setParts(sigParts);
- sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+ List<Reference> referenceList
+ = sig.addReferencesToSign(sigParts, rmd.getSecHeader());
//Do signature
- sig.computeSignature();
-
- if (rpd.getProtectionOrder().equals(SPConstants.ENCRYPT_BEFORE_SIGNING) &&
- this.getInsertionLocation() == null) {
- this.setInsertionLocation(RampartUtil.insertSiblingBefore(
- rmd,
- this.mainRefListElement,
- sig.getSignatureElement()));
+ if (rpd.getProtectionOrder().equals(SPConstants.ENCRYPT_BEFORE_SIGNING)
+ && this.mainRefListElement != null) {
+
+ /**
+ * In this case we need to insert <Signature>..</Signature> element
+ * before this.mainRefListElement element. In other words we need to
+ * prepend <Signature>...</Signature> element to this.mainRefListElement.
+ * this.mainRefListElement is equivalent to
+ * <xenc:ReferenceList>
+ * <xenc:DataReference URI="#EncDataId-2"/>
+ * </xenc:ReferenceList>
+ */
+ sig.computeSignature(referenceList, true, this.mainRefListElement);
+ this.setInsertionLocation(this.mainRefListElement);
} else {
- this.setInsertionLocation(RampartUtil.insertSiblingAfter(
- rmd,
- this.getInsertionLocation(),
- sig.getSignatureElement()));
+
+ /**
+ * In this case we need to append <Signature>..</Signature> element to
+ * current insertion location.
+ */
+ sig.computeSignature(referenceList, false, this.getInsertionLocation());
+ this.setInsertionLocation(sig.getSignatureElement());
}
+
return sig.getSignatureValue();
} catch (WSSecurityException e) {
@@ -753,7 +784,7 @@ public abstract class BindingBuilder {
*/
protected org.apache.rahas.Token getToken(RampartMessageData rmd,
String tokenId) throws RampartException {
- org.apache.rahas.Token tok = null;
+ org.apache.rahas.Token tok;
try {
tok = rmd.getTokenStorage().getToken(tokenId);
} catch (TrustException e) {
@@ -769,7 +800,7 @@ public abstract class BindingBuilder {
}
- protected void addSignatureConfirmation(RampartMessageData rmd, Vector sigParts) {
+ protected void addSignatureConfirmation(RampartMessageData rmd, List<WSEncryptionPart> sigParts) {
if(!rmd.getPolicyData().isSignatureConfirmation()) {
@@ -778,16 +809,17 @@ public abstract class BindingBuilder {
}
Document doc = rmd.getDocument();
-
- Vector results = (Vector)rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+
+ List<WSHandlerResult> results
+ = (List<WSHandlerResult>)rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
/*
* loop over all results gathered by all handlers in the chain. For each
* handler result get the various actions. After that loop we have all
- * signature results in the signatureActions vector
+ * signature results in the signatureActions list.
*/
- Vector signatureActions = new Vector();
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult wshResult = (WSHandlerResult) results.get(i);
+ List<WSSecurityEngineResult> signatureActions = new ArrayList<WSSecurityEngineResult>();
+ for (Object result : results) {
+ WSHandlerResult wshResult = (WSHandlerResult) result;
WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
WSConstants.SIGN, signatureActions);
@@ -804,14 +836,12 @@ public abstract class BindingBuilder {
log.debug("Signature Confirmation: number of Signature results: "
+ signatureActions.size());
}
- for (int i = 0; i < signatureActions.size(); i++) {
- WSSecurityEngineResult wsr = (WSSecurityEngineResult) signatureActions
- .get(i);
- byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
+ for (WSSecurityEngineResult signatureAction : signatureActions) {
+ byte[] sigVal = (byte[]) signatureAction.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
wsc.setSignatureValue(sigVal);
wsc.prepare(doc);
RampartUtil.appendChildToSecHeader(rmd, wsc.getSignatureConfirmationElement());
- if(sigParts != null) {
+ if (sigParts != null) {
sigParts.add(new WSEncryptionPart(wsc.getId()));
}
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
index 26ab866..acb2b73 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
@@ -53,10 +53,7 @@ import org.w3c.dom.Element;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Vector;
+import java.util.*;
public class SymmetricBindingBuilder extends BindingBuilder {
@@ -95,16 +92,16 @@ public class SymmetricBindingBuilder extends BindingBuilder {
RampartPolicyData rpd = rmd.getPolicyData();
- Vector signatureValues = new Vector();
+ List<byte[]> signatureValues = new ArrayList<byte[]>();
if(tlog.isDebugEnabled()){
t0 = System.currentTimeMillis();
}
Token encryptionToken = rpd.getEncryptionToken();
- Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+ List<WSEncryptionPart> encrParts = RampartUtil.getEncryptedParts(rmd);
- Vector sigParts = RampartUtil.getSignedParts(rmd);
+ List<WSEncryptionPart> sigParts = RampartUtil.getSignedParts(rmd);
if(encryptionToken == null && encrParts.size() > 0) {
throw new RampartException("encryptionTokenMissing");
@@ -217,7 +214,8 @@ public class SymmetricBindingBuilder extends BindingBuilder {
// SymmKey is already encrypted, no need to do it again
encr.setEncryptSymmKey(false);
if (!rmd.isInitiator() && tok instanceof EncryptedKeyToken) {
- encr.setUseKeyIdentifier(true);
+ // TODO was encr.setUseKeyIdentifier(true); - verify
+ encr.setEncKeyIdDirectId(true);
encr.setCustomReferenceValue(((EncryptedKeyToken)tok).getSHA1());
encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
}
@@ -282,9 +280,9 @@ public class SymmetricBindingBuilder extends BindingBuilder {
SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
- Vector supportingToks = rpd.getSupportingTokensList();
- for (int i = 0; i < supportingToks.size(); i++) {
- this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ List<SupportingToken> supportingToks = rpd.getSupportingTokensList();
+ for (SupportingToken supportingTok : supportingToks) {
+ this.handleSupportingTokens(rmd, supportingTok);
}
SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
@@ -312,16 +310,16 @@ public class SymmetricBindingBuilder extends BindingBuilder {
endSuppTokMap.putAll(endEncSuppTokMap);
//Do endorsed signatures
- Vector endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);
- for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
- signatureValues.add(iter.next());
+ List<byte[]> endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);
+ for (byte[] endSigVal : endSigVals) {
+ signatureValues.add(endSigVal);
}
sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
//Do signed endorsing signatures
- Vector sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);
- for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
- signatureValues.add(iter.next());
+ List<byte[]> sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);
+ for (byte[] sigEndSigVal : sigEndSigVals) {
+ signatureValues.add(sigEndSigVal);
}
}
@@ -339,7 +337,7 @@ public class SymmetricBindingBuilder extends BindingBuilder {
t3 = System.currentTimeMillis();
}
log.debug("Signature protection");
- Vector secondEncrParts = new Vector();
+ List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
//Now encrypt the signature using the above token
if(rpd.isSignatureProtection()) {
@@ -347,8 +345,8 @@ public class SymmetricBindingBuilder extends BindingBuilder {
}
if(rmd.isInitiator()) {
- for (int i = 0 ; i < encryptedTokensIdList.size(); i++) {
- secondEncrParts.add(new WSEncryptionPart((String)encryptedTokensIdList.get(i),"Element"));
+ for (String anEncryptedTokensIdList : encryptedTokensIdList) {
+ secondEncrParts.add(new WSEncryptionPart(anEncryptedTokensIdList, "Element"));
}
}
@@ -410,7 +408,7 @@ public class SymmetricBindingBuilder extends BindingBuilder {
Element sigTokElem = null;
- Vector signatureValues = new Vector();
+ List<byte[]> signatureValues = new ArrayList<byte[]>();
if(sigToken != null) {
if(sigToken instanceof SecureConversationToken) {
@@ -457,7 +455,7 @@ public class SymmetricBindingBuilder extends BindingBuilder {
HashMap endEncSuppTokMap = null;
HashMap sgndEndEncSuppTokMap = null;
- Vector sigParts = RampartUtil.getSignedParts(rmd);
+ List<WSEncryptionPart> sigParts = RampartUtil.getSignedParts(rmd);
if(this.timestampElement != null){
sigParts.add(new WSEncryptionPart(RampartUtil
@@ -484,9 +482,9 @@ public class SymmetricBindingBuilder extends BindingBuilder {
SupportingToken sgndEndEncSuppTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
sgndEndEncSuppTokMap = this.handleSupportingTokens(rmd, sgndEndEncSuppTokens);
- Vector supportingToks = rpd.getSupportingTokensList();
- for (int i = 0; i < supportingToks.size(); i++) {
- this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ List<SupportingToken> supportingToks = rpd.getSupportingTokensList();
+ for (SupportingToken supportingTok : supportingToks) {
+ this.handleSupportingTokens(rmd, supportingTok);
}
SupportingToken encryptedSupportingToks = rpd.getEncryptedSupportingTokens();
@@ -514,18 +512,18 @@ public class SymmetricBindingBuilder extends BindingBuilder {
// Adding the endorsing encrypted supporting tokens to endorsing supporting tokens
endSuppTokMap.putAll(endEncSuppTokMap);
//Do endorsed signatures
- Vector endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);
-
- for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
- signatureValues.add(iter.next());
+ List<byte[]> endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);
+
+ for (byte[] endSigVal : endSigVals) {
+ signatureValues.add(endSigVal);
}
//Adding the signed endorsed encrypted tokens to signed endorsed supporting tokens
sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
//Do signed endorsing signatures
- Vector sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);
- for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
- signatureValues.add(iter.next());
+ List<byte[]> sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);
+ for (byte[] sigEndSigVal : sigEndSigVals) {
+ signatureValues.add(sigEndSigVal);
}
}
@@ -556,7 +554,7 @@ public class SymmetricBindingBuilder extends BindingBuilder {
}
- Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+ List<WSEncryptionPart> encrParts = RampartUtil.getEncryptedParts(rmd);
//Check for signature protection
if(rpd.isSignatureProtection() && this.mainSigId != null) {
@@ -565,8 +563,8 @@ public class SymmetricBindingBuilder extends BindingBuilder {
}
if(rmd.isInitiator()) {
- for (int i = 0 ; i < encryptedTokensIdList.size(); i++) {
- encrParts.add(new WSEncryptionPart((String)encryptedTokensIdList.get(i),"Element"));
+ for (String anEncryptedTokensIdList : encryptedTokensIdList) {
+ encrParts.add(new WSEncryptionPart(anEncryptedTokensIdList, "Element"));
}
}
@@ -581,8 +579,8 @@ public class SymmetricBindingBuilder extends BindingBuilder {
//Check whether it is security policy 1.2 and use the secure conversation accordingly
if (SPConstants.SP_V12 == encrToken.getVersion()) {
dkEncr.setWscVersion(ConversationConstants.VERSION_05_12);
- }
-
+ }
+
if(encrTokElem != null && encrTok.getAttachedReference() != null) {
dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc
@@ -602,6 +600,7 @@ public class SymmetricBindingBuilder extends BindingBuilder {
tokenRef.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken)encrTok).getSHA1());
}
dkEncr.setExternalKey(encrTok.getSecret(), tokenRef.getElement());
+ tokenRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); // TODO check this
} else {
dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());
@@ -657,7 +656,8 @@ public class SymmetricBindingBuilder extends BindingBuilder {
// Use key identifier in the KeyInfo in server side
if (!rmd.isInitiator()) {
if(encrTok instanceof EncryptedKeyToken) {
- encr.setUseKeyIdentifier(true);
+ // TODO was encr.setUseKeyIdentifier(true); verify
+ encr.setEncKeyIdDirectId(true);
encr.setCustomReferenceValue(((EncryptedKeyToken)encrTok).getSHA1());
encr.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
}
@@ -757,49 +757,47 @@ public class SymmetricBindingBuilder extends BindingBuilder {
return Base64.encode(data);
}
-
- private String getEncryptedKey(RampartMessageData rmd ) throws RampartException {
-
- Vector results = (Vector)rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
-
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
-
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
- Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
- if (actInt.intValue() == WSConstants.ENCR) {
-
- if (wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID) != null &&
- ((String)wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID)).length() != 0) {
-
- try {
-
- String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID);
-
- Date created = new Date();
- Date expires = new Date();
- expires.setTime(System.currentTimeMillis() + 300000);
- EncryptedKeyToken tempTok = new EncryptedKeyToken(encryptedKeyID,created,expires);
- tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY));
- tempTok.setSHA1(getSHA1((byte[])wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
- rmd.getTokenStorage().add(tempTok);
-
- return encryptedKeyID;
-
- } catch (TrustException e) {
- throw new RampartException("errorInAddingTokenIntoStore");
- }
-
- }
+ private String getEncryptedKey(RampartMessageData rmd) throws RampartException {
+
+ List<WSHandlerResult> results
+ = (List<WSHandlerResult>) rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+
+ for (WSHandlerResult result : results) {
+
+ List<WSSecurityEngineResult> wsSecEngineResults = result.getResults();
+
+ for (WSSecurityEngineResult wsSecEngineResult : wsSecEngineResults) {
+ Integer actInt = (Integer) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ACTION);
+ if (actInt == WSConstants.ENCR) {
+
+ if (wsSecEngineResult.get(WSSecurityEngineResult.TAG_ID) != null &&
+ ((String) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ID)).length() != 0) {
+
+ try {
+
+ String encryptedKeyID = (String) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ID);
+
+ Date created = new Date();
+ Date expires = new Date();
+ expires.setTime(System.currentTimeMillis() + 300000);
+ EncryptedKeyToken tempTok = new EncryptedKeyToken(encryptedKeyID, created, expires);
+ tempTok.setSecret((byte[]) wsSecEngineResult.get(WSSecurityEngineResult.TAG_SECRET));
+ tempTok.setSHA1(getSHA1((byte[]) wsSecEngineResult.
+ get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
+ rmd.getTokenStorage().add(tempTok);
+
+ return encryptedKeyID;
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInAddingTokenIntoStore");
+ }
+
+ }
}
}
}
- return null;
+ return null;
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
index 244436b..2bee572 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
@@ -43,16 +43,14 @@ import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.message.WSSecDKSign;
-import org.apache.ws.security.message.WSSecEncryptedKey;
-import org.apache.ws.security.message.WSSecSignature;
-import org.apache.ws.security.message.WSSecUsernameToken;
+import org.apache.ws.security.message.*;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import javax.xml.crypto.dsig.Reference;
import java.util.ArrayList;
import java.util.Iterator;
-import java.util.Vector;
+import java.util.List;
public class TransportBindingBuilder extends BindingBuilder {
@@ -78,7 +76,7 @@ public class TransportBindingBuilder extends BindingBuilder {
* Process Supporting tokens
*/
if(rmd.isInitiator()) {
- Vector signatureValues = new Vector();
+ List<byte[]> signatureValues = new ArrayList<byte[]>();
SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
@@ -88,21 +86,21 @@ public class TransportBindingBuilder extends BindingBuilder {
log.debug("Processing signed supporting tokens");
ArrayList tokens = sgndSuppTokens.getTokens();
- for (Iterator iter = tokens.iterator(); iter.hasNext();) {
-
- Token token = (Token) iter.next();
- if(token instanceof UsernameToken) {
- WSSecUsernameToken utBuilder = addUsernameToken(rmd,(UsernameToken)token);
-
+ for (Object signedSupportingToken : tokens) {
+
+ Token token = (Token) signedSupportingToken;
+ if (token instanceof UsernameToken) {
+ WSSecUsernameToken utBuilder = addUsernameToken(rmd, (UsernameToken) token);
+
utBuilder.prepare(rmd.getDocument());
-
+
//Add the UT
utBuilder.appendToHeader(rmd.getSecHeader());
-
+
} else {
- throw new RampartException("unsupportedSignedSupportingToken",
- new String[]{"{" +token.getName().getNamespaceURI()
- + "}" + token.getName().getLocalPart()});
+ throw new RampartException("unsupportedSignedSupportingToken",
+ new String[]{"{" + token.getName().getNamespaceURI()
+ + "}" + token.getName().getLocalPart()});
}
}
}
@@ -115,11 +113,11 @@ public class TransportBindingBuilder extends BindingBuilder {
ArrayList tokens = sgndEndSuppTokens.getTokens();
SignedEncryptedParts signdParts = sgndEndSuppTokens.getSignedParts();
- for (Iterator iter = tokens.iterator(); iter.hasNext();) {
- Token token = (Token) iter.next();
- if(token instanceof IssuedToken && rmd.isInitiator()) {
+ for (Object objectToken : tokens) {
+ Token token = (Token) objectToken;
+ if (token instanceof IssuedToken && rmd.isInitiator()) {
signatureValues.add(doIssuedTokenSignature(rmd, token, signdParts));
- } else if(token instanceof X509Token) {
+ } else if (token instanceof X509Token) {
signatureValues.add(doX509TokenSignature(rmd, token, signdParts));
}
}
@@ -131,27 +129,27 @@ public class TransportBindingBuilder extends BindingBuilder {
log.debug("Processing endorsing supporting tokens");
ArrayList tokens = endSupptokens.getTokens();
SignedEncryptedParts signdParts = endSupptokens.getSignedParts();
- for (Iterator iter = tokens.iterator(); iter.hasNext();) {
- Token token = (Token) iter.next();
- if(token instanceof IssuedToken && rmd.isInitiator()){
+ for (Object objectToken : tokens) {
+ Token token = (Token) objectToken;
+ if (token instanceof IssuedToken && rmd.isInitiator()) {
signatureValues.add(doIssuedTokenSignature(rmd, token, signdParts));
- } else if(token instanceof X509Token) {
+ } else if (token instanceof X509Token) {
signatureValues.add(doX509TokenSignature(rmd, token, signdParts));
} else if (token instanceof SecureConversationToken) {
- handleSecureConversationTokens(rmd, (SecureConversationToken)token);
- signatureValues.add(doSecureConversationSignature(rmd, token, signdParts));
+ handleSecureConversationTokens(rmd, (SecureConversationToken) token);
+ signatureValues.add(doSecureConversationSignature(rmd, token, signdParts));
}
}
}
- Vector supportingToks = rpd.getSupportingTokensList();
- for (int i = 0; i < supportingToks.size(); i++) {
- this.handleSupportingTokens(rmd, (SupportingToken)supportingToks.get(i));
+ List<SupportingToken> supportingToks = rpd.getSupportingTokensList();
+ for (SupportingToken supportingTok : supportingToks) {
+ this.handleSupportingTokens(rmd, supportingTok);
}
- //Store the signature values vector
+ //Store the signature values list
rmd.getMsgContext().setProperty(WSHandlerConstants.SEND_SIGV, signatureValues);
} else {
addSignatureConfirmation(rmd, null);
@@ -176,7 +174,7 @@ public class TransportBindingBuilder extends BindingBuilder {
RampartPolicyData rpd = rmd.getPolicyData();
Document doc = rmd.getDocument();
- Vector sigParts = new Vector();
+ List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
if(this.timestampElement != null){
sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
@@ -209,7 +207,9 @@ public class TransportBindingBuilder extends BindingBuilder {
if(bstElem != null) {
RampartUtil.appendChildToSecHeader(rmd, bstElem);
}
-
+
+ // Add <xenc:EncryptedKey Id="EncKeyId-E67B75302ACB3BEDF313277587471272">..</xenc:EncryptedKey>
+ // to security header.
encrKey.appendToHeader(rmd.getSecHeader());
WSSecDKSign dkSig = new WSSecDKSign();
@@ -219,7 +219,10 @@ public class TransportBindingBuilder extends BindingBuilder {
dkSig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
dkSig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
dkSig.setDerivedKeyLength(rpd.getAlgorithmSuite().getSignatureDerivedKeyLength()/8);
-
+
+ /**
+ * Add a reference to encrypted key in the derived key
+ */
dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
dkSig.prepare(doc, rmd.getSecHeader());
@@ -231,15 +234,26 @@ public class TransportBindingBuilder extends BindingBuilder {
dkSig.setParts(sigParts);
- dkSig.addReferencesToSign(sigParts, rmd.getSecHeader());
-
- //Do signature
- dkSig.computeSignature();
-
+ List<Reference> referenceList
+ = dkSig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+
+ /**
+ * Add <wsc:DerivedKeyToken>..</wsc:DerivedKeyToken> to security
+ * header. We need to add this just after Encrypted Key and just before <Signature>..</Signature>
+ * elements. (As a convention)
+ */
dkSig.appendDKElementToHeader(rmd.getSecHeader());
- dkSig.appendSigToHeader(rmd.getSecHeader());
+ //Do signature and append to the security header
+ dkSig.computeSignature(referenceList, false, null);
+
+
+ // TODO this is bit dubious, before migration code was like "dkSig.appendSigToHeader(rmd.getSecHeader())"
+ // but WSS4J has remove append methods. Need to find why ?
+ //this.appendToHeader(rmd.getSecHeader(), dkSig.getSignatureElement());
+
return dkSig.getSignatureValue();
} catch (WSSecurityException e) {
@@ -261,13 +275,14 @@ public class TransportBindingBuilder extends BindingBuilder {
sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
}
- sig.addReferencesToSign(sigParts, rmd.getSecHeader());
-
- sig.appendToHeader(rmd.getSecHeader());
-
- sig.computeSignature();
-
- return sig.getSignatureValue();
+ List<Reference> referenceList
+ = sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ // TODO changed the order - verify
+ // Compute signature and append to the header
+ sig.computeSignature(referenceList, false, null);
+
+ return sig.getSignatureValue();
} catch (WSSecurityException e) {
throw new RampartException("errorInSignatureWithX509Token", e);
}
@@ -277,6 +292,15 @@ public class TransportBindingBuilder extends BindingBuilder {
}
+ private void appendToHeader(WSSecHeader secHeader, Element appendingChild) {
+
+ // TODO this is bit dubious, before migration code was like "dkSig.appendSigToHeader(rmd.getSecHeader())"
+ // but WSS4J has remove append methods. Need to find why ?
+ Element secHeaderElement = secHeader.getSecurityHeader();
+ secHeaderElement.appendChild(appendingChild);
+
+ }
+
/**
* IssuedToken signature
@@ -316,7 +340,7 @@ public class TransportBindingBuilder extends BindingBuilder {
tokenIncluded = true;
}
- Vector sigParts = new Vector();
+ List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
if(this.timestampElement != null){
sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
@@ -334,9 +358,9 @@ public class TransportBindingBuilder extends BindingBuilder {
}
ArrayList headers = signdParts.getHeaders();
- for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
- Header header = (Header) iterator.next();
- WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
+ for (Object signedHeader : headers) {
+ Header header = (Header) signedHeader;
+ WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
header.getNamespace(),
"Content");
sigParts.add(wep);
@@ -354,7 +378,7 @@ public class TransportBindingBuilder extends BindingBuilder {
// Setting the AttachedReference or the UnattachedReference according to the flag
OMElement ref;
- if (tokenIncluded == true) {
+ if (tokenIncluded) {
ref = tok.getAttachedReference();
} else {
ref = tok.getUnattachedReference();
@@ -372,17 +396,24 @@ public class TransportBindingBuilder extends BindingBuilder {
dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength());
dkSign.prepare(doc);
-
+
+ /**
+ * Add <wsc:DerivedKeyToken>..</wsc:DerivedKeyToken> to security
+ * header. We need to add this just after Encrypted Key and just before <Signature>..</Signature>
+ * elements. (As a convention)
+ */
dkSign.appendDKElementToHeader(rmd.getSecHeader());
dkSign.setParts(sigParts);
- dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+ List<Reference> referenceList
+ = dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
//Do signature
- dkSign.computeSignature();
-
- dkSign.appendSigToHeader(rmd.getSecHeader());
+ dkSign.computeSignature(referenceList, false, null);
+
+ // TODO verify before migration - dkSign.appendSigToHeader(rmd.getSecHeader())
+ // this.appendToHeader(rmd.getSecHeader(), dkSign.getSignatureElement());
return dkSign.getSignatureValue();
@@ -403,8 +434,7 @@ public class TransportBindingBuilder extends BindingBuilder {
tokId = tokId.substring(1);
}
sig.setCustomTokenId(tokId);
- sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS +
- WSConstants.SAML_ASSERTION_ID);
+ sig.setCustomTokenValueType(RampartUtil.getSAML10AssertionNamespace());
sig.setSecretKey(tok.getSecret());
sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
@@ -414,10 +444,11 @@ public class TransportBindingBuilder extends BindingBuilder {
rmd.getSecHeader());
sig.setParts(sigParts);
- sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+ List<javax.xml.crypto.dsig.Reference> referenceList
+ = sig.addReferencesToSign(sigParts, rmd.getSecHeader());
//Do signature
- sig.computeSignature();
+ sig.computeSignature(referenceList);
//Add elements to header
this.setInsertionLocation(RampartUtil.insertSiblingAfter(
@@ -464,7 +495,7 @@ public class TransportBindingBuilder extends BindingBuilder {
tokenIncluded = true;
}
- Vector sigParts = new Vector();
+ List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
if(this.timestampElement != null){
sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
@@ -482,9 +513,9 @@ public class TransportBindingBuilder extends BindingBuilder {
}
ArrayList headers = signdParts.getHeaders();
- for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
- Header header = (Header) iterator.next();
- WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
+ for (Object objectHeader : headers) {
+ Header header = (Header) objectHeader;
+ WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
header.getNamespace(),
"Content");
sigParts.add(wep);
@@ -502,7 +533,7 @@ public class TransportBindingBuilder extends BindingBuilder {
// Setting the AttachedReference or the UnattachedReference according to the flag
OMElement ref;
- if (tokenIncluded == true) {
+ if (tokenIncluded) {
ref = tok.getAttachedReference();
} else {
ref = tok.getUnattachedReference();
@@ -520,18 +551,24 @@ public class TransportBindingBuilder extends BindingBuilder {
dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength());
dkSign.prepare(doc);
-
+
+ /**
+ * Add <wsc:DerivedKeyToken>..</wsc:DerivedKeyToken> to security
+ * header. We need to add this just after Encrypted Key and just before <Signature>..</Signature>
+ * elements. (As a convention)
+ */
dkSign.appendDKElementToHeader(rmd.getSecHeader());
dkSign.setParts(sigParts);
- dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+ List<Reference> referenceList
+ = dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
//Do signature
- dkSign.computeSignature();
-
- dkSign.appendSigToHeader(rmd.getSecHeader());
-
+ dkSign.computeSignature(referenceList, false, null);
+
+ //this.appendToHeader(rmd.getSecHeader(), dkSign.getSignatureElement());
+
return dkSign.getSignatureValue();
} catch (ConversationException e) {
@@ -547,8 +584,7 @@ public class TransportBindingBuilder extends BindingBuilder {
WSSecSignature sig = new WSSecSignature();
sig.setWsConfig(rmd.getConfig());
sig.setCustomTokenId(tok.getId().substring(1));
- sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS +
- WSConstants.SAML_ASSERTION_ID);
+ sig.setCustomTokenValueType(RampartUtil.getSAML10AssertionNamespace());
sig.setSecretKey(tok.getSecret());
sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
@@ -558,16 +594,14 @@ public class TransportBindingBuilder extends BindingBuilder {
rmd.getSecHeader());
sig.setParts(sigParts);
- sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+ List<Reference> referenceList
+ = sig.addReferencesToSign(sigParts, rmd.getSecHeader());
//Do signature
- sig.computeSignature();
+ sig.computeSignature(referenceList, false, this.getInsertionLocation());
//Add elements to header
- this.setInsertionLocation(RampartUtil.insertSiblingAfter(
- rmd,
- this.getInsertionLocation(),
- sig.getSignatureElement()));
+ this.setInsertionLocation(sig.getSignatureElement());
return sig.getSignatureValue();
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
index cdbbc4a..8e188b1 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
@@ -78,7 +78,9 @@ cannotValidateTimestamp = The timestamp could not be validated
trustVerificationError = The certificate used for the signature is not trusted
cannotFindAliasForCert = Could not get alias for certificate with {0}
noCertForAlias = Could not get certificates for alias {0}
+noCertForSubject = Could not get certificates for subject {0}
certPathVerificationFailed = Certificate path verification failed for certificate with subject
+noCertificatesForIssuer = No certificates were found for issuer \"{0}\" and issuer serial number \"{1}\"
#Rampart Results Validation Errors
timestampMissing = Missing Timestamp
@@ -100,4 +102,5 @@ requiredElementsMissing = Required Elements not found in the incoming message :
repeatingNonceValue = Nonce value : {0}, already seen before for user name : {1}. Possibly this could be a replay attack.
invalidNonceLifeTime = Invalid value for nonceLifeTime in rampart configuration file.
invalidIssuerAddress = Invalid value for Issuer
-invalidSignatureAlgo=Invalid signature algorithm for Asymmetric binding
\ No newline at end of file
+invalidSignatureAlgo=Invalid signature algorithm for Asymmetric binding
+
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/CertificateValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/CertificateValidator.java
new file mode 100644
index 0000000..4932e6e
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/CertificateValidator.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.validate.SignatureTrustValidator;
+
+import java.security.cert.X509Certificate;
+
+/**
+ * Validates the certificate in a signature.
+ */
+public class CertificateValidator extends SignatureTrustValidator {
+
+ CertificateValidator() {
+
+ }
+
+ /**
+ * Checks the validity of the given certificate. For more info see SignatureTrustValidator.verifyTrustInCert.
+ * @param certificate Certificate to be validated.
+ * @param signatureCrypto Signature crypto instance.
+ * @return true if certificate used in signature is valid. False if it is not valid.
+ * @throws WSSecurityException If an error occurred while trying to access Crypto and Certificate properties.
+ */
+ boolean validateCertificate(X509Certificate certificate, Crypto signatureCrypto) throws WSSecurityException {
+ return verifyTrustInCert(certificate, signatureCrypto, false);
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
index e4e83dd..781cf37 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
@@ -36,10 +36,10 @@ import org.apache.ws.secpolicy.model.Binding;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
import java.util.Iterator;
import java.util.List;
-import java.util.Vector;
/**
* Handler to verify the message security after dispatch
@@ -173,7 +173,7 @@ public class PostDispatchVerificationHandler implements Handler {
if(msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
throw new AxisFault("InvalidSecurity");
} else {
- if(((Vector)msgContext.getProperty(WSHandlerConstants.RECV_RESULTS)).size() == 0) {
+ if(((List<WSHandlerResult>)msgContext.getProperty(WSHandlerConstants.RECV_RESULTS)).size() == 0) {
throw new AxisFault("InvalidSecurity");
}
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
index 9525fcf..857be9d 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
@@ -34,6 +34,7 @@ import org.apache.rampart.RampartEngine;
import org.apache.rampart.RampartException;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
@@ -41,7 +42,6 @@ import org.apache.ws.security.handler.WSHandlerResult;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import java.util.Vector;
import javax.xml.namespace.QName;
@@ -87,7 +87,7 @@ public class RampartReceiver implements Handler {
}
RampartEngine engine = new RampartEngine();
- Vector wsResult = null;
+ List<WSSecurityEngineResult> wsResult = null;
try {
wsResult = engine.process(msgContext);
@@ -103,10 +103,10 @@ public class RampartReceiver implements Handler {
return InvocationResponse.CONTINUE;
}
- Vector results = null;
- if ((results = (Vector) msgContext
+ List<WSHandlerResult> results = null;
+ if ((results = (List<WSHandlerResult>) msgContext
.getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
- results = new Vector();
+ results = new ArrayList<WSHandlerResult>();
msgContext.setProperty(WSHandlerConstants.RECV_RESULTS, results);
}
WSHandlerResult rResult = new WSHandlerResult("", wsResult);
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java
index e0dbe00..86280a4 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java
@@ -32,10 +32,8 @@ import org.apache.commons.logging.LogFactory;
import org.apache.rampart.RampartConstants;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.HandlerParameterDecoder;
-import org.apache.ws.security.SOAPConstants;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.WSSecurityException;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.security.*;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
@@ -47,8 +45,9 @@ import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
import java.util.Iterator;
-import java.util.Vector;
+import java.util.List;
/**
* @deprecated
@@ -114,6 +113,9 @@ public class WSDoAllReceiver extends WSDoAllHandler {
throw new AxisFault("Configuration error", e);
}
+ // Retrieves signature crypto and set it to decryption crypto
+ RampartUtil.setDecryptionCrypto(msgContext);
+
reqData.setMsgContext(msgContext);
if (((getOption(WSSHandlerConstants.INFLOW_SECURITY)) == null) &&
@@ -131,7 +133,7 @@ public class WSDoAllReceiver extends WSDoAllHandler {
}
}
- Vector actions = new Vector();
+ List<java.lang.Integer> actions = new ArrayList<Integer>();
String action = null;
if ((action = (String) getOption(WSSHandlerConstants.ACTION_ITEMS)) == null) {
action = (String) getProperty(msgContext,
@@ -172,7 +174,7 @@ public class WSDoAllReceiver extends WSDoAllHandler {
*/
CallbackHandler cbHandler = null;
if ((doAction & (WSConstants.ENCR | WSConstants.UT)) != 0) {
- cbHandler = getPasswordCB(reqData);
+ cbHandler = getPasswordCallbackHandler(reqData);
}
// Copy the WSHandlerConstants.SEND_SIGV over to the new message
@@ -206,7 +208,7 @@ public class WSDoAllReceiver extends WSDoAllHandler {
doReceiverAction(doAction, reqData);
- Vector wsResult = null;
+ List<WSSecurityEngineResult> wsResult = null;
try {
wsResult = secEngine.processSecurityHeader(doc, actor, cbHandler,
reqData.getSigCrypto(), reqData.getDecCrypto());
@@ -280,15 +282,17 @@ public class WSDoAllReceiver extends WSDoAllHandler {
* implementations with other validation algorithms for subclasses.
*/
- // Extract the signature action result from the action vector
+ // Extract the signature action result from the action list
WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
wsResult, WSConstants.SIGN);
if (actionResult != null) {
- X509Certificate returnCert = actionResult.getCertificate();
+ X509Certificate returnCert = (X509Certificate)actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
if (returnCert != null) {
- if (!verifyTrust(returnCert, reqData)) {
+ CertificateValidator certificateValidator = new CertificateValidator();
+
+ if (!certificateValidator.validateCertificate(returnCert, reqData.getSigCrypto())) {
throw new AxisFault(
"WSDoAllReceiver: The certificate used for the signature is not trusted");
}
@@ -305,12 +309,12 @@ public class WSDoAllReceiver extends WSDoAllHandler {
* implementations with other validation algorithms for subclasses.
*/
- // Extract the timestamp action result from the action vector
+ // Extract the timestamp action result from the action list
actionResult = WSSecurityUtil.fetchActionResult(wsResult,
WSConstants.TS);
if (actionResult != null) {
- Timestamp timestamp = actionResult.getTimestamp();
+ Timestamp timestamp = (Timestamp)actionResult.get(WSSecurityEngineResult.TAG_TIMESTAMP);
if (timestamp != null) {
String ttl = null;
@@ -330,7 +334,8 @@ public class WSDoAllReceiver extends WSDoAllHandler {
ttl_i = reqData.getTimeToLive();
}
- if (!verifyTimestamp(timestamp, ttl_i)) {
+ // TODO configure future time to live
+ if (!timestamp.verifyCreated(ttl_i, 60)) {
throw new AxisFault(
"WSDoAllReceiver: The timestamp could not be validated");
}
@@ -351,10 +356,10 @@ public class WSDoAllReceiver extends WSDoAllHandler {
* DoAllSender will use this in certain situations such as:
* USE_REQ_SIG_CERT to encrypt
*/
- Vector results = null;
- if ((results = (Vector) getProperty(msgContext,
+ List<WSHandlerResult> results = null;
+ if ((results = (List<WSHandlerResult>) getProperty(msgContext,
WSHandlerConstants.RECV_RESULTS)) == null) {
- results = new Vector();
+ results = new ArrayList<WSHandlerResult>();
msgContext.setProperty(WSHandlerConstants.RECV_RESULTS, results);
}
WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
index a932aa9..28e57d5 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
@@ -28,6 +28,7 @@ import org.apache.rampart.RampartConstants;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.HandlerParameterDecoder;
import org.apache.rampart.util.MessageOptimizer;
+import org.apache.rampart.util.RampartUtil;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
@@ -35,7 +36,8 @@ import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
-import java.util.Vector;
+import java.util.ArrayList;
+import java.util.List;
/**
* @deprecated
@@ -44,12 +46,17 @@ public class WSDoAllSender extends WSDoAllHandler {
private static final Log log = LogFactory.getLog(WSDoAllSender.class);
private static Log mlog = LogFactory.getLog(RampartConstants.MESSAGE_LOG);
+
+ // TODO can we get rid of this ?
+ private static final String SND_SECURITY = "SND_SECURITY";
public WSDoAllSender() {
super();
inHandler = false;
}
+
+
public void processMessage(MessageContext msgContext) throws AxisFault {
@@ -57,8 +64,9 @@ public class WSDoAllSender extends WSDoAllHandler {
WSSHandlerConstants.USE_DOOM);
boolean useDoom = useDoomValue != null
&& Constants.VALUE_TRUE.equalsIgnoreCase(useDoomValue);
-
+
RequestData reqData = new RequestData();
+
try {
//If the msgs are msgs to an STS then use basic WS-Sec
processBasic(msgContext, useDoom, reqData);
@@ -95,6 +103,9 @@ public class WSDoAllSender extends WSDoAllHandler {
} catch (Exception e) {
throw new AxisFault("Configureation error", e);
}
+
+ // If encryption crypto is not already set use signatureCrypto as encryption crypto.
+ RampartUtil.setEncryptionCrypto(msgContext);
if (doDebug) {
log.debug("WSDoAllSender: enter invoke()");
@@ -132,7 +143,7 @@ public class WSDoAllSender extends WSDoAllHandler {
}
}
- Vector actions = new Vector();
+ List<Integer> actions = new ArrayList<Integer>();
String action = null;
if ((action = (String) getOption(WSSHandlerConstants.ACTION_ITEMS)) == null) {
action = (String) getProperty(msgContext, WSSHandlerConstants.ACTION_ITEMS);
@@ -189,15 +200,15 @@ public class WSDoAllSender extends WSDoAllHandler {
* a chained handler.
*/
if ((doc = (Document) ((MessageContext)reqData.getMsgContext())
- .getProperty(WSHandlerConstants.SND_SECURITY)) == null) {
+ .getProperty(SND_SECURITY)) == null) {
try {
doc = Axis2Util.getDocumentFromSOAPEnvelope(msgContext.getEnvelope(), useDoom);
} catch (WSSecurityException wssEx) {
throw new AxisFault("WSDoAllReceiver: Error in converting to Document", wssEx);
}
}
-
-
+
+
doSenderAction(doAction, doc, reqData, actions, !msgContext.isServerSide());
/*
@@ -209,7 +220,7 @@ public class WSDoAllSender extends WSDoAllHandler {
*
*/
if (reqData.isNoSerialization()) {
- ((MessageContext)reqData.getMsgContext()).setProperty(WSHandlerConstants.SND_SECURITY,
+ ((MessageContext)reqData.getMsgContext()).setProperty(SND_SECURITY,
doc);
} else {
if(useDoom) {
@@ -217,7 +228,7 @@ public class WSDoAllSender extends WSDoAllHandler {
} else {
msgContext.setEnvelope(Axis2Util.getSOAPEnvelopeFromDOMDocument(doc, useDoom));
}
- ((MessageContext)reqData.getMsgContext()).setProperty(WSHandlerConstants.SND_SECURITY, null);
+ ((MessageContext)reqData.getMsgContext()).setProperty(SND_SECURITY, null);
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java
index 61d8df5..147c114 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java
@@ -177,5 +177,26 @@ public class InflowConfiguration {
return (String) this.action
.get(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
}
+
+ /**
+ * This will set whether request or response evaluation should adhere to "Basic Security Profile"
+ * @param value true if evaluation should adhere to "Basic Security Profile" else false. Default is true.
+ */
+ public void setBSPCompliant(boolean value) {
+ this.action.put(
+ WSHandlerConstants.IS_BSP_COMPLIANT, value?"true":"false");
+ }
+
+
+ /**
+ * Gets whether security processing is configured to handle BSP compliant manner.
+ * "true" or "false"
+ * @return Returns "true" or "false".
+ */
+ public String getBSPCompliant() {
+ return (String) this.action
+ .get(WSHandlerConstants.IS_BSP_COMPLIANT);
+ }
+
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java
index 0fe5212..12d41cd 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java
@@ -583,6 +583,27 @@ public class OutflowConfiguration {
return (String) this.actionList[this.currentAction]
.get(WSSHandlerConstants.PRESERVE_ORIGINAL_ENV);
}
+
+ /**
+ * This will set whether request or response evaluation should adhere to "Basic Security Profile"
+ * @param value true if evaluation should adhere to "Basic Security Profile" else false. Default is true.
+ */
+ public void setBSPCompliant(boolean value) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.IS_BSP_COMPLIANT, value?"true":"false");
+ }
+
+
+ /**
+ * Gets whether security processing is configured to handle BSP compliant manner.
+ * "true" or "false"
+ * @return Returns "true" or "false".
+ */
+ public String getBSPCompliant() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.IS_BSP_COMPLIANT);
+ }
+
public void setSignAllHeadersAndBody() {
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
index 890d644..0281dd1 100755
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
@@ -32,7 +32,9 @@ import org.apache.ws.secpolicy.model.Wss10;
import org.apache.ws.secpolicy.model.Wss11;
import org.apache.ws.security.WSEncryptionPart;
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.List;
import java.util.Vector;
public class RampartPolicyData {
@@ -112,18 +114,19 @@ public class RampartPolicyData {
private boolean signAllHeaders;
- private Vector signedParts = new Vector();
+ private List<WSEncryptionPart> signedParts = new ArrayList<WSEncryptionPart>();
- private Vector signedElements = new Vector();
+ private List<String> signedElements = new ArrayList<String>();
- private Vector encryptedParts = new Vector();
+ private List<WSEncryptionPart> encryptedParts = new ArrayList<WSEncryptionPart>();
- private Vector encryptedElements = new Vector();
+ private List<String> encryptedElements = new ArrayList<String>();
- private Vector requiredElements = new Vector();
-
- private Vector contentEncryptedElements = new Vector();
+ private List<String> requiredElements = new ArrayList<String>();
+ private List<String> contentEncryptedElements = new ArrayList<String>();
+
+ //TODO make this strongly type attribute
private HashMap declaredNamespaces = new HashMap();
/*
@@ -153,19 +156,19 @@ public class RampartPolicyData {
private Trust10 trust10;
- private HashMap supportingTokensIdMap;
- private HashMap signedSupportingTokensIdMap;
- private HashMap endorsingSupportingTokensIdMap;
- private HashMap signedEndorsingSupportingTokensIdMap;
+ private HashMap<Token,String> supportingTokensIdMap;
+ private HashMap<Token,String> signedSupportingTokensIdMap;
+ private HashMap<Token,String> endorsingSupportingTokensIdMap;
+ private HashMap<Token,String> signedEndorsingSupportingTokensIdMap;
private Wss10 wss10;
private Wss11 wss11;
private Policy issuerPolicy;
- private Vector supportingPolicyData = new Vector();
+ private List<SupportingPolicyData> supportingPolicyData = new ArrayList<SupportingPolicyData>();
- private Vector supportingTokens = new Vector();
+ private List<SupportingToken> supportingTokens = new ArrayList<SupportingToken>();
@@ -177,7 +180,7 @@ public class RampartPolicyData {
this.webServiceSecurityPolicyNS = webServiceSecurityPolicyNS;
}
- public Vector getSupportingPolicyData() {
+ public List<SupportingPolicyData> getSupportingPolicyData() {
return supportingPolicyData;
}
@@ -363,7 +366,7 @@ public class RampartPolicyData {
/**
* @return Returns the encryptedElements.
*/
- public Vector getEncryptedElements() {
+ public List<String> getEncryptedElements() {
return encryptedElements;
}
@@ -379,13 +382,12 @@ public class RampartPolicyData {
/**
* @return Returns the requiredElements.
*/
- public Vector getRequiredElements() {
+ public List<String> getRequiredElements() {
return requiredElements;
}
/**
- * @param requiredElements
- * The Required Element (XPath) to set.
+ * @param reqElement The Required Element (XPath) to set.
*/
public void setRequiredElements(String reqElement) {
requiredElements.add(reqElement);
@@ -394,7 +396,7 @@ public class RampartPolicyData {
/**
* @return Returns the contentEncryptedElements.
*/
- public Vector getContentEncryptedElements() {
+ public List<String> getContentEncryptedElements() {
return contentEncryptedElements;
}
@@ -410,7 +412,7 @@ public class RampartPolicyData {
/**
* @return Returns the encryptedParts.
*/
- public Vector getEncryptedParts() {
+ public List<WSEncryptionPart> getEncryptedParts() {
return encryptedParts;
}
@@ -506,7 +508,7 @@ public class RampartPolicyData {
/**
* @return Returns the signedElements.
*/
- public Vector getSignedElements() {
+ public List<String> getSignedElements() {
return signedElements;
}
@@ -522,7 +524,7 @@ public class RampartPolicyData {
/**
* @return Returns the signedParts.
*/
- public Vector getSignedParts() {
+ public List<WSEncryptionPart> getSignedParts() {
return signedParts;
}
@@ -551,7 +553,7 @@ public class RampartPolicyData {
signedParts.add(part);
}
- public void setSignedParts(Vector signedParts) {
+ public void setSignedParts(List<WSEncryptionPart> signedParts) {
this.signedParts = signedParts;
}
@@ -726,13 +728,13 @@ public class RampartPolicyData {
/**
* @return Returns the supportingTokenList.
*/
- public Vector getSupportingTokensList() {
+ public List<SupportingToken> getSupportingTokensList() {
return supportingTokens;
}
public SupportingToken getSupportingTokens() {
if (supportingTokens.size() > 0) {
- return (SupportingToken) supportingTokens.get(0);
+ return supportingTokens.get(0);
} else {
return null;
}
@@ -837,32 +839,32 @@ public class RampartPolicyData {
*/
public void setSupporttingtokenId(Token token, String id, int type) throws RampartException {
- HashMap tokenMap = null;
+ HashMap<Token,String> tokenMap = null;
switch (type) {
case SPConstants.SUPPORTING_TOKEN_SUPPORTING:
if(this.supportingTokensIdMap == null) {
- this.supportingTokensIdMap = new HashMap();
+ this.supportingTokensIdMap = new HashMap<Token,String>();
}
tokenMap = this.supportingTokensIdMap;
break;
case SPConstants.SUPPORTING_TOKEN_SIGNED:
if(this.signedSupportingTokensIdMap == null) {
- this.signedSupportingTokensIdMap = new HashMap();
+ this.signedSupportingTokensIdMap = new HashMap<Token,String>();
}
tokenMap = this.signedSupportingTokensIdMap;
break;
case SPConstants.SUPPORTING_TOKEN_ENDORSING:
if(this.endorsingSupportingTokensIdMap == null) {
- this.endorsingSupportingTokensIdMap = new HashMap();
+ this.endorsingSupportingTokensIdMap = new HashMap<Token,String>();
}
tokenMap = this.endorsingSupportingTokensIdMap;
break;
case SPConstants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
if(this.signedEndorsingSupportingTokensIdMap == null) {
- this.signedEndorsingSupportingTokensIdMap = new HashMap();
+ this.signedEndorsingSupportingTokensIdMap = new HashMap<Token,String>();
}
tokenMap = this.signedEndorsingSupportingTokensIdMap;
break;
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
index 98ef8af..e743883 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
@@ -16,10 +16,7 @@
package org.apache.rampart.policy.model;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Vector;
+import java.util.*;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
@@ -41,11 +38,11 @@ public class OptimizePartsConfig implements Assertion{
public final static String PREFIX_ATTR = "prefix";
private Map namespaces = null;
- private Vector expressions = null;
+ private List<String> expressions = null;
public OptimizePartsConfig(){
namespaces = new HashMap();
- expressions = new Vector();
+ expressions = new ArrayList<String>();
}
public void addExpression(String expression){
@@ -56,7 +53,7 @@ public class OptimizePartsConfig implements Assertion{
namespaces.put(prefix, ns);
}
- public Vector getExpressions() {
+ public List<String> getExpressions() {
return expressions;
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java
index 1c3943d..27710b1 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java
@@ -21,8 +21,10 @@ import org.apache.rahas.RahasConstants;
import org.apache.rahas.TrustException;
import org.apache.rahas.impl.util.SAMLUtils;
import org.apache.rampart.TokenCallbackHandler;
+import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.saml.SAMLKeyInfo;
import org.apache.ws.security.saml.SAMLUtil;
import org.opensaml.saml1.core.Assertion;
@@ -68,9 +70,15 @@ public class SAML1AssertionHandler extends SAMLAssertionHandler{
public byte[] getAssertionKeyInfoSecret(Crypto signatureCrypto, TokenCallbackHandler tokenCallbackHandler)
throws WSSecurityException {
+ RequestData requestData = new RequestData();
+ requestData.setCallbackHandler(tokenCallbackHandler);
+ requestData.setSigCrypto(signatureCrypto);
+
+ WSDocInfo docInfo = new WSDocInfo(assertion.getDOM().getOwnerDocument()); // TODO Improve ..
+
// TODO change this to use SAMLAssertion parameter once wss4j conversion is done ....
- SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(assertion.getDOM(),
- signatureCrypto, tokenCallbackHandler);
+ SAMLKeyInfo samlKi = SAMLUtil.getCredentialFromSubject(assertion,
+ requestData, docInfo, true);
return samlKi.getSecret();
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
index 37e87fd..5b80c02 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
@@ -31,7 +31,6 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
-import java.util.Vector;
/**
* Utility class to handle MTOM-Optimizing Base64 Text values
@@ -40,7 +39,7 @@ public class MessageOptimizer {
private static final String CIPHER_ELEMENT = "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue";
- public static void optimize(SOAPEnvelope env, Vector expressions, Map namespaces) throws RampartException {
+ public static void optimize(SOAPEnvelope env, List<String> expressions, Map namespaces) throws RampartException {
SimpleNamespaceContext nsCtx = new SimpleNamespaceContext();
nsCtx.addNamespace(WSConstants.ENC_PREFIX,WSConstants.ENC_NS);
@@ -56,18 +55,16 @@ public class MessageOptimizer {
}
try {
- for(int i=0; i<expressions.size(); i++){
- String exp = (String)expressions.get(i);
- XPath xp = new AXIOMXPath(exp);
- xp.setNamespaceContext(nsCtx);
- List list = xp.selectNodes(env);
- Iterator elements = list.iterator();
- while (elements.hasNext()) {
- OMElement element = (OMElement) elements.next();
- OMText text = (OMText)element.getFirstOMChild();
- text.setOptimize(true);
- }
- }
+ for (String exp : expressions) {
+ XPath xp = new AXIOMXPath(exp);
+ xp.setNamespaceContext(nsCtx);
+ List list = xp.selectNodes(env);
+ for (Object aList : list) {
+ OMElement element = (OMElement) aList;
+ OMText text = (OMText) element.getFirstOMChild();
+ text.setOptimize(true);
+ }
+ }
} catch (JaxenException e) {
throw new RampartException("Error in XPath ", e);
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
index bff27cf..cf5c929 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
@@ -240,12 +240,8 @@ public class RampartUtil {
}
return null;
-
-
}
-
-
-
+
/**
* Perform a callback to get a password.
* <p/>
@@ -331,7 +327,8 @@ public class RampartUtil {
if (crypto == null) {
// cache miss
- crypto = CryptoFactory.getInstance(prop, loader);
+ crypto = createCrypto(prop, loader);
+
if (cryptoKey != null) {
// Crypto caching is enabled - cache the Crypto object
cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
@@ -343,6 +340,16 @@ public class RampartUtil {
}
return crypto;
}
+
+ private static Crypto createCrypto(Properties properties, ClassLoader classLoader) throws RampartException {
+
+ try {
+ return CryptoFactory.getInstance(properties, classLoader);
+ } catch (WSSecurityException e) {
+ log.error("Error loading crypto properties.", e);
+ throw new RampartException("cannotCrateCryptoInstance", e);
+ }
+ }
/**
* Create the <code>Crypto</code> instance for signature using information
@@ -387,7 +394,7 @@ public class RampartUtil {
if (crypto == null) {
// cache miss
- crypto = CryptoFactory.getInstance(prop, loader);
+ crypto = createCrypto(prop, loader);
if (cryptoKey != null) {
// cache enabled - let's cache
cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
@@ -877,10 +884,10 @@ public class RampartUtil {
}
- public static Vector getEncryptedParts(RampartMessageData rmd) {
+ public static List<WSEncryptionPart> getEncryptedParts(RampartMessageData rmd) {
RampartPolicyData rpd = rmd.getPolicyData();
SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
- Vector encryptedPartsElements = getPartsAndElements(false, envelope,
+ List<WSEncryptionPart> encryptedPartsElements = getPartsAndElements(false, envelope,
rpd.isEncryptBody() && !rpd.isEncryptBodyOptional(), rpd
.getEncryptedParts(), rpd.getEncryptedElements(), rpd
.getDeclaredNamespaces());
@@ -888,7 +895,7 @@ public class RampartUtil {
rpd.getContentEncryptedElements(), rpd.getDeclaredNamespaces());
}
- public static Vector getSignedParts(RampartMessageData rmd) {
+ public static List<WSEncryptionPart> getSignedParts(RampartMessageData rmd) {
RampartPolicyData rpd = rmd.getPolicyData();
SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
@@ -909,7 +916,7 @@ public class RampartUtil {
.getSignedElements(), rpd.getDeclaredNamespaces());
}
- public static Vector getSupportingEncryptedParts(RampartMessageData rmd,
+ public static List<WSEncryptionPart> getSupportingEncryptedParts(RampartMessageData rmd,
SupportingPolicyData rpd) {
SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
return getPartsAndElements(false, envelope, rpd.isEncryptBody()
@@ -917,7 +924,7 @@ public class RampartUtil {
.getEncryptedElements(), rpd.getDeclaredNamespaces());
}
- public static Vector getSupportingSignedParts(RampartMessageData rmd,
+ public static List<WSEncryptionPart> getSupportingSignedParts(RampartMessageData rmd,
SupportingPolicyData rpd) {
SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
return getPartsAndElements(true, envelope, rpd.isSignBody()
@@ -927,53 +934,49 @@ public class RampartUtil {
public static Set findAllPrefixNamespaces(OMElement currentElement, HashMap decNamespacess)
{
- Set results = new HashSet();
+ Set<OMNamespace> results = new HashSet<OMNamespace>();
//Find declared namespaces
findPrefixNamespaces(currentElement,results);
//Get all default namespaces
List defaultNamespaces = getDefaultPrefixNamespaces(currentElement.getOMFactory());
- for (Iterator iterator = defaultNamespaces.iterator(); iterator
- .hasNext();) {
- OMNamespace ns = (OMNamespace) iterator.next();
+ for (Object defaultNamespace : defaultNamespaces) {
+ OMNamespace ns = (OMNamespace) defaultNamespace;
results.add(ns);
}
-
- for ( Iterator iterator = decNamespacess.keySet().iterator(); iterator.hasNext();) {
- String prefix = (String) iterator.next();
- String ns = (String) decNamespacess.get(prefix);
- OMFactory omFactory = currentElement.getOMFactory();
- OMNamespace namespace = omFactory.createOMNamespace(ns, prefix);
- results.add(namespace);
-
- }
+
+ for (Object o : decNamespacess.keySet()) {
+ String prefix = (String) o;
+ String ns = (String) decNamespacess.get(prefix);
+ OMFactory omFactory = currentElement.getOMFactory();
+ OMNamespace namespace = omFactory.createOMNamespace(ns, prefix);
+ results.add(namespace);
+
+ }
return results;
}
-
- private static void findPrefixNamespaces(OMElement e, Set results)
- {
-
- Iterator iter = e.getAllDeclaredNamespaces();
-
- if (iter!=null)
- {
- while (iter.hasNext())
- results.add(iter.next());
- }
-
- Iterator children = e.getChildElements();
-
- while (children.hasNext())
- {
- findPrefixNamespaces((OMElement)children.next(), results);
- }
+
+ private static void findPrefixNamespaces(OMElement e, Set<OMNamespace> results) {
+
+ Iterator iterator = e.getAllDeclaredNamespaces();
+
+ if (iterator != null) {
+ while (iterator.hasNext())
+ results.add((OMNamespace)iterator.next());
+ }
+
+ Iterator children = e.getChildElements();
+
+ while (children.hasNext()) {
+ findPrefixNamespaces((OMElement) children.next(), results);
+ }
}
private static List getDefaultPrefixNamespaces(OMFactory factory)
{
- List namespaces = new ArrayList();
+ List<OMNamespace> namespaces = new ArrayList<OMNamespace>();
// put default namespaces here (sp, soapenv, wsu, etc...)
namespaces.add(factory.createOMNamespace(WSConstants.ENC_NS, WSConstants.ENC_PREFIX));
@@ -985,72 +988,119 @@ public class RampartUtil {
}
- public static Vector getContentEncryptedElements (Vector encryptedPartsElements, SOAPEnvelope envelope,Vector elements, HashMap decNamespaces ) {
+ public static List<WSEncryptionPart> getContentEncryptedElements (List<WSEncryptionPart> encryptedPartsElements,
+ SOAPEnvelope envelope,List<String> elements, HashMap decNamespaces ) {
Set namespaces = findAllPrefixNamespaces(envelope, decNamespaces);
-
- Iterator elementsIter = elements.iterator();
- while (elementsIter.hasNext())
- {
- String expression = (String)elementsIter.next();
- try {
- XPath xp = new AXIOMXPath(expression);
- Iterator nsIter = namespaces.iterator();
-
- while (nsIter.hasNext())
- {
- OMNamespace tmpNs = (OMNamespace)nsIter.next();
- xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
- }
-
- List selectedNodes = xp.selectNodes(envelope);
-
- Iterator nodesIter = selectedNodes.iterator();
-
- while (nodesIter.hasNext())
- {
- OMElement e = (OMElement)nodesIter.next();
-
- String localName = e.getLocalName();
- String namespace = e.getNamespace() != null ? e.getNamespace().getNamespaceURI() : null;
-
- WSEncryptionPart encryptedElem = new WSEncryptionPart(localName, namespace,
- "Content", WSConstants.PART_TYPE_ELEMENT);
-
- encryptedElem.setXpath(expression);
- OMAttribute wsuId = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
-
- if ( wsuId != null ) {
- encryptedElem.setEncId(wsuId.getAttributeValue());
- }
-
- encryptedPartsElements.add(encryptedElem);
-
- }
-
- } catch (JaxenException e) {
- // This has to be changed to propagate an instance of a RampartException up
- throw new RuntimeException(e);
- }
+
+ for (String expression : elements) {
+ try {
+ XPath xp = new AXIOMXPath(expression);
+
+ for (Object objectNamespace : namespaces) {
+ OMNamespace tmpNs = (OMNamespace) objectNamespace;
+ xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
+ }
+
+ List selectedNodes = xp.selectNodes(envelope);
+
+ for (Object selectedNode : selectedNodes) {
+ OMElement e = (OMElement) selectedNode;
+
+ String localName = e.getLocalName();
+ String namespace = e.getNamespace() != null ? e.getNamespace().getNamespaceURI() : null;
+
+ OMAttribute wsuIdAttribute = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+
+ String wsuId = null;
+ if (wsuIdAttribute != null) {
+ wsuId = wsuIdAttribute.getAttributeValue();
+ }
+
+ encryptedPartsElements.add(createEncryptionPart(localName,
+ wsuId, namespace, "Content", expression));
+
+ }
+
+ } catch (JaxenException e) {
+ // This has to be changed to propagate an instance of a RampartException up
+ throw new RuntimeException(e);
+ }
}
return encryptedPartsElements;
}
+
+
+ /**
+ * Creates an Encryption or Signature paert with given name and id. Name must not be null.
+ * @param name The name of the part
+ * @param id The id of the part.
+ * @return WSEncryptionPart.
+ */
+ public static WSEncryptionPart createEncryptionPart (String name, String id) {
+
+ return createEncryptionPart(name, id, null, null, null);
+ }
+
+ /**
+ * Creates an encryption part. Could be a part or could be an element pointed through xpath expression.
+ * @param name Name of the element.
+ * @param id The id of the element
+ * @param namespace Namespace of the element.
+ * @param modifier Modifier "Content" or "Element"
+ * @return A WSEncryptionPart
+ */
+ public static WSEncryptionPart createEncryptionPart(String name, String id,
+ String namespace, String modifier) {
+
+ return createEncryptionPart(name, id, namespace, modifier, null);
+ }
+
+ /**
+ * Creates an encryption part. Could be a part or could be an element pointed through xpath expression.
+ * @param name Name of the element.
+ * @param id The id of the element
+ * @param namespace Namespace of the element.
+ * @param modifier Modifier "Content" or "Element"
+ * @param xPath The xPath expression
+ * @return A WSEncryptionPart
+ */
+ public static WSEncryptionPart createEncryptionPart(String name, String id,
+ String namespace, String modifier,String xPath) {
+
+ // The part name must not be null !!
+ assert name != null;
+
+ WSEncryptionPart wsEncryptionPart = new WSEncryptionPart(name, namespace, modifier);
+ wsEncryptionPart.setId(id);
+ wsEncryptionPart.setXpath(xPath);
+
+ return wsEncryptionPart;
+ }
- public static Vector getPartsAndElements(boolean sign, SOAPEnvelope envelope, boolean includeBody, Vector parts, Vector elements, HashMap decNamespaces) {
+ public static List<WSEncryptionPart> getPartsAndElements(boolean sign, SOAPEnvelope envelope, boolean includeBody,
+ List<WSEncryptionPart> parts, List<String> elements,
+ HashMap decNamespaces) {
- Vector found = new Vector();
- Vector result = new Vector();
+ List<OMElement> found = new ArrayList<OMElement>();
+ List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
// check body
if(includeBody) {
+
+ String wsuId = addWsuIdToElement(envelope.getBody());
+
if( sign ) {
- result.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody()),null,WSConstants.PART_TYPE_BODY));
+ result.add(createEncryptionPart(envelope.getBody().getLocalName(), wsuId,
+ null, null));
} else {
- result.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody()), "Content", WSConstants.PART_TYPE_BODY));
+ result.add(createEncryptionPart(envelope.getBody().getLocalName(), wsuId, null, "Content"));
}
+
+ // TODO can we remove this ?
found.add( envelope.getBody() );
}
@@ -1058,109 +1108,99 @@ public class RampartUtil {
SOAPHeader header = envelope.getHeader();
- for(int i=0; i<parts.size(); i++) {
- WSEncryptionPart wsep = (WSEncryptionPart) parts.get( i );
- if( wsep.getName() == null ) {
+ for (WSEncryptionPart part : parts) {
+ if (part.getName() == null) {
// NO name - search by namespace
- ArrayList headerList = header.getHeaderBlocksWithNSURI( wsep.getNamespace() );
-
- for(int j=0; j<headerList.size(); j++) {
- SOAPHeaderBlock shb = (SOAPHeaderBlock) headerList.get( j );
-
+ ArrayList headerList = header.getHeaderBlocksWithNSURI(part.getNamespace());
+
+ for (Object aHeaderList : headerList) {
+ SOAPHeaderBlock shb = (SOAPHeaderBlock) aHeaderList;
+
// find reference in envelope
- OMElement e = header.getFirstChildWithName( shb.getQName() );
-
- if( ! found.contains( e ) ) {
+ OMElement e = header.getFirstChildWithName(shb.getQName());
+
+ if (!found.contains(e)) {
// found new
- found.add( e );
-
- if( sign ) {
- result.add(new WSEncryptionPart(e.getLocalName(), wsep.getNamespace(), "Content", WSConstants.PART_TYPE_HEADER));
+ found.add(e);
+
+ if (sign) {
+ result.add(createEncryptionPart(e.getLocalName(), null,
+ part.getNamespace(), "Content"));
} else {
-
- WSEncryptionPart encryptedHeader = new WSEncryptionPart(e.getLocalName(), wsep.getNamespace(), "Element", WSConstants.PART_TYPE_HEADER);
- OMAttribute wsuId = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
-
- if ( wsuId != null ) {
- encryptedHeader.setEncId(wsuId.getAttributeValue());
+
+ OMAttribute wsuIdAttribute = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+
+ String wsuId = null;
+ if (wsuIdAttribute != null) {
+ wsuId = wsuIdAttribute.getAttributeValue();
}
-
- result.add(encryptedHeader);
+
+ result.add(createEncryptionPart(e.getLocalName(),wsuId,
+ part.getNamespace(), "Element"));
}
- }
+ }
}
} else {
// try to find
- OMElement e = header.getFirstChildWithName( new QName(wsep.getNamespace(), wsep.getName()) );
- if( e != null ) {
- if( ! found.contains( e ) ) {
+ OMElement e = header.getFirstChildWithName(new QName(part.getNamespace(), part.getName()));
+ if (e != null) {
+ if (!found.contains(e)) {
// found new (reuse wsep)
- found.add( e );
- wsep.setType(WSConstants.PART_TYPE_HEADER);
+ found.add(e);
OMAttribute wsuId = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
-
- if ( wsuId != null ) {
- wsep.setEncId(wsuId.getAttributeValue());
+
+ if (wsuId != null) {
+ part.setEncId(wsuId.getAttributeValue());
}
-
- result.add( wsep );
+
+ result.add(part);
}
- }
- }
+ }
+ }
}
// ?? Search for 'Elements' here
// decide what exactly is going to be used - only the default namespaces, or the list of all declared namespaces in the message !
Set namespaces = findAllPrefixNamespaces(envelope, decNamespaces);
-
- Iterator elementsIter = elements.iterator();
- while (elementsIter.hasNext())
- {
- String expression = (String)elementsIter.next();
- try {
- XPath xp = new AXIOMXPath(expression);
- Iterator nsIter = namespaces.iterator();
-
- while (nsIter.hasNext())
- {
- OMNamespace tmpNs = (OMNamespace)nsIter.next();
- xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
- }
-
- List selectedNodes = xp.selectNodes(envelope);
-
- Iterator nodesIter = selectedNodes.iterator();
- while (nodesIter.hasNext())
- {
- OMElement e = (OMElement)nodesIter.next();
- String localName = e.getLocalName();
+
+ for (String expression : elements) {
+ try {
+ XPath xp = new AXIOMXPath(expression);
+
+ for (Object objectNamespace : namespaces) {
+ OMNamespace tmpNs = (OMNamespace) objectNamespace;
+ xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
+ }
+
+ List selectedNodes = xp.selectNodes(envelope);
+
+ for (Object selectedNode : selectedNodes) {
+ OMElement e = (OMElement) selectedNode;
+ String localName = e.getLocalName();
String namespace = e.getNamespace() != null ? e.getNamespace().getNamespaceURI() : null;
-
- if (sign) {
- WSEncryptionPart encryptedElem = new WSEncryptionPart(localName,namespace, "Content", WSConstants.PART_TYPE_ELEMENT);
- encryptedElem.setXpath(expression);
- result.add(encryptedElem);
+
+ if (sign) {
+
+ result.add(createEncryptionPart(localName, null, namespace, "Content", expression));
} else {
- WSEncryptionPart encryptedElem = new WSEncryptionPart(localName,namespace, "Element", WSConstants.PART_TYPE_ELEMENT);
- encryptedElem.setXpath(expression);
-
- OMAttribute wsuId = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
-
- if ( wsuId != null ) {
- encryptedElem.setEncId(wsuId.getAttributeValue());
- }
-
- result.add(encryptedElem);
- }
- }
-
- } catch (JaxenException e) {
- // This has to be changed to propagate an instance of a RampartException up
- throw new RuntimeException(e);
- }
+ OMAttribute wsuIdAttribute = e.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+
+ String wsuId = null;
+ if (wsuIdAttribute != null) {
+ wsuId = wsuIdAttribute.getAttributeValue();
+ }
+
+ result.add(createEncryptionPart(localName, wsuId, namespace, "Element", expression));
+ }
+ }
+
+ } catch (JaxenException e) {
+ // This has to be changed to propagate an instance of a RampartException up
+ throw new RuntimeException(e);
+ }
}
return result;
@@ -1173,35 +1213,32 @@ public class RampartUtil {
* @param expression XPATH expression of required elements
* @return
*/
- public static boolean checkRequiredElements(SOAPEnvelope envelope, HashMap decNamespaces, String expression ) {
+ public static boolean checkRequiredElements(SOAPEnvelope envelope, HashMap decNamespaces, String expression) {
// The XPath expression must be evaluated against the SOAP header
// http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826519
SOAPHeader header = envelope.getHeader();
-
Set namespaces = findAllPrefixNamespaces(header, decNamespaces);
try {
- XPath xp = new AXIOMXPath(expression);
- Iterator nsIter = namespaces.iterator();
-
- while (nsIter.hasNext())
- {
- OMNamespace tmpNs = (OMNamespace)nsIter.next();
- xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
- }
-
- List selectedNodes = xp.selectNodes(header);
-
- if (selectedNodes.size() == 0 ) {
- return false;
- }
-
+ XPath xp = new AXIOMXPath(expression);
+
+ for (Object namespace : namespaces) {
+ OMNamespace tmpNs = (OMNamespace) namespace;
+ xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
+ }
+
+ List selectedNodes = xp.selectNodes(header);
+
+ if (selectedNodes.size() == 0) {
+ return false;
+ }
+
} catch (JaxenException e) {
- // This has to be changed to propagate an instance of a RampartException up
- throw new RuntimeException(e);
+ // This has to be changed to propagate an instance of a RampartException up
+ throw new RuntimeException(e);
}
-
+
return true;
}
@@ -1289,13 +1326,14 @@ public class RampartUtil {
throw new RampartException("missingEncryptionUser");
}
if(encrUser.equals(WSHandlerConstants.USE_REQ_SIG_CERT)) {
- Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ List<WSHandlerResult> resultsObj
+ = (List<WSHandlerResult>)rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
if(resultsObj != null) {
- encrKeyBuilder.setUseThisCert(getReqSigCert((Vector)resultsObj));
+ encrKeyBuilder.setUseThisCert(getReqSigCert(resultsObj));
//TODO This is a hack, this should not come under USE_REQ_SIG_CERT
if(encrKeyBuilder.isCertSet()) {
- encrKeyBuilder.setUserInfo(getUsername((Vector)resultsObj));
+ encrKeyBuilder.setUserInfo(getUsername(resultsObj));
}
@@ -1363,27 +1401,23 @@ public class RampartUtil {
}
}
- private static X509Certificate getReqSigCert(Vector results) {
+ private static X509Certificate getReqSigCert(List<WSHandlerResult> results) {
/*
* Scan the results for a matching actor. Use results only if the
* receiving Actor and the sending Actor match.
*/
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
+ for (WSHandlerResult result : results) {
- Vector wsSecEngineResults = rResult.getResults();
+ List<WSSecurityEngineResult> wsSecEngineResults = result.getResults();
/*
* Scan the results for the first Signature action. Use the
* certificate of this Signature to set the certificate for the
* encryption action :-).
*/
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
- Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
- if (actInt.intValue() == WSConstants.SIGN) {
- return (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ for (WSSecurityEngineResult wsSecEngineResult : wsSecEngineResults) {
+ Integer actInt = (Integer) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ACTION);
+ if (actInt == WSConstants.SIGN) {
+ return (X509Certificate) wsSecEngineResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
}
}
}
@@ -1392,85 +1426,74 @@ public class RampartUtil {
}
/**
- * Scan through <code>WSHandlerResult<code> vector for a Username token and return
+ * Scan through <code>WSHandlerResult<code> list for a Username token and return
* the username if a Username Token found
* @param results
* @return
*/
- public static String getUsername(Vector results) {
+ public static String getUsername(List<WSHandlerResult> results) {
/*
* Scan the results for a matching actor. Use results only if the
* receiving Actor and the sending Actor match.
*/
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
-
- Vector wsSecEngineResults = rResult.getResults();
- /*
- * Scan the results for a username token. Use the username
- * of this token to set the alias for the encryption user
- */
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
- Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
- if (actInt.intValue() == WSConstants.UT) {
- WSUsernameTokenPrincipal principal = (WSUsernameTokenPrincipal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
- return principal.getName();
- }
- }
- }
+ for (WSHandlerResult result : results) {
+
+ List<WSSecurityEngineResult> wsSecEngineResults = result.getResults();
+ /*
+ * Scan the results for a username token. Use the username
+ * of this token to set the alias for the encryption user
+ */
+ for (WSSecurityEngineResult wsSecEngineResult : wsSecEngineResults) {
+ Integer actInt = (Integer) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ACTION);
+ if (actInt == WSConstants.UT) {
+ WSUsernameTokenPrincipal principal = (WSUsernameTokenPrincipal) wsSecEngineResult.
+ get(WSSecurityEngineResult.TAG_PRINCIPAL);
+ return principal.getName();
+ }
+ }
+ }
return null;
- }
-
- public static String getRequestEncryptedKeyId(Vector results) {
-
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
+ }
+
+ public static String getRequestEncryptedKeyId(List<WSHandlerResult> results) {
- Vector wsSecEngineResults = rResult.getResults();
+ for (WSHandlerResult result : results) {
+
+ List<WSSecurityEngineResult> wsSecEngineResults = result.getResults();
/*
* Scan the results for the first Signature action. Use the
* certificate of this Signature to set the certificate for the
* encryption action :-).
*/
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
- Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
- String encrKeyId = (String)wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID);
- if (actInt.intValue() == WSConstants.ENCR &&
+ for (WSSecurityEngineResult wsSecEngineResult : wsSecEngineResults) {
+ Integer actInt = (Integer) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ACTION);
+ String encrKeyId = (String) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ID);
+ if (actInt == WSConstants.ENCR &&
encrKeyId != null) {
return encrKeyId;
}
}
}
-
+
return null;
}
- public static byte[] getRequestEncryptedKeyValue(Vector results) {
-
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
+ public static byte[] getRequestEncryptedKeyValue(List<WSHandlerResult> results) {
+
+ for (WSHandlerResult result : results) {
- Vector wsSecEngineResults = rResult.getResults();
+ List<WSSecurityEngineResult> wsSecEngineResults = result.getResults();
/*
* Scan the results for the first Signature action. Use the
* certificate of this Signature to set the certificate for the
* encryption action :-).
*/
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
- Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
- byte[] decryptedKey = (byte[])wser.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
- if (actInt.intValue() == WSConstants.ENCR &&
+ for (WSSecurityEngineResult wsSecEngineResult : wsSecEngineResults) {
+ Integer actInt = (Integer) wsSecEngineResult.get(WSSecurityEngineResult.TAG_ACTION);
+ byte[] decryptedKey = (byte[]) wsSecEngineResult.get(WSSecurityEngineResult.TAG_SECRET);
+ if (actInt == WSConstants.ENCR &&
decryptedKey != null) {
return decryptedKey;
}
@@ -1492,47 +1515,47 @@ public class RampartUtil {
*/
public static Element insertSiblingAfterOrPrepend(RampartMessageData rmd, Element child, Element elem) {
Element retElem = null;
- if(child != null){ // child is not null so insert sibling after
- retElem = RampartUtil.insertSiblingAfter(rmd, child, elem);
- }else{ //Prepend
- retElem = prependSecHeader(rmd, elem);
- }
-
- return retElem;
+ if (child != null) { // child is not null so insert sibling after
+ retElem = RampartUtil.insertSiblingAfter(rmd, child, elem);
+ } else { //Prepend
+ retElem = prependSecHeader(rmd, elem);
+ }
+
+ return retElem;
}
-
+
public static Element insertSiblingBeforeOrPrepend(RampartMessageData rmd, Element child, Element elem) {
Element retElem = null;
- if(child != null && child.getPreviousSibling() != null){
- retElem = RampartUtil.insertSiblingBefore(rmd, child, elem);
- }else{ //Prepend
- retElem = prependSecHeader(rmd, elem);
+ if (child != null && child.getPreviousSibling() != null) {
+ retElem = RampartUtil.insertSiblingBefore(rmd, child, elem);
+ } else { //Prepend
+ retElem = prependSecHeader(rmd, elem);
}
-
+
return retElem;
}
-
- private static Element prependSecHeader(RampartMessageData rmd, Element elem){
+
+ private static Element prependSecHeader(RampartMessageData rmd, Element elem) {
Element retElem = null;
-
+
Element secHeaderElem = rmd.getSecHeader().getSecurityHeader();
Node node = secHeaderElem.getOwnerDocument().importNode(
elem, true);
- Element firstElem = (Element)secHeaderElem.getFirstChild();
+ Element firstElem = (Element) secHeaderElem.getFirstChild();
- if(firstElem == null){
- retElem = (Element)secHeaderElem.appendChild(node);
- }else{
- if(firstElem.getOwnerDocument().equals(elem.getOwnerDocument())) {
- ((OMElement)firstElem).insertSiblingBefore((OMElement)elem);
+ if (firstElem == null) {
+ retElem = (Element) secHeaderElem.appendChild(node);
+ } else {
+ if (firstElem.getOwnerDocument().equals(elem.getOwnerDocument())) {
+ ((OMElement) firstElem).insertSiblingBefore((OMElement) elem);
retElem = elem;
- } else {
- Element newSib = (Element)firstElem.getOwnerDocument().importNode(elem, true);
- ((OMElement)firstElem).insertSiblingBefore((OMElement)newSib);
- retElem = newSib;
- }
+ } else {
+ Element newSib = (Element) firstElem.getOwnerDocument().importNode(elem, true);
+ ((OMElement) firstElem).insertSiblingBefore((OMElement) newSib);
+ retElem = newSib;
+ }
}
-
+
return retElem;
}
@@ -1566,10 +1589,9 @@ public class RampartUtil {
if (!initiator && inflow || initiator && !inflow ) {
- Vector supportingToks = rpd.getSupportingTokensList();
- for (int i = 0; i < supportingToks.size(); i++) {
- supportingTokens = (SupportingToken) supportingToks.get(i);
- if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ List<SupportingToken> supportingToks = rpd.getSupportingTokensList();
+ for (SupportingToken supportingTok : supportingToks) {
+ if (supportingTok != null && supportingTok.getTokens().size() != 0) {
return true;
}
}
@@ -1613,50 +1635,52 @@ public class RampartUtil {
return false;
}
-
- public static void handleEncryptedSignedHeaders(Vector encryptedParts, Vector signedParts, Document doc) {
-
+
+ public static void handleEncryptedSignedHeaders(List<WSEncryptionPart> encryptedParts,
+ List<WSEncryptionPart> signedParts, Document doc) {
+
//TODO Is there a more efficient way to do this ? better search algorithm
- for (int i = 0 ; i < signedParts.size() ; i++) {
- WSEncryptionPart signedPart = (WSEncryptionPart)signedParts.get(i);
-
+ for (WSEncryptionPart signedPart : signedParts) {
//This signed part is not a header
if (signedPart.getNamespace() == null || signedPart.getName() == null) {
continue;
}
-
- for (int j = 0 ; j < encryptedParts.size() ; j ++) {
- WSEncryptionPart encryptedPart = (WSEncryptionPart) encryptedParts.get(j);
-
- if (encryptedPart.getNamespace() == null || encryptedPart.getName() == null ) {
+
+ for (WSEncryptionPart encryptedPart : encryptedParts) {
+
+ if (encryptedPart.getNamespace() == null || encryptedPart.getName() == null) {
continue;
}
-
+
if (signedPart.getName().equals(encryptedPart.getName()) &&
signedPart.getNamespace().equals(encryptedPart.getNamespace())) {
-
- String encDataID = encryptedPart.getEncId();
- Element encDataElem = WSSecurityUtil.findElementById(doc.getDocumentElement(), encDataID, null);
-
+
+ String encDataID = encryptedPart.getEncId();
+
+ // TODO Do we need to go through the whole tree to find element by id ? Verify
+ Element encDataElem = WSSecurityUtil.findElementById(doc.getDocumentElement(), encDataID, false);
+
if (encDataElem != null) {
- Element encHeader = (Element)encDataElem.getParentNode();
+ Element encHeader = (Element) encDataElem.getParentNode();
String encHeaderId = encHeader.getAttributeNS(WSConstants.WSU_NS, "Id");
-
+
//For some reason the id might not be available
// so the part/element with empty/null id won't be recognized afterwards.
if (encHeaderId != null && !"".equals(encHeaderId.trim())) {
signedParts.remove(signedPart);
- WSEncryptionPart encHeaderToSign = new WSEncryptionPart(encHeaderId);
- signedParts.add(encHeaderToSign);
+
+ signedParts.add(createEncryptionPart(signedPart.getName(), encHeaderId,
+ signedPart.getNamespace(),
+ signedPart.getEncModifier(), signedPart.getXpath()));
}
-
+
}
}
}
-
-
+
+
}
-
+
}
public static String getSigElementId(RampartMessageData rmd) {
@@ -1700,7 +1724,7 @@ public class RampartUtil {
public static WSSConfig getWSSConfigInstance() {
- WSSConfig defaultWssConfig = WSSConfig.getDefaultWSConfig();
+ WSSConfig defaultWssConfig = WSSConfig.getNewInstance();
WSSConfig wssConfig = WSSConfig.getNewInstance();
wssConfig.setEnableSignatureConfirmation(defaultWssConfig.isEnableSignatureConfirmation());
@@ -1772,5 +1796,105 @@ public class RampartUtil {
}
+ /**
+ * Returns SAML10 Assertion namespace. As follows,
+ * http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
+ * @return SAML10 assertion namespace.
+ */
+ public static String getSAML10AssertionNamespace() {
+
+ StringBuilder stringBuilder = new StringBuilder(WSConstants.SAMLTOKEN_NS);
+ stringBuilder.append("#").append(WSConstants.SAML_ASSERTION_ID);
+
+ return stringBuilder.toString();
+
+ }
+
+ /**
+ * Sets encryption crypto file or crypto reference key to signature crypto file or signature
+ * crypto reference.
+ * @param msgContext The message context to get signature crypto properties and encryption properties
+ * will be set to same message context.
+ */
+ public static void setEncryptionCrypto(MessageContext msgContext) {
+ setEncryptionCryptoFileProperty(msgContext);
+ setEncryptionCryptoReferenceProperty(msgContext);
+ }
+
+ /**
+ * Sets decryption crypto file or crypto reference key to signature crypto file or signature
+ * crypto reference.
+ * @param msgContext The message context to get signature crypto properties and decryption properties
+ * will be set to same message context.
+ */
+ public static void setDecryptionCrypto(MessageContext msgContext) {
+ setDecryptionCryptoFileProperty(msgContext);
+ setDecryptionCryptoReferenceProperty(msgContext);
+ }
+
+ /**
+ * Sets encryption crypto property reference id.- WSHandlerConstants.ENC_PROP_REF_ID
+ * @param msgContext The message context.
+ */
+ private static void setEncryptionCryptoReferenceProperty (MessageContext msgContext) {
+ setCryptoProperty(msgContext, WSHandlerConstants.SIG_PROP_REF_ID, WSHandlerConstants.ENC_PROP_REF_ID);
+ }
+
+ /**
+ * Sets encryption crypto property file.- WSHandlerConstants.DEC_PROP_REF_ID
+ * @param msgContext The message context.
+ */
+ private static void setDecryptionCryptoReferenceProperty (MessageContext msgContext) {
+ setCryptoProperty(msgContext, WSHandlerConstants.SIG_PROP_REF_ID, WSHandlerConstants.DEC_PROP_REF_ID);
+ }
+
+ /**
+ * Sets encryption crypto property file.- WSHandlerConstants.ENC_PROP_FILE
+ * @param msgContext The message context.
+ */
+ private static void setEncryptionCryptoFileProperty (MessageContext msgContext) {
+ setCryptoProperty(msgContext, WSHandlerConstants.SIG_PROP_FILE, WSHandlerConstants.ENC_PROP_FILE);
+ }
+
+ /**
+ * Sets encryption crypto property file.- WSHandlerConstants.DEC_PROP_FILE
+ * @param msgContext The message context.
+ */
+ private static void setDecryptionCryptoFileProperty (MessageContext msgContext) {
+ setCryptoProperty(msgContext, WSHandlerConstants.SIG_PROP_FILE, WSHandlerConstants.DEC_PROP_FILE);
+ }
+
+ private static void setCryptoProperty(MessageContext msgContext, String signaturePropertyName,
+ String cryptoPropertyName){
+
+ /**
+ * Encryption Crypto is loaded using WSHandlerConstants.ENC_PROP_FILE. If this is not
+ * set in the message context set WSHandlerConstants.SIG_PROP_FILE as WSHandlerConstants.ENC_PROP_FILE.
+ */
+ if (msgContext.getProperty(cryptoPropertyName) == null) {
+
+
+ String signaturePropertyFile = (String)msgContext.getProperty(signaturePropertyName);
+
+ if (signaturePropertyFile == null) {
+
+ if (log.isDebugEnabled()) {
+ log.debug("Signature crypto property file is not set. Property file key - "
+ + WSHandlerConstants.SIG_PROP_FILE);
+ }
+ } else {
+ msgContext.setProperty(cryptoPropertyName, signaturePropertyFile);
+ }
+ }
+ }
+
+ /**
+ * Returns true if needed to encrypt first.
+ * @param rpd Rampart policy data
+ * @return true if policy says we need to encrypt first else false.
+ */
+ public static boolean encryptFirst(RampartPolicyData rpd) {
+ return SPConstants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder());
+ }
}
diff --git a/modules/rampart-integration/src/main/java/org/apache/rahas/PWCallback.java b/modules/rampart-integration/src/main/java/org/apache/rahas/PWCallback.java
index 6ec7792..ee636bb 100755
--- a/modules/rampart-integration/src/main/java/org/apache/rahas/PWCallback.java
+++ b/modules/rampart-integration/src/main/java/org/apache/rahas/PWCallback.java
@@ -114,13 +114,13 @@ public class PWCallback implements CallbackHandler {
if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
- if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+ if(pc.getIdentifier().equals("Ron") && pc.getPassword().equals("noR")) {
return;
}
- if(pc.getIdentifer().equals("joe") && pc.getPassword().equals("eoj")) {
+ if(pc.getIdentifier().equals("joe") && pc.getPassword().equals("eoj")) {
return;
@@ -154,23 +154,23 @@ public class PWCallback implements CallbackHandler {
pc.setKey(key);
- } else if(pc.getIdentifer().equals("alice")) {
+ } else if(pc.getIdentifier().equals("alice")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("bob")) {
+ } else if(pc.getIdentifier().equals("bob")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("Ron")) {
+ } else if(pc.getIdentifier().equals("Ron")) {
pc.setPassword("noR");
- } else if(pc.getIdentifer().equals("joe")) {
+ } else if(pc.getIdentifier().equals("joe")) {
pc.setPassword("eoj");
- } else if(pc.getIdentifer().equals("ip")) {
+ } else if(pc.getIdentifier().equals("ip")) {
pc.setPassword("password");
diff --git a/modules/rampart-integration/src/main/java/org/apache/rampart/PWCallback.java b/modules/rampart-integration/src/main/java/org/apache/rampart/PWCallback.java
index 7b82942..73e3534 100644
--- a/modules/rampart-integration/src/main/java/org/apache/rampart/PWCallback.java
+++ b/modules/rampart-integration/src/main/java/org/apache/rampart/PWCallback.java
@@ -108,13 +108,13 @@ public class PWCallback implements CallbackHandler {
if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
- if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+ if(pc.getIdentifier().equals("Ron") && pc.getPassword().equals("noR")) {
return;
}
- if(pc.getIdentifer().equals("joe") && pc.getPassword().equals("eoj")) {
+ if(pc.getIdentifier().equals("joe") && pc.getPassword().equals("eoj")) {
return;
@@ -126,7 +126,7 @@ public class PWCallback implements CallbackHandler {
}
- if(pc.getIdentifer().equals("alice") && pc.getPassword().equals("password")) {
+ if(pc.getIdentifier().equals("alice") && pc.getPassword().equals("password")) {
return;
}
@@ -148,27 +148,27 @@ public class PWCallback implements CallbackHandler {
*/
- if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+ if (pc.getUsage() == WSPasswordCallback.SECRET_KEY) {
pc.setKey(key);
- } else if(pc.getIdentifer().equals("alice")) {
+ } else if(pc.getIdentifier().equals("alice")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("bob")) {
+ } else if(pc.getIdentifier().equals("bob")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("Ron")) {
+ } else if(pc.getIdentifier().equals("Ron")) {
pc.setPassword("noR");
- } else if(pc.getIdentifer().equals("joe")) {
+ } else if(pc.getIdentifier().equals("joe")) {
pc.setPassword("eoj");
- } else if(pc.getIdentifer().equals("ip")) {
+ } else if(pc.getIdentifier().equals("ip")) {
pc.setPassword("password");
diff --git a/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java
index 87762dc..57ef4dd 100644
--- a/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java
+++ b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java
@@ -28,7 +28,8 @@ import org.xmlsoap.ping.PingDocument;
import org.xmlsoap.ping.PingResponse;
import org.xmlsoap.ping.PingResponseDocument;
-import java.util.Vector;
+import java.security.Principal;
+import java.util.List;
/**
* Auto generated java skeleton for the service by the Axis code generator
@@ -41,25 +42,21 @@ public class PingPortSkeleton{
*/
public PingResponseDocument ping
(PingDocument param0) {
- Vector results = null;
+ List<WSHandlerResult> results = null;
MessageContext msgCtx = MessageContext.getCurrentMessageContext();
if ((results =
- (Vector) msgCtx.getProperty(WSHandlerConstants.RECV_RESULTS))
+ (List<WSHandlerResult>) msgCtx.getProperty(WSHandlerConstants.RECV_RESULTS))
== null) {
System.out.println("No security results!!");
throw new RuntimeException("No security results!!");
} else {
System.out.println("Number of results: " + results.size());
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult =
- (WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
-
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser =
- (WSSecurityEngineResult) wsSecEngineResults.get(j);
- if (wser.getAction() != WSConstants.ENCR && wser.getPrincipal() != null) {
- System.out.println(wser.getPrincipal().getName());
+ for (WSHandlerResult result : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = result.getResults();
+
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
+ if (getAction(wser) != WSConstants.ENCR && getPrincipal(wser) != null) {
+ System.out.println(getPrincipal(wser).getName());
}
}
}
@@ -70,5 +67,13 @@ public class PingPortSkeleton{
}
}
+ private int getAction(WSSecurityEngineResult result) {
+ return (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
+ }
+
+ private Principal getPrincipal(WSSecurityEngineResult result) {
+ return (Principal)result.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+ }
+
}
\ No newline at end of file
diff --git a/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java
index 35c8b17..4433c20 100644
--- a/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java
+++ b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java
@@ -50,7 +50,7 @@ public class InteropScenarioClient {
public void invokeWithStaticConfig(String clientRepo, String url)
throws Exception {
TicketType ticket = TicketType.Factory.newInstance();
- ticket.setId("My ticket Id");
+ ticket.setId("MyticketId");
Ping ping = Ping.Factory.newInstance();
ping.setText("Testing rampart");
@@ -71,7 +71,6 @@ public class InteropScenarioClient {
stub._getServiceClient().getOptions().setSoapVersionURI(soapNsURI);
stub._getServiceClient().engageModule(
new javax.xml.namespace.QName("rampart"));
-
PingResponseDocument pingResDoc = stub.ping(pingDoc);
@@ -84,7 +83,7 @@ public class InteropScenarioClient {
OutflowConfiguration outflowConfig, InflowConfiguration inflowConfig)
throws Exception {
TicketType ticket = TicketType.Factory.newInstance();
- ticket.setId("My ticket Id");
+ ticket.setId("MyticketId"); // TODO need to figure out why "My ticket Id" is failing
Ping ping = Ping.Factory.newInstance();
ping.setText("Testing rampart");
@@ -128,7 +127,7 @@ public class InteropScenarioClient {
Hashtable propRefs)
throws Exception {
TicketType ticket = TicketType.Factory.newInstance();
- ticket.setId("My ticket Id");
+ ticket.setId("MyticketId"); // TODO need to figure out why "My ticket Id" is failing
Ping ping = Ping.Factory.newInstance();
ping.setText("Testing rampart");
diff --git a/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java
index df9d4de..a51b7e3 100644
--- a/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java
+++ b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java
@@ -116,7 +116,7 @@ public class PWCallback implements CallbackHandler {
if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
- if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+ if(pc.getIdentifier().equals("Ron") && pc.getPassword().equals("noR")) {
return;
@@ -146,19 +146,19 @@ public class PWCallback implements CallbackHandler {
*/
- if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+ if (pc.getUsage() == WSPasswordCallback.SECRET_KEY) {
pc.setKey(key);
- } else if(pc.getIdentifer().equals("alice")) {
+ } else if(pc.getIdentifier().equals("alice")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("bob")) {
+ } else if(pc.getIdentifier().equals("bob")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("Ron")) {
+ } else if(pc.getIdentifier().equals("Ron")) {
pc.setPassword("noR");
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java
index 99c2d0e..fb6565f 100644
--- a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java
@@ -42,7 +42,7 @@ public class Scenario4Test extends InteropTestBase {
ofc.setEmbeddedKeyName("SessionKey");
ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
ofc.setEmbeddedKeyCallbackClass("org.apache.axis2.security.PWCallback");
-
+
return ofc;
}
@@ -52,6 +52,12 @@ public class Scenario4Test extends InteropTestBase {
ifc.setActionItems("Signature Encrypt Timestamp");
ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
ifc.setSignaturePropFile("interop.properties");
+
+ /**
+ * This test is not "Basic Security Profile(BSP)" compatible. Cos we use
+ * KeyInfo/KeyName. Therefore setting this test as not BSP compatible.
+ */
+ ifc.setBSPCompliant(false);
return ifc;
}
@@ -92,6 +98,7 @@ public class Scenario4Test extends InteropTestBase {
ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
ifc.setSignaturePropRefId("key2");
+ ifc.setBSPCompliant(false);
return ifc;
}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java
index d9ee697..ef15ff4 100644
--- a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java
@@ -32,7 +32,7 @@ public class Scenario5Test extends InteropTestBase {
protected OutflowConfiguration getOutflowConfiguration() {
OutflowConfiguration ofc = new OutflowConfiguration(2);
- ofc.setActionItems("Signature NoSerialization");
+ ofc.setActionItems("Signature");
ofc.setUser("alice");
ofc.setSignaturePropFile("interop.properties");
ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
@@ -68,7 +68,7 @@ public class Scenario5Test extends InteropTestBase {
protected OutflowConfiguration getOutflowConfigurationWithRefs() {
OutflowConfiguration ofc = new OutflowConfiguration(2);
- ofc.setActionItems("Signature NoSerialization");
+ ofc.setActionItems("Signature");
ofc.setUser("alice");
ofc.setSignaturePropRefId("key1");
ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
diff --git a/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
index bd8e5bc..4bddae4 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
@@ -95,7 +95,8 @@ public class RampartTest extends TestCase {
System.out.println("\nWARNING: We are using key sizes from JCE " +
"Unlimited Strength Jurisdiction Policy !!!");
}
-
+
+ //for (int i = 34; i <= 34; i++) { //<-The number of tests we have
for (int i = 1; i <= 34; i++) { //<-The number of tests we have
if(!basic256Supported && (i == 3 || i == 4 || i == 5)) {
//Skip the Basic256 tests
@@ -165,6 +166,7 @@ public class RampartTest extends TestCase {
}
}
else{
+
//Blocking invocation
serviceClient.sendReceive(getEchoElement());
}
diff --git a/modules/rampart-integration/src/test/resources/security/s2a.service.xml b/modules/rampart-integration/src/test/resources/security/s2a.service.xml
index d2e7727..4c5f6b3 100644
--- a/modules/rampart-integration/src/test/resources/security/s2a.service.xml
+++ b/modules/rampart-integration/src/test/resources/security/s2a.service.xml
@@ -7,7 +7,7 @@
<parameter name="InflowSecurity">
<action>
- <items>UsernameTokenSignature UsernameToken Encrypt Timestamp</items>
+ <items>UsernameTokenSignature UsernameTokenNoPassword Encrypt Timestamp</items>
<passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
<decryptionPropFile>interop.properties</decryptionPropFile>
</action>
diff --git a/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml
index 27eb190..65a621f 100644
--- a/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml
@@ -15,8 +15,8 @@
<encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
<encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
<signaturePropFile>interop.properties</signaturePropFile>
- <EmbeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</EmbeddedKeyCallbackClass>
- <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ <embeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</embeddedKeyCallbackClass>
+ <embeddedKeyName>SessionKey</embeddedKeyName>
</action>
</parameter>
@@ -25,6 +25,7 @@
<items>Signature Encrypt Timestamp</items>
<passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
<signaturePropFile>interop.properties</signaturePropFile>
+ <isBSPCompliant>false</isBSPCompliant>
</action>
</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s4.service.xml b/modules/rampart-integration/src/test/resources/security/s4.service.xml
index 7f422a9..f39ab3e 100644
--- a/modules/rampart-integration/src/test/resources/security/s4.service.xml
+++ b/modules/rampart-integration/src/test/resources/security/s4.service.xml
@@ -10,6 +10,7 @@
<items>Signature Encrypt Timestamp</items>
<passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
<signaturePropFile>interop.properties</signaturePropFile>
+ <isBSPCompliant>false</isBSPCompliant>
</action>
</parameter>
@@ -22,8 +23,8 @@
<encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
<encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
<signaturePropFile>interop.properties</signaturePropFile>
- <EmbeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</EmbeddedKeyCallbackClass>
- <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ <embeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</embeddedKeyCallbackClass>
+ <embeddedKeyName>SessionKey</embeddedKeyName>
</action>
</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml
index 865f56f..29cbaf2 100644
--- a/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml
@@ -9,7 +9,7 @@
<parameter name="OutflowSecurity">
<action>
- <items>Signature NoSerialization</items>
+ <items>Signature</items>
<user>alice</user>
<passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
@@ -115,7 +115,7 @@
<phase name="OperationOutFaultPhase"/>
<phase name="RMPhase"/>
<phase name="PolicyDetermination"/>
- <phase name="MessageOut"/>
+ <phase name="MessageOut"/>
<phase name="Security"/>
</phaseOrder>
</axisconfig>
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java b/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
index bd88216..528db6c 100644
--- a/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
@@ -125,7 +125,8 @@ public class MessageBuilderTestBase extends TestCase {
while (secHeaderChildren.hasNext()) {
OMElement element = (OMElement) secHeaderChildren.next();
if (qnameList.hasNext()) {
- if (!element.getQName().equals(qnameList.next())) {
+ QName elementQName = (QName)qnameList.next();
+ if (!element.getQName().equals(elementQName)) {
fail("Incorrect Element" + element);
}
} else {
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
index f3ed510..95a1e25 100644
--- a/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
@@ -17,24 +17,15 @@
package org.apache.rampart;
import java.io.ByteArrayInputStream;
-import java.util.Vector;
-import java.util.ArrayList;
+import java.util.List;
import java.security.cert.X509Certificate;
-import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.builder.SOAPBuilder;
import org.apache.axis2.context.MessageContext;
-import org.apache.axis2.engine.AxisEngine;
-import org.apache.axis2.namespace.Constants;
import org.apache.neethi.Policy;
-import org.apache.rampart.util.Axis2Util;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.handler.WSHandlerResult;
-import org.apache.ws.security.handler.WSHandlerConstants;
-
-import javax.xml.namespace.QName;
public class RampartEngineTest extends MessageBuilderTestBase {
@@ -77,7 +68,7 @@ public class RampartEngineTest extends MessageBuilderTestBase {
buildSOAPEnvelope(ctx);
RampartEngine engine = new RampartEngine();
- Vector results = engine.process(ctx);
+ List<WSSecurityEngineResult> results = engine.process(ctx);
/*
The principle purpose of the test case is to verify that the above processes
@@ -87,12 +78,11 @@ public class RampartEngineTest extends MessageBuilderTestBase {
assertNotNull("RampartEngine returned null result", results);
//verify cert was stored
X509Certificate usedCert = null;
- for (int i = 0; i < results.size(); i++) {
- WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(i);
- Integer action = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
- if (action.intValue() == WSConstants.SIGN) {
+ for (WSSecurityEngineResult result : results) {
+ Integer action = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
+ if (action == WSConstants.SIGN) {
//the result is for the signature, which contains the used certificate
- usedCert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ usedCert = (X509Certificate) result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
break;
}
}
@@ -115,7 +105,7 @@ public class RampartEngineTest extends MessageBuilderTestBase {
buildSOAPEnvelope(ctx);
RampartEngine engine = new RampartEngine();
- Vector results = engine.process(ctx);
+ List<org.apache.ws.security.WSSecurityEngineResult> results = engine.process(ctx);
/*
The principle purpose of the test case is to verify that the above processes
@@ -125,12 +115,11 @@ public class RampartEngineTest extends MessageBuilderTestBase {
assertNotNull("RampartEngine returned null result", results);
//verify cert was stored
X509Certificate usedCert = null;
- for (int i = 0; i < results.size(); i++) {
- WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(i);
- Integer action = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
- if (action.intValue() == WSConstants.SIGN) {
+ for (WSSecurityEngineResult result : results) {
+ Integer action = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
+ if (action == WSConstants.SIGN) {
//the result is for the signature, which contains the used certificate
- usedCert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ usedCert = (X509Certificate) result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
break;
}
}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java b/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java
index ef43f08..a8f5805 100644
--- a/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java
@@ -74,40 +74,38 @@ public class TestCBHandler implements CallbackHandler {
throws IOException, UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
- for (int i = 0; i < callbacks.length; i++) {
-
- if (callbacks[i] instanceof WSPasswordCallback) {
-
- WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if (callback instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callback;
/*
- * This usage type is used only in case we received a
+ * This usage type is used only in case we received a
- * username token with a password of type PasswordText or
+ * username token with a password of type PasswordText or
- * an unknown password type.
+ * an unknown password type.
- *
+ *
- * This case the WSPasswordCallback object contains the
+ * This case the WSPasswordCallback object contains the
- * identifier (aka username), the password we received, and
+ * identifier (aka username), the password we received, and
- * the password type string to identify the type.
+ * the password type string to identify the type.
- *
+ *
- * Here we perform only a very simple check.
+ * Here we perform only a very simple check.
- */
+ */
if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
- if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+ if (pc.getIdentifier().equals("Ron") && pc.getPassword().equals("noR")) {
return;
@@ -117,11 +115,11 @@ public class TestCBHandler implements CallbackHandler {
return;
- }
+ }
- throw new UnsupportedCallbackException(callbacks[i],
+ throw new UnsupportedCallbackException(callback,
- "check failed");
+ "check failed");
}
@@ -141,15 +139,15 @@ public class TestCBHandler implements CallbackHandler {
pc.setKey(key);
- } else if(pc.getIdentifer().equals("alice")) {
+ } else if (pc.getIdentifier().equals("alice")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("bob")) {
+ } else if (pc.getIdentifier().equals("bob")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("Ron")) {
+ } else if (pc.getIdentifier().equals("Ron")) {
pc.setPassword("noR");
@@ -161,7 +159,7 @@ public class TestCBHandler implements CallbackHandler {
} else {
- throw new UnsupportedCallbackException(callbacks[i],
+ throw new UnsupportedCallbackException(callback,
"Unrecognized Callback");
diff --git a/modules/rampart-tests/test-resources/PWCallback.java b/modules/rampart-tests/test-resources/PWCallback.java
index df9d4de..3b259a2 100644
--- a/modules/rampart-tests/test-resources/PWCallback.java
+++ b/modules/rampart-tests/test-resources/PWCallback.java
@@ -116,7 +116,7 @@ public class PWCallback implements CallbackHandler {
if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
- if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+ if(pc.getIdentifier().equals("Ron") && pc.getPassword().equals("noR")) {
return;
@@ -150,15 +150,15 @@ public class PWCallback implements CallbackHandler {
pc.setKey(key);
- } else if(pc.getIdentifer().equals("alice")) {
+ } else if(pc.getIdentifier().equals("alice")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("bob")) {
+ } else if(pc.getIdentifier().equals("bob")) {
pc.setPassword("password");
- } else if(pc.getIdentifer().equals("Ron")) {
+ } else if(pc.getIdentifier().equals("Ron")) {
pc.setPassword("noR");
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
index 14e61fb..99cc4e4 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
@@ -35,7 +35,7 @@ import javax.xml.namespace.QName;
import java.security.Principal;
import java.security.cert.X509Certificate;
-import java.util.Vector;
+import java.util.List;
/**
* Common data items on WS-Trust request messages
@@ -153,38 +153,35 @@ public class RahasData {
* we will not be encrypting the response
*/
- Vector results;
- if ((results = (Vector) this.inMessageContext
+ List<WSHandlerResult> results;
+ if ((results = (List<WSHandlerResult>) this.inMessageContext
.getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
throw new TrustException(TrustException.REQUEST_FAILED);
} else {
- for (int i = 0; i < results.size(); i++) {
- WSHandlerResult rResult = (WSHandlerResult) results.get(i);
- Vector wsSecEngineResults = rResult.getResults();
+ for (WSHandlerResult result : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = result.getResults();
- for (int j = 0; j < wsSecEngineResults.size(); j++) {
- WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
- .get(j);
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
Object principalObject = wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
- int act = ((Integer)wser.get(WSSecurityEngineResult.TAG_ACTION)).
- intValue();
+ int act = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
+
if (act == WSConstants.SIGN && principalObject != null) {
this.clientCert = (X509Certificate) wser
.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
- this.principal = (Principal)principalObject;
+ this.principal = (Principal) principalObject;
} else if (act == WSConstants.UT && principalObject != null) {
- this.principal = (Principal)principalObject;
+ this.principal = (Principal) principalObject;
} else if (act == WSConstants.BST) {
- final X509Certificate[] certificates =
- (X509Certificate[]) wser
- .get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
+ final X509Certificate[] certificates =
+ (X509Certificate[]) wser
+ .get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
this.clientCert = certificates[0];
this.principal = this.clientCert.getSubjectDN();
} else if (act == WSConstants.ST_UNSIGNED) {
this.assertion = (Assertion) wser
.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
-
+
}
}
}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
index f1d8f7c..edee12a 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
@@ -42,6 +42,7 @@ import org.apache.rahas.Token;
import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
+import org.apache.rahas.impl.util.CommonUtil;
import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.Binding;
import org.apache.ws.secpolicy.model.Trust10;
@@ -53,7 +54,6 @@ import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.token.Reference;
-import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.UUIDGenerator;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.XmlSchemaDateFormat;
@@ -70,7 +70,6 @@ import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
-import java.util.Vector;
public class STSClient {
@@ -137,6 +136,10 @@ public class STSClient {
client.getServiceContext().setProperty(RAMPART_POLICY, issuerPolicy);
client.getOptions().setSoapVersionURI(this.soapVersion);
+
+ //TODO Remove later
+ client.getOptions().setTimeOutInMilliSeconds(300000);
+
if(this.addressingNs != null) {
client.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.addressingNs);
}
@@ -474,25 +477,22 @@ public class STSClient {
String b64Secret = child.getText();
secret = Base64.decode(b64Secret);
} else if (child.getQName().equals(new QName(ns, WSConstants.ENC_KEY_LN))) {
- try {
- Element domChild = (Element) new StAXOMBuilder(
- OMAbstractFactory.getMetaFactory(
- OMAbstractFactory.FEATURE_DOM).getOMFactory(),
- child.getXMLStreamReader()).getDocumentElement();
-
- EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
- processor.handleToken(domChild, null, this.crypto,
- this.cbHandler, null, new Vector(),
- null);
+ Element domChild = (Element) new StAXOMBuilder(
+ OMAbstractFactory.getMetaFactory(
+ OMAbstractFactory.FEATURE_DOM).getOMFactory(),
+ child.getXMLStreamReader()).getDocumentElement();
- secret = processor.getDecryptedBytes();
+ try {
+ secret = CommonUtil.getDecryptedBytes(this.cbHandler, this.crypto, domChild);
} catch (WSSecurityException e) {
+ log.error("Error decrypting encrypted key element", e);
throw new TrustException("errorInProcessingEncryptedKey", e);
}
+
} else if (child.getQName().equals(new QName(ns,
- RahasConstants.IssuanceBindingLocalNames.
- COMPUTED_KEY))) {
+ RahasConstants.IssuanceBindingLocalNames.
+ COMPUTED_KEY))) {
//Handle the computed key
//Get service entropy
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties b/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
index 6939c0b..3e5a803 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
@@ -97,4 +97,7 @@ issuerPrivateKeyNotFound = Unable to get issuer certificate for issuer alias : \
errorMarshallingAssertion = Error while marshalling assertion
errorSigningAssertion = Error signing SAML Assertion. An error occurred while signing SAML Assertion with alias : \"{0}\"
sha1NotFound = Unable to find SHA-1 algorithm implementation
-certificateEncodingError = Error encoding certificate
\ No newline at end of file
+certificateEncodingError = Error encoding certificate
+
+errorLoadingCryptoProperties = An error occurred while loading crypto properties
+errorLoadingCryptoPropertiesFile = An error occurred while loading crypto properties from file : \"{0}\"
\ No newline at end of file
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
index 5df7874..e4348c8 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
@@ -25,6 +25,7 @@ import org.apache.axis2.description.Parameter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.*;
+import org.apache.rahas.impl.util.CommonUtil;
import org.apache.rahas.impl.util.SAMLAttributeCallback;
import org.apache.rahas.impl.util.SAMLCallbackHandler;
import org.apache.rahas.impl.util.SignKeyHolder;
@@ -85,8 +86,6 @@ import java.util.List;
public class SAML2TokenIssuer implements TokenIssuer {
- private Assertion SAMLAssertion;
-
private String configParamName;
private OMElement configElement;
@@ -355,12 +354,14 @@ public class SAML2TokenIssuer implements TokenIssuer {
* @return Subject
* @throws Exception
*/
- private Subject createSubjectWithHolderOfKeySC(SAMLTokenIssuerConfig config,
+ Subject createSubjectWithHolderOfKeySC(SAMLTokenIssuerConfig config,
Document doc, Crypto crypto,
DateTime creationTime,
DateTime expirationTime, RahasData data) throws Exception {
+ // TODO modify these to use proper SAML apis
+
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
SAMLObjectBuilder<Subject> subjectBuilder =
(SAMLObjectBuilder<Subject>) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
@@ -392,11 +393,13 @@ public class SAML2TokenIssuer implements TokenIssuer {
// set keysize
int keysize = data.getKeysize();
keysize = (keysize != -1) ? keysize : config.keySize;
- encrKeyBuilder.setKeySize(keysize);
+
+ // TODO setting keysize is removed with wss4j 1.6 migration - do we actually need this ?
encrKeyBuilder.setEphemeralKey(TokenIssuerUtil.getSharedSecret(
data, config.keyComputation, keysize));
+
// Set key encryption algo
encrKeyBuilder
.setKeyEncAlgo(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
@@ -448,9 +451,8 @@ public class SAML2TokenIssuer implements TokenIssuer {
X509Certificate clientCert = data.getClientCert();
if (clientCert == null) {
- X509Certificate[] certs = crypto.getCertificates(
- data.getPrincipal().getName());
- clientCert = certs[0];
+ // TODO are we always looking up by alias ? Dont we need to lookup by any other attribute ?
+ clientCert = CommonUtil.getCertificateByAlias(crypto, data.getPrincipal().getName());
}
byte[] clientCertBytes = clientCert.getEncoded();
@@ -642,8 +644,7 @@ public class SAML2TokenIssuer implements TokenIssuer {
SignKeyHolder signKeyHolder = new SignKeyHolder();
try {
- X509Certificate[] issuerCerts = crypto
- .getCertificates(config.issuerKeyAlias);
+ X509Certificate[] issuerCerts = CommonUtil.getCertificatesByAlias(crypto,config.issuerKeyAlias);
String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
index b13b686..f0a120e 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
@@ -29,36 +29,23 @@ import org.apache.rahas.Token;
import org.apache.rahas.TokenIssuer;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
-import org.apache.rahas.impl.util.SAMLAttributeCallback;
-import org.apache.rahas.impl.util.SAMLCallbackHandler;
-import org.apache.rahas.impl.util.SAMLNameIdentifierCallback;
-import org.apache.rahas.impl.util.SAMLUtils;
+import org.apache.rahas.impl.util.*;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
-import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.XmlSchemaDateFormat;
-import org.apache.xml.security.signature.XMLSignature;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLException;
import org.opensaml.saml1.core.*;
-import org.opensaml.xml.security.*;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.KeyInfo;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureException;
-import org.opensaml.xml.signature.Signer;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import java.security.Principal;
-import java.security.PrivateKey;
-import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
@@ -118,15 +105,14 @@ public class SAMLTokenIssuer implements TokenIssuer {
.getEnvelope().getNamespace().getNamespaceURI());
Crypto crypto;
- if (config.cryptoElement != null) { // crypto props
- // defined as
- // elements
- crypto = CryptoFactory.getInstance(TrustUtil
+ if (config.cryptoElement != null) { // crypto props defined as elements
+ crypto = CommonUtil.getCrypto(TrustUtil
.toProperties(config.cryptoElement), inMsgCtx
.getAxisService().getClassLoader());
+
} else { // crypto props defined in a properties file
- crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
- inMsgCtx.getAxisService().getClassLoader());
+ crypto = CommonUtil.getCrypto(config.cryptoPropertiesFile, inMsgCtx
+ .getAxisService().getClassLoader());
}
// Creation and expiration times
@@ -361,9 +347,7 @@ public class SAMLTokenIssuer implements TokenIssuer {
X509Certificate clientCert = data.getClientCert();
if(clientCert == null) {
- X509Certificate[] certs = crypto.getCertificates(
- data.getPrincipal().getName());
- clientCert = certs[0];
+ clientCert = CommonUtil.getCertificateByAlias(crypto,data.getPrincipal().getName());;
}
KeyInfo keyInfo = SAMLUtils.getCertificateBasedKeyInfo(clientCert);
@@ -380,27 +364,28 @@ public class SAMLTokenIssuer implements TokenIssuer {
* Uses the <code>wst:AppliesTo</code> to figure out the certificate to
* encrypt the secret in the SAML token
*
- * @param config
- * @param crypto
+ * @param config Token issuer configuration.
+ * @param crypto Crypto properties.
* @param serviceAddress
* The address of the service
- * @return
- * @throws WSSecurityException
+ * @return The X509 certificate.
+ * @throws org.apache.rahas.TrustException If an error occurred while retrieving certificate from crypto.
*/
private X509Certificate getServiceCert(SAMLTokenIssuerConfig config,
- Crypto crypto, String serviceAddress) throws WSSecurityException {
-
+ Crypto crypto, String serviceAddress) throws TrustException {
+
+ // TODO a duplicate method !!
if (serviceAddress != null && !"".equals(serviceAddress)) {
String alias = (String) config.trustedServices.get(serviceAddress);
if (alias != null) {
- return crypto.getCertificates(alias)[0];
+ return CommonUtil.getCertificateByAlias(crypto,alias);
} else {
alias = (String) config.trustedServices.get("*");
- return crypto.getCertificates(alias)[0];
+ return CommonUtil.getCertificateByAlias(crypto,alias);
}
} else {
String alias = (String) config.trustedServices.get("*");
- return crypto.getCertificates(alias)[0];
+ return CommonUtil.getCertificateByAlias(crypto,alias);
}
}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
index 5a3f85b..f2c795f 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
@@ -25,6 +25,7 @@ import org.apache.axis2.description.Parameter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
+import org.apache.rahas.impl.util.CommonUtil;
import org.apache.rahas.impl.util.SAMLCallbackHandler;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
@@ -441,21 +442,21 @@ public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
* @param serviceAddress
* The address of the service
* @return
- * @throws org.apache.ws.security.WSSecurityException
+ * @throws org.apache.rahas.TrustException If unable to find certificate by given alias.
*/
- public X509Certificate getServiceCert(Crypto crypto, String serviceAddress) throws WSSecurityException {
+ public X509Certificate getServiceCert(Crypto crypto, String serviceAddress) throws TrustException {
if (serviceAddress != null && !"".equals(serviceAddress)) {
String alias = (String) this.trustedServices.get(serviceAddress);
if (alias != null) {
- return crypto.getCertificates(alias)[0];
+ return CommonUtil.getCertificateByAlias(crypto,alias);
} else {
alias = (String) this.trustedServices.get("*");
- return crypto.getCertificates(alias)[0];
+ return CommonUtil.getCertificateByAlias(crypto,alias);
}
} else {
String alias = (String) this.trustedServices.get("*");
- return crypto.getCertificates(alias)[0];
+ return CommonUtil.getCertificateByAlias(crypto,alias);
}
}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
index 0288b24..aa7fa6f 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenRenewer.java
@@ -15,9 +15,9 @@ import org.apache.rahas.TokenRenewer;
import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
+import org.apache.rahas.impl.util.CommonUtil;
import org.apache.rahas.impl.util.SAMLUtils;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.joda.time.DateTime;
import org.opensaml.saml1.core.Assertion;
@@ -89,15 +89,14 @@ public class SAMLTokenRenewer implements TokenRenewer {
}
Crypto crypto;
+ ClassLoader classLoader = inMsgCtx.getAxisService().getClassLoader();
if (config.cryptoElement != null) {
// crypto props defined as elements
- crypto = CryptoFactory.getInstance(TrustUtil
- .toProperties(config.cryptoElement), inMsgCtx
- .getAxisService().getClassLoader());
+ crypto = CommonUtil.getCrypto(TrustUtil
+ .toProperties(config.cryptoElement), classLoader);
} else {
// crypto props defined in a properties file
- crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
- inMsgCtx.getAxisService().getClassLoader());
+ crypto = CommonUtil.getCrypto(config.cryptoPropertiesFile, classLoader);
}
// Create TokenType element
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
index 0a5c007..a93677f 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenValidator.java
@@ -18,6 +18,7 @@ import org.apache.rahas.TokenStorage;
import org.apache.rahas.TokenValidator;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
+import org.apache.rahas.impl.util.CommonUtil;
import org.apache.rahas.impl.util.SAMLUtils;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
@@ -183,10 +184,9 @@ public class SAMLTokenValidator implements TokenValidator {
inMsgCtx.getAxisService().getClassLoader());
}
- X509Certificate[] issuerCerts = crypto
- .getCertificates(config.issuerKeyAlias);
+ X509Certificate issuerCert = CommonUtil.getCertificateByAlias(crypto,config.issuerKeyAlias);
- issuerPBKey = issuerCerts[0].getPublicKey();
+ issuerPBKey = issuerCert.getPublicKey();
} catch (Exception e) {
log.error("Could not retrieve issuer public key", e);
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java
index b901592..620d078 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java
@@ -24,10 +24,10 @@ import org.apache.rahas.RahasData;
import org.apache.rahas.Token;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
+import org.apache.rahas.impl.util.CommonUtil;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.WSSecEncryptedKey;
@@ -107,14 +107,13 @@ public class TokenIssuerUtil {
if (TokenIssuerUtil.ENCRYPTED_KEY.equals(config.proofKeyType)) {
WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
Crypto crypto;
+
+ ClassLoader classLoader = data.getInMessageContext().getAxisService().getClassLoader();
+
if (config.cryptoElement != null) { // crypto props defined as elements
- crypto = CryptoFactory.getInstance(TrustUtil.toProperties(config.cryptoElement),
- data.getInMessageContext().
- getAxisService().getClassLoader());
+ crypto = CommonUtil.getCrypto(TrustUtil.toProperties(config.cryptoElement),classLoader);
} else { // crypto props defined in a properties file
- crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
- data.getInMessageContext().
- getAxisService().getClassLoader());
+ crypto = CommonUtil.getCrypto(config.cryptoPropertiesFile, classLoader);
}
encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
index 003fc81..2240b43 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/CommonUtil.java
@@ -18,12 +18,31 @@ package org.apache.rahas.impl.util;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.dom.DOMMetaFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import javax.security.auth.callback.CallbackHandler;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.Properties;
+
import static org.apache.axiom.om.OMAbstractFactory.FEATURE_DOM;
/**
@@ -31,6 +50,8 @@ import static org.apache.axiom.om.OMAbstractFactory.FEATURE_DOM;
*/
public class CommonUtil {
+ private static Log log = LogFactory.getLog(CommonUtil.class);
+
/**
* This method creates a DOM compatible Axiom document.
* @return DOM compatible Axiom document
@@ -45,4 +66,123 @@ public class CommonUtil {
throw new TrustException("Error creating Axiom compatible DOM Document", e);
}
}
+
+ /**
+ * Gets the certificates chain by alias. Always returns the first certificate if a certificate chain is found.
+ * @param crypto Crypto to lookup certificate.
+ * @param alias Alias name.
+ * @return X509 certificate object.
+ * @throws org.apache.rahas.TrustException If an error occurred
+ * while retrieving the certificate or if no certificates are found for given alias.
+ */
+ public static X509Certificate getCertificateByAlias(Crypto crypto, String alias) throws TrustException {
+
+ X509Certificate[] certificates = getCertificatesByAlias(crypto, alias);
+
+ if (certificates == null) {
+ log.error("Unable to retrieve certificate for alias " + alias);
+ throw new TrustException("issuerCertificateNotFound");
+ }
+
+ return certificates[0];
+ }
+
+ /**
+ * Gets the certificates chain by alias. If no certificates are found return an empty array.
+ * @param crypto Crypto to lookup certificate.
+ * @param alias Alias name.
+ * @return X509 certificates array.
+ * @throws org.apache.rahas.TrustException If an error occurred
+ * while retrieving the certificate.
+ */
+ public static X509Certificate[] getCertificatesByAlias(Crypto crypto, String alias) throws TrustException {
+
+ // TODO are we always looking up by alias ? Dont we need to lookup by any other attribute ?
+ CryptoType type = new CryptoType(CryptoType.TYPE.ALIAS);
+ type.setAlias(alias);
+
+ try {
+ X509Certificate[] certificates = crypto.getX509Certificates(type);
+
+ if (certificates == null) {
+ log.debug("Unable to retrieve certificate for alias " + alias);
+ return new X509Certificate[0];
+ }
+ return certificates;
+ } catch (WSSecurityException e) {
+ log.error("Unable to retrieve certificate for alias " + alias, e);
+ throw new TrustException("issuerCertificateNotFound", e);
+ }
+ }
+
+ /**
+ * Decrypts the EncryptedKey element and returns the secret that was used.
+ * @param callbackHandler Callback handler to pass to WSS4J framework.
+ * @param crypto To get private key information.
+ * @param encryptedKeyElement The encrypted Key element.
+ * @return The secret as a byte stream.
+ * @throws WSSecurityException If an error is occurred while decrypting the element.
+ */
+ public static byte[] getDecryptedBytes(CallbackHandler callbackHandler, Crypto crypto, Node encryptedKeyElement)
+ throws WSSecurityException {
+
+ // TODO make this code more efficient and reader friendly
+
+ EncryptedKeyProcessor encryptedKeyProcessor = new EncryptedKeyProcessor();
+
+ RequestData requestData = new RequestData();
+ requestData.setCallbackHandler(callbackHandler);
+ requestData.setDecCrypto(crypto);
+
+ final WSSConfig cfg = WSSConfig.getNewInstance();
+ requestData.setWssConfig(cfg);
+
+ WSDocInfo docInfo = new WSDocInfo(encryptedKeyElement.getOwnerDocument());
+
+ List<WSSecurityEngineResult> resultList
+ = null;
+
+ resultList = encryptedKeyProcessor.handleToken((Element) encryptedKeyElement, requestData, docInfo);
+
+
+ WSSecurityEngineResult wsSecurityEngineResult = resultList.get(0);
+
+ return (byte[]) wsSecurityEngineResult.get(WSSecurityEngineResult.TAG_SECRET);
+ }
+
+ /**
+ * Constructs crypto configuration based on the given properties. Provider is instantiated using
+ * given class loader.
+ * @param properties Crypto configuration properties.
+ * @param classLoader Class loader used to create provider.
+ * @return A crypto object.
+ * @throws TrustException If an error occurred while creating the Crypto object.
+ */
+ public static Crypto getCrypto(Properties properties, ClassLoader classLoader) throws TrustException {
+ try {
+ return CryptoFactory.getInstance(properties, classLoader);
+ } catch (WSSecurityException e) {
+ log.error("An error occurred while loading crypto properties", e);
+ throw new TrustException("errorLoadingCryptoProperties", e);
+
+ }
+ }
+
+ /**
+ * Constructs crypto configuration based on the given properties. Provider is instantiated using
+ * given class loader.
+ * @param propertiesFile Crypto configuration properties file name.
+ * @param classLoader Class loader used to create provider.
+ * @return A crypto object.
+ * @throws TrustException If an error occurred while creating the Crypto object.
+ */
+ public static Crypto getCrypto(String propertiesFile, ClassLoader classLoader) throws TrustException {
+ try {
+ return CryptoFactory.getInstance(propertiesFile, classLoader);
+ } catch (WSSecurityException e) {
+ log.error("An error occurred while loading crypto properties with property file " + propertiesFile, e);
+ throw new TrustException("errorLoadingCryptoProperties", new Object[]{propertiesFile}, e);
+
+ }
+ }
}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
index 9d4a235..059e296 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
@@ -22,11 +22,9 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.TrustException;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSecurityEngine;
-import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.*;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.Base64;
import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -119,7 +117,7 @@ public class SAML2Utils {
*
*/
public static SAML2KeyInfo getSAML2KeyInfo(Element elem, Crypto crypto,
- CallbackHandler cb) throws WSSecurityException {
+ CallbackHandler cb) throws WSSecurityException, TrustException {
Assertion assertion;
//build the assertion by unmarhalling the DOM element.
@@ -258,10 +256,9 @@ public class SAML2Utils {
QName el = new QName(child.getNamespaceURI(), child.getLocalName());
if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)) {
- EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
- proc.handleEncryptedKey((Element) child, cb, crypto, null);
+ byte[] secret = CommonUtil.getDecryptedBytes(cb, crypto, child);
- return new SAML2KeyInfo(assertion, proc.getDecryptedBytes());
+ return new SAML2KeyInfo(assertion, secret);
} else if (el.equals(new QName(WSConstants.WST_NS, "BinarySecret"))) {
Text txt = (Text) child.getFirstChild();
return new SAML2KeyInfo(assertion, Base64.decode(txt.getData()));
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java
index eb246af..cb3f83f 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLUtils.java
@@ -114,23 +114,11 @@ public class SAMLUtils {
String issuerKeyAlias, String issuerKeyPassword)
throws TrustException {
- X509Certificate[] issuerCerts;
- try {
- issuerCerts = crypto
- .getCertificates(issuerKeyAlias);
- } catch (WSSecurityException e) {
- log.debug("Unable to get issuer certificate for issuer alias " + issuerKeyAlias, e);
- throw new TrustException("issuerCertificateNotFound", new Object[]{issuerKeyAlias}, e);
- }
-
- if (issuerCerts == null || issuerCerts.length == 0) {
- log.debug("Unable to get issuer certificate for issuer alias " + issuerKeyAlias);
- throw new TrustException("issuerCertificateNotFound", new Object[]{issuerKeyAlias});
- }
+ X509Certificate issuerCerts = CommonUtil.getCertificateByAlias(crypto, issuerKeyAlias);
String signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA;
- PublicKey issuerPublicKey = issuerCerts[0].getPublicKey();
+ PublicKey issuerPublicKey = issuerCerts.getPublicKey();
String publicKeyAlgorithm = issuerPublicKey.getAlgorithm();
if (publicKeyAlgorithm.equalsIgnoreCase("DSA")) {
@@ -153,7 +141,7 @@ public class SAMLUtils {
signature.setSigningCredential(signingCredential);
signature.setSignatureAlgorithm(signatureAlgorithm);
- X509Data x509Data = createX509Data(issuerCerts[0]);
+ X509Data x509Data = createX509Data(issuerCerts);
KeyInfo keyInfo = createKeyInfo(x509Data);
signature.setKeyInfo(keyInfo);
@@ -610,6 +598,7 @@ public class SAMLUtils {
+ // TODO remove keySize parameter
static WSSecEncryptedKey getSymmetricKeyBasedKeyInfoContent(Document doc,
byte[] ephemeralKey,
X509Certificate serviceCert,
@@ -626,8 +615,7 @@ public class SAMLUtils {
// SEt the encryption cert
encryptedKeyBuilder.setUseThisCert(serviceCert);
- // set keysize
- encryptedKeyBuilder.setKeySize(keySize);
+ // TODO setting keysize is removed with wss4j 1.6 migration - do we actually need this ?
encryptedKeyBuilder.setEphemeralKey(ephemeralKey);
diff --git a/modules/rampart-trust/src/test/java/org/apache/rahas/impl/SAML2TokenIssuerTest.java b/modules/rampart-trust/src/test/java/org/apache/rahas/impl/SAML2TokenIssuerTest.java
new file mode 100644
index 0000000..4a83007
--- /dev/null
+++ b/modules/rampart-trust/src/test/java/org/apache/rahas/impl/SAML2TokenIssuerTest.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import junit.framework.Assert;
+import junit.framework.TestCase;
+import org.apache.axis2.context.MessageContext;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.test.util.TestUtil;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.joda.time.DateTime;
+import org.w3c.dom.Document;
+
+import java.io.File;
+
+/**
+ * Test class for SAML2 token issuer.
+ */
+public class SAML2TokenIssuerTest extends TestCase {
+
+ public void testIssueToken() {
+ // TODO
+ Assert.assertTrue(true);
+ }
+
+ public void testCreateSubjectWithHolderOfKeySC() throws Exception {
+
+ // TODO Its hard to do unit testing on TokenIssuer
+ // Cos we need to construct complete message contexts with all
+ // relevant data. This is more like an integration test rather than a
+ // unit test. Therefore we need to refactor code to smaller testable units (methods)
+ // and then only write tests.
+
+ /*SAML2TokenIssuer saml2TokenIssuer = new SAML2TokenIssuer();
+
+ MessageContext messageContext = new MessageContext();
+
+ File file = new File("./sts-aar-resources/saml-issuer-config.xml");
+ Assert.assertTrue(file.exists());
+
+ SAMLTokenIssuerConfig samlTokenIssuerConfig = new SAMLTokenIssuerConfig(file.getAbsolutePath());
+ Crypto crypto = TestUtil.getCrypto();
+ DateTime creationDate = new DateTime();
+ DateTime expirationDate = new DateTime(2050, 1, 1, 0, 0, 0, 0);
+ RahasData rahasData = new RahasData(messageContext);*/
+
+ /*Document document;
+ Crypto crypto;
+ DateTime creationDate;
+ DateTime expirationDate;
+ RahasData rahasData;*/
+
+
+
+
+
+ //saml2TokenIssuer.createSubjectWithHolderOfKeySC()
+ }
+}
diff --git a/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/SAMLUtilsTest.java b/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/SAMLUtilsTest.java
index 431c264..42cafe1 100644
--- a/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/SAMLUtilsTest.java
+++ b/modules/rampart-trust/src/test/java/org/apache/rahas/impl/util/SAMLUtilsTest.java
@@ -27,6 +27,8 @@ import org.apache.rahas.Rahas;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.rahas.impl.AbstractIssuerConfig;
+import org.apache.rahas.test.util.TestUtil;
+import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecEncryptedKey;
@@ -131,7 +133,7 @@ public class SAMLUtilsTest extends TestCase{
Assertion assertion = getAssertion();
- SAMLUtils.signAssertion(assertion,getCrypto(), "apache", "password");
+ SAMLUtils.signAssertion(assertion, TestUtil.getCrypto(), "apache", "password");
//marshallerFactory.getMarshaller(assertion).marshall(assertion);
@@ -272,13 +274,12 @@ public class SAMLUtilsTest extends TestCase{
Document doc = ((Element) env).getOwnerDocument();
int keySize = 256;
- int keyComputation = AbstractIssuerConfig.KeyComputation.KEY_COMP_PROVIDE_ENT;
byte [] ephemeralKey = generateEphemeralKey(256);
WSSecEncryptedKey encryptedKey
= SAMLUtils.getSymmetricKeyBasedKeyInfoContent(doc,
- ephemeralKey, getTestCertificate(), keySize, getCrypto());
+ ephemeralKey, getTestCertificate(), keySize, TestUtil.getCrypto());
Assert.assertNotNull(encryptedKey.getEncryptedKeyElement());
printElement(encryptedKey.getEncryptedKeyElement());
@@ -297,27 +298,7 @@ public class SAMLUtilsTest extends TestCase{
}
}
- private static Crypto getCrypto() throws IOException {
- File file = new File("src/test/resources/crypto.config");
- Assert.assertTrue(file.exists());
-
- Properties properties = new Properties();
- try {
- properties.load(new FileInputStream(file));
- } catch (IOException e) {
- log.error("Unable to open crypto configuration file");
- throw e;
- }
-
- Crypto crypto = CryptoFactory.getInstance(properties);
-
- X509Certificate[] certificates = crypto.getCertificates("apache");
- Assert.assertEquals(certificates.length, 1);
-
- return crypto;
-
- }
private static void printElement(Element element) throws TransformerException {
@@ -327,15 +308,11 @@ public class SAMLUtilsTest extends TestCase{
}
}
- private static X509Certificate getTestCertificate() throws IOException {
-
- Crypto crypto = getCrypto();
-
- X509Certificate[] certificates = crypto.getCertificates("apache");
- Assert.assertEquals(certificates.length, 1);
+ private static X509Certificate getTestCertificate() throws IOException, WSSecurityException, TrustException {
- return certificates[0];
+ Crypto crypto = TestUtil.getCrypto();
+ return CommonUtil.getCertificateByAlias(crypto, "apache");
}
private static String getXMLString(Element element) throws TransformerException {
diff --git a/modules/rampart-trust/src/test/java/org/apache/rahas/test/util/TestUtil.java b/modules/rampart-trust/src/test/java/org/apache/rahas/test/util/TestUtil.java
new file mode 100644
index 0000000..a5f8968
--- /dev/null
+++ b/modules/rampart-trust/src/test/java/org/apache/rahas/test/util/TestUtil.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.test.util;
+
+import junit.framework.Assert;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.impl.util.CommonUtil;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.cert.X509Certificate;
+import java.util.Properties;
+
+/**
+ * Utility class for tests.
+ */
+public class TestUtil {
+
+ private static final Log log = LogFactory.getLog(TestUtil.class);
+
+ public static Crypto getCrypto() throws IOException, WSSecurityException, TrustException {
+
+ File file = new File("src/test/resources/crypto.config");
+ Assert.assertTrue(file.exists());
+
+ Properties properties = new Properties();
+ try {
+ properties.load(new FileInputStream(file));
+ } catch (IOException e) {
+ log.error("Unable to open crypto configuration file");
+ throw e;
+ }
+
+ Crypto crypto = CryptoFactory.getInstance(properties);
+
+ X509Certificate[] certificates = CommonUtil.getCertificatesByAlias(crypto, "apache");
+ Assert.assertEquals(certificates.length, 1);
+
+ return crypto;
+
+ }
+}
diff --git a/pom.xml b/pom.xml
index 5aa6489..0efb9cd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -222,10 +222,6 @@
<artifactId>xalan</artifactId>
<groupId>xalan</groupId>
</exclusion>
- <!--exclusion>
- <artifactId>org.opensaml</artifactId>
- <groupId>opensaml1</groupId>
- </exclusion-->
</exclusions>
</dependency>
<dependency>
@@ -249,22 +245,6 @@
</exclusion>
</exclusions>
</dependency>
- <dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml1</artifactId>
- <version>1.1</version>
- <exclusions>
- <!-- Don't allow OpenSAML to impose a particular logging implementation -->
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>jcl-over-slf4j</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>log4j-over-slf4j</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
<dependency>
<groupId>commons-lang</groupId>
<artifactId>commons-lang</artifactId>
@@ -411,7 +391,7 @@
<axis2.version>1.7.0-SNAPSHOT</axis2.version>
<axiom.version>1.2.13-SNAPSHOT</axiom.version>
- <wss4j.version>1.5.13-SNAPSHOT</wss4j.version>
+ <wss4j.version>1.6.4</wss4j.version>
<opensaml.version>2.5.1-1</opensaml.version>
<bcprov.jdk15.version>140</bcprov.jdk15.version>
[axis-axis2-java-rampart] 01/10: Create development branch for
RAMPART-289.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-289
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 5f0e39d017ec11ad04c8b63663007d476ac7455d
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sun Jan 29 20:56:27 2017 +0000
Create development branch for RAMPART-289.
[axis-axis2-java-rampart] 09/10: Merge remaining changes from trunk.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-289
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 27ac5d2f588da50605f2ee63d714b57c028cea3a
Merge: dbb633e ec0ce32
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Mon Jan 30 17:50:58 2017 +0000
Merge remaining changes from trunk.
release-docs/LICENSE.txt => LICENSE | 0
release-docs/NOTICE.txt => NOTICE | 0
release-docs/README.txt => README | 0
apidocs/pom.xml | 117 +++
apidocs/src/main/assembly/apidocs.xml | 32 +
build.xml | 181 ----
code-coverage/pom.xml | 188 ++++
etc/dist.py | 45 +
legal/esapi-LICENSE.txt | 12 +
modules/distribution/bin.xml | 56 +-
modules/distribution/pom.xml | 81 +-
modules/distribution/src.xml | 78 +-
.../distribution/src/main/files}/build.xml | 2 +-
modules/documentation/pom.xml | 52 -
.../src/site/resources/css/maven-base.css | 143 ---
.../src/site/resources/css/maven-theme.css | 129 ---
.../documentation/src/site/resources/css/print.css | 7 -
.../documentation/src/site/resources/css/site.css | 272 ------
.../documentation/src/site/resources/css/style.css | 184 ----
.../src/site/resources/download/1.1/download.cgi | 6 -
.../src/site/resources/download/1.2/download.cgi | 6 -
.../src/site/resources/download/1.3/download.cgi | 6 -
.../src/site/resources/download/1.4/download.cgi | 6 -
.../src/site/resources/download/1.5.1/download.cgi | 6 -
.../src/site/resources/download/1.5.2/download.cgi | 6 -
.../src/site/resources/download/1.5/download.cgi | 6 -
.../src/site/resources/download/1.6.0/download.cgi | 6 -
.../src/site/resources/download/1.6.1/download.cgi | 6 -
.../images/apache-rampart-banner-background.jpg | Bin 373 -> 0 bytes
.../resources/images/apache-rampart-banner.jpg | Bin 27612 -> 0 bytes
.../images/apache-rampart-content-back.jpg | Bin 309 -> 0 bytes
.../site/resources/images/apache-rampart-logo.jpg | Bin 10154 -> 0 bytes
.../images/apache-rampart-menu-bottom.jpg | Bin 381 -> 0 bytes
.../images/apache-rampart-menu-button.gif | Bin 192 -> 0 bytes
.../resources/images/apache-rampart-menu-top.jpg | Bin 633 -> 0 bytes
.../site/resources/images/apache-rampart-menu.jpg | Bin 1221 -> 0 bytes
.../resources/images/apache-rampart-spliter.jpg | Bin 650 -> 0 bytes
.../src/site/resources/images/axis.jpg | Bin 13887 -> 0 bytes
.../src/site/resources/images/axis.png | Bin 13745 -> 0 bytes
.../src/site/resources/images/breadcrumbs-bg.gif | Bin 198 -> 0 bytes
.../src/site/resources/images/external.png | Bin 230 -> 0 bytes
.../src/site/resources/images/h2-bg.gif | Bin 202 -> 0 bytes
.../src/site/resources/images/home-top.gif | Bin 804 -> 0 bytes
.../src/site/resources/images/leftcolumn-bg.gif | Bin 523 -> 0 bytes
.../images/logos/build-by-maven-black.png | Bin 2294 -> 0 bytes
.../images/logos/build-by-maven-white.png | Bin 2260 -> 0 bytes
.../site/resources/images/logos/maven-feather.png | Bin 3330 -> 0 bytes
.../src/site/resources/images/menu-back.gif | Bin 827 -> 0 bytes
modules/documentation/src/site/site.xml | 79 --
modules/documentation/src/site/xdoc/download.xml | 126 ---
.../src/site/xdoc/download/1.1/download.xml | 97 --
.../src/site/xdoc/download/1.2/download.xml | 97 --
.../src/site/xdoc/download/1.3/download.xml | 97 --
.../src/site/xdoc/download/1.4/download.xml | 82 --
.../src/site/xdoc/download/1.5.1/download.xml | 115 ---
.../src/site/xdoc/download/1.5.2/download.xml | 115 ---
.../src/site/xdoc/download/1.5/download.xml | 82 --
.../src/site/xdoc/download/1.6.0/download.xml | 115 ---
.../src/site/xdoc/download/1.6.1/download.xml | 115 ---
modules/documentation/src/site/xdoc/index.xml | 99 --
modules/rampart-core/pom.xml | 79 +-
.../ExtendedPolicyValidatorCallbackHandler.java | 1 -
.../main/java/org/apache/rampart/NonceCache.java | 6 +-
.../rampart/PolicyBasedResultsValidator.java | 69 +-
.../java/org/apache/rampart/RampartEngine.java | 299 +++---
.../org/apache/rampart/RampartMessageData.java | 109 +--
.../rampart/builder/AsymmetricBindingBuilder.java | 14 +-
.../org/apache/rampart/builder/BindingBuilder.java | 138 ++-
.../rampart/builder/TransportBindingBuilder.java | 80 ++
.../handler/PostDispatchVerificationHandler.java | 9 +-
.../handler/RampartUsernameTokenValidator.java | 71 ++
.../org/apache/rampart/handler/WSDoAllHandler.java | 210 ----
.../apache/rampart/handler/WSDoAllReceiver.java | 388 --------
.../org/apache/rampart/handler/WSDoAllSender.java | 281 ------
.../handler/config/InflowConfiguration.java | 202 ----
.../handler/config/OutflowConfiguration.java | 621 ------------
.../rampart/policy/RampartPolicyBuilder.java | 37 +-
.../apache/rampart/policy/RampartPolicyData.java | 10 +-
.../rampart/policy/SupportingPolicyData.java | 99 +-
.../policy/builders/KerberosConfigBuilder.java | 100 ++
.../policy/builders/RampartConfigBuilder.java | 17 +
.../rampart/policy/model/KerberosConfig.java | 361 +++++++
.../apache/rampart/policy/model/RampartConfig.java | 64 +-
.../java/org/apache/rampart/util/Axis2Util.java | 29 +-
.../rampart/util/HandlerParameterDecoder.java | 292 ------
.../java/org/apache/rampart/util/RampartUtil.java | 149 ++-
.../org.apache.neethi.builders.AssertionBuilder | 3 +-
.../org/apache/rampart/errors.properties | 9 +
.../policy/builders/KerberosConfigBuilderTest.java | 121 +++
.../org/apache/rampart/util/RampartUtilTest.java | 44 +
.../rampart/policy/builders/kerberosConfig.policy | 22 +
.../apache/rampart/util/soap11-invalid-fault.xml | 9 +
.../apache/rampart/util/soap11-security-fault.xml | 10 +
.../apache/rampart/util/soap12-security-fault.xml | 17 +
modules/rampart-integration/pom.xml | 553 +++++------
.../apache/axis2/integration/TestConstants.java | 25 +
.../org/apache/axis2/integration/UtilServer.java | 244 -----
.../axis2/integration/UtilServerBasedTestCase.java | 68 --
.../src/main/java/org/apache/rahas/PWCallback.java | 35 +-
.../src/main/java/org/apache/rahas/TestClient.java | 136 +--
.../src/main/resources/ping/ping.wsdl | 68 --
.../apache/axis2/oasis/ping/PingPortSkeleton.java | 79 --
.../axis2/security/InteropScenarioClient.java | 179 ----
.../src/org/apache/axis2/security/PWCallback.java | 185 ----
.../axis2/security/AddressingMTOMSecurityTest.java | 125 ---
.../org/apache/axis2/security/InteropTestBase.java | 239 -----
.../axis2/security/MTOMOptimizedSecurityTest.java | 119 ---
.../org/apache/axis2/security/Scenario1Test.java | 68 --
.../org/apache/axis2/security/Scenario2Test.java | 105 --
.../org/apache/axis2/security/Scenario2aTest.java | 99 --
.../org/apache/axis2/security/Scenario3Test.java | 119 ---
.../org/apache/axis2/security/Scenario4Test.java | 126 ---
.../org/apache/axis2/security/Scenario5Test.java | 113 ---
.../org/apache/axis2/security/Scenario6Test.java | 114 ---
.../org/apache/axis2/security/Scenario7Test.java | 141 ---
.../rahas/RahasSAML2TokenCertForHoKTest.java | 48 +-
.../java/org/apache/rahas/RahasSAML2TokenTest.java | 39 +-
.../rahas/RahasSAML2TokenUTForBearerTest.java | 33 +-
.../apache/rahas/RahasSAMLTokenAttributeTest.java | 31 +-
.../apache/rahas/RahasSAMLTokenCertForHoKTest.java | 36 +-
.../rahas/RahasSAMLTokenCertForHoKV1205Test.java | 52 +-
.../java/org/apache/rahas/RahasSAMLTokenTest.java | 40 +-
.../rahas/RahasSAMLTokenUTForBearerTest.java | 33 +-
.../rahas/RahasSAMLTokenUTForBearerV1205Test.java | 34 +-
.../apache/rahas/RahasSAMLTokenUTForHoKTest.java | 31 +-
.../rahas/RahasSAMLTokenUTForHoKV1205Test.java | 39 +-
.../org/apache/rahas/RahasSAMLTokenV1205Test.java | 36 +-
.../apache/rampart/KerberosDelegationService.java | 78 ++
.../KerberosDelegationServiceValidator.java | 46 +
.../org/apache/rampart/RampartKerberosTest.java | 296 ++++++
.../test/java/org/apache/rampart/RampartTest.java | 127 ++-
.../org/apache/rampart/util/KerberosServer.java | 207 ++++
.../rampart/util/KerberosTokenDecoderImpl.java | 156 +++
.../src/test/resources/conf/axis2.xml | 53 +-
.../src/test/resources/kerberos/alice.keytab | Bin 0 -> 666 bytes
.../src/test/resources/kerberos/bob.keytab | Bin 0 -> 328 bytes
.../src/test/resources/kerberos/jaas.conf | 49 +
.../src/test/resources/kerberos/krb5.conf.template | 8 +
.../src/test/resources/kerberos/readme | 9 +
.../src/test/resources/kerberos/users.ldif | 60 ++
.../src/test/resources/log4j.properties | 6 +
.../src/test/resources/rahas/1.xml} | 25 +-
.../src/test/resources/rahas/3.xml | 37 +
.../src/test/resources/rahas/issuer.properties | 4 -
.../src/test/resources/rahas/rahas-sec.properties | 5 -
.../src/test/resources/rahas/s1-services.xml | 92 +-
.../src/test/resources/rahas/s3-services.xml | 50 +-
.../src/test/resources/rahas/s5-services.xml | 52 +-
.../src/test/resources/rahas/saml.s1.properties | 9 -
.../src/test/resources/rahas/samlIssuer.properties | 4 -
.../rampart/kerberos/KerberosDelegation.xml | 86 ++
.../kerberos/KerberosOverTransportKeytab.xml | 85 ++
.../rampart/kerberos/KerberosOverTransportPWCB.xml | 88 ++
.../src/test/resources/rampart/policy/35.xml | 76 ++
.../src/test/resources/rampart/services-35.xml | 94 ++
.../resources/security/complete.client.axis2.xml | 133 ---
.../resources/security/complete.service.axis2.xml | 142 ---
.../test/resources/security/complete.service.xml | 31 -
.../test/resources/security/s1.client.axis2.xml | 109 ---
.../test/resources/security/s1.service.axis2.xml | 134 ---
.../src/test/resources/security/s1.service.xml | 15 -
.../test/resources/security/s2.client.axis2.xml | 118 ---
.../test/resources/security/s2.service.axis2.xml | 134 ---
.../src/test/resources/security/s2.service.xml | 16 -
.../test/resources/security/s2a.client.axis2.xml | 116 ---
.../test/resources/security/s2a.service.axis2.xml | 133 ---
.../src/test/resources/security/s2a.service.xml | 16 -
.../test/resources/security/s3.client.axis2.xml | 127 ---
.../test/resources/security/s3.service.axis2.xml | 133 ---
.../src/test/resources/security/s3.service.xml | 31 -
.../test/resources/security/s4.client.axis2.xml | 125 ---
.../test/resources/security/s4.service.axis2.xml | 134 ---
.../src/test/resources/security/s4.service.xml | 31 -
.../test/resources/security/s5.client.axis2.xml | 122 ---
.../test/resources/security/s5.service.axis2.xml | 135 ---
.../src/test/resources/security/s5.service.xml | 16 -
.../test/resources/security/s6.client.axis2.xml | 125 ---
.../test/resources/security/s6.service.axis2.xml | 135 ---
.../src/test/resources/security/s6.service.xml | 29 -
.../test/resources/security/s7.client.axis2.xml | 125 ---
.../test/resources/security/s7.service.axis2.xml | 136 ---
.../src/test/resources/security/s7.service.xml | 31 -
.../test/resources/security/sST1.client.axis2.xml | 109 ---
.../test/resources/security/sST1.service.axis2.xml | 135 ---
.../src/test/resources/security/sST1.service.xml | 14 -
.../src/test/resources/security/sc/s1-services.xml | 84 --
.../src/test/resources/security/sc/s2-services.xml | 64 --
.../src/test/resources/security/sc/s3-services.xml | 66 --
.../src/test/resources/security/sc/s4-services.xml | 67 --
.../resources/security/sc/sctIssuer.properties | 4 -
.../src/test/resources/security/sc/sec.jks | Bin 5467 -> 0 bytes
.../src/test/resources/security/sc/sec.properties | 5 -
.../src/test/resources/security/sc/sts.jks | Bin 4759 -> 0 bytes
.../resources/security/secMtom.client.axis2.xml | 126 ---
.../resources/security/secMtom.service.axis2.xml | 136 ---
.../test/resources/security/secMtom.service.xml | 31 -
modules/rampart-mar/module.xml | 12 -
modules/rampart-mar/pom.xml | 25 +-
modules/rampart-policy/pom.xml | 58 +-
.../java/org/apache/ws/secpolicy/Constants.java | 4 +
.../org/apache/ws/secpolicy/SP11Constants.java | 9 +
.../org/apache/ws/secpolicy/SP12Constants.java | 9 +
.../java/org/apache/ws/secpolicy/SPConstants.java | 5 +-
.../AbstractConfigurableSecurityAssertion.java | 6 +-
.../secpolicy/model/AbstractSecurityAssertion.java | 3 -
.../ws/secpolicy/model/AsymmetricBinding.java | 5 +-
.../secpolicy/model/ContentEncryptedElements.java | 13 +-
.../apache/ws/secpolicy/model/KerberosToken.java | 152 +++
.../ws/secpolicy/model/RequiredElements.java | 10 +-
.../apache/ws/secpolicy/model/RequiredParts.java | 9 +-
.../secpolicy/model/SignedEncryptedElements.java | 12 +-
.../ws/secpolicy/model/SignedEncryptedParts.java | 8 +-
.../apache/ws/secpolicy/model/SupportingToken.java | 8 +-
.../ws/secpolicy/model/SymmetricBinding.java | 79 +-
.../ws/secpolicy/model/TransportBinding.java | 11 +-
.../org/apache/ws/secpolicy/model/Trust10.java | 1 -
.../org/apache/ws/secpolicy/model/Trust13.java | 1 -
.../apache/ws/secpolicy/model/UsernameToken.java | 61 +-
.../builders/AlgorithmSuiteBuilder.java | 8 +-
.../builders/AsymmetricBindingBuilder.java | 10 +-
.../builders/EncryptionTokenBuilder.java | 65 ++
.../builders/InitiatorTokenBuilder.java | 8 +-
.../secpolicy11/builders/IssuedTokenBuilder.java | 10 +-
.../secpolicy11/builders/KerberosTokenBuilder.java | 84 ++
.../ws/secpolicy11/builders/LayoutBuilder.java | 10 +-
.../builders/ProtectionTokenBuilder.java | 6 +-
.../builders/RecipientTokenBuilder.java | 10 +-
.../builders/SignatureTokenBuilder.java | 65 ++
.../secpolicy11/builders/SignedPartsBuilder.java | 2 +-
.../builders/SupportingTokensBuilder.java | 10 +-
.../builders/SymmetricBindingBuilder.java | 77 +-
.../builders/TransportBindingBuilder.java | 10 +-
.../builders/TransportTokenBuilder.java | 11 +-
.../secpolicy11/builders/UsernameTokenBuilder.java | 12 +-
.../ws/secpolicy11/builders/WSS10Builder.java | 10 +-
.../ws/secpolicy11/builders/WSS11Builder.java | 10 +-
.../ws/secpolicy11/builders/X509TokenBuilder.java | 10 +-
.../builders/AlgorithmSuiteBuilder.java | 10 +-
.../builders/AsymmetricBindingBuilder.java | 10 +-
.../builders/EncryptionTokenBuilder.java | 65 ++
.../ws/secpolicy12/builders/HttpsTokenBuilder.java | 10 +-
.../builders/InitiatorTokenBuilder.java | 8 +-
.../secpolicy12/builders/IssuedTokenBuilder.java | 10 +-
.../secpolicy12/builders/KerberosTokenBuilder.java | 84 ++
.../ws/secpolicy12/builders/LayoutBuilder.java | 10 +-
.../builders/ProtectionTokenBuilder.java | 6 +-
.../builders/RecipientTokenBuilder.java | 8 +-
.../builders/SignatureTokenBuilder.java | 65 ++
.../secpolicy12/builders/SignedPartsBuilder.java | 2 +-
.../builders/SupportingTokensBuilder.java | 10 +-
.../builders/SymmetricBindingBuilder.java | 77 +-
.../builders/TransportBindingBuilder.java | 10 +-
.../builders/TransportTokenBuilder.java | 8 +-
.../secpolicy12/builders/UsernameTokenBuilder.java | 8 +-
.../ws/secpolicy12/builders/WSS10Builder.java | 10 +-
.../ws/secpolicy12/builders/WSS11Builder.java | 10 +-
.../ws/secpolicy12/builders/X509TokenBuilder.java | 10 +-
.../org.apache.neethi.builders.AssertionBuilder | 8 +-
.../apache/ws/secpolicy/KerberosPolicyTest.java | 212 ++++
.../src/test/resources/policy/kerberos-11.xml | 16 +
.../src/test/resources/policy/kerberos-12.xml | 16 +
.../src/test/resources/policy/kerberos-gss-11.xml | 16 +
.../src/test/resources/policy/kerberos-gss-12.xml | 16 +
.../resources/policy/kerberos-gss-keyref-11.xml | 18 +
.../resources/policy/kerberos-gss-keyref-12.xml | 17 +
.../test/resources/policy/kerberos-keyref-11.xml | 17 +
.../test/resources/policy/kerberos-keyref-12.xml | 17 +
modules/rampart-samples/README.txt | 4 +-
modules/rampart-samples/basic/README.txt | 44 -
modules/rampart-samples/basic/build.xml | 265 -----
modules/rampart-samples/basic/sample01/README.txt | 6 -
.../basic/sample01/client.axis2.xml | 455 ---------
.../rampart-samples/basic/sample01/services.xml | 27 -
.../apache/rampart/samples/sample01/Client.java | 62 --
.../rampart/samples/sample01/SimpleService.java | 24 -
modules/rampart-samples/basic/sample02/README.txt | 10 -
.../basic/sample02/client.axis2.xml | 464 ---------
.../rampart-samples/basic/sample02/services.xml | 33 -
.../apache/rampart/samples/sample02/Client.java | 62 --
.../rampart/samples/sample02/PWCBHandler.java | 40 -
.../rampart/samples/sample02/SimpleService.java | 25 -
modules/rampart-samples/basic/sample03/README.txt | 12 -
.../basic/sample03/client.axis2.xml | 465 ---------
.../rampart-samples/basic/sample03/services.xml | 33 -
.../apache/rampart/samples/sample03/Client.java | 62 --
.../rampart/samples/sample03/PWCBHandler.java | 51 -
.../rampart/samples/sample03/SimpleService.java | 36 -
modules/rampart-samples/basic/sample04/README.txt | 7 -
.../basic/sample04/client.axis2.xml | 473 ---------
.../rampart-samples/basic/sample04/services.xml | 44 -
.../apache/rampart/samples/sample04/Client.java | 62 --
.../rampart/samples/sample04/PWCBHandler.java | 43 -
.../rampart/samples/sample04/SimpleService.java | 25 -
modules/rampart-samples/basic/sample05/README.txt | 7 -
.../basic/sample05/client.axis2.xml | 472 ---------
.../rampart-samples/basic/sample05/services.xml | 45 -
.../apache/rampart/samples/sample05/Client.java | 62 --
.../rampart/samples/sample05/PWCBHandler.java | 43 -
.../rampart/samples/sample05/SimpleService.java | 25 -
modules/rampart-samples/basic/sample06/README.txt | 8 -
.../basic/sample06/client.axis2.xml | 478 ---------
.../rampart-samples/basic/sample06/services.xml | 47 -
.../apache/rampart/samples/sample06/Client.java | 62 --
.../rampart/samples/sample06/PWCBHandler.java | 43 -
.../rampart/samples/sample06/SimpleService.java | 25 -
modules/rampart-samples/basic/sample07/README.txt | 8 -
.../basic/sample07/client.axis2.xml | 477 ---------
.../rampart-samples/basic/sample07/services.xml | 46 -
.../apache/rampart/samples/sample07/Client.java | 62 --
.../rampart/samples/sample07/PWCBHandler.java | 43 -
.../rampart/samples/sample07/SimpleService.java | 25 -
modules/rampart-samples/basic/sample08/README.txt | 10 -
.../basic/sample08/client.axis2.xml | 478 ---------
.../rampart-samples/basic/sample08/services.xml | 35 -
.../apache/rampart/samples/sample08/Client.java | 62 --
.../rampart/samples/sample08/PWCBHandler.java | 43 -
.../rampart/samples/sample08/SimpleService.java | 25 -
modules/rampart-samples/basic/sample09/README.txt | 8 -
.../basic/sample09/client.axis2.xml | 476 ---------
.../rampart-samples/basic/sample09/services.xml | 46 -
.../apache/rampart/samples/sample09/Client.java | 62 --
.../rampart/samples/sample09/PWCBHandler.java | 50 -
.../rampart/samples/sample09/SimpleService.java | 25 -
modules/rampart-samples/basic/sample10/README.txt | 8 -
.../basic/sample10/client.axis2.xml | 481 ---------
.../rampart-samples/basic/sample10/services.xml | 47 -
.../apache/rampart/samples/sample10/Client.java | 62 --
.../rampart/samples/sample10/PWCBHandler.java | 43 -
.../rampart/samples/sample10/SimpleService.java | 25 -
modules/rampart-samples/basic/sample11/README.txt | 8 -
.../rampart-samples/basic/sample11/services.xml | 46 -
.../apache/rampart/samples/sample11/Client.java | 98 --
.../rampart/samples/sample11/PWCBHandler.java | 43 -
.../rampart/samples/sample11/SimpleService.java | 25 -
modules/rampart-samples/build.xml | 49 -
modules/rampart-samples/keys/service.jks | Bin 2683 -> 3307 bytes
modules/rampart-samples/policy/build.xml | 63 +-
.../apache/rampart/tomcat/sample/PWCBHandler.java | 2 +-
modules/rampart-samples/policy/sample01/README.txt | 14 +-
.../rampart-samples/policy/sample01/services.xml | 3 +-
.../rampart/samples/policy/sample01/Client.java | 7 +-
.../samples/policy/sample01/PWCBHandler.java | 2 +-
.../rampart/samples/policy/sample02/Client.java | 7 +-
.../samples/policy/sample02/PWCBHandler.java | 2 +-
.../rampart/samples/policy/sample03/Client.java | 7 +-
.../samples/policy/sample03/PWCBHandler.java | 2 +-
.../rampart/samples/policy/sample04/Client.java | 7 +-
.../samples/policy/sample04/PWCBHandler.java | 2 +-
modules/rampart-samples/policy/sample05/policy.xml | 2 +-
.../rampart/samples/policy/sample05/Client.java | 18 +-
.../samples/policy/sample05/PWCBHandler.java | 2 +-
modules/rampart-samples/policy/sample06/policy.xml | 6 +-
.../rampart-samples/policy/sample06/services.xml | 2 +-
.../rampart/samples/policy/sample06/Client.java | 17 +-
.../samples/policy/sample06/MexService.java | 9 +-
.../samples/policy/sample06/PWCBHandler.java | 2 +-
.../rampart/samples/policy/sample07/Client.java | 7 +-
.../samples/policy/sample07/PWCBHandler.java | 2 +-
modules/rampart-samples/policy/sample08/policy.xml | 2 +-
.../rampart/samples/policy/sample08/Client.java | 24 +-
.../samples/policy/sample08/PWCBHandler.java | 2 +-
modules/rampart-samples/policy/sample09/README.txt | 4 +
.../policy/sample09/client_in_policy.xml | 70 ++
.../policy/sample09/client_out_policy.xml | 79 ++
.../rampart-samples/policy/sample09/services.xml | 191 ++++
.../rampart/samples/policy/sample09}/Client.java | 45 +-
.../samples/policy/sample09/PWCBHandler.java | 44 +
.../samples/policy/sample09/SimpleService.java | 25 +
modules/rampart-samples/pom.xml | 182 ++++
.../src/test/conf}/log4j.properties | 49 +-
.../apache/rampart/samples/runner/Controller.java | 82 ++
.../org/apache/rampart/samples/runner/Logger.java | 38 +
.../org/apache/rampart/samples/runner/Sample.java | 64 ++
.../apache/rampart/samples/runner/SampleTest.java | 50 +
.../rampart/samples/runner/ServerRunner.java | 43 +
.../rampart/samples/runner/ServerWatcher.java | 86 ++
modules/rampart-tests/pom.xml | 28 +-
.../org/apache/rahas/SimpleTokenStoreTest.java | 36 +-
.../rampart/AsymmetricBindingBuilderTest.java | 16 +-
.../org/apache/rampart/MessageBuilderTestBase.java | 18 +-
.../org/apache/rampart/PolicyAssertionsTest.java | 78 ++
.../java/org/apache/rampart/RampartEngineTest.java | 75 +-
.../rampart/SymmetricBindingBuilderTest.java | 11 +-
.../rampart/TransportBindingBuilderTest.java | 8 +-
.../handler/config/InflowConfigurationTest.java | 73 --
.../handler/config/OutflowConfigurationTest.java | 194 ----
.../ws/secpolicy/model/SecpolicyModelTest.java | 19 +-
modules/rampart-tests/test-resources/axis2.xml | 12 +-
.../test-resources/policy-symm-binding-fault1.xml | 64 ++
.../policy/rampart-hashed-password.xml | 18 +
.../policy/rampart-plaintext-password.xml | 14 +
.../test-resources/policy/soapmessage12.xml | 57 ++
modules/rampart-trust-mar/module.xml | 2 +-
modules/rampart-trust-mar/pom.xml | 23 +-
modules/rampart-trust/pom.xml | 83 +-
.../src/main/java/org/apache/rahas/Rahas.java | 6 +-
.../main/java/org/apache/rahas/RahasConstants.java | 2 +
.../src/main/java/org/apache/rahas/RahasData.java | 80 +-
.../java/org/apache/rahas/STSMessageReceiver.java | 10 +-
.../java/org/apache/rahas/SimpleTokenStore.java | 6 +-
.../src/main/java/org/apache/rahas/Token.java | 36 +-
.../main/java/org/apache/rahas/TokenIssuer.java | 8 +-
.../apache/rahas/TokenRequestDispatcherConfig.java | 9 +-
.../java/org/apache/rahas/client/STSClient.java | 65 +-
.../apache/rahas/impl/AbstractIssuerConfig.java | 32 +
.../org/apache/rahas/impl/SAML2TokenIssuer.java | 1033 ++++++++++----------
.../org/apache/rahas/impl/SAMLTokenIssuer.java | 126 +--
.../apache/rahas/impl/SAMLTokenIssuerConfig.java | 65 +-
.../org/apache/rahas/impl/SAMLTokenRenewer.java | 14 +-
.../org/apache/rahas/impl/SAMLTokenValidator.java | 2 +-
.../main/java/org/apache/rahas/impl/SCTIssuer.java | 12 +-
.../org/apache/rahas/impl/SCTIssuerConfig.java | 7 +-
.../org/apache/rahas/impl/TokenCancelerConfig.java | 7 +-
.../org/apache/rahas/impl/TokenIssuerUtil.java | 6 +-
.../apache/rahas/impl/util/AxiomParserPool.java | 2 +-
.../org/apache/rahas/impl/util/CommonUtil.java | 307 +++++-
.../org/apache/rahas/impl/util/SAML2Utils.java | 150 +--
.../java/org/apache/rahas/impl/util/SAMLUtils.java | 200 +---
.../org/apache/rahas/errors.properties | 7 +-
.../apache/rahas/impl/SAML2TokenIssuerTest.java | 83 +-
.../org/apache/rahas/impl/util/CommonUtilTest.java | 289 ++++++
.../org/apache/rahas/impl/util/SAMLUtilsTest.java | 54 +-
.../apache/rahas/test/util/AbstractTestCase.java | 95 ++
.../rahas/test/util/TestCallbackHandler.java | 45 +
.../rahas/test/util/TestSAMLCallbackHandler.java | 32 +
.../org/apache/rahas/test/util/TestSTSClient.java | 45 +
.../java/org/apache/rahas/test/util/TestUtil.java | 389 +++++++-
.../src/test/resources/log4j.properties | 0
.../src/test/resources/repo/conf}/client.axis2.xml | 874 ++++++++---------
pom.xml | 523 +++++++---
release-docs/ChangeLog.txt | 255 -----
release-docs/release-notes.html | 67 --
src/site/markdown/download.md.vm | 60 ++
src/site/markdown/index.md | 23 +
src/site/markdown/release-notes/1.6.1.md | 7 +
src/site/markdown/release-notes/1.6.2.md | 10 +
src/site/markdown/release-notes/1.6.3.md | 7 +
src/site/markdown/release-notes/1.6.4.md | 7 +
src/site/markdown/release-notes/1.7.0.md | 11 +
src/site/markdown/release-notes/1.8.0.md | 0
src/site/resources/images/apache-rampart-logo.jpg | Bin 0 -> 14742 bytes
.../site/resources/images/logos/asf_logo_wide.png | Bin
.../site/resources/images/message-builder.jpg | Bin
.../site/resources/images/rampart-engine.jpg | Bin
.../site/resources/images/rampart-handlers.jpg | Bin
.../site/resources/images/rampart-trust.jpg | Bin
.../site/resources/images/security-stack.jpg | Bin
.../src => src}/site/resources/rampart-config.xsd | 0
.../site/resources/samples/msgs/creq04.xml | 0
.../site/resources/samples/msgs/cres04.xml | 0
.../site/resources/samples/msgs/req01.xml | 0
.../site/resources/samples/msgs/req02.xml | 0
.../site/resources/samples/msgs/req03.xml | 0
.../site/resources/samples/msgs/req04.xml | 0
src/site/resources/samples/msgs/req09.xml | 59 ++
.../site/resources/samples/msgs/res01.xml | 0
.../site/resources/samples/msgs/res02.xml | 0
.../site/resources/samples/msgs/res03.xml | 0
.../site/resources/samples/msgs/res04.xml | 0
src/site/resources/samples/msgs/res09.xml | 51 +
.../site/resources/samples/msgs/rst04.xml | 0
.../site/resources/samples/msgs/rstr04.xml | 0
.../site/resources/samples/policy/sample01.xml | 0
.../site/resources/samples/policy/sample02.xml | 0
.../site/resources/samples/policy/sample03.xml | 0
.../site/resources/samples/policy/sample04.xml | 0
.../site/resources/samples/policy/sample05.xml | 0
.../site/resources/samples/policy/sample06.xml | 0
src/site/site.xml | 84 ++
.../src => src}/site/xdoc/articles.xml | 0
.../src => src}/site/xdoc/developer-guide.xml | 0
.../src => src}/site/xdoc/quick-start.xml | 2 +-
.../src => src}/site/xdoc/rampartconfig-guide.xml | 0
.../src => src}/site/xdoc/samples.xml | 1 +
.../src => src}/site/xdoc/setting-up-sts.xml | 2 +-
.../src => src}/site/xdoc/siteHowTo.xml | 0
.../src => src}/site/xdoc/specifications.xml | 0
.../documentation/src => src}/site/xdoc/svn.xml | 0
478 files changed, 10254 insertions(+), 21276 deletions(-)
[axis-axis2-java-rampart] 02/10: Create development branch for
RAMPART-289.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-289
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 64584cc76509a8183bc7cc7c1ed5d870286ed2b8
Merge: 5f0e39d 4b544ad
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sun Jan 29 20:58:27 2017 +0000
Create development branch for RAMPART-289.
NOTICE | 9 -
apidocs/pom.xml | 117 --
apidocs/src/main/assembly/apidocs.xml | 32 -
build.xml | 160 +++
code-coverage/pom.xml | 188 ---
etc/dist.py | 45 -
legal/bcprov-LICENSE.txt | 19 -
legal/commons-lang-LICENSE.txt | 202 ----
legal/esapi-LICENSE.txt | 12 -
...f4j-jcl-LICENSE.txt => slf4j-jdk14-LICENSE.txt} | 0
modules/distribution/bin.xml | 76 +-
modules/distribution/pom.xml | 124 +-
modules/distribution/src.xml | 69 +-
modules/documentation/pom.xml | 33 +
.../src/site/resources/css/maven-base.css | 143 +++
.../src/site/resources/css/maven-theme.css | 129 ++
.../documentation/src/site/resources/css/print.css | 7 +
.../documentation/src/site/resources/css/site.css | 297 +++++
.../documentation/src/site/resources/css/style.css | 184 +++
.../images/apache-rampart-banner-background.jpg | Bin 0 -> 373 bytes
.../resources/images/apache-rampart-banner.jpg | Bin 0 -> 14840 bytes
.../images/apache-rampart-content-back.jpg | Bin 0 -> 309 bytes
.../site/resources/images/apache-rampart-logo.jpg | Bin 0 -> 4906 bytes
.../images/apache-rampart-menu-bottom.jpg | Bin 0 -> 381 bytes
.../images/apache-rampart-menu-button.gif | Bin 0 -> 192 bytes
.../resources/images/apache-rampart-menu-top.jpg | Bin 0 -> 633 bytes
.../site/resources/images/apache-rampart-menu.jpg | Bin 0 -> 1221 bytes
.../resources/images/apache-rampart-spliter.jpg | Bin 0 -> 650 bytes
.../src/site/resources/images/external.png | Bin 0 -> 230 bytes
.../site/resources/images/logos/asf_logo_wide.png | Bin
.../images/logos/build-by-maven-black.png | Bin 0 -> 2294 bytes
.../images/logos/build-by-maven-white.png | Bin 0 -> 2260 bytes
.../site/resources/images/logos/maven-feather.png | Bin 0 -> 3330 bytes
.../src}/site/resources/images/message-builder.jpg | Bin
.../src}/site/resources/images/rampart-engine.jpg | Bin
.../site/resources/images/rampart-handlers.jpg | Bin
.../src}/site/resources/images/rampart-trust.jpg | Bin
.../src}/site/resources/images/security-stack.jpg | Bin
.../src}/site/resources/rampart-config.xsd | 27 +-
.../src}/site/resources/samples/msgs/creq04.xml | 0
.../src}/site/resources/samples/msgs/cres04.xml | 0
.../src}/site/resources/samples/msgs/req01.xml | 0
.../src}/site/resources/samples/msgs/req02.xml | 0
.../src}/site/resources/samples/msgs/req03.xml | 0
.../src}/site/resources/samples/msgs/req04.xml | 0
.../src}/site/resources/samples/msgs/res01.xml | 0
.../src}/site/resources/samples/msgs/res02.xml | 0
.../src}/site/resources/samples/msgs/res03.xml | 0
.../src}/site/resources/samples/msgs/res04.xml | 0
.../src}/site/resources/samples/msgs/rst04.xml | 0
.../src}/site/resources/samples/msgs/rstr04.xml | 0
.../site/resources/samples/policy/sample01.xml | 2 +-
.../site/resources/samples/policy/sample02.xml | 0
.../site/resources/samples/policy/sample03.xml | 0
.../site/resources/samples/policy/sample04.xml | 0
.../site/resources/samples/policy/sample05.xml | 2 +-
.../site/resources/samples/policy/sample06.xml | 2 +-
modules/documentation/src/site/site.xml | 80 ++
.../documentation/src}/site/xdoc/articles.xml | 0
.../src}/site/xdoc/developer-guide.xml | 4 +-
modules/documentation/src/site/xdoc/download.xml | 81 ++
.../src/site/xdoc/download/1.1/download.cgi | 6 +
.../src/site/xdoc/download/1.1/download.xml | 125 ++
.../src/site/xdoc/download/1.2/download.cgi | 6 +
.../src/site/xdoc/download/1.2/download.xml | 125 ++
.../src/site/xdoc/download/1.3/download.cgi | 6 +
.../src/site/xdoc/download/1.3/download.xml | 125 ++
modules/documentation/src/site/xdoc/index.xml | 73 ++
.../documentation/src}/site/xdoc/quick-start.xml | 2 +-
.../src/site/xdoc/rampartconfig-guide.xml | 76 ++
.../documentation/src}/site/xdoc/samples.xml | 1 -
.../src}/site/xdoc/setting-up-sts.xml | 2 +-
.../documentation/src}/site/xdoc/siteHowTo.xml | 0
.../src}/site/xdoc/specifications.xml | 0
.../documentation/src}/site/xdoc/svn.xml | 10 +-
modules/rampart-core/pom.xml | 112 +-
.../org.apache.neethi.builders.AssertionBuilder | 3 +-
.../AbstractUniqueMessageAttributeCache.java | 61 -
.../ExtendedPolicyValidatorCallbackHandler.java | 23 -
.../java/org/apache/rampart/MessageBuilder.java | 14 +-
.../main/java/org/apache/rampart/NonceCache.java | 160 ---
.../rampart/PolicyBasedResultsValidator.java | 777 ++++++------
.../src/main/java/org/apache/rampart/Rampart.java | 19 +-
.../java/org/apache/rampart/RampartConstants.java | 4 -
.../java/org/apache/rampart/RampartEngine.java | 352 ++----
.../java/org/apache/rampart/RampartException.java | 2 +-
.../org/apache/rampart/RampartMessageData.java | 326 ++---
.../java/org/apache/rampart/ServiceNonceCache.java | 69 --
.../org/apache/rampart/TokenCallbackHandler.java | 26 +-
.../rampart/UniqueMessageAttributeCache.java | 65 -
.../rampart/builder/AsymmetricBindingBuilder.java | 289 ++---
.../org/apache/rampart/builder/BindingBuilder.java | 514 +++-----
.../rampart/builder/SymmetricBindingBuilder.java | 234 ++--
.../rampart/builder/TransportBindingBuilder.java | 312 ++---
.../org/apache/rampart/errors.properties | 19 +-
.../rampart/handler/CertificateValidator.java | 45 -
.../handler/PostDispatchVerificationHandler.java | 14 +-
.../apache/rampart/handler/RampartReceiver.java | 30 +-
.../org/apache/rampart/handler/RampartSender.java | 17 +-
.../handler/RampartUsernameTokenValidator.java | 71 --
.../org/apache/rampart/handler/WSDoAllHandler.java | 210 ++++
.../apache/rampart/handler/WSDoAllReceiver.java | 383 ++++++
.../org/apache/rampart/handler/WSDoAllSender.java | 270 +++++
.../rampart/handler/WSSHandlerConstants.java | 2 -
.../handler/config/InflowConfiguration.java | 181 +++
.../handler/config/OutflowConfiguration.java | 600 ++++++++++
.../rampart/policy/RampartPolicyBuilder.java | 70 +-
.../apache/rampart/policy/RampartPolicyData.java | 95 +-
.../rampart/policy/SupportingPolicyData.java | 99 +-
.../policy/builders/CryptoConfigBuilder.java | 8 +-
.../policy/builders/KerberosConfigBuilder.java | 100 --
.../policy/builders/OptimizePartsBuilder.java | 2 +-
.../policy/builders/RampartConfigBuilder.java | 38 +-
.../rampart/policy/builders/SSLConfigBuilder.java | 2 +-
.../apache/rampart/policy/model/CryptoConfig.java | 27 +-
.../rampart/policy/model/KerberosConfig.java | 361 ------
.../rampart/policy/model/OptimizePartsConfig.java | 16 +-
.../apache/rampart/policy/model/RampartConfig.java | 95 +-
.../org/apache/rampart/policy/model/SSLConfig.java | 3 -
.../apache/rampart/saml/SAML1AssertionHandler.java | 92 --
.../apache/rampart/saml/SAML2AssertionHandler.java | 111 --
.../apache/rampart/saml/SAMLAssertionHandler.java | 92 --
.../rampart/saml/SAMLAssertionHandlerFactory.java | 37 -
.../java/org/apache/rampart/util/Axis2Util.java | 99 +-
.../rampart/util/HandlerParameterDecoder.java | 292 +++++
.../org/apache/rampart/util/MessageOptimizer.java | 25 +-
.../java/org/apache/rampart/util/RampartUtil.java | 1245 ++++++++------------
.../policy/builders/KerberosConfigBuilderTest.java | 121 --
.../org/apache/rampart/util/RampartUtilTest.java | 44 -
.../rampart/policy/builders/kerberosConfig.policy | 22 -
.../apache/rampart/util/soap11-invalid-fault.xml | 9 -
.../apache/rampart/util/soap11-security-fault.xml | 10 -
.../apache/rampart/util/soap12-security-fault.xml | 17 -
modules/rampart-integration/pom.xml | 1038 +++++++++-------
.../apache/axis2/integration/TestConstants.java | 25 -
.../org/apache/axis2/integration/UtilServer.java | 244 ++++
.../axis2/integration/UtilServerBasedTestCase.java | 68 ++
.../apache/axis2/integration/UtilsTCPServer.java | 99 ++
.../src/main/java/org/apache/rahas/PWCallback.java | 47 +-
.../src/main/java/org/apache/rahas/TestClient.java | 136 ++-
.../main/java/org/apache/rampart/PWCallback.java | 18 +-
.../src/main/resources/ping/ping.wsdl | 68 ++
.../apache/axis2/oasis/ping/PingPortSkeleton.java | 74 ++
.../axis2/security/InteropScenarioClient.java | 180 +++
.../src/org/apache/axis2/security}/PWCallback.java | 8 +-
.../commons-logging.properties} | 61 +-
.../axis2/security/AddressingMTOMSecurityTest.java | 125 ++
.../org/apache/axis2/security/InteropTestBase.java | 239 ++++
.../axis2/security/MTOMOptimizedSecurityTest.java | 119 ++
.../org/apache/axis2/security/Scenario1Test.java | 68 ++
.../org/apache/axis2/security/Scenario2Test.java | 105 ++
.../org/apache/axis2/security/Scenario2aTest.java | 99 ++
.../org/apache/axis2/security/Scenario3Test.java | 119 ++
.../org/apache/axis2/security/Scenario4Test.java | 119 ++
.../org/apache/axis2/security/Scenario5Test.java | 113 ++
.../org/apache/axis2/security/Scenario6Test.java | 114 ++
.../org/apache/axis2/security/Scenario7Test.java | 141 +++
.../rahas/RahasSAML2TokenCertForHoKTest.java | 49 +-
.../java/org/apache/rahas/RahasSAML2TokenTest.java | 40 +-
.../rahas/RahasSAML2TokenUTForBearerTest.java | 159 ---
.../apache/rahas/RahasSAMLTokenAttributeTest.java | 35 +-
.../apache/rahas/RahasSAMLTokenCertForHoKTest.java | 40 +-
.../rahas/RahasSAMLTokenCertForHoKV1205Test.java | 56 +-
.../java/org/apache/rahas/RahasSAMLTokenTest.java | 45 +-
.../rahas/RahasSAMLTokenUTForBearerTest.java | 92 +-
.../rahas/RahasSAMLTokenUTForBearerV1205Test.java | 38 +-
.../apache/rahas/RahasSAMLTokenUTForHoKTest.java | 35 +-
.../rahas/RahasSAMLTokenUTForHoKV1205Test.java | 43 +-
.../org/apache/rahas/RahasSAMLTokenV1205Test.java | 41 +-
.../java/org/apache/rahas/SAMLDataProvider.java | 36 +-
.../apache/rampart/KerberosDelegationService.java | 78 --
.../KerberosDelegationServiceValidator.java | 46 -
.../org/apache/rampart/RampartKerberosTest.java | 296 -----
.../test/java/org/apache/rampart/RampartTest.java | 174 ++-
.../org/apache/rampart/util/KerberosServer.java | 207 ----
.../rampart/util/KerberosTokenDecoderImpl.java | 156 ---
.../src/test/resources/commons-logging.properties} | 55 +-
.../src/test/resources/conf/axis2.xml | 63 +-
.../src/test/resources/kerberos/alice.keytab | Bin 666 -> 0 bytes
.../src/test/resources/kerberos/bob.keytab | Bin 328 -> 0 bytes
.../src/test/resources/kerberos/jaas.conf | 49 -
.../src/test/resources/kerberos/krb5.conf.template | 8 -
.../src/test/resources/kerberos/readme | 9 -
.../src/test/resources/kerberos/users.ldif | 60 -
.../src/test/resources/rahas/1.xml | 74 --
.../src/test/resources/rahas/3.xml | 37 -
.../src/test/resources/rahas/issuer.properties} | 3 +-
...service-policy-symm-binding-saml2-publicKey.xml | 2 +-
.../policy/service-policy-symm-binding-saml2.xml | 2 +-
.../rahas/policy/service-policy-symm-binding.xml | 2 +-
.../policy/service-policy-transport-binding.xml | 2 +-
.../rahas/policy/sts-policy-asymm-binding.xml | 2 +-
.../rahas/policy/sts-policy-symm-binding.xml | 2 +-
.../rahas/policy/sts-policy-transport-binding.xml | 2 +-
.../src/test/resources/rahas/rahas-sec.properties} | 4 +-
.../src/test/resources/rahas/s1-services.xml | 92 +-
.../src/test/resources/rahas/s3-services.xml | 50 +-
.../src/test/resources/rahas/s5-services.xml | 52 +-
.../src/test/resources/rahas/saml.s1.properties | 9 +
.../test/resources/rahas/samlIssuer.properties} | 3 +-
.../rampart/kerberos/KerberosDelegation.xml | 86 --
.../kerberos/KerberosOverTransportKeytab.xml | 85 --
.../rampart/kerberos/KerberosOverTransportPWCB.xml | 88 --
.../src/test/resources/rampart/policy/1.xml | 2 +-
.../src/test/resources/rampart/policy/10.xml | 4 +-
.../src/test/resources/rampart/policy/13.xml | 2 +-
.../src/test/resources/rampart/policy/14.xml | 2 +-
.../src/test/resources/rampart/policy/15.xml | 2 +-
.../src/test/resources/rampart/policy/16.xml | 4 +-
.../src/test/resources/rampart/policy/17.xml | 2 +-
.../src/test/resources/rampart/policy/18.xml | 2 +-
.../src/test/resources/rampart/policy/19.xml | 2 +-
.../src/test/resources/rampart/policy/2.xml | 2 +-
.../src/test/resources/rampart/policy/20.xml | 2 +-
.../src/test/resources/rampart/policy/21.xml | 4 +-
.../src/test/resources/rampart/policy/22.xml | 2 +-
.../src/test/resources/rampart/policy/23.xml | 2 +-
.../src/test/resources/rampart/policy/24.xml | 2 +-
.../src/test/resources/rampart/policy/25.xml | 2 +-
.../src/test/resources/rampart/policy/26.xml | 2 +-
.../src/test/resources/rampart/policy/27.xml | 2 +-
.../src/test/resources/rampart/policy/28.xml | 2 +-
.../src/test/resources/rampart/policy/3.xml | 2 +-
.../src/test/resources/rampart/policy/30.xml | 77 --
.../src/test/resources/rampart/policy/31.xml | 75 --
.../src/test/resources/rampart/policy/32.xml | 90 --
.../src/test/resources/rampart/policy/33.xml | 103 --
.../src/test/resources/rampart/policy/34.xml | 102 --
.../src/test/resources/rampart/policy/35.xml | 76 --
.../src/test/resources/rampart/policy/4.xml | 2 +-
.../src/test/resources/rampart/policy/5.xml | 2 +-
.../src/test/resources/rampart/policy/sc-1.xml | 2 +-
.../src/test/resources/rampart/policy/sc-3.xml | 4 +-
.../src/test/resources/rampart/policy/sc-4.xml | 123 --
.../src/test/resources/rampart/policy/sc-5.xml | 131 --
.../src/test/resources/rampart/policy/sc-6.xml | 98 --
.../src/test/resources/rampart/services-1.xml | 2 +-
.../src/test/resources/rampart/services-10.xml | 2 +-
.../src/test/resources/rampart/services-13.xml | 2 +-
.../src/test/resources/rampart/services-14.xml | 2 +-
.../src/test/resources/rampart/services-15.xml | 2 +-
.../src/test/resources/rampart/services-16.xml | 4 +-
.../src/test/resources/rampart/services-17.xml | 2 +-
.../src/test/resources/rampart/services-18.xml | 2 +-
.../src/test/resources/rampart/services-19.xml | 2 +-
.../src/test/resources/rampart/services-2.xml | 2 +-
.../src/test/resources/rampart/services-20.xml | 2 +-
.../src/test/resources/rampart/services-21.xml | 2 +-
.../src/test/resources/rampart/services-22.xml | 2 +-
.../src/test/resources/rampart/services-23.xml | 2 +-
.../src/test/resources/rampart/services-24.xml | 2 +-
.../src/test/resources/rampart/services-25.xml | 2 +-
.../src/test/resources/rampart/services-26.xml | 2 +-
.../src/test/resources/rampart/services-27.xml | 2 +-
.../src/test/resources/rampart/services-28.xml | 2 +-
.../src/test/resources/rampart/services-3.xml | 2 +-
.../src/test/resources/rampart/services-30.xml | 90 --
.../src/test/resources/rampart/services-31.xml | 111 --
.../src/test/resources/rampart/services-32.xml | 128 --
.../src/test/resources/rampart/services-33.xml | 140 ---
.../src/test/resources/rampart/services-34.xml | 113 --
.../src/test/resources/rampart/services-35.xml | 94 --
.../src/test/resources/rampart/services-4.xml | 2 +-
.../src/test/resources/rampart/services-5.xml | 2 +-
.../src/test/resources/rampart/services-sc-1.xml | 2 +-
.../src/test/resources/rampart/services-sc-3.xml | 2 +-
.../src/test/resources/rampart/services-sc-4.xml | 177 ---
.../src/test/resources/rampart/services-sc-5.xml | 186 ---
.../src/test/resources/rampart/services-sc-6.xml | 154 ---
.../resources/security/complete.client.axis2.xml | 133 +++
.../resources/security/complete.service.axis2.xml | 147 +++
.../test/resources/security/complete.service.xml | 31 +
.../test/resources/security/s1.client.axis2.xml | 109 ++
.../test/resources/security/s1.service.axis2.xml | 139 +++
.../src/test/resources/security/s1.service.xml | 15 +
.../test/resources/security/s2.client.axis2.xml | 118 ++
.../test/resources/security/s2.service.axis2.xml | 139 +++
.../src/test/resources/security/s2.service.xml | 16 +
.../test/resources/security/s2a.client.axis2.xml | 116 ++
.../test/resources/security/s2a.service.axis2.xml | 138 +++
.../src/test/resources/security/s2a.service.xml | 16 +
.../test/resources/security/s3.client.axis2.xml | 127 ++
.../test/resources/security/s3.service.axis2.xml | 138 +++
.../src/test/resources/security/s3.service.xml | 31 +
.../test/resources/security/s4.client.axis2.xml | 124 ++
.../test/resources/security/s4.service.axis2.xml | 139 +++
.../src/test/resources/security/s4.service.xml | 30 +
.../test/resources/security/s5.client.axis2.xml | 122 ++
.../test/resources/security/s5.service.axis2.xml | 140 +++
.../src/test/resources/security/s5.service.xml | 16 +
.../test/resources/security/s6.client.axis2.xml | 125 ++
.../test/resources/security/s6.service.axis2.xml | 140 +++
.../src/test/resources/security/s6.service.xml | 29 +
.../test/resources/security/s7.client.axis2.xml | 125 ++
.../test/resources/security/s7.service.axis2.xml | 141 +++
.../src/test/resources/security/s7.service.xml | 31 +
.../test/resources/security/sST1.client.axis2.xml | 109 ++
.../test/resources/security/sST1.service.axis2.xml | 140 +++
.../src/test/resources/security/sST1.service.xml | 14 +
.../src/test/resources/security/sc/s1-services.xml | 84 ++
.../src/test/resources/security/sc/s2-services.xml | 64 +
.../src/test/resources/security/sc/s3-services.xml | 66 ++
.../src/test/resources/security/sc/s4-services.xml | 67 ++
.../resources/security/sc/sctIssuer.properties} | 3 +-
.../src/test/resources/security/sc/sec.jks | Bin 0 -> 5467 bytes
.../src/test/resources/security/sc/sec.properties} | 4 +-
.../src/test/resources/security/sc/sts.jks | Bin 0 -> 4759 bytes
.../resources/security/secMtom.client.axis2.xml | 126 ++
.../resources/security/secMtom.service.axis2.xml | 141 +++
.../test/resources/security/secMtom.service.xml | 31 +
modules/rampart-mar/module.xml | 6 +
modules/rampart-mar/pom.xml | 219 ++--
modules/rampart-policy/pom.xml | 83 +-
.../org.apache.neethi.builders.AssertionBuilder | 9 +-
.../java/org/apache/ws/secpolicy/Constants.java | 4 -
.../org/apache/ws/secpolicy/SP11Constants.java | 9 -
.../org/apache/ws/secpolicy/SP12Constants.java | 9 -
.../java/org/apache/ws/secpolicy/SPConstants.java | 11 +-
.../AbstractConfigurableSecurityAssertion.java | 6 +-
.../secpolicy/model/AbstractSecurityAssertion.java | 57 +-
.../apache/ws/secpolicy/model/AlgorithmSuite.java | 40 +-
.../ws/secpolicy/model/AsymmetricBinding.java | 49 +-
.../secpolicy/model/ContentEncryptedElements.java | 38 +-
.../apache/ws/secpolicy/model/EncryptionToken.java | 42 +-
.../org/apache/ws/secpolicy/model/HttpsToken.java | 20 +-
.../apache/ws/secpolicy/model/InitiatorToken.java | 20 +-
.../org/apache/ws/secpolicy/model/IssuedToken.java | 50 +-
.../apache/ws/secpolicy/model/KerberosToken.java | 152 ---
.../java/org/apache/ws/secpolicy/model/Layout.java | 23 +-
.../apache/ws/secpolicy/model/ProtectionToken.java | 42 +-
.../apache/ws/secpolicy/model/RecipientToken.java | 20 +-
.../ws/secpolicy/model/RequiredElements.java | 35 +-
.../apache/ws/secpolicy/model/RequiredParts.java | 24 +-
.../secpolicy/model/SecureConversationToken.java | 52 +-
.../apache/ws/secpolicy/model/SignatureToken.java | 44 +-
.../secpolicy/model/SignedEncryptedElements.java | 35 +-
.../ws/secpolicy/model/SignedEncryptedParts.java | 39 +-
.../apache/ws/secpolicy/model/SupportingToken.java | 31 +-
.../ws/secpolicy/model/SymmetricBinding.java | 119 +-
.../ws/secpolicy/model/TransportBinding.java | 54 +-
.../apache/ws/secpolicy/model/TransportToken.java | 22 +-
.../org/apache/ws/secpolicy/model/Trust10.java | 35 +-
.../org/apache/ws/secpolicy/model/Trust13.java | 42 +-
.../apache/ws/secpolicy/model/UsernameToken.java | 87 +-
.../java/org/apache/ws/secpolicy/model/Wss10.java | 33 +-
.../java/org/apache/ws/secpolicy/model/Wss11.java | 40 +-
.../org/apache/ws/secpolicy/model/X509Token.java | 39 +-
.../builders/AlgorithmSuiteBuilder.java | 10 +-
.../builders/AsymmetricBindingBuilder.java | 12 +-
.../builders/EncryptedElementsBuilder.java | 8 +-
.../builders/EncryptedPartsBuilder.java | 6 +-
.../builders/EncryptionTokenBuilder.java | 65 -
.../builders/InitiatorTokenBuilder.java | 10 +-
.../secpolicy11/builders/IssuedTokenBuilder.java | 12 +-
.../secpolicy11/builders/KerberosTokenBuilder.java | 84 --
.../ws/secpolicy11/builders/LayoutBuilder.java | 12 +-
.../builders/ProtectionTokenBuilder.java | 8 +-
.../builders/RecipientTokenBuilder.java | 12 +-
.../builders/RequiredElementsBuilder.java | 4 +-
.../builders/SecureConversationTokenBuilder.java | 2 +-
.../builders/SecurityContextTokenBuilder.java | 2 +-
.../builders/SignatureTokenBuilder.java | 65 -
.../builders/SignedElementsBuilder.java | 8 +-
.../secpolicy11/builders/SignedPartsBuilder.java | 14 +-
.../builders/SupportingTokensBuilder.java | 16 +-
.../builders/SymmetricBindingBuilder.java | 79 +-
.../builders/TransportBindingBuilder.java | 12 +-
.../builders/TransportTokenBuilder.java | 19 +-
.../ws/secpolicy11/builders/Trust10Builder.java | 2 +-
.../secpolicy11/builders/UsernameTokenBuilder.java | 18 +-
.../ws/secpolicy11/builders/WSS10Builder.java | 12 +-
.../ws/secpolicy11/builders/WSS11Builder.java | 12 +-
.../ws/secpolicy11/builders/X509TokenBuilder.java | 16 +-
.../builders/AlgorithmSuiteBuilder.java | 12 +-
.../builders/AsymmetricBindingBuilder.java | 12 +-
.../builders/ContentEncryptedElementsBuilder.java | 4 +-
.../builders/EncryptedElementsBuilder.java | 8 +-
.../builders/EncryptedPartsBuilder.java | 6 +-
.../builders/EncryptionTokenBuilder.java | 65 -
.../ws/secpolicy12/builders/HttpsTokenBuilder.java | 38 +-
.../builders/InitiatorTokenBuilder.java | 10 +-
.../secpolicy12/builders/IssuedTokenBuilder.java | 12 +-
.../secpolicy12/builders/KerberosTokenBuilder.java | 84 --
.../ws/secpolicy12/builders/LayoutBuilder.java | 12 +-
.../builders/ProtectionTokenBuilder.java | 8 +-
.../builders/RecipientTokenBuilder.java | 10 +-
.../builders/RequiredElementsBuilder.java | 4 +-
.../secpolicy12/builders/RequiredPartsBuilder.java | 2 +-
.../builders/SecureConversationTokenBuilder.java | 2 +-
.../builders/SecurityContextTokenBuilder.java | 2 +-
.../builders/SignatureTokenBuilder.java | 65 -
.../builders/SignedElementsBuilder.java | 8 +-
.../secpolicy12/builders/SignedPartsBuilder.java | 12 +-
.../builders/SupportingTokensBuilder.java | 16 +-
.../builders/SymmetricBindingBuilder.java | 79 +-
.../builders/TransportBindingBuilder.java | 15 +-
.../builders/TransportTokenBuilder.java | 60 +-
.../ws/secpolicy12/builders/Trust13Builder.java | 2 +-
.../secpolicy12/builders/UsernameTokenBuilder.java | 14 +-
.../ws/secpolicy12/builders/WSS10Builder.java | 12 +-
.../ws/secpolicy12/builders/WSS11Builder.java | 12 +-
.../ws/secpolicy12/builders/X509TokenBuilder.java | 16 +-
.../apache/ws/secpolicy/KerberosPolicyTest.java | 212 ----
.../src/test/resources/policy/kerberos-11.xml | 16 -
.../src/test/resources/policy/kerberos-12.xml | 16 -
.../src/test/resources/policy/kerberos-gss-11.xml | 16 -
.../src/test/resources/policy/kerberos-gss-12.xml | 16 -
.../resources/policy/kerberos-gss-keyref-11.xml | 18 -
.../resources/policy/kerberos-gss-keyref-12.xml | 17 -
.../test/resources/policy/kerberos-keyref-11.xml | 17 -
.../test/resources/policy/kerberos-keyref-12.xml | 17 -
modules/rampart-samples/README.txt | 8 +-
modules/rampart-samples/basic/README.txt | 44 +
modules/rampart-samples/basic/build.xml | 259 ++++
modules/rampart-samples/basic/sample01/README.txt | 6 +
.../basic/sample01}/client.axis2.xml | 875 +++++++-------
.../rampart-samples/basic/sample01/services.xml | 27 +
.../apache/rampart/samples/sample01}/Client.java | 30 +-
.../rampart/samples/sample01}/SimpleService.java | 2 +-
modules/rampart-samples/basic/sample02/README.txt | 10 +
.../basic/sample02}/client.axis2.xml | 884 +++++++-------
.../rampart-samples/basic/sample02/services.xml | 33 +
.../apache/rampart/samples/sample02}/Client.java | 30 +-
.../rampart/samples/sample02}/PWCBHandler.java | 10 +-
.../rampart/samples/sample02}/SimpleService.java | 3 +-
modules/rampart-samples/basic/sample03/README.txt | 12 +
.../basic/sample03}/client.axis2.xml | 885 +++++++-------
.../rampart-samples/basic/sample03/services.xml | 33 +
.../apache/rampart/samples/sample03}/Client.java | 30 +-
.../rampart/samples/sample03}/PWCBHandler.java | 6 +-
.../rampart/samples/sample03}/SimpleService.java | 18 +-
modules/rampart-samples/basic/sample04/README.txt | 7 +
.../basic/sample04}/client.axis2.xml | 893 +++++++-------
.../rampart-samples/basic/sample04/services.xml | 44 +
.../apache/rampart/samples/sample04}/Client.java | 30 +-
.../rampart/samples}/sample04/PWCBHandler.java | 5 +-
.../rampart/samples/sample04}/SimpleService.java | 3 +-
modules/rampart-samples/basic/sample05/README.txt | 7 +
.../basic/sample05}/client.axis2.xml | 892 +++++++-------
.../rampart-samples/basic/sample05/services.xml | 45 +
.../apache/rampart/samples/sample05}/Client.java | 30 +-
.../rampart/samples/sample05}/PWCBHandler.java | 5 +-
.../rampart/samples/sample05}/SimpleService.java | 3 +-
modules/rampart-samples/basic/sample06/README.txt | 8 +
.../basic/sample06}/client.axis2.xml | 898 +++++++-------
.../rampart-samples/basic/sample06/services.xml | 47 +
.../apache/rampart/samples/sample06}/Client.java | 30 +-
.../rampart/samples/sample06}/PWCBHandler.java | 5 +-
.../rampart/samples/sample06}/SimpleService.java | 3 +-
modules/rampart-samples/basic/sample07/README.txt | 8 +
.../basic/sample07}/client.axis2.xml | 897 +++++++-------
.../rampart-samples/basic/sample07/services.xml | 46 +
.../apache/rampart/samples}/sample07/Client.java | 30 +-
.../rampart/samples/sample07}/PWCBHandler.java | 5 +-
.../rampart/samples/sample07}/SimpleService.java | 3 +-
modules/rampart-samples/basic/sample08/README.txt | 10 +
.../basic/sample08}/client.axis2.xml | 898 +++++++-------
.../rampart-samples/basic/sample08/services.xml | 35 +
.../apache/rampart/samples/sample08}/Client.java | 30 +-
.../rampart/samples/sample08}/PWCBHandler.java | 5 +-
.../rampart/samples}/sample08/SimpleService.java | 3 +-
modules/rampart-samples/basic/sample09/README.txt | 8 +
.../basic/sample09}/client.axis2.xml | 896 +++++++-------
.../rampart-samples/basic/sample09/services.xml | 46 +
.../apache/rampart/samples/sample09}/Client.java | 30 +-
.../rampart/samples/sample09}/PWCBHandler.java | 22 +-
.../rampart/samples/sample09}/SimpleService.java | 3 +-
modules/rampart-samples/basic/sample10/README.txt | 8 +
.../basic/sample10}/client.axis2.xml | 901 +++++++-------
.../rampart-samples/basic/sample10/services.xml | 47 +
.../apache/rampart/samples/sample10}/Client.java | 30 +-
.../rampart/samples/sample10}/PWCBHandler.java | 5 +-
.../rampart/samples/sample10}/SimpleService.java | 3 +-
modules/rampart-samples/basic/sample11/README.txt | 8 +
.../basic/sample11}/client.axis2.xml | 874 +++++++-------
.../rampart-samples/basic/sample11/services.xml | 46 +
.../apache/rampart/samples/sample11}/Client.java | 56 +-
.../rampart/samples/sample11}/PWCBHandler.java | 5 +-
.../rampart/samples/sample11}/SimpleService.java | 3 +-
.../src/main/files => rampart-samples}/build.xml | 5 +-
modules/rampart-samples/keys/client.jks | Bin 4014 -> 4008 bytes
modules/rampart-samples/keys/service.jks | Bin 3307 -> 2675 bytes
modules/rampart-samples/keys/sts.jks | Bin 2683 -> 2677 bytes
modules/rampart-samples/policy/build.xml | 123 +-
.../policy/sample-tomcat/policy.xml | 2 +-
.../policy/sample-tomcat/services.xml | 4 +-
.../apache/rampart/tomcat/sample/PWCBHandler.java | 2 +-
modules/rampart-samples/policy/sample01/README.txt | 14 +-
modules/rampart-samples/policy/sample01/policy.xml | 2 +-
.../rampart-samples/policy/sample01/services.xml | 5 +-
.../rampart/samples/policy/sample01/Client.java | 7 +-
.../samples/policy/sample01/PWCBHandler.java | 2 +-
.../rampart/samples/policy/sample02/Client.java | 7 +-
.../samples/policy/sample02/PWCBHandler.java | 2 +-
.../rampart/samples/policy/sample03/Client.java | 7 +-
.../samples/policy/sample03/PWCBHandler.java | 2 +-
.../rampart/samples/policy/sample04/Client.java | 7 +-
.../samples/policy/sample04/PWCBHandler.java | 2 +-
modules/rampart-samples/policy/sample05/policy.xml | 4 +-
.../rampart-samples/policy/sample05/services.xml | 216 ++--
.../rampart/samples/policy/sample05/Client.java | 18 +-
.../samples/policy/sample05/PWCBHandler.java | 2 +-
modules/rampart-samples/policy/sample06/policy.xml | 11 +-
.../rampart-samples/policy/sample06/services.xml | 255 ++--
.../rampart/samples/policy/sample06/Client.java | 17 +-
.../samples/policy/sample06/MexService.java | 25 +-
.../samples/policy/sample06/PWCBHandler.java | 2 +-
.../rampart/samples/policy/sample07/Client.java | 7 +-
.../samples/policy/sample07/PWCBHandler.java | 2 +-
modules/rampart-samples/policy/sample08/README.txt | 8 -
modules/rampart-samples/policy/sample08/policy.xml | 73 --
.../rampart-samples/policy/sample08/services.xml | 127 --
.../rampart/samples/policy/sample08/Client.java | 88 --
.../samples/policy/sample08/PWCBHandler.java | 42 -
.../rampart-samples/policy/sample08/sts_policy.xml | 83 --
modules/rampart-samples/pom.xml | 182 ---
.../rampart-samples/src/test/conf/log4j.properties | 24 -
.../apache/rampart/samples/runner/Controller.java | 82 --
.../org/apache/rampart/samples/runner/Logger.java | 38 -
.../org/apache/rampart/samples/runner/Sample.java | 64 -
.../apache/rampart/samples/runner/SampleTest.java | 49 -
.../rampart/samples/runner/ServerRunner.java | 43 -
.../rampart/samples/runner/ServerWatcher.java | 86 --
modules/rampart-tests/pom.xml | 67 +-
.../org/apache/rahas/SimpleTokenStoreTest.java | 55 +-
.../rahas/TokenRequestDispatcherConfigTest.java | 28 +-
.../rampart/AsymmetricBindingBuilderTest.java | 357 +++---
.../org/apache/rampart/MessageBuilderTestBase.java | 42 +-
.../java/org/apache/rampart/NonceCacheTest.java | 75 --
.../org/apache/rampart/PolicyAssertionsTest.java | 161 ---
.../java/org/apache/rampart/RampartEngineTest.java | 82 +-
.../rampart/SymmetricBindingBuilderTest.java | 234 ++--
.../java/org/apache/rampart/TestCBHandler.java | 44 +-
.../rampart/TransportBindingBuilderTest.java | 132 ++-
.../handler/config/InflowConfigurationTest.java | 73 ++
.../handler/config/OutflowConfigurationTest.java | 194 +++
.../rampart/policy/model/RampartPolicyTest.java | 89 +-
.../ws/secpolicy/model/SecpolicyModelTest.java | 93 +-
.../rampart-tests/test-resources/PWCallback.java | 8 +-
modules/rampart-tests/test-resources/axis2.xml | 12 +-
.../rampart-tests/test-resources/log4j.properties | 25 -
.../test-resources/policy-asymm-binding.xml | 2 +-
.../test-resources/policy-symm-binding-fault1.xml | 64 -
.../test-resources/policy-symm-binding.xml | 2 +-
.../test-resources/policy-transport-binding.xml | 2 +-
.../policy/rampart-asymm-binding-1.xml | 2 +-
.../policy/rampart-asymm-binding-2-sig-dk.xml | 2 +-
.../policy/rampart-asymm-binding-3-dk.xml | 2 +-
.../policy/rampart-asymm-binding-4-dk-ebs.xml | 2 +-
.../policy/rampart-asymm-binding-5-ebs.xml | 2 +-
.../policy/rampart-asymm-required-elements-2.xml | 84 --
.../policy/rampart-asymm-required-elements.xml | 84 --
.../policy/rampart-hashed-password.xml | 18 -
.../policy/rampart-plaintext-password.xml | 14 -
.../policy/rampart-symm-binding-1.xml | 2 +-
.../policy/rampart-symm-binding-2-dk.xml | 2 +-
.../policy/rampart-symm-binding-3-dk-es.xml | 2 +-
.../policy/rampart-symm-binding-4-ebs.xml | 2 +-
.../policy/rampart-symm-binding-5-dk-ebs.xml | 2 +-
.../policy/rampart-transport-binding-dk.xml | 2 +-
.../policy/rampart-transport-binding-no-bst.xml | 2 +-
.../policy/rampart-transport-binding.xml | 2 +-
.../test-resources/policy/soapmessage12.xml | 57 -
modules/rampart-trust-mar/module.xml | 19 +-
modules/rampart-trust-mar/pom.xml | 117 +-
modules/rampart-trust/pom.xml | 102 +-
.../java/org/apache/rahas/EncryptedKeyToken.java | 71 +-
.../src/main/java/org/apache/rahas/Rahas.java | 61 -
.../main/java/org/apache/rahas/RahasConstants.java | 17 +-
.../src/main/java/org/apache/rahas/RahasData.java | 156 +--
.../org/apache/rahas/RampartSAMLBootstrap.java | 102 --
.../java/org/apache/rahas/STSMessageReceiver.java | 12 +-
.../java/org/apache/rahas/SimpleTokenStore.java | 28 +-
.../src/main/java/org/apache/rahas/Token.java | 335 ++----
.../main/java/org/apache/rahas/TokenIssuer.java | 8 +-
.../org/apache/rahas/TokenRequestDispatcher.java | 37 +-
.../apache/rahas/TokenRequestDispatcherConfig.java | 9 +-
.../main/java/org/apache/rahas/TokenStorage.java | 8 +-
.../src/main/java/org/apache/rahas/TrustUtil.java | 145 +--
.../java/org/apache/rahas/client/STSClient.java | 307 ++---
.../org/apache/rahas/errors.properties | 22 +-
.../apache/rahas/impl/AbstractIssuerConfig.java | 32 -
.../org/apache/rahas/impl/SAML2TokenIssuer.java | 1063 ++++++++---------
.../org/apache/rahas/impl/SAMLTokenIssuer.java | 755 ++++++------
.../apache/rahas/impl/SAMLTokenIssuerConfig.java | 190 +--
.../org/apache/rahas/impl/SAMLTokenRenewer.java | 185 +--
.../org/apache/rahas/impl/SAMLTokenValidator.java | 292 ++---
.../main/java/org/apache/rahas/impl/SCTIssuer.java | 35 +-
.../org/apache/rahas/impl/SCTIssuerConfig.java | 7 +-
.../org/apache/rahas/impl/TokenCancelerConfig.java | 21 +-
.../org/apache/rahas/impl/TokenIssuerUtil.java | 19 +-
.../apache/rahas/impl/util/AxiomParserPool.java | 52 -
.../org/apache/rahas/impl/util/CommonUtil.java | 477 --------
.../org/apache/rahas/impl/util/SAML2Utils.java | 193 ++-
.../rahas/impl/util/SAMLAttributeCallback.java | 77 +-
.../org/apache/rahas/impl/util/SAMLCallback.java | 32 +-
.../rahas/impl/util/SAMLCallbackHandler.java | 28 +-
.../impl/util/SAMLNameIdentifierCallback.java | 58 +-
.../java/org/apache/rahas/impl/util/SAMLUtils.java | 606 +---------
.../org/apache/rahas/impl/util/SignKeyHolder.java | 2 +-
.../apache/rahas/impl/SAML2TokenIssuerTest.java | 88 --
.../org/apache/rahas/impl/util/CommonUtilTest.java | 289 -----
.../org/apache/rahas/impl/util/SAMLUtilsTest.java | 316 -----
.../apache/rahas/test/util/AbstractTestCase.java | 95 --
.../rahas/test/util/TestCallbackHandler.java | 45 -
.../rahas/test/util/TestSAMLCallbackHandler.java | 32 -
.../org/apache/rahas/test/util/TestSTSClient.java | 45 -
.../java/org/apache/rahas/test/util/TestUtil.java | 444 -------
.../rampart-trust/src/test/resources/keystore.jks | Bin 2191 -> 0 bytes
pom.xml | 837 +++++--------
release-docs/ChangeLog.txt | 169 +++
LICENSE => release-docs/LICENSE.txt | 0
release-docs/NOTICE.txt | 12 +
README => release-docs/README.txt | 32 +-
.../src/main/files => release-docs}/build.xml | 2 +-
release-docs/release-notes.html | 75 ++
src/site/markdown/download.md.vm | 60 -
src/site/markdown/index.md | 23 -
src/site/markdown/release-notes/1.6.1.md | 7 -
src/site/markdown/release-notes/1.6.2.md | 10 -
src/site/markdown/release-notes/1.6.3.md | 7 -
src/site/markdown/release-notes/1.6.4.md | 7 -
src/site/markdown/release-notes/1.7.0.md | 11 -
src/site/markdown/release-notes/1.8.0.md | 0
src/site/resources/images/apache-rampart-logo.jpg | Bin 14742 -> 0 bytes
src/site/site.xml | 84 --
src/site/xdoc/rampartconfig-guide.xml | 146 ---
627 files changed, 23795 insertions(+), 25283 deletions(-)
[axis-axis2-java-rampart] 07/10: Merge changes up to r1240267 from
trunk.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-289
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit ef0ad8793587903045b0cb5f72c2a31cceb08d00
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Mon Jan 30 17:29:58 2017 +0000
Merge changes up to r1240267 from trunk.
---
build.xml | 21 +
legal/bcprov-LICENSE.txt | 19 +
legal/commons-lang-LICENSE.txt | 202 +++++
...f4j-jdk14-LICENSE.txt => slf4j-jcl-LICENSE.txt} | 0
modules/distribution/bin.xml | 7 +-
modules/distribution/pom.xml | 93 ++-
modules/distribution/src.xml | 11 +-
modules/documentation/pom.xml | 31 +-
.../1.5 => resources/download/1.1}/download.cgi | 0
.../1.5.1 => resources/download/1.2}/download.cgi | 0
.../1.4 => resources/download/1.3}/download.cgi | 0
.../1.3 => resources/download/1.4}/download.cgi | 0
.../1.2 => resources/download/1.5.1}/download.cgi | 0
.../1.1 => resources/download/1.5.2}/download.cgi | 0
.../{xdoc => resources}/download/1.5/download.cgi | 0
.../1.5 => resources/download/1.6.0}/download.cgi | 0
.../1.5 => resources/download/1.6.1}/download.cgi | 0
.../src/site/xdoc/developer-guide.xml | 4 +-
modules/documentation/src/site/xdoc/download.xml | 35 +-
.../src/site/xdoc/download/1.5.1/download.xml | 51 +-
.../xdoc/download/{1.5.1 => 1.5.2}/download.xml | 55 +-
.../xdoc/download/{1.5.1 => 1.6.0}/download.xml | 55 +-
.../xdoc/download/{1.5.1 => 1.6.1}/download.xml | 55 +-
modules/documentation/src/site/xdoc/index.xml | 54 +-
.../src/site/xdoc/rampartconfig-guide.xml | 14 +
modules/documentation/src/site/xdoc/svn.xml | 2 +-
modules/rampart-core/pom.xml | 39 +-
.../java/org/apache/rampart/MessageBuilder.java | 14 +-
.../rampart/PolicyBasedResultsValidator.java | 8 +-
.../java/org/apache/rampart/RampartConstants.java | 3 +-
.../java/org/apache/rampart/RampartEngine.java | 160 ++--
.../java/org/apache/rampart/RampartException.java | 2 +-
.../org/apache/rampart/RampartMessageData.java | 168 ++--
.../org/apache/rampart/TokenCallbackHandler.java | 22 +-
.../rampart/builder/AsymmetricBindingBuilder.java | 33 +-
.../org/apache/rampart/builder/BindingBuilder.java | 78 +-
.../rampart/builder/SymmetricBindingBuilder.java | 82 +-
.../rampart/builder/TransportBindingBuilder.java | 38 +-
.../main/java/org/apache/rampart/errors.properties | 4 +-
.../handler/PostDispatchVerificationHandler.java | 1 -
.../org/apache/rampart/handler/RampartSender.java | 17 +-
.../rampart/handler/WSSHandlerConstants.java | 2 +
.../rampart/policy/RampartPolicyBuilder.java | 31 +-
.../apache/rampart/policy/RampartPolicyData.java | 15 +-
.../policy/builders/CryptoConfigBuilder.java | 8 +-
.../policy/builders/OptimizePartsBuilder.java | 2 +-
.../policy/builders/RampartConfigBuilder.java | 2 +-
.../rampart/policy/builders/SSLConfigBuilder.java | 2 +-
.../apache/rampart/policy/model/CryptoConfig.java | 27 +-
.../rampart/policy/model/OptimizePartsConfig.java | 4 +-
.../apache/rampart/policy/model/RampartConfig.java | 3 +
.../org/apache/rampart/policy/model/SSLConfig.java | 3 +
.../apache/rampart/saml/SAML1AssertionHandler.java | 84 ++
.../apache/rampart/saml/SAML2AssertionHandler.java | 111 +++
.../apache/rampart/saml/SAMLAssertionHandler.java | 92 +++
.../rampart/saml/SAMLAssertionHandlerFactory.java | 37 +
.../java/org/apache/rampart/util/Axis2Util.java | 66 +-
.../java/org/apache/rampart/util/RampartUtil.java | 272 +++---
modules/rampart-integration/pom.xml | 918 +++++++++------------
.../rahas/RahasSAML2TokenCertForHoKTest.java | 1 -
.../java/org/apache/rahas/RahasSAML2TokenTest.java | 1 -
...st.java => RahasSAML2TokenUTForBearerTest.java} | 82 +-
.../apache/rahas/RahasSAMLTokenAttributeTest.java | 4 +-
.../apache/rahas/RahasSAMLTokenCertForHoKTest.java | 6 +-
.../rahas/RahasSAMLTokenCertForHoKV1205Test.java | 4 +-
.../java/org/apache/rahas/RahasSAMLTokenTest.java | 5 +-
.../rahas/RahasSAMLTokenUTForBearerTest.java | 59 +-
.../rahas/RahasSAMLTokenUTForBearerV1205Test.java | 4 +-
.../apache/rahas/RahasSAMLTokenUTForHoKTest.java | 4 +-
.../rahas/RahasSAMLTokenUTForHoKV1205Test.java | 4 +-
.../org/apache/rahas/RahasSAMLTokenV1205Test.java | 5 +-
.../java/org/apache/rahas/SAMLDataProvider.java | 36 +-
.../test/java/org/apache/rampart/RampartTest.java | 99 ++-
.../log4j.properties} | 55 +-
.../src/test/resources/rampart/policy/16.xml | 4 +-
.../src/test/resources/rampart/policy/3.xml | 2 +-
.../src/test/resources/rampart/policy/30.xml | 4 +-
.../resources/rampart/policy/{3.xml => 31.xml} | 148 ++--
.../resources/rampart/policy/{30.xml => 32.xml} | 63 +-
.../src/test/resources/rampart/policy/33.xml | 103 +++
.../src/test/resources/rampart/policy/34.xml | 102 +++
.../src/test/resources/rampart/policy/sc-4.xml | 123 +++
.../src/test/resources/rampart/policy/sc-5.xml | 131 +++
.../src/test/resources/rampart/policy/sc-6.xml | 98 +++
.../src/test/resources/rampart/services-16.xml | 4 +-
.../src/test/resources/rampart/services-3.xml | 2 +-
.../src/test/resources/rampart/services-30.xml | 4 +-
.../rampart/{policy/3.xml => services-31.xml} | 184 +++--
.../src/test/resources/rampart/services-32.xml | 128 +++
.../src/test/resources/rampart/services-33.xml | 140 ++++
.../rampart/{services-30.xml => services-34.xml} | 79 +-
.../src/test/resources/rampart/services-sc-4.xml | 177 ++++
.../src/test/resources/rampart/services-sc-5.xml | 186 +++++
.../src/test/resources/rampart/services-sc-6.xml | 154 ++++
modules/rampart-mar/module.xml | 6 +
modules/rampart-mar/pom.xml | 242 +++---
modules/rampart-policy/pom.xml | 31 +-
.../org.apache.neethi.builders.AssertionBuilder | 3 +-
.../java/org/apache/ws/secpolicy/SPConstants.java | 6 +
.../secpolicy/model/AbstractSecurityAssertion.java | 50 +-
.../apache/ws/secpolicy/model/AlgorithmSuite.java | 40 +-
.../ws/secpolicy/model/AsymmetricBinding.java | 44 +-
.../secpolicy/model/ContentEncryptedElements.java | 25 +-
.../apache/ws/secpolicy/model/EncryptionToken.java | 42 +-
.../org/apache/ws/secpolicy/model/HttpsToken.java | 20 +-
.../apache/ws/secpolicy/model/InitiatorToken.java | 20 +-
.../org/apache/ws/secpolicy/model/IssuedToken.java | 50 +-
.../java/org/apache/ws/secpolicy/model/Layout.java | 23 +-
.../apache/ws/secpolicy/model/ProtectionToken.java | 42 +-
.../apache/ws/secpolicy/model/RecipientToken.java | 20 +-
.../ws/secpolicy/model/RequiredElements.java | 25 +-
.../apache/ws/secpolicy/model/RequiredParts.java | 15 +-
.../secpolicy/model/SecureConversationToken.java | 52 +-
.../apache/ws/secpolicy/model/SignatureToken.java | 44 +-
.../secpolicy/model/SignedEncryptedElements.java | 17 +-
.../ws/secpolicy/model/SignedEncryptedParts.java | 21 +-
.../apache/ws/secpolicy/model/SupportingToken.java | 23 +-
.../ws/secpolicy/model/SymmetricBinding.java | 40 +-
.../ws/secpolicy/model/TransportBinding.java | 25 +-
.../apache/ws/secpolicy/model/TransportToken.java | 22 +-
.../org/apache/ws/secpolicy/model/Trust10.java | 34 +-
.../org/apache/ws/secpolicy/model/Trust13.java | 41 +-
.../apache/ws/secpolicy/model/UsernameToken.java | 42 +-
.../java/org/apache/ws/secpolicy/model/Wss10.java | 33 +-
.../java/org/apache/ws/secpolicy/model/Wss11.java | 40 +-
.../org/apache/ws/secpolicy/model/X509Token.java | 39 +-
.../builders/AlgorithmSuiteBuilder.java | 2 +-
.../builders/AsymmetricBindingBuilder.java | 2 +-
.../builders/EncryptedElementsBuilder.java | 4 +-
.../builders/EncryptedPartsBuilder.java | 2 +-
.../builders/InitiatorTokenBuilder.java | 2 +-
.../secpolicy11/builders/IssuedTokenBuilder.java | 2 +-
.../ws/secpolicy11/builders/LayoutBuilder.java | 2 +-
.../builders/ProtectionTokenBuilder.java | 2 +-
.../builders/RecipientTokenBuilder.java | 2 +-
.../builders/RequiredElementsBuilder.java | 4 +-
.../builders/SecureConversationTokenBuilder.java | 2 +-
.../builders/SecurityContextTokenBuilder.java | 2 +-
.../builders/SignedElementsBuilder.java | 4 +-
.../secpolicy11/builders/SignedPartsBuilder.java | 2 +-
.../builders/SupportingTokensBuilder.java | 2 +-
.../builders/SymmetricBindingBuilder.java | 2 +-
.../builders/TransportBindingBuilder.java | 2 +-
.../builders/TransportTokenBuilder.java | 10 +-
.../ws/secpolicy11/builders/Trust10Builder.java | 2 +-
.../secpolicy11/builders/UsernameTokenBuilder.java | 2 +-
.../ws/secpolicy11/builders/WSS10Builder.java | 2 +-
.../ws/secpolicy11/builders/WSS11Builder.java | 2 +-
.../ws/secpolicy11/builders/X509TokenBuilder.java | 2 +-
.../builders/AlgorithmSuiteBuilder.java | 2 +-
.../builders/AsymmetricBindingBuilder.java | 2 +-
.../builders/ContentEncryptedElementsBuilder.java | 4 +-
.../builders/EncryptedElementsBuilder.java | 4 +-
.../builders/EncryptedPartsBuilder.java | 2 +-
.../ws/secpolicy12/builders/HttpsTokenBuilder.java | 34 +-
.../builders/InitiatorTokenBuilder.java | 2 +-
.../secpolicy12/builders/IssuedTokenBuilder.java | 2 +-
.../ws/secpolicy12/builders/LayoutBuilder.java | 2 +-
.../builders/ProtectionTokenBuilder.java | 2 +-
.../builders/RecipientTokenBuilder.java | 2 +-
.../builders/RequiredElementsBuilder.java | 4 +-
.../secpolicy12/builders/RequiredPartsBuilder.java | 2 +-
.../builders/SecureConversationTokenBuilder.java | 2 +-
.../builders/SecurityContextTokenBuilder.java | 2 +-
.../builders/SignedElementsBuilder.java | 4 +-
.../secpolicy12/builders/SignedPartsBuilder.java | 2 +-
.../builders/SupportingTokensBuilder.java | 2 +-
.../builders/SymmetricBindingBuilder.java | 2 +-
.../builders/TransportBindingBuilder.java | 2 +-
.../builders/TransportTokenBuilder.java | 52 +-
.../ws/secpolicy12/builders/Trust13Builder.java | 2 +-
.../secpolicy12/builders/UsernameTokenBuilder.java | 2 +-
.../ws/secpolicy12/builders/WSS10Builder.java | 2 +-
.../ws/secpolicy12/builders/WSS11Builder.java | 2 +-
.../ws/secpolicy12/builders/X509TokenBuilder.java | 2 +-
modules/rampart-samples/basic/build.xml | 40 +-
modules/rampart-samples/policy/build.xml | 62 +-
modules/rampart-tests/pom.xml | 45 +-
.../rahas/TokenRequestDispatcherConfigTest.java | 28 +-
.../rampart/AsymmetricBindingBuilderTest.java | 357 ++++----
.../org/apache/rampart/MessageBuilderTestBase.java | 14 +-
.../rampart/SymmetricBindingBuilderTest.java | 233 +++---
.../rampart/TransportBindingBuilderTest.java | 132 ++-
.../rampart/policy/model/RampartPolicyTest.java | 89 +-
.../ws/secpolicy/model/SecpolicyModelTest.java | 82 +-
.../test-resources/log4j.properties} | 55 +-
modules/rampart-trust-mar/module.xml | 17 +-
modules/rampart-trust-mar/pom.xml | 108 +--
modules/rampart-trust/pom.xml | 51 +-
.../java/org/apache/rahas/EncryptedKeyToken.java | 48 +-
.../src/main/java/org/apache/rahas/Rahas.java | 61 ++
.../main/java/org/apache/rahas/RahasConstants.java | 15 +-
.../src/main/java/org/apache/rahas/RahasData.java | 40 +-
.../org/apache/rahas/RampartSAMLBootstrap.java | 102 +++
.../java/org/apache/rahas/STSMessageReceiver.java | 2 +-
.../java/org/apache/rahas/SimpleTokenStore.java | 15 +-
.../src/main/java/org/apache/rahas/Token.java | 54 +-
.../org/apache/rahas/TokenRequestDispatcher.java | 37 +-
.../main/java/org/apache/rahas/TokenStorage.java | 8 +-
.../src/main/java/org/apache/rahas/TrustUtil.java | 145 ++--
.../java/org/apache/rahas/client/STSClient.java | 103 ++-
.../main/java/org/apache/rahas/errors.properties | 12 +-
.../org/apache/rahas/impl/SAML2TokenIssuer.java | 141 ++--
.../org/apache/rahas/impl/SAMLTokenIssuer.java | 774 ++++++++---------
.../apache/rahas/impl/SAMLTokenIssuerConfig.java | 123 ++-
.../org/apache/rahas/impl/SAMLTokenRenewer.java | 192 ++---
.../org/apache/rahas/impl/SAMLTokenValidator.java | 292 ++++---
.../main/java/org/apache/rahas/impl/SCTIssuer.java | 23 +-
.../org/apache/rahas/impl/TokenCancelerConfig.java | 14 +-
.../apache/rahas/impl/util/AxiomParserPool.java | 52 ++
.../org/apache/rahas/impl/util/CommonUtil.java | 48 ++
.../org/apache/rahas/impl/util/SAML2Utils.java | 24 +-
.../rahas/impl/util/SAMLAttributeCallback.java | 77 +-
.../org/apache/rahas/impl/util/SAMLCallback.java | 32 +-
.../rahas/impl/util/SAMLCallbackHandler.java | 28 +-
.../impl/util/SAMLNameIdentifierCallback.java | 58 +-
.../java/org/apache/rahas/impl/util/SAMLUtils.java | 768 ++++++++++++++++-
.../org/apache/rahas/impl/util/SignKeyHolder.java | 2 +-
.../org/apache/rahas/impl/util/SAMLUtilsTest.java | 375 +++++++++
.../rampart-trust/src/test/resources/crypto.config | 5 +
.../rampart-trust/src/test/resources/keystore.jks | Bin 0 -> 2191 bytes
pom.xml | 336 ++++----
release-docs/ChangeLog.txt | 21 +
release-docs/README.txt | 48 +-
release-docs/release-notes.html | 18 +-
225 files changed, 7655 insertions(+), 4392 deletions(-)
diff --git a/build.xml b/build.xml
index 84a7528..e599718 100644
--- a/build.xml
+++ b/build.xml
@@ -1,3 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
<project name="Apache Rampart release build" default="dist">
<property name="rampart.version" value="SNAPSHOT"/>
diff --git a/legal/bcprov-LICENSE.txt b/legal/bcprov-LICENSE.txt
new file mode 100644
index 0000000..70d5de2
--- /dev/null
+++ b/legal/bcprov-LICENSE.txt
@@ -0,0 +1,19 @@
+Copyright (c) 2000-2011 The Legion Of The Bouncy Castle (http://www.bouncycastle.org)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software
+and associated documentation files (the "Software"), to deal in the Software without restriction,
+including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial
+portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+
diff --git a/legal/commons-lang-LICENSE.txt b/legal/commons-lang-LICENSE.txt
new file mode 100644
index 0000000..57bc88a
--- /dev/null
+++ b/legal/commons-lang-LICENSE.txt
@@ -0,0 +1,202 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/legal/slf4j-jdk14-LICENSE.txt b/legal/slf4j-jcl-LICENSE.txt
similarity index 100%
rename from legal/slf4j-jdk14-LICENSE.txt
rename to legal/slf4j-jcl-LICENSE.txt
diff --git a/modules/distribution/bin.xml b/modules/distribution/bin.xml
index 6e197ae..b606fdb 100644
--- a/modules/distribution/bin.xml
+++ b/modules/distribution/bin.xml
@@ -22,15 +22,19 @@
<include>org.apache.rampart:rampart-core:jar</include>
<include>org.apache.rampart:rampart-policy:jar</include>
<include>org.apache.rampart:rampart-trust:jar</include>
+ <include>org.opensaml:opensaml1:jar</include>
<include>org.opensaml:opensaml:jar</include>
<include>org.opensaml:xmltooling:jar</include>
<include>joda-time:joda-time:jar</include>
<include>org.slf4j:slf4j-api:jar</include>
- <include>org.slf4j:slf4j-jdk14:jar</include>
+ <include>org.slf4j:slf4j-jcl:jar</include>
<include>velocity:velocity:jar</include>
<include>commons-collections:commons-collections:jar</include>
<include>org.opensaml:openws:jar</include>
<include>commons-lang:commons-lang:jar</include>
+ <include>org.apache.xerces:xercesImpl:jar</include>
+ <include>org.apache.xerces:resolver:jar</include>
+ <include>org.apache.xerces:serializer:jar</include>
</includes>
</dependencySet>
</dependencySets>
@@ -58,6 +62,7 @@
<source>../../release-docs/README.txt</source>
<outputDirectory>${dist.dir}</outputDirectory>
<destName>README</destName>
+ <filtered>true</filtered>
</file>
<file>
<source>../../release-docs/LICENSE.txt</source>
diff --git a/modules/distribution/pom.xml b/modules/distribution/pom.xml
index 55d80c9..c4120ab 100644
--- a/modules/distribution/pom.xml
+++ b/modules/distribution/pom.xml
@@ -1,11 +1,31 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-project</artifactId>
- <version>SNAPSHOT</version>
+ <version>1.7.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -25,25 +45,19 @@
<phase>package</phase>
<configuration>
<tasks>
- <javadoc packagenames="org.apache.rampart.*,org.apache.rahas.*"
- destdir="target/apidocs"
- author="true"
- breakiterator="true"
- version="true"
- use="true"
- windowtitle="Apache Rampart API">
+ <javadoc packagenames="org.apache.rampart.*,org.apache.rahas.*" destdir="target/apidocs" author="true" breakiterator="true" version="true" use="true" windowtitle="Apache Rampart API">
<sourcepath>
<dirset dir="../..">
- <include name="**/rampart-core/src/main/java"/>
- <include name="**/rampart-policy/src/main/java"/>
- <include name="**/rampart-trust/src/main/java"/>
+ <include name="**/rampart-core/src/main/java" />
+ <include name="**/rampart-policy/src/main/java" />
+ <include name="**/rampart-trust/src/main/java" />
</dirset>
</sourcepath>
- <classpath refid="maven.dependency.classpath"/>
- <classpath refid="maven.compile.classpath"/>
- <classpath refid="maven.runtime.classpath"/>
+ <classpath refid="maven.dependency.classpath" />
+ <classpath refid="maven.compile.classpath" />
+ <classpath refid="maven.runtime.classpath" />
</javadoc>
</tasks>
@@ -55,15 +69,35 @@
</executions>
</plugin>
<plugin>
+ <groupId>org.codehaus.gmaven</groupId>
+ <artifactId>gmaven-plugin</artifactId>
+ <version>1.2</version>
+ <executions>
+ <execution>
+ <id>generate-timestamp</id>
+ <phase>prepare-package</phase>
+ <goals>
+ <goal>execute</goal>
+ </goals>
+ <configuration>
+ <source>
+ import java.util.Date
+ import java.text.MessageFormat
+ project.properties['buildTimestamp'] = MessageFormat.format("{0,date,MMM dd, yyyy}", new Date())
+ </source>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
- <version>2.2-beta-1</version>
<executions>
<execution>
<id>distribution-package</id>
<phase>package</phase>
<goals>
- <goal>attached</goal>
+ <goal>single</goal>
</goals>
<configuration>
<descriptors>
@@ -81,40 +115,39 @@
<dependency>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart</artifactId>
- <version>${rampart.mar.version}</version>
+ <version>${project.version}</version>
<type>mar</type>
</dependency>
<dependency>
<groupId>org.apache.rampart</groupId>
<artifactId>rahas</artifactId>
- <version>${rahas.mar.version}</version>
+ <version>${project.version}</version>
<type>mar</type>
</dependency>
<dependency>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-core</artifactId>
- <version>${pom.version}</version>
+ <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-policy</artifactId>
- <version>${pom.version}</version>
+ <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-trust</artifactId>
- <version>${pom.version}</version>
- </dependency>
- <dependency>
- <groupId>bouncycastle</groupId>
- <artifactId>bcprov-jdk14</artifactId>
- <version>${bcprov.jdk14.version}</version>
+ <version>${project.version}</version>
</dependency>
<dependency>
<groupId>bouncycastle</groupId>
<artifactId>bcprov-jdk15</artifactId>
<version>${bcprov.jdk15.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-jcl</artifactId>
+ </dependency>
</dependencies>
-</project>
\ No newline at end of file
+</project>
diff --git a/modules/distribution/src.xml b/modules/distribution/src.xml
index 4b7737b..9c3575c 100644
--- a/modules/distribution/src.xml
+++ b/modules/distribution/src.xml
@@ -8,7 +8,7 @@
<fileSets>
<fileSet>
<directory>../..</directory>
- <outputDirectory>rampart-src-${rampart.version}</outputDirectory>
+ <outputDirectory>rampart-src-${project.version}</outputDirectory>
<includes>
<include>**/modules/**/*</include>
<include>**/pom.xml</include>
@@ -28,7 +28,16 @@
<exclude>**/.settings</exclude>
<exclude>**/.settings/**/*</exclude>
<exclude>**/.svn/**</exclude>
+ <exclude>release-docs/README.txt</exclude>
</excludes>
</fileSet>
+ <fileSet>
+ <directory>../..</directory>
+ <outputDirectory>rampart-src-${project.version}</outputDirectory>
+ <filtered>true</filtered>
+ <includes>
+ <include>release-docs/README.txt</include>
+ </includes>
+ </fileSet>
</fileSets>
</assembly>
diff --git a/modules/documentation/pom.xml b/modules/documentation/pom.xml
index 08a8ea2..dba341c 100644
--- a/modules/documentation/pom.xml
+++ b/modules/documentation/pom.xml
@@ -1,15 +1,34 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-project</artifactId>
- <version>SNAPSHOT</version>
+ <version>1.7.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
- <artifactId>rampart-documentaion</artifactId>
+ <artifactId>rampart-documentation</artifactId>
<packaging>pom</packaging>
<name>Rampart - Documentation</name>
<build>
@@ -30,4 +49,4 @@
</plugin>
</plugins>
</build>
-</project>
\ No newline at end of file
+</project>
diff --git a/modules/documentation/src/site/xdoc/download/1.5/download.cgi b/modules/documentation/src/site/resources/download/1.1/download.cgi
similarity index 100%
copy from modules/documentation/src/site/xdoc/download/1.5/download.cgi
copy to modules/documentation/src/site/resources/download/1.1/download.cgi
diff --git a/modules/documentation/src/site/xdoc/download/1.5.1/download.cgi b/modules/documentation/src/site/resources/download/1.2/download.cgi
similarity index 100%
rename from modules/documentation/src/site/xdoc/download/1.5.1/download.cgi
rename to modules/documentation/src/site/resources/download/1.2/download.cgi
diff --git a/modules/documentation/src/site/xdoc/download/1.4/download.cgi b/modules/documentation/src/site/resources/download/1.3/download.cgi
similarity index 100%
rename from modules/documentation/src/site/xdoc/download/1.4/download.cgi
rename to modules/documentation/src/site/resources/download/1.3/download.cgi
diff --git a/modules/documentation/src/site/xdoc/download/1.3/download.cgi b/modules/documentation/src/site/resources/download/1.4/download.cgi
similarity index 100%
rename from modules/documentation/src/site/xdoc/download/1.3/download.cgi
rename to modules/documentation/src/site/resources/download/1.4/download.cgi
diff --git a/modules/documentation/src/site/xdoc/download/1.2/download.cgi b/modules/documentation/src/site/resources/download/1.5.1/download.cgi
similarity index 100%
rename from modules/documentation/src/site/xdoc/download/1.2/download.cgi
rename to modules/documentation/src/site/resources/download/1.5.1/download.cgi
diff --git a/modules/documentation/src/site/xdoc/download/1.1/download.cgi b/modules/documentation/src/site/resources/download/1.5.2/download.cgi
similarity index 100%
rename from modules/documentation/src/site/xdoc/download/1.1/download.cgi
rename to modules/documentation/src/site/resources/download/1.5.2/download.cgi
diff --git a/modules/documentation/src/site/xdoc/download/1.5/download.cgi b/modules/documentation/src/site/resources/download/1.5/download.cgi
similarity index 100%
copy from modules/documentation/src/site/xdoc/download/1.5/download.cgi
copy to modules/documentation/src/site/resources/download/1.5/download.cgi
diff --git a/modules/documentation/src/site/xdoc/download/1.5/download.cgi b/modules/documentation/src/site/resources/download/1.6.0/download.cgi
similarity index 100%
copy from modules/documentation/src/site/xdoc/download/1.5/download.cgi
copy to modules/documentation/src/site/resources/download/1.6.0/download.cgi
diff --git a/modules/documentation/src/site/xdoc/download/1.5/download.cgi b/modules/documentation/src/site/resources/download/1.6.1/download.cgi
similarity index 100%
rename from modules/documentation/src/site/xdoc/download/1.5/download.cgi
rename to modules/documentation/src/site/resources/download/1.6.1/download.cgi
diff --git a/modules/documentation/src/site/xdoc/developer-guide.xml b/modules/documentation/src/site/xdoc/developer-guide.xml
index d7471f1..5400dcf 100644
--- a/modules/documentation/src/site/xdoc/developer-guide.xml
+++ b/modules/documentation/src/site/xdoc/developer-guide.xml
@@ -36,9 +36,9 @@ Stack</em></strong></p>
<li>Download the source code.
<ul>
<li>Anon Checkout <a
- href="http://svn.apache.org/repos/asf/webservices/rampart/trunk/java/">http://svn.apache.org/repos/asf/webservices/rampart/trunk/java/</a></li>
+ href="http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk/">http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk/</a></li>
<li>Committers <a
- href="https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/">https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/</a></li>
+ href="https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk/">https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk/</a></li>
</ul>
</li>
<li>The Rampart project has 8 modules under it. They are:
diff --git a/modules/documentation/src/site/xdoc/download.xml b/modules/documentation/src/site/xdoc/download.xml
index 3ed1a48..bbc4259 100644
--- a/modules/documentation/src/site/xdoc/download.xml
+++ b/modules/documentation/src/site/xdoc/download.xml
@@ -32,12 +32,39 @@
</tr>
<tr>
<td>
+ <a href="download/1.6.1/download.cgi">
+ <strong>1.6.1</strong>
+ </a>
+ </td>
+ <td>24 Sep 2011</td>
+ <td>1.6.1 Release (Mirrored)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.5.2/download.cgi">
+ <strong>1.5.2</strong>
+ </a>
+ </td>
+ <td>24 Sep 2011</td>
+ <td>1.5.2 Release (Mirrored)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.6.0/download.cgi">
+ <strong>1.6.0</strong>
+ </a>
+ </td>
+ <td>06 Jun 2011</td>
+ <td>1.6.0 Release (Archived)</td>
+ </tr>
+ <tr>
+ <td>
<a href="download/1.5.1/download.cgi">
<strong>1.5.1</strong>
</a>
</td>
- <td></td>
- <td>1.5.1 Release (Mirrored)</td>
+ <td>10 Jan 2011</td>
+ <td>1.5.1 Release (Archived)</td>
</tr>
<tr>
<td>
@@ -87,11 +114,11 @@
</tbody>
</table>
<p>
- <strong>Apache Rampart Distributions : <a href="http://people.apache.org/~ruchithf/rampart/SNAPSHOT">Nightly builds</a>
+ <strong>Apache Rampart Distributions : <a href="https://hudson.apache.org/hudson/job/Rampart/lastStableBuild/org.apache.rampart$rampart-dist/">Nightly builds</a>
</strong>
</p>
<p>
- <strong>Maven Repository: <a href="http://people.apache.org/repo/m2-ibiblio-rsync-repository/">Released Apache Rampart jars</a> | <a href="http://people.apache.org/repo/m2-snapshot-repository/">Nightly SNAPSHOT</a>
+ <strong>Maven Repository: <a href="http://people.apache.org/repo/m2-ibiblio-rsync-repository/">Released Apache Rampart jars</a> | <a href="http://repository.apache.org/snapshots/">Nightly SNAPSHOT</a>
<a href=""></a>
</strong>
</p>
diff --git a/modules/documentation/src/site/xdoc/download/1.5.1/download.xml b/modules/documentation/src/site/xdoc/download/1.5.1/download.xml
index aae2539..a55e387 100644
--- a/modules/documentation/src/site/xdoc/download/1.5.1/download.xml
+++ b/modules/documentation/src/site/xdoc/download/1.5.1/download.xml
@@ -51,29 +51,29 @@ urchinTracker();
Distribution</strong></td>
<td>This is the complete version of Apache Rampart and will contain samples
as well.</td>
-<td><a href="[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip" title=
- "[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.5.1.zip');">zip</a>
-<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.md5"
- title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.md5">MD5</a>
-<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.asc"
- title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.asc">PGP</a></td>
+<td><a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-dist-1.5.1-bin.zip" title=
+ "http://archive.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-dist-1.5.1-bin.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-dist-1.5.1-bin.zip');">zip</a>
+<a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-dist-1.5.1-bin.zip.md5"
+ title="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-dist-1.5.1-bin.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-dist-1.5.1-bin.zip.asc"
+ title="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-dist-1.5.1-bin.zip.asc">PGP</a></td>
</tr>
<tr>
<td><a name="src" id="src"></a> <strong>Source
Distribution</strong></td>
<td>This will contain the sources of Apache Rampart distribution.</td>
-<td><a href="[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip" title=
- "[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.5.1-src.zip');">zip</a>
+<td><a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-dist-1.5.1-src.zip" title=
+ "http://archive.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-dist-1.5.1-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-dist-1.5.1-src.zip');">zip</a>
<a href=
- "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.md5"
+ "http://archive.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-dist-1.5.1-src.zip.md5"
title=
-"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.md5">MD5</a>
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-dist-1.5.1-src.zip.md5">MD5</a>
<a href=
- "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.asc"
+ "http://archive.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-dist-1.5.1-src.zip.asc"
title=
-"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-dist-1.5.1-src.zip.asc">PGP</a></td>
</tr>
</tbody>
</table>
@@ -85,14 +85,19 @@ border="0" /></a>[end] The currently selected mirror is
please select another mirror. If all mirrors are failing, there are
<i>backup</i> mirrors (at the end of the mirrors list) that should
be available.</p>
-<form action="[location]" method="get" id="SelectMirror" name=
-"SelectMirror">Other mirrors: <select name="Preferred">
-<option value="[http]" selected="selected">[http]</option>
-<option value="[ftp]">[ftp]</option>
-<option value="[backup]">[backup] (backup)</option>
-</select> <input type="submit" value="Change" /></form>
-<p>You may also consult the <a href=
-"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
+<form action="[location]" method="get" id="SelectMirror" name="SelectMirror">
+Other mirrors: <select name="Preferred">
+[if-any http]
+ [for http]<option value="[http]">[http]</option>[end]
+[end]
+[if-any ftp]
+ [for ftp]<option value="[ftp]">[ftp]</option>[end]
+[end]
+[if-any backup]
+ [for backup]<option value="[backup]">[backup] (backup)</option>[end]
+[end]
+</select><input type="submit" value="Change"/></form><p>You may also consult the <a class="externalLink" href="http://www.apache.org/mirrors/">complete list of mirrors</a>
+.</p>
<p><strong>Note:</strong> when downloading from a mirror please
check the <a href=
"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
@@ -100,7 +105,7 @@ verify the <a href=
"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
compatible signature from the main Apache site. These can be
downloaded by following the links above. This <a href=
-"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
+"http://www.apache.org/dist/axis/axis2/java/rampart/KEYS">KEYS</a> file contains
the public keys that can be used for verifying signatures. It is
recommended that (when possible)a <a href=
"http://www.apache.org/dev/release-signing#web-of-trust">Web of
diff --git a/modules/documentation/src/site/xdoc/download/1.5.1/download.xml b/modules/documentation/src/site/xdoc/download/1.5.2/download.xml
similarity index 62%
copy from modules/documentation/src/site/xdoc/download/1.5.1/download.xml
copy to modules/documentation/src/site/xdoc/download/1.5.2/download.xml
index aae2539..0ef5c7d 100644
--- a/modules/documentation/src/site/xdoc/download/1.5.1/download.xml
+++ b/modules/documentation/src/site/xdoc/download/1.5.2/download.xml
@@ -23,7 +23,7 @@
<meta name="generator" content=
"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
<meta http-equiv="content-type" content="" />
-<title>Apache Rampart 1.5.1 Release</title>
+<title>Apache Rampart 1.5.2 Release</title>
</head>
<body>
<!--Google Anayitcs tracking code-->
@@ -36,7 +36,7 @@ urchinTracker();
//]]>
</script>
<!--End of Google Anayitcs tracking code-->
-<h2>Apache Rampart 1.5.1 Release</h2>
+<h2>Apache Rampart 1.5.2 Release</h2>
<div>
<table border="1" cellpadding="1">
<tbody>
@@ -51,29 +51,29 @@ urchinTracker();
Distribution</strong></td>
<td>This is the complete version of Apache Rampart and will contain samples
as well.</td>
-<td><a href="[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip" title=
- "[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.5.1.zip');">zip</a>
-<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.md5"
- title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.md5">MD5</a>
-<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.asc"
- title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.asc">PGP</a></td>
+<td><a href="[preferred]/axis/axis2/java/rampart/1.5.2/rampart-dist-1.5.2-bin.zip" title=
+ "[preferred]/axis/axis2/java/rampart/1.5.2/rampart-dist-1.5.2-bin.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-dist-1.5.2-bin.zip');">zip</a>
+<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.2/rampart-dist-1.5.2-bin.zip.md5"
+ title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.2/rampart-dist-1.5.2-bin.zip.md5">MD5</a>
+<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.2/rampart-dist-1.5.2-bin.zip.asc"
+ title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.2/rampart-dist-1.5.2-bin.zip.asc">PGP</a></td>
</tr>
<tr>
<td><a name="src" id="src"></a> <strong>Source
Distribution</strong></td>
<td>This will contain the sources of Apache Rampart distribution.</td>
-<td><a href="[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip" title=
- "[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.5.1-src.zip');">zip</a>
+<td><a href="[preferred]/axis/axis2/java/rampart/1.5.2/rampart-dist-1.5.2-src.zip" title=
+ "[preferred]/axis/axis2/java/rampart/1.5.2/rampart-dist-1.5.2-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-dist-1.5.2-src.zip');">zip</a>
<a href=
- "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.md5"
+ "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.2/rampart-dist-1.5.2-src.zip.md5"
title=
-"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.md5">MD5</a>
+"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.2/rampart-dist-1.5.2-src.zip.md5">MD5</a>
<a href=
- "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.asc"
+ "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.2/rampart-dist-1.5.2-src.zip.asc"
title=
-"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.asc">PGP</a></td>
+"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.2/rampart-dist-1.5.2-src.zip.asc">PGP</a></td>
</tr>
</tbody>
</table>
@@ -85,14 +85,19 @@ border="0" /></a>[end] The currently selected mirror is
please select another mirror. If all mirrors are failing, there are
<i>backup</i> mirrors (at the end of the mirrors list) that should
be available.</p>
-<form action="[location]" method="get" id="SelectMirror" name=
-"SelectMirror">Other mirrors: <select name="Preferred">
-<option value="[http]" selected="selected">[http]</option>
-<option value="[ftp]">[ftp]</option>
-<option value="[backup]">[backup] (backup)</option>
-</select> <input type="submit" value="Change" /></form>
-<p>You may also consult the <a href=
-"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
+<form action="[location]" method="get" id="SelectMirror" name="SelectMirror">
+Other mirrors: <select name="Preferred">
+[if-any http]
+ [for http]<option value="[http]">[http]</option>[end]
+[end]
+[if-any ftp]
+ [for ftp]<option value="[ftp]">[ftp]</option>[end]
+[end]
+[if-any backup]
+ [for backup]<option value="[backup]">[backup] (backup)</option>[end]
+[end]
+</select><input type="submit" value="Change"/></form><p>You may also consult the <a class="externalLink" href="http://www.apache.org/mirrors/">complete list of mirrors</a>
+.</p>
<p><strong>Note:</strong> when downloading from a mirror please
check the <a href=
"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
@@ -100,7 +105,7 @@ verify the <a href=
"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
compatible signature from the main Apache site. These can be
downloaded by following the links above. This <a href=
-"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
+"http://www.apache.org/dist/axis/axis2/java/rampart/KEYS">KEYS</a> file contains
the public keys that can be used for verifying signatures. It is
recommended that (when possible)a <a href=
"http://www.apache.org/dev/release-signing#web-of-trust">Web of
diff --git a/modules/documentation/src/site/xdoc/download/1.5.1/download.xml b/modules/documentation/src/site/xdoc/download/1.6.0/download.xml
similarity index 58%
copy from modules/documentation/src/site/xdoc/download/1.5.1/download.xml
copy to modules/documentation/src/site/xdoc/download/1.6.0/download.xml
index aae2539..1a15f8b 100644
--- a/modules/documentation/src/site/xdoc/download/1.5.1/download.xml
+++ b/modules/documentation/src/site/xdoc/download/1.6.0/download.xml
@@ -23,7 +23,7 @@
<meta name="generator" content=
"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
<meta http-equiv="content-type" content="" />
-<title>Apache Rampart 1.5.1 Release</title>
+<title>Apache Rampart 1.6.0 Release</title>
</head>
<body>
<!--Google Anayitcs tracking code-->
@@ -36,7 +36,7 @@ urchinTracker();
//]]>
</script>
<!--End of Google Anayitcs tracking code-->
-<h2>Apache Rampart 1.5.1 Release</h2>
+<h2>Apache Rampart 1.6.0 Release</h2>
<div>
<table border="1" cellpadding="1">
<tbody>
@@ -51,29 +51,29 @@ urchinTracker();
Distribution</strong></td>
<td>This is the complete version of Apache Rampart and will contain samples
as well.</td>
-<td><a href="[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip" title=
- "[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.5.1.zip');">zip</a>
-<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.md5"
- title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.md5">MD5</a>
-<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.asc"
- title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.asc">PGP</a></td>
+<td><a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.6.0/rampart-dist-1.6.0-bin.zip" title=
+ "http://archive.apache.org/dist/axis/axis2/java/rampart/1.6.0/rampart-dist-1.6.0-bin.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-dist-1.6.0-bin.zip');">zip</a>
+<a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.6.0/rampart-dist-1.6.0-bin.zip.md5"
+ title="http://archive.apache.org/dist/axis/axis2/java/rampart/1.6.0/rampart-dist-1.6.0-bin.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.6.0/rampart-dist-1.6.0-bin.zip.asc"
+ title="http://archive.apache.org/dist/axis/axis2/java/rampart/1.6.0/rampart-dist-1.6.0-bin.zip.asc">PGP</a></td>
</tr>
<tr>
<td><a name="src" id="src"></a> <strong>Source
Distribution</strong></td>
<td>This will contain the sources of Apache Rampart distribution.</td>
-<td><a href="[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip" title=
- "[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.5.1-src.zip');">zip</a>
+<td><a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.6.0/rampart-dist-1.6.0-src.zip" title=
+ "http://archive.apache.org/dist/axis/axis2/java/rampart/1.6.0/rampart-dist-1.6.0-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-dist-1.6.0-src.zip');">zip</a>
<a href=
- "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.md5"
+ "http://archive.apache.org/dist/axis/axis2/java/rampart/1.6.0/rampart-dist-1.6.0-src.zip.md5"
title=
-"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.md5">MD5</a>
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.6.0/rampart-dist-1.6.0-src.zip.md5">MD5</a>
<a href=
- "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.asc"
+ "http://archive.apache.org/dist/axis/axis2/java/rampart/1.6.0/rampart-dist-1.6.0-src.zip.asc"
title=
-"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.6.0/rampart-dist-1.6.0-src.zip.asc">PGP</a></td>
</tr>
</tbody>
</table>
@@ -85,14 +85,19 @@ border="0" /></a>[end] The currently selected mirror is
please select another mirror. If all mirrors are failing, there are
<i>backup</i> mirrors (at the end of the mirrors list) that should
be available.</p>
-<form action="[location]" method="get" id="SelectMirror" name=
-"SelectMirror">Other mirrors: <select name="Preferred">
-<option value="[http]" selected="selected">[http]</option>
-<option value="[ftp]">[ftp]</option>
-<option value="[backup]">[backup] (backup)</option>
-</select> <input type="submit" value="Change" /></form>
-<p>You may also consult the <a href=
-"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
+<form action="[location]" method="get" id="SelectMirror" name="SelectMirror">
+Other mirrors: <select name="Preferred">
+[if-any http]
+ [for http]<option value="[http]">[http]</option>[end]
+[end]
+[if-any ftp]
+ [for ftp]<option value="[ftp]">[ftp]</option>[end]
+[end]
+[if-any backup]
+ [for backup]<option value="[backup]">[backup] (backup)</option>[end]
+[end]
+</select><input type="submit" value="Change"/></form><p>You may also consult the <a class="externalLink" href="http://www.apache.org/mirrors/">complete list of mirrors</a>
+.</p>
<p><strong>Note:</strong> when downloading from a mirror please
check the <a href=
"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
@@ -100,7 +105,7 @@ verify the <a href=
"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
compatible signature from the main Apache site. These can be
downloaded by following the links above. This <a href=
-"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
+"http://www.apache.org/dist/axis/axis2/java/rampart/KEYS">KEYS</a> file contains
the public keys that can be used for verifying signatures. It is
recommended that (when possible)a <a href=
"http://www.apache.org/dev/release-signing#web-of-trust">Web of
diff --git a/modules/documentation/src/site/xdoc/download/1.5.1/download.xml b/modules/documentation/src/site/xdoc/download/1.6.1/download.xml
similarity index 59%
copy from modules/documentation/src/site/xdoc/download/1.5.1/download.xml
copy to modules/documentation/src/site/xdoc/download/1.6.1/download.xml
index aae2539..877ebdc 100644
--- a/modules/documentation/src/site/xdoc/download/1.5.1/download.xml
+++ b/modules/documentation/src/site/xdoc/download/1.6.1/download.xml
@@ -23,7 +23,7 @@
<meta name="generator" content=
"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
<meta http-equiv="content-type" content="" />
-<title>Apache Rampart 1.5.1 Release</title>
+<title>Apache Rampart 1.6.1 Release</title>
</head>
<body>
<!--Google Anayitcs tracking code-->
@@ -36,7 +36,7 @@ urchinTracker();
//]]>
</script>
<!--End of Google Anayitcs tracking code-->
-<h2>Apache Rampart 1.5.1 Release</h2>
+<h2>Apache Rampart 1.6.1 Release</h2>
<div>
<table border="1" cellpadding="1">
<tbody>
@@ -51,29 +51,29 @@ urchinTracker();
Distribution</strong></td>
<td>This is the complete version of Apache Rampart and will contain samples
as well.</td>
-<td><a href="[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip" title=
- "[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.5.1.zip');">zip</a>
-<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.md5"
- title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.md5">MD5</a>
-<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.asc"
- title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.asc">PGP</a></td>
+<td><a href="[preferred]/axis/axis2/java/rampart/1.6.1/rampart-dist-1.6.1-bin.zip" title=
+ "[preferred]/axis/axis2/java/rampart/1.6.1/rampart-dist-1.6.1-bin.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-dist-1.6.1-bin.zip');">zip</a>
+<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.6.1/rampart-dist-1.6.1-bin.zip.md5"
+ title="http://www.apache.org/dist/axis/axis2/java/rampart/1.6.1/rampart-dist-1.6.1-bin.zip.md5">MD5</a>
+<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.6.1/rampart-dist-1.6.1-bin.zip.asc"
+ title="http://www.apache.org/dist/axis/axis2/java/rampart/1.6.1/rampart-dist-1.6.1-bin.zip.asc">PGP</a></td>
</tr>
<tr>
<td><a name="src" id="src"></a> <strong>Source
Distribution</strong></td>
<td>This will contain the sources of Apache Rampart distribution.</td>
-<td><a href="[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip" title=
- "[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.5.1-src.zip');">zip</a>
+<td><a href="[preferred]/axis/axis2/java/rampart/1.6.1/rampart-dist-1.6.1-src.zip" title=
+ "[preferred]/axis/axis2/java/rampart/1.6.1/rampart-dist-1.6.1-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-dist-1.6.1-src.zip');">zip</a>
<a href=
- "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.md5"
+ "http://www.apache.org/dist/axis/axis2/java/rampart/1.6.1/rampart-dist-1.6.1-src.zip.md5"
title=
-"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.md5">MD5</a>
+"http://www.apache.org/dist/axis/axis2/java/rampart/1.6.1/rampart-dist-1.6.1-src.zip.md5">MD5</a>
<a href=
- "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.asc"
+ "http://www.apache.org/dist/axis/axis2/java/rampart/1.6.1/rampart-dist-1.6.1-src.zip.asc"
title=
-"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.asc">PGP</a></td>
+"http://www.apache.org/dist/axis/axis2/java/rampart/1.6.1/rampart-dist-1.6.1-src.zip.asc">PGP</a></td>
</tr>
</tbody>
</table>
@@ -85,14 +85,19 @@ border="0" /></a>[end] The currently selected mirror is
please select another mirror. If all mirrors are failing, there are
<i>backup</i> mirrors (at the end of the mirrors list) that should
be available.</p>
-<form action="[location]" method="get" id="SelectMirror" name=
-"SelectMirror">Other mirrors: <select name="Preferred">
-<option value="[http]" selected="selected">[http]</option>
-<option value="[ftp]">[ftp]</option>
-<option value="[backup]">[backup] (backup)</option>
-</select> <input type="submit" value="Change" /></form>
-<p>You may also consult the <a href=
-"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
+<form action="[location]" method="get" id="SelectMirror" name="SelectMirror">
+Other mirrors: <select name="Preferred">
+[if-any http]
+ [for http]<option value="[http]">[http]</option>[end]
+[end]
+[if-any ftp]
+ [for ftp]<option value="[ftp]">[ftp]</option>[end]
+[end]
+[if-any backup]
+ [for backup]<option value="[backup]">[backup] (backup)</option>[end]
+[end]
+</select><input type="submit" value="Change"/></form><p>You may also consult the <a class="externalLink" href="http://www.apache.org/mirrors/">complete list of mirrors</a>
+.</p>
<p><strong>Note:</strong> when downloading from a mirror please
check the <a href=
"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
@@ -100,7 +105,7 @@ verify the <a href=
"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
compatible signature from the main Apache site. These can be
downloaded by following the links above. This <a href=
-"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
+"http://www.apache.org/dist/axis/axis2/java/rampart/KEYS">KEYS</a> file contains
the public keys that can be used for verifying signatures. It is
recommended that (when possible)a <a href=
"http://www.apache.org/dev/release-signing#web-of-trust">Web of
diff --git a/modules/documentation/src/site/xdoc/index.xml b/modules/documentation/src/site/xdoc/index.xml
index 9cbcb06..4240ad2 100644
--- a/modules/documentation/src/site/xdoc/index.xml
+++ b/modules/documentation/src/site/xdoc/index.xml
@@ -18,7 +18,9 @@
~ under the License.
-->
-<document>
+<document xmlns="http://maven.apache.org/XDOC/2.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd">
<properties>
@@ -32,22 +34,45 @@ according to specifications in the WS-Security stack. Rampart implements the
following specifications:</p>
</section>
- <h2>Features of Rampart Latest Version</h2>
+ <section name="Features of Rampart Latest Version">
<ul>
- <li>WS - Security 1.0</li>
- <li>WS - Security 1.1</li>
- <li>WS - Secure Conversation - February 2005</li>
- <li>WS - Security Policy - 1.1 - July 2005</li>
- <li>WS - Security Policy - 1.2 </li>
- <li>WS - Trust - February 2005</li>
- <li>WS - Trust - WS-SX spec - EXPERIMENTAL</li>
+ <li><p>WS - Security 1.0</p></li>
+ <li><p>WS - Security 1.1</p></li>
+ <li><p>WS - Secure Conversation - February 2005</p></li>
+ <li><p>WS - Security Policy - 1.1 - July 2005</p></li>
+ <li><p>WS - Security Policy - 1.2</p></li>
+ <li><p>WS - Trust - February 2005</p></li>
+ <li><p>WS - Trust - WS-SX spec - EXPERIMENTAL</p></li>
+ </ul>
+ </section>
+
+ <section name="Apache Rampart News">
+ <h3>Sep 24, 2011 : Apache Rampart 1.5.2 and 1.6.1 released</h3>
+ <p>Both releases update WSS4J to version 1.5.12 and ensure compatibility with the latest
+ Axis2 releases from the corresponding branches. Rampart 1.5.2 is supported with Axis2 1.5.6
+ and Rampart 1.6.1 is supported with Axis2 1.6.1. Please note that Rampart 1.6.1 will not
+ work with Axis2 1.6.0 and that users of Axis2 1.6.1 are required to update to Rampart 1.6.1,
+ i.e. Rampart 1.6.0 doesn't work with Axis2 1.6.1.</p>
+
+ <h3>Jun 06, 2011 : Apache Rampart 1.6.0 released</h3>
+ <p>Apache Rampart 1.6.0 was released with lots of bug fixes.</p>
+
+ <h3>Jan 10, 2011 : Apache Rampart 1.5.1 released</h3>
+ <p>Apache Rampart 1.5.1 was released with lots of bug fixes.</p>
+
+ <h3>Feb 01, 2010 : Apache Rampart 1.5 released</h3>
+ <p>Apache Rampart 1.5 was released with lots of bug fixes and new features.</p>
+ <p>New features include</p>
+ <ul>
+ <li>SAML 2.0 support - Issuance </li>
+ <li>Key store caching</li>
+ <li>Signing / Encrypting with multiple keys</li>
+ <li>Tests for negative scenarios</li>
</ul>
-
- <h2>Apache Rampart News</h2>
<h3>Jun 12, 2008 : Apache Rampart 1.4 released</h3>
- <p>Apache Rampart 1.4 was released with lots of bug fixes and new features.<br></br>
- New features include</p>
+ <p>Apache Rampart 1.4 was released with lots of bug fixes and new features.</p>
+ <p>New features include</p>
<ul>
<li>WS Security 1.1</li>
<ul>
@@ -67,7 +92,8 @@ following specifications:</p>
<li>Ability turn off mili second precision</li>
</ul>
<li>Ability to secure messages faults </li>
- <li>Increased interoparability with WCF 3.5 </li>
+ <li>Increased interoperability with WCF 3.5 </li>
</ul>
+ </section>
</body>
</document>
diff --git a/modules/documentation/src/site/xdoc/rampartconfig-guide.xml b/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
index 1536bae..92c5fb5 100644
--- a/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
+++ b/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
@@ -125,6 +125,20 @@ configuration properties used by the implementation class
</ramp:encryptionCypto>
</ramp:RampartConfig>
</pre>
+ <p>Crypto caching is enabled by default when Merlin is used as the crypto provider. So Rampart will cache the crypto objects
+ with an infinite cache refresh interval. This crypto refresh interval can be overridden by setting the cacheRefreshInterval parameter
+ as described above. If it is required to disable crypto caching when Merlin is used, set the 'enableCryptoCaching' parameter
+ value to 'false'. Please refer to the following example.
+ </p>
+ <pre xmlns="http://www.w3.org/1999/xhtml" xml:space="preserve">
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" enableCryptoCaching="false">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">servicePW</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </pre>
<br></br>
<h3>References</h3>1.
<a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a>
diff --git a/modules/documentation/src/site/xdoc/svn.xml b/modules/documentation/src/site/xdoc/svn.xml
index 7e0d679..02f0d2f 100644
--- a/modules/documentation/src/site/xdoc/svn.xml
+++ b/modules/documentation/src/site/xdoc/svn.xml
@@ -71,7 +71,7 @@ information, please read the ASF <a href=
<p>Once you have successfully installed Subversion, you can check
out Rampart trunk by following these steps:</p>
<ol type="1">
-<li>Run <strong>svn co <repository URL> axis2</strong> where
+<li>Run <strong>svn co <repository URL> rampart</strong> where
the repository URL is one of the URLs from the previous list.</li>
<li>This step will check out the latest version of the Rampart Java
codebase to a directory named "rampart". The second parameter to the
diff --git a/modules/rampart-core/pom.xml b/modules/rampart-core/pom.xml
index 29041ae..2fecb74 100644
--- a/modules/rampart-core/pom.xml
+++ b/modules/rampart-core/pom.xml
@@ -1,11 +1,31 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-project</artifactId>
- <version>SNAPSHOT</version>
+ <version>1.7.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
@@ -40,12 +60,16 @@
<dependency>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-policy</artifactId>
- <version>${pom.version}</version>
+ <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-trust</artifactId>
- <version>${pom.version}</version>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-dom</artifactId>
</dependency>
</dependencies>
@@ -54,9 +78,10 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
+ <version>2.0-beta-5</version>
<configuration>
<templateDirectory>${basedir}</templateDirectory>
- <menu ref="parent"/>
+ <menu ref="parent" />
</configuration>
</plugin>
</plugins>
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
index 40f9563..a410bc8 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
@@ -52,7 +52,7 @@ import javax.xml.namespace.QName;
public class MessageBuilder {
private static Log log = LogFactory.getLog(MessageBuilder.class);
-
+
public void build(MessageContext msgCtx) throws WSSPolicyException,
RampartException, WSSecurityException, AxisFault {
@@ -135,13 +135,13 @@ public class MessageBuilder {
}
if(rpd.isTransportBinding()) {
- log.debug("Building transport binding");
- TransportBindingBuilder building = new TransportBindingBuilder();
- building.build(rmd);
+ log.debug("Building transport binding");
+ TransportBindingBuilder building = new TransportBindingBuilder();
+ building.build(rmd);
} else if(rpd.isSymmetricBinding()) {
- log.debug("Building SymmetricBinding");
- SymmetricBindingBuilder builder = new SymmetricBindingBuilder();
- builder.build(rmd);
+ log.debug("Building SymmetricBinding");
+ SymmetricBindingBuilder builder = new SymmetricBindingBuilder();
+ builder.build(rmd);
} else {
AsymmetricBindingBuilder builder = new AsymmetricBindingBuilder();
builder.build(rmd);
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index 9684b3c..0bb2863 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -830,11 +830,13 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
}
// If certificates have been found, the certificates must be compared
- // to ensure againgst phony DNs (compare encoded form including signature)
+ // to ensure against phony DNs (compare encoded form including signature)
if (certs != null && certs.length > 0 && cert.equals(certs[0])) {
if (doDebug) {
log.debug("Direct trust for certificate with " + subjectString);
}
+ // Set the alias of the cert used for the msg. sig. as a msg. cxt. property
+ rmd.getMsgContext().setProperty(RampartMessageData.SIGNATURE_CERT_ALIAS, alias);
return true;
}
} else {
@@ -916,7 +918,9 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
}
}
- log.debug("WSHandler: Certificate path could not be verified for certificate with subject " + subjectString);
+ if (doDebug) {
+ log.debug("WSHandler: Certificate path could not be verified for certificate with subject " + subjectString);
+ }
return false;
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java
index a21c048..6824d09 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java
@@ -5,5 +5,6 @@ public class RampartConstants {
public static final String TIME_LOG = "org.apache.rampart.TIME";
public static final String MESSAGE_LOG = "org.apache.rampart.MESSAGE";
public static final String SEC_FAULT = "SECURITY_VALIDATION_FAILURE";
-
+ public static final String MERLIN_CRYPTO_IMPL = "org.apache.ws.security.components.crypto.Merlin";
+ public static final String MERLIN_CRYPTO_IMPL_CACHE_KEY = "org.apache.ws.security.crypto.merlin.file";
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
index 3d20bba..22a689e 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@ -16,37 +16,37 @@
package org.apache.rampart;
-import org.apache.axiom.om.OMElement;
-import org.apache.axiom.soap.*;
import org.apache.axiom.soap.SOAP11Constants;
import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPFault;
+import org.apache.axiom.soap.SOAPFaultCode;
+import org.apache.axiom.soap.SOAPFaultSubCode;
+import org.apache.axiom.soap.SOAPFaultValue;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.Token;
import org.apache.rahas.TokenStorage;
-import org.apache.rahas.impl.util.SAML2KeyInfo;
-import org.apache.rahas.impl.util.SAML2Utils;
import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.saml.SAMLAssertionHandler;
+import org.apache.rampart.saml.SAMLAssertionHandlerFactory;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.security.*;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.saml.SAMLKeyInfo;
-import org.apache.ws.security.saml.SAMLUtil;
-import org.opensaml.SAMLAssertion;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.core.Conditions;
import javax.xml.namespace.QName;
-import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
-import java.util.Date;
import java.util.Iterator;
import java.util.Vector;
@@ -59,12 +59,9 @@ public class RampartEngine {
public Vector process(MessageContext msgCtx) throws WSSPolicyException,
RampartException, WSSecurityException, AxisFault {
- boolean doDebug = log.isDebugEnabled();
boolean dotDebug = tlog.isDebugEnabled();
- if(doDebug){
- log.debug("Enter process(MessageContext msgCtx)");
- }
+ log.debug("Enter process(MessageContext msgCtx)");
RampartMessageData rmd = new RampartMessageData(msgCtx, false);
@@ -89,14 +86,12 @@ public class RampartEngine {
//Convert back to llom since the inflow cannot use llom
msgCtx.setEnvelope(env);
Axis2Util.useDOOM(false);
- if(doDebug){
- log.debug("Return process MessageContext msgCtx)");
- }
- return null;
+ log.debug("Return process MessageContext msgCtx)");
+ return null;
}
- Vector results = null;
+ Vector results;
WSSecurityEngine engine = new WSSecurityEngine();
@@ -139,19 +134,23 @@ public class RampartEngine {
if(rpd.isSymmetricBinding()) {
//Here we have to create the CB handler to get the tokens from the
//token storage
- if(doDebug){
- log.debug("Processing security header using SymetricBinding");
- }
- results = engine.processSecurityHeader(rmd.getDocument(),
+ log.debug("Processing security header using SymetricBinding");
+ results = engine.processSecurityHeader(rmd.getDocument(),
actorValue,
tokenCallbackHandler,
signatureCrypto,
RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(),
msgCtx.getAxisService().getClassLoader()));
+
+ // Remove encryption tokens if this is the initiator and if initiator is receiving a message
+
+ if (rmd.isInitiator() && (msgCtx.getFLOW() == MessageContext.IN_FLOW ||
+ msgCtx.getFLOW() == MessageContext.IN_FAULT_FLOW)) {
+ tokenCallbackHandler.removeEncryptedToken();
+ }
+
} else {
- if(doDebug){
- log.debug("Processing security header in normal path");
- }
+ log.debug("Processing security header in normal path");
results = engine.processSecurityHeader(rmd.getDocument(),
actorValue,
tokenCallbackHandler,
@@ -177,77 +176,30 @@ public class RampartEngine {
(Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
if (WSConstants.ST_UNSIGNED == actInt.intValue()) {
- // If this is a SAML2.0 assertion
- if (wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION) instanceof Assertion) {
-
- final Assertion assertion = (Assertion) wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
- String id = assertion.getID();
- Subject subject = assertion.getSubject();
-
- Date dateOfCreation = null;
- Date dateOfExpiration = null;
-
- //Read the validity period from the 'Conditions' element, else read it from SC Data
- if (assertion.getConditions() != null) {
- Conditions conditions = assertion.getConditions();
- if (conditions.getNotBefore() != null) {
- dateOfCreation = conditions.getNotBefore().toDate();
- }
- if (conditions.getNotOnOrAfter() != null) {
- dateOfExpiration = conditions.getNotOnOrAfter().toDate();
- }
- } else {
- SubjectConfirmationData scData = subject.getSubjectConfirmations()
- .get(0).getSubjectConfirmationData();
- if (scData.getNotBefore() != null) {
- dateOfCreation = scData.getNotBefore().toDate();
- }
- if (scData.getNotOnOrAfter() != null) {
- dateOfExpiration = scData.getNotOnOrAfter().toDate();
- }
- }
+ Object samlAssertion = wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
- // TODO : SAML2KeyInfo element needs to be moved to WSS4J.
- SAML2KeyInfo saml2KeyInfo = SAML2Utils.
- getSAML2KeyInfo(assertion, signatureCrypto, tokenCallbackHandler);
-
- //Store the token
- try {
- TokenStorage store = rmd.getTokenStorage();
- if (store.getToken(id) == null) {
- Token token = new Token(id, (OMElement) SAML2Utils.getElementFromAssertion(assertion), dateOfCreation, dateOfExpiration);
- token.setSecret(saml2KeyInfo.getSecret());
- store.add(token);
- }
- } catch (Exception e) {
- throw new RampartException(
- "errorInAddingTokenIntoStore", e);
- }
+ SAMLAssertionHandler samlAssertionHandler
+ = SAMLAssertionHandlerFactory.createAssertionHandler(samlAssertion);
+ if (samlAssertionHandler.isBearerAssertion()) {
+ break;
}
- //if this is a SAML1.1 assertion
- else {
- final SAMLAssertion assertion =
-
- ((SAMLAssertion) wser
- .get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
- String id = assertion.getId();
- Date created = assertion.getNotBefore();
- Date expires = assertion.getNotOnOrAfter();
- SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(assertion,
- signatureCrypto, tokenCallbackHandler);
- try {
- TokenStorage store = rmd.getTokenStorage();
- if (store.getToken(id) == null) {
- Token token = new Token(id, (OMElement) assertion.toDOM(), created, expires);
- token.setSecret(samlKi.getSecret());
- store.add(token);
- }
- } catch (Exception e) {
- throw new RampartException(
- "errorInAddingTokenIntoStore", e);
+ //Store the token
+ try {
+ TokenStorage store = rmd.getTokenStorage();
+ if (store.getToken(samlAssertionHandler.getAssertionId()) == null) {
+ Token token = new Token(samlAssertionHandler.getAssertionId(),
+ samlAssertionHandler.getAssertionElement(),
+ samlAssertionHandler.getDateNotBefore(),
+ samlAssertionHandler.getDateNotOnOrAfter());
+
+ token.setSecret(samlAssertionHandler.
+ getAssertionKeyInfoSecret(signatureCrypto, tokenCallbackHandler));
+ store.add(token);
}
-
+ } catch (Exception e) {
+ throw new RampartException(
+ "errorInAddingTokenIntoStore", e);
}
} else if (WSConstants.UT == actInt.intValue()) {
@@ -288,6 +240,16 @@ public class RampartEngine {
}
} else if (WSConstants.SIGN == actInt.intValue()) {
X509Certificate cert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+
+ if (rpd.isAsymmetricBinding() && cert == null && rpd.getInitiatorToken() != null
+ && !rpd.getInitiatorToken().isDerivedKeys()) {
+
+ // If symmetric binding is used, the certificate should be null.
+ // If certificate is not null then probably initiator and
+ // recipient are using 2 different bindings.
+ throw new RampartException("invalidSignatureAlgo");
+ }
+
msgCtx.setProperty(RampartMessageData.X509_CERT, cert);
}
@@ -314,9 +276,7 @@ public class RampartEngine {
", PolicyBasedResultsValidattor took " + (t3 - t2));
}
- if(doDebug){
- log.debug("Return process(MessageContext msgCtx)");
- }
+ log.debug("Return process(MessageContext msgCtx)");
return results;
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java
index f76de9c..c95929f 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java
@@ -45,7 +45,7 @@ public class RampartException extends Exception {
/**
* Construct the fault properly code for the standard faults
- * @param faultCode2
+ * @param code code as definfed in property file under
* @return
*/
private String getFaultCode(String code) {
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
index 1a1c4be..ea22d49 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
@@ -19,27 +19,29 @@ package org.apache.rampart;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.AxisFault;
-import org.apache.axis2.util.PolicyUtil;
-import org.apache.axis2.engine.AxisConfiguration;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.context.OperationContext;
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.AxisConfiguration;
+import org.apache.axis2.util.PolicyUtil;
import org.apache.axis2.wsdl.WSDLConstants;
import org.apache.neethi.Policy;
-import org.apache.neethi.PolicyEngine;
import org.apache.neethi.PolicyComponent;
+import org.apache.neethi.PolicyEngine;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.SimpleTokenStore;
import org.apache.rahas.TokenStorage;
-import org.apache.rahas.TrustException;
-import org.apache.rahas.TrustUtil;
import org.apache.rampart.handler.WSSHandlerConstants;
import org.apache.rampart.policy.RampartPolicyBuilder;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.saml.SAMLAssertionHandler;
+import org.apache.rampart.saml.SAMLAssertionHandlerFactory;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
@@ -53,13 +55,11 @@ import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.opensaml.SAMLAssertion;
import org.w3c.dom.Document;
-import java.util.Date;
+import java.util.ArrayList;
import java.util.List;
import java.util.Vector;
-import java.util.ArrayList;
public class RampartMessageData {
@@ -88,7 +88,12 @@ public class RampartMessageData {
* Key to hold username which was used to authenticate
*/
public final static String USERNAME = "username";
-
+
+ /**
+ *
+ */
+ public final static String SIGNATURE_CERT_ALIAS = "signatureCertAlias";
+
/**
* Key to hold the WS-Trust version
*/
@@ -135,9 +140,9 @@ public class RampartMessageData {
* RahasConstants.VERSION_05_12
*/
- private int wstVersion = RahasConstants.VERSION_05_02;
+ private int wstVersion = RahasConstants.VERSION_05_12;
- private int secConvVersion = ConversationConstants.DEFAULT_VERSION;
+ private int secConvVersion = ConversationConstants.VERSION_05_12;
/*
* IssuedTokens or SecurityContextTokens can be used
@@ -166,16 +171,6 @@ public class RampartMessageData {
this.msgContext = msgCtx;
try {
-
- //Extract known properties from the msgCtx
-
- if(msgCtx.getProperty(KEY_WST_VERSION) != null) {
- this.wstVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WST_VERSION));
- }
-
- if(msgCtx.getProperty(KEY_WSSC_VERSION) != null) {
- this.secConvVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WSSC_VERSION));
- }
// First obtain the axis service as we have to do a null check, there can be situations
// where Axis Service is null
@@ -193,12 +188,12 @@ public class RampartMessageData {
msgCtx.getAxisService().addParameter(clientSideParam);
}
}
-
+
if(msgCtx.getProperty(KEY_RAMPART_POLICY) != null) {
this.servicePolicy = (Policy)msgCtx.getProperty(KEY_RAMPART_POLICY);
}
-
-
+
+
// Checking which flow we are in
int flow = msgCtx.getFLOW();
@@ -262,8 +257,11 @@ public class RampartMessageData {
//Process policy and build policy data
this.policyData = RampartPolicyBuilder.build(it);
+
+ //Set the version
+ setWSSecurityVersions(this.policyData.getWebServiceSecurityPolicyNS());
}
-
+
if(this.policyData != null) {
@@ -274,7 +272,7 @@ public class RampartMessageData {
msgCtx.setEnvelope((SOAPEnvelope)this.document.getDocumentElement());
this.soapConstants = WSSecurityUtil.getSOAPConstants(this.document.getDocumentElement());
-
+
// Update the Rampart Config if RampartConfigCallbackHandler is present in the
// RampartConfig
@@ -284,36 +282,31 @@ public class RampartMessageData {
if (rampartConfigCallbackHandler != null) {
rampartConfigCallbackHandler.update(policyData.getRampartConfig());
}
+
+ // Update TTL and max skew time
+ RampartConfig policyDataRampartConfig = policyData.getRampartConfig();
+ if (policyDataRampartConfig != null) {
+ String timeToLiveString = policyDataRampartConfig.getTimestampTTL();
+ if (timeToLiveString != null && !timeToLiveString.equals("")) {
+ this.setTimeToLive(Integer.parseInt(timeToLiveString));
+ }
+
+ String maxSkewString = policyDataRampartConfig.getTimestampMaxSkew();
+ if (maxSkewString != null && !maxSkewString.equals("")) {
+ this.setTimestampMaxSkew(Integer.parseInt(maxSkewString));
+ }
+ }
//Check for RST and RSTR for an SCT
- if((WSSHandlerConstants.RST_ACTON_SCT.equals(msgContext.getWSAAction())
- || WSSHandlerConstants.RSTR_ACTON_SCT.equals(msgContext.getWSAAction())) &&
- this.policyData.getIssuerPolicy() != null) {
-
- this.servicePolicy = this.policyData.getIssuerPolicy();
-
- RampartConfig rampartConfig = policyData.getRampartConfig();
- if(rampartConfig != null) {
- /*
- * Copy crypto info into the new issuer policy
- */
- RampartConfig rc = new RampartConfig();
- rc.setEncrCryptoConfig(rampartConfig.getEncrCryptoConfig());
- rc.setSigCryptoConfig(rampartConfig.getSigCryptoConfig());
- rc.setDecCryptoConfig(rampartConfig.getDecCryptoConfig());
- rc.setUser(rampartConfig.getUser());
- rc.setUserCertAlias(rc.getUserCertAlias());
- rc.setEncryptionUser(rampartConfig.getEncryptionUser());
- rc.setPwCbClass(rampartConfig.getPwCbClass());
- rc.setSSLConfig(rampartConfig.getSSLConfig());
-
- this.servicePolicy.addAssertion(rc);
- }
-
- List it = (List)this.servicePolicy.getAlternatives().next();
-
- //Process policy and build policy data
- this.policyData = RampartPolicyBuilder.build(it);
+ String wsaAction = msgContext.getWSAAction();
+ if(WSSHandlerConstants.RST_ACTON_SCT.equals(wsaAction)
+ || WSSHandlerConstants.RSTR_ACTON_SCT.equals(wsaAction)) {
+ //submissive version
+ setTrustParameters();
+ }else if(WSSHandlerConstants.RST_ACTON_SCT_STANDARD.equals(wsaAction)
+ || WSSHandlerConstants.RSTR_ACTON_SCT_STANDARD.equals(wsaAction)) {
+ //standard policy spec 1.2
+ setTrustParameters();
}
}
@@ -379,8 +372,6 @@ public class RampartMessageData {
secHeader.insertSecurityHeader(this.document);
}
- } catch (TrustException e) {
- throw new RampartException("errorInExtractingMsgProps", e);
} catch (AxisFault e) {
throw new RampartException("errorInExtractingMsgProps", e);
} catch (WSSPolicyException e) {
@@ -391,6 +382,61 @@ public class RampartMessageData {
}
+ private void setWSSecurityVersions(String namespace) throws RampartException {
+
+ if (namespace == null || namespace.equals("")) {
+ throw new RampartException("Security policy namespace cannot be null.");
+ }
+
+ if (SP11Constants.SP_NS.equals(namespace)) {
+ this.wstVersion = RahasConstants.VERSION_05_02;
+ this.secConvVersion = ConversationConstants.VERSION_05_02;
+ } else if (SP12Constants.SP_NS.equals(namespace)) {
+ this.wstVersion = RahasConstants.VERSION_05_12;
+ this.secConvVersion = ConversationConstants.VERSION_05_12;
+ } else {
+ throw new RampartException("Invalid namespace received, " + namespace);
+ }
+
+ }
+
+ private void setTrustParameters() throws RampartException {
+
+ if (this.policyData.getIssuerPolicy() == null) {
+ return;
+ }
+
+ this.servicePolicy = this.policyData.getIssuerPolicy();
+
+ RampartConfig rampartConfig = policyData.getRampartConfig();
+ if (rampartConfig != null) {
+ /*
+ * Copy crypto info into the new issuer policy
+ */
+ RampartConfig rc = new RampartConfig();
+ rc.setEncrCryptoConfig(rampartConfig.getEncrCryptoConfig());
+ rc.setSigCryptoConfig(rampartConfig.getSigCryptoConfig());
+ rc.setDecCryptoConfig(rampartConfig.getDecCryptoConfig());
+ rc.setUser(rampartConfig.getUser());
+ rc.setUserCertAlias(rc.getUserCertAlias());
+ rc.setEncryptionUser(rampartConfig.getEncryptionUser());
+ rc.setPwCbClass(rampartConfig.getPwCbClass());
+ rc.setSSLConfig(rampartConfig.getSSLConfig());
+
+ this.servicePolicy.addAssertion(rc);
+ }
+
+ List it = (List) this.servicePolicy.getAlternatives().next();
+
+ //Process policy and build policy data
+ try {
+ this.policyData = RampartPolicyBuilder.build(it);
+ } catch (WSSPolicyException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ }
+
+ }
+
/**
* @return Returns the document.
*/
@@ -543,10 +589,12 @@ public class RampartMessageData {
final Integer actInt =
(Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
if(WSConstants.ST_UNSIGNED == actInt.intValue()) {
- final SAMLAssertion assertion =
- ((SAMLAssertion) wser
- .get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
- return assertion.getId();
+ final Object assertion =
+ wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ SAMLAssertionHandler samlAssertionHandler
+ = SAMLAssertionHandlerFactory.createAssertionHandler(assertion);
+
+ return samlAssertionHandler.getAssertionId();
}
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
index d54fd42..c74d1b5 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
@@ -34,15 +34,19 @@ public class TokenCallbackHandler implements CallbackHandler {
private TokenStorage store;
private CallbackHandler handler;
-
+ private String tokenIdentifier;
+
public TokenCallbackHandler(TokenStorage store, CallbackHandler handler) {
this.store = store;
this.handler = handler;
+ this.tokenIdentifier = null;
}
+
+
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
-
+
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
@@ -67,8 +71,10 @@ public class TokenCallbackHandler implements CallbackHandler {
}
} else if (pc.getUsage() == WSPasswordCallback.ENCRYPTED_KEY_TOKEN){
try {
- String[] tokenIdentifiers = this.store.getTokenIdentifiers();
+
+ String[] tokenIdentifiers = this.store.getTokenIdentifiers();
Token tok;
+
for (int j = 0 ; j < tokenIdentifiers.length ; j++) {
tok = this.store.getToken(tokenIdentifiers[j]);
@@ -77,6 +83,8 @@ public class TokenCallbackHandler implements CallbackHandler {
((EncryptedKeyToken)tok).getSHA1().equals(id)){
pc.setKey(tok.getSecret());
pc.setCustomToken((Element)tok.getToken());
+
+ tokenIdentifier = tokenIdentifiers[j];
}
}
@@ -97,6 +105,14 @@ public class TokenCallbackHandler implements CallbackHandler {
}
}
}
+
+ public void removeEncryptedToken() {
+
+ if (tokenIdentifier != null) {
+ this.store.removeToken(tokenIdentifier);
+ }
+
+ }
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
index 6c0caeb..8cc87df 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
@@ -53,8 +53,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
private static Log log = LogFactory.getLog(AsymmetricBindingBuilder.class);
private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
- private boolean dotDebug = false;
-
+
private Token sigToken;
private WSSecSignature sig;
@@ -77,10 +76,6 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
private Element signatureElement;
- public AsymmetricBindingBuilder(){
- dotDebug = tlog.isDebugEnabled();
- }
-
public void build(RampartMessageData rmd) throws RampartException {
log.debug("AsymmetricBindingBuilder build invoked");
@@ -102,7 +97,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
throws RampartException {
long t0 = 0, t1 = 0, t2 = 0;
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t0 = System.currentTimeMillis();
}
RampartPolicyData rpd = rmd.getPolicyData();
@@ -197,7 +192,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
RampartUtil.appendChildToSecHeader(rmd, refList);
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
}
@@ -281,7 +276,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
}
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t2 = System.currentTimeMillis();
tlog.debug("Encryption took :" + (t1 - t0)
+", Signature tool :" + (t2 - t1) );
@@ -290,7 +285,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
// Check for signature protection
if (rpd.isSignatureProtection() && this.mainSigId != null) {
long t3 = 0, t4 = 0;
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t3 = System.currentTimeMillis();
}
Vector secondEncrParts = new Vector();
@@ -333,7 +328,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
throw new RampartException("errorInEncryption", e);
}
}
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t4 = System.currentTimeMillis();
tlog.debug("Signature protection took :" + (t4 - t3));
}
@@ -369,7 +364,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
this.setInsertionLocation(null);
}
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t0 = System.currentTimeMillis();
}
@@ -459,7 +454,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
}
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
}
@@ -591,7 +586,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
}
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t2 = System.currentTimeMillis();
tlog.debug("Signature took :" + (t1 - t0)
+", Encryption took :" + (t2 - t1) );
@@ -607,7 +602,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
Element supportingSignatureElement;
long t0 = 0, t1 = 0;
- if (dotDebug) {
+ if (tlog.isDebugEnabled()) {
t0 = System.currentTimeMillis();
}
@@ -629,6 +624,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
try {
+ supportingSig.setDigestAlgo(rmd.getPolicyData().getAlgorithmSuite().getDigest());
supportingSig.addReferencesToSign(supportingSigParts, rmd.getSecHeader());
supportingSig.computeSignature();
@@ -643,7 +639,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
signatureValues.add(supportingSig.getSignatureValue());
- if (dotDebug) {
+ if (tlog.isDebugEnabled()) {
t1 = System.currentTimeMillis();
tlog.debug("Signature took :" + (t1 - t0));
}
@@ -656,7 +652,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
Document doc = rmd.getDocument();
long t0 = 0, t1 = 0;
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t0 = System.currentTimeMillis();
}
if(rmd.isInitiator()) {
@@ -733,6 +729,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
try {
+ sig.setDigestAlgo(rpd.getAlgorithmSuite().getDigest());
sig.addReferencesToSign(sigParts, rmd.getSecHeader());
sig.computeSignature();
@@ -748,7 +745,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
signatureValues.add(sig.getSignatureValue());
}
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
tlog.debug("Signature took :" + (t1 - t0));
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
index deba60b..88c98fa 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
@@ -27,9 +27,11 @@ import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.SupportingPolicyData;
+import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.Constants;
import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
@@ -70,7 +72,7 @@ import java.util.Map.Entry;
public abstract class BindingBuilder {
private static Log log = LogFactory.getLog(BindingBuilder.class);
-
+
private Element insertionLocation;
protected String mainSigId = null;
@@ -87,7 +89,7 @@ public abstract class BindingBuilder {
*/
protected void addTimestamp(RampartMessageData rmd) {
log.debug("Adding timestamp");
-
+
WSSecTimestamp timestampBuilder = new WSSecTimestamp();
timestampBuilder.setWsConfig(rmd.getConfig());
@@ -97,9 +99,10 @@ public abstract class BindingBuilder {
timestampBuilder.build(rmd.getDocument(), rmd
.getSecHeader());
-
- log.debug("Timestamp id: " + timestampBuilder.getId());
+ if (log.isDebugEnabled()) {
+ log.debug("Timestamp id: " + timestampBuilder.getId());
+ }
rmd.setTimestampId(timestampBuilder.getId());
this.timestampElement = timestampBuilder.getElement();
@@ -113,9 +116,9 @@ public abstract class BindingBuilder {
* @throws RampartException
*/
protected WSSecUsernameToken addUsernameToken(RampartMessageData rmd, UsernameToken token) throws RampartException {
-
+
log.debug("Adding a UsernameToken");
-
+
RampartPolicyData rpd = rmd.getPolicyData();
//Get the user
@@ -130,8 +133,10 @@ public abstract class BindingBuilder {
}
if(user != null && !"".equals(user)) {
- log.debug("User : " + user);
-
+ if (log.isDebugEnabled()) {
+ log.debug("User : " + user);
+ }
+
// If NoPassword property is set we don't need to set the password
if (token.isNoPassword()) {
WSSecUsernameToken utBuilder = new WSSecUsernameToken();
@@ -170,9 +175,7 @@ public abstract class BindingBuilder {
//get the password
password = cb[0].getPassword();
}
-
- log.debug("Password : " + password);
-
+
if(password != null && !"".equals(password)) {
//If the password is available then build the token
@@ -258,9 +261,11 @@ public abstract class BindingBuilder {
WSSecSignature sig = new WSSecSignature();
checkForX509PkiPath(sig, token);
sig.setWsConfig(rmd.getConfig());
-
- log.debug("Token inclusion: " + token.getInclusion());
-
+
+ if (log.isDebugEnabled()) {
+ log.debug("Token inclusion: " + token.getInclusion());
+ }
+
RampartUtil.setKeyIdentifierType(rmd, sig, token);
String user = null;
@@ -270,21 +275,28 @@ public abstract class BindingBuilder {
}
// Get the user - First check whether userCertAlias present
- if (user == null) {
- user = rpd.getRampartConfig().getUserCertAlias();
+ RampartConfig rampartConfig = rpd.getRampartConfig();
+ if(rampartConfig == null) {
+ throw new RampartException("rampartConfigMissing");
+ }
+
+ if (user == null) {
+ user = rampartConfig.getUserCertAlias();
}
// If userCertAlias is not present, use user property as Alias
if (user == null) {
- user = rpd.getRampartConfig().getUser();
+ user = rampartConfig.getUser();
}
String password = null;
if(user != null && !"".equals(user)) {
- log.debug("User : " + user);
-
+ if (log.isDebugEnabled()) {
+ log.debug("User : " + user);
+ }
+
//Get the password
CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
@@ -300,7 +312,9 @@ public abstract class BindingBuilder {
handler.handle(cb);
if(cb[0].getPassword() != null && !"".equals(cb[0].getPassword())) {
password = cb[0].getPassword();
- log.debug("Password : " + password);
+ if (log.isDebugEnabled()) {
+ log.debug("Password : " + password);
+ }
} else {
//If there's no password then throw an exception
throw new RampartException("noPasswordForUser",
@@ -320,12 +334,13 @@ public abstract class BindingBuilder {
}
sig.setUserInfo(user, password);
- sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
- sig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
+ AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
+ sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
+ sig.setSigCanonicalization(algorithmSuite.getInclusiveC14n());
+ sig.setDigestAlgo(algorithmSuite.getDigest());
try {
- sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
- .getRampartConfig(), rmd.getCustomClassLoader()),
+ sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rampartConfig, rmd.getCustomClassLoader()),
rmd.getSecHeader());
} catch (WSSecurityException e) {
throw new RampartException("errorInSignatureWithX509Token", e);
@@ -348,7 +363,7 @@ public abstract class BindingBuilder {
if(suppTokens != null && suppTokens.getTokens() != null &&
suppTokens.getTokens().size() > 0) {
log.debug("Processing supporting tokens");
-
+
ArrayList tokens = suppTokens.getTokens();
for (Iterator iter = tokens.iterator(); iter.hasNext();) {
Token token = (Token) iter.next();
@@ -531,7 +546,8 @@ public abstract class BindingBuilder {
RampartPolicyData rpd = rmd.getPolicyData();
- if(policyToken.isDerivedKeys()) {
+ AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
+ if(policyToken.isDerivedKeys()) {
try {
WSSecDKSign dkSign = new WSSecDKSign();
@@ -577,8 +593,9 @@ public abstract class BindingBuilder {
}
//Set the algo info
- dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
- dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite().getSignatureDerivedKeyLength()/8);
+ dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+ dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength()/8);
+// dkSign.setDigestAlgorithm(algorithmSuite.getDigest()); //uncomment when wss4j version is updated
if(tok instanceof EncryptedKeyToken) {
//Set the value type of the reference
dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
@@ -691,8 +708,9 @@ public abstract class BindingBuilder {
sig.setCustomTokenId(sigTokId);
sig.setSecretKey(tok.getSecret());
- sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
- sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+ sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
+ sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+ sig.setDigestAlgo(algorithmSuite.getDigest());
sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
.getRampartConfig(), rmd.getCustomClassLoader()),
rmd.getSecHeader());
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
index abc7e27..26ab866 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
@@ -63,17 +63,11 @@ public class SymmetricBindingBuilder extends BindingBuilder {
private static Log log = LogFactory.getLog(SymmetricBindingBuilder.class);
private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
- private boolean dotDebug = false;
-
-
- public SymmetricBindingBuilder(){
- dotDebug = tlog.isDebugEnabled();
- }
-
+
public void build(RampartMessageData rmd) throws RampartException {
-
+
log.debug("SymmetricBindingBuilder build invoked");
-
+
RampartPolicyData rpd = rmd.getPolicyData();
if(rpd.isIncludeTimestamp()) {
this.addTimestamp(rmd);
@@ -91,9 +85,8 @@ public class SymmetricBindingBuilder extends BindingBuilder {
this.doSignBeforeEncrypt(rmd);
}
-
log.debug("SymmetricBindingBuilder build invoked : DONE");
-
+
}
private void doEncryptBeforeSig(RampartMessageData rmd) throws RampartException {
@@ -104,7 +97,7 @@ public class SymmetricBindingBuilder extends BindingBuilder {
Vector signatureValues = new Vector();
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t0 = System.currentTimeMillis();
}
@@ -125,10 +118,14 @@ public class SymmetricBindingBuilder extends BindingBuilder {
if(encryptionToken instanceof IssuedToken) {
tokenId = rmd.getIssuedEncryptionTokenId();
- log.debug("Issued EncryptionToken Id : " + tokenId);
+ if (log.isDebugEnabled()) {
+ log.debug("Issued EncryptionToken Id : " + tokenId);
+ }
} else if(encryptionToken instanceof SecureConversationToken) {
tokenId = rmd.getSecConvTokenId();
- log.debug("SCT Id : " + tokenId);
+ if (log.isDebugEnabled()) {
+ log.debug("SCT Id : " + tokenId);
+ }
} else if (encryptionToken instanceof X509Token) {
if (rmd.isInitiator()) {
tokenId = setupEncryptedKey(rmd, encryptionToken);
@@ -177,7 +174,7 @@ public class SymmetricBindingBuilder extends BindingBuilder {
AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();
if(encryptionToken.isDerivedKeys()) {
log.debug("Use drived keys");
-
+
dkEncr = new WSSecDKEncrypt();
if(attached && tok.getAttachedReference() != null) {
@@ -238,7 +235,7 @@ public class SymmetricBindingBuilder extends BindingBuilder {
this.mainRefListElement = RampartUtil.appendChildToSecHeader(rmd, refList);
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
}
@@ -328,7 +325,7 @@ public class SymmetricBindingBuilder extends BindingBuilder {
}
}
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t2 = System.currentTimeMillis();
tlog.debug("Encryption took :" + (t1 - t0)
+", Signature tool :" + (t2 - t1) );
@@ -338,10 +335,10 @@ public class SymmetricBindingBuilder extends BindingBuilder {
if(rpd.isSignatureProtection() && this.mainSigId != null ||
encryptedTokensIdList.size() > 0 && rmd.isInitiator()) {
long t3 = 0, t4 = 0;
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t3 = System.currentTimeMillis();
}
- log.debug("Signature protection");
+ log.debug("Signature protection");
Vector secondEncrParts = new Vector();
//Now encrypt the signature using the above token
@@ -381,7 +378,7 @@ public class SymmetricBindingBuilder extends BindingBuilder {
throw new RampartException("errorInEncryption", e);
}
}
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t4 = System.currentTimeMillis();
tlog.debug("Signature protection took :" + (t4 - t3));
}
@@ -400,7 +397,7 @@ public class SymmetricBindingBuilder extends BindingBuilder {
RampartPolicyData rpd = rmd.getPolicyData();
Document doc = rmd.getDocument();
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t0 = System.currentTimeMillis();
}
Token sigToken = rpd.getSignatureToken();
@@ -532,7 +529,7 @@ public class SymmetricBindingBuilder extends BindingBuilder {
}
}
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
}
@@ -687,7 +684,7 @@ public class SymmetricBindingBuilder extends BindingBuilder {
}
}
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t2 = System.currentTimeMillis();
tlog.debug("Signature took :" + (t1 - t0)
+", Encryption took :" + (t2 - t1) );
@@ -809,7 +806,6 @@ public class SymmetricBindingBuilder extends BindingBuilder {
/**
* Setup the required tokens
* @param rmd
- * @param rpd
* @throws RampartException
*/
private void initializeTokens(RampartMessageData rmd) throws RampartException {
@@ -818,19 +814,19 @@ public class SymmetricBindingBuilder extends BindingBuilder {
MessageContext msgContext = rmd.getMsgContext();
if(rpd.isSymmetricBinding() && !msgContext.isServerSide()) {
- log.debug("Processing symmetric binding: " +
- "Setting up encryption token and signature token");
+ if (log.isDebugEnabled()) {
+ log.debug("Processing symmetric binding: " +
+ "Setting up encryption token and signature token");
+ }
//Setting up encryption token and signature token
Token sigTok = rpd.getSignatureToken();
Token encrTok = rpd.getEncryptionToken();
if(sigTok instanceof IssuedToken) {
-
log.debug("SignatureToken is an IssuedToken");
-
if(rmd.getIssuedSignatureTokenId() == null) {
log.debug("No Issuedtoken found, requesting a new token");
-
+
IssuedToken issuedToken = (IssuedToken)sigTok;
String id = RampartUtil.getIssuedToken(rmd,
@@ -840,9 +836,9 @@ public class SymmetricBindingBuilder extends BindingBuilder {
}
} else if(sigTok instanceof SecureConversationToken) {
-
+
log.debug("SignatureToken is a SecureConversationToken");
-
+
//TODO check for an existing token and use it
String secConvTokenId = rmd.getSecConvTokenId();
@@ -867,14 +863,13 @@ public class SymmetricBindingBuilder extends BindingBuilder {
throw new RampartException("errorExtractingToken");
}
}
-
+
if (secConvTokenId == null
- || (secConvTokenId != null &&
- (!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {
-
- log.debug("No SecureConversationToken found, " +
- "requesting a new token");
-
+ || (secConvTokenId != null &&
+ (!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {
+
+ log.debug("No SecureConversationToken found, requesting a new token");
+
SecureConversationToken secConvTok =
(SecureConversationToken) sigTok;
@@ -892,20 +887,21 @@ public class SymmetricBindingBuilder extends BindingBuilder {
//If it was the ProtectionToken assertion then sigTok is the
//same as encrTok
if(sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {
-
+
log.debug("Symmetric binding uses a ProtectionToken, both" +
- " SignatureToken and EncryptionToken are the same");
-
+ " SignatureToken and EncryptionToken are the same");
+
rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
} else {
//Now we'll have to obtain the encryption token as well :-)
//ASSUMPTION: SecureConversationToken is used as a
//ProtectionToken therefore we only have to process a issued
//token here
-
+
log.debug("Obtaining the Encryption Token");
+
if(rmd.getIssuedEncryptionTokenId() != null) {
-
+
log.debug("EncrytionToken not alredy set");
IssuedToken issuedToken = (IssuedToken)encrTok;
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
index 2bbfa6e..244436b 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
@@ -16,10 +16,6 @@
package org.apache.rampart.builder;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.Vector;
-
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
@@ -54,22 +50,21 @@ import org.apache.ws.security.message.WSSecUsernameToken;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.Vector;
+
public class TransportBindingBuilder extends BindingBuilder {
private static Log log = LogFactory.getLog(TransportBindingBuilder.class);
private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
- private boolean dotDebug = false;
-
- public TransportBindingBuilder(){
- dotDebug = tlog.isDebugEnabled();
- }
-
+
public void build(RampartMessageData rmd) throws RampartException {
-
+
log.debug("TransportBindingBuilder build invoked");
-
+
long t0 = 0, t1 = 0;
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
}
@@ -89,9 +84,9 @@ public class TransportBindingBuilder extends BindingBuilder {
if(sgndSuppTokens != null && sgndSuppTokens.getTokens() != null &&
sgndSuppTokens.getTokens().size() > 0) {
-
+
log.debug("Processing signed supporting tokens");
-
+
ArrayList tokens = sgndSuppTokens.getTokens();
for (Iterator iter = tokens.iterator(); iter.hasNext();) {
@@ -115,9 +110,9 @@ public class TransportBindingBuilder extends BindingBuilder {
SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
if(sgndEndSuppTokens != null && sgndEndSuppTokens.getTokens() != null &&
sgndEndSuppTokens.getTokens().size() > 0) {
-
+
log.debug("Processing endorsing signed supporting tokens");
-
+
ArrayList tokens = sgndEndSuppTokens.getTokens();
SignedEncryptedParts signdParts = sgndEndSuppTokens.getSignedParts();
for (Iterator iter = tokens.iterator(); iter.hasNext();) {
@@ -162,7 +157,7 @@ public class TransportBindingBuilder extends BindingBuilder {
addSignatureConfirmation(rmd, null);
}
- if(dotDebug){
+ if(tlog.isDebugEnabled()){
t1 = System.currentTimeMillis();
tlog.debug("Transport binding build took "+ (t1 - t0));
}
@@ -614,10 +609,9 @@ public class TransportBindingBuilder extends BindingBuilder {
if (secConvTokenId == null
|| (secConvTokenId != null &&
(!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {
-
- log.debug("No SecureConversationToken found, " +
- "requesting a new token");
-
+
+ log.debug("No SecureConversationToken found, requesting a new token");
+
try {
secConvTokenId = RampartUtil.getSecConvToken(rmd, secConvTok);
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
index 3c4cda5..cdbbc4a 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
@@ -28,6 +28,7 @@ cannotCreatePolicyValidatorCallbackInstance = Cannot create custom policy valida
cannotLoadRampartConfigCallbackClass = Cannot load rampart config callback class : \"{0}\"
cannotCreateRampartConfigCallbackInstance = Cannot create rampart config callback class instance : \"{0}\"
missingEncryptionUser=Encryption user not specified (The context is created by the initiating party)
+rampartConfigMissing = Rampart policy configuration missing
missingSignatureCrypto=Signature crypto information not available
missingEncryptionCrypto=Encryption crypto information not available
@@ -98,4 +99,5 @@ invalidTransport = Expected transport is "https" but incoming transport found :
requiredElementsMissing = Required Elements not found in the incoming message : {0}
repeatingNonceValue = Nonce value : {0}, already seen before for user name : {1}. Possibly this could be a replay attack.
invalidNonceLifeTime = Invalid value for nonceLifeTime in rampart configuration file.
-invalidIssuerAddress = Invalid value for Issuer
\ No newline at end of file
+invalidIssuerAddress = Invalid value for Issuer
+invalidSignatureAlgo=Invalid signature algorithm for Asymmetric binding
\ No newline at end of file
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
index 2b6d4d4..e4e83dd 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/PostDispatchVerificationHandler.java
@@ -20,7 +20,6 @@ import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMException;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.SOAPHeaderBlock;
-import org.apache.axiom.soap.impl.dom.soap11.SOAP11HeaderBlockImpl;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.HandlerDescription;
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java
index cdc0cc5..6ead40a 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java
@@ -36,7 +36,7 @@ import org.apache.ws.security.WSSecurityException;
public class RampartSender implements Handler {
private static Log mlog = LogFactory.getLog(RampartConstants.MESSAGE_LOG);
-
+
private static HandlerDescription EMPTY_HANDLER_METADATA =
new HandlerDescription("default Handler");
@@ -54,10 +54,11 @@ public class RampartSender implements Handler {
}
public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
-
+
if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
- return InvocationResponse.CONTINUE;
- }
+ return InvocationResponse.CONTINUE;
+ }
+
MessageBuilder builder = new MessageBuilder();
try {
@@ -67,7 +68,13 @@ public class RampartSender implements Handler {
} catch (WSSPolicyException e) {
throw new AxisFault(e.getMessage(), e);
} catch (RampartException e) {
- throw new AxisFault(e.getMessage(), e);
+ // If a framework exception is occurred while processing a security fault
+ // send the original fault to the client.
+ if (msgContext.isProcessingFault()) {
+ return InvocationResponse.CONTINUE;
+ } else {
+ throw new AxisFault(e.getMessage(), e);
+ }
}
if(mlog.isDebugEnabled()){
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java
index c693fc9..3960f63 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java
@@ -143,6 +143,8 @@ public class WSSHandlerConstants {
//TODO: Get these constants from the WS-Trust impl's constants
public final static String RST_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT";
public final static String RSTR_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT";
+ public final static String RST_ACTON_SCT_STANDARD = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT";
+ public final static String RSTR_ACTON_SCT_STANDARD = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT";
public final static String RSTR_ACTON_ISSUE = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue";
public final static String TOK_TYPE_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
index d0d061b..fe7412f 100755
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
@@ -49,7 +49,7 @@ import java.util.List;
public class RampartPolicyBuilder {
private static Log log = LogFactory.getLog(RampartPolicyBuilder.class);
-
+
/**
* Compile the parsed security data into one Policy data block.
*
@@ -76,6 +76,9 @@ public class RampartPolicyBuilder {
for (Iterator iter = topLevelAssertions.iterator(); iter.hasNext();) {
Assertion assertion = (Assertion) iter.next();
if (assertion instanceof Binding) {
+
+ setWebServiceSecurityPolicyNS(assertion, rpd);
+
if (assertion instanceof SymmetricBinding) {
processSymmetricPolicyBinding((SymmetricBinding) assertion, rpd);
} else if(assertion instanceof AsymmetricBinding) {
@@ -102,6 +105,10 @@ public class RampartPolicyBuilder {
} else if (assertion instanceof ContentEncryptedElements) {
processContentEncryptedElements((ContentEncryptedElements) assertion, rpd);
}else if (assertion instanceof SupportingToken) {
+
+ //Set policy version. Cos a supporting token can appear along without a binding
+ setWebServiceSecurityPolicyNS(assertion, rpd);
+
processSupportingTokens((SupportingToken) assertion, rpd);
} else if (assertion instanceof Trust10) {
processTrust10((Trust10)assertion, rpd);
@@ -110,14 +117,28 @@ public class RampartPolicyBuilder {
} else if (assertion instanceof MTOMAssertion){
processMTOMSerialization((MTOMAssertion)assertion, rpd);
} else {
- log.debug("Unknown top level PED found: "
- + assertion.getClass().getName());
+ if (log.isDebugEnabled()) {
+ log.debug("Unknown top level PED found: "
+ + assertion.getClass().getName());
+ }
}
}
return rpd;
}
+ /**
+ * Sets web service security policy version. The policy version is extracted from an assertion.
+ * But if namespace is already set this method will just return.
+ * @param assertion The assertion to get policy namespace.
+ */
+ private static void setWebServiceSecurityPolicyNS(Assertion assertion, RampartPolicyData policyData) {
+
+ if (policyData.getWebServiceSecurityPolicyNS() == null) {
+ policyData.setWebServiceSecurityPolicyNS(assertion.getName().getNamespaceURI());
+ }
+ }
+
/**
@@ -155,7 +176,7 @@ public class RampartPolicyBuilder {
/**
* Evaluate the symmetric policy binding data.
*
- * @param binding
+ * @param symmBinding
* The binding data
* @param rpd
* The WSS4J data to initialize
@@ -200,7 +221,7 @@ public class RampartPolicyBuilder {
/**
* Populate elements to sign and/or encrypt with the message tokens.
*
- * @param sep
+ * @param see
* The data describing the elements (XPath)
* @param rpd
* The WSS4J data to initialize
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
index 48bc1f2..890d644 100755
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
@@ -62,6 +62,9 @@ public class RampartPolicyData {
private boolean signatureConfirmation;
+ //Policy namespace
+ private String webServiceSecurityPolicyNS = null;
+
/*
* Message tokens for symmetrical binding
*/
@@ -163,7 +166,17 @@ public class RampartPolicyData {
private Vector supportingPolicyData = new Vector();
private Vector supportingTokens = new Vector();
-
+
+
+
+ public String getWebServiceSecurityPolicyNS() {
+ return webServiceSecurityPolicyNS;
+ }
+
+ public void setWebServiceSecurityPolicyNS(String webServiceSecurityPolicyNS) {
+ this.webServiceSecurityPolicyNS = webServiceSecurityPolicyNS;
+ }
+
public Vector getSupportingPolicyData() {
return supportingPolicyData;
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java
index 82337d6..6ac7f75 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java
@@ -28,7 +28,7 @@ import javax.xml.namespace.QName;
import java.util.Iterator;
import java.util.Properties;
-public class CryptoConfigBuilder implements AssertionBuilder {
+public class CryptoConfigBuilder implements AssertionBuilder<OMElement> {
public Assertion build(OMElement element, AssertionBuilderFactory factory)
throws IllegalArgumentException {
@@ -47,6 +47,12 @@ public class CryptoConfigBuilder implements AssertionBuilder {
if(cacheRefreshIntAttr != null){
cryptoCofig.setCacheRefreshInterval(cacheRefreshIntAttr.getAttributeValue().trim());
}
+
+ OMAttribute enableCryptoCacheAttr = element.getAttribute(new QName(CryptoConfig.CACHE_ENABLED));
+ if(enableCryptoCacheAttr != null){
+ cryptoCofig.setCacheEnabled(Boolean.parseBoolean(enableCryptoCacheAttr.
+ getAttributeValue().trim().toLowerCase()));
+ }
Properties properties = new Properties();
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/OptimizePartsBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/OptimizePartsBuilder.java
index 240a261..d8ffb6d 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/OptimizePartsBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/OptimizePartsBuilder.java
@@ -45,7 +45,7 @@ import org.apache.rampart.policy.model.RampartConfig;
</pre>
* @see OptimizePartsConfig
*/
-public class OptimizePartsBuilder implements AssertionBuilder{
+public class OptimizePartsBuilder implements AssertionBuilder<OMElement> {
public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
OptimizePartsConfig assertion = new OptimizePartsConfig();
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
index 6d226c2..d7644d9 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
@@ -26,7 +26,7 @@ import org.apache.rampart.policy.model.OptimizePartsConfig;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.policy.model.SSLConfig;
-public class RampartConfigBuilder implements AssertionBuilder {
+public class RampartConfigBuilder implements AssertionBuilder<OMElement> {
public Assertion build(OMElement element, AssertionBuilderFactory factory)
throws IllegalArgumentException {
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/SSLConfigBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/SSLConfigBuilder.java
index d124b7d..0f10302 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/SSLConfigBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/SSLConfigBuilder.java
@@ -28,7 +28,7 @@ import javax.xml.namespace.QName;
import java.util.Iterator;
import java.util.Properties;
-public class SSLConfigBuilder implements AssertionBuilder {
+public class SSLConfigBuilder implements AssertionBuilder<OMElement> {
public Assertion build(OMElement element, AssertionBuilderFactory factory)
throws IllegalArgumentException {
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java
index f40694a..fe81fa8 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java
@@ -47,6 +47,11 @@ public class CryptoConfig implements Assertion {
public final static String PROPERTY_NAME_ATTR = "name";
public final static String CRYPTO_KEY_ATTR = "cryptoKey";
public final static String CACHE_REFRESH_INTVL = "cacheRefreshInterval";
+ public static final String CACHE_ENABLED = "enableCryptoCaching";
+
+ private Properties prop;
+
+ private boolean cacheEnabled = true;
private String provider;
private String cryptoKey;
@@ -68,17 +73,18 @@ public class CryptoConfig implements Assertion {
this.cacheRefreshInterval = cacheRefreshInterval;
}
- private Properties prop;
-
public Properties getProp() {
return prop;
}
+
public void setProp(Properties prop) {
this.prop = prop;
}
+
public String getProvider() {
return provider;
}
+
public void setProvider(String provider) {
this.provider = provider;
}
@@ -91,12 +97,25 @@ public class CryptoConfig implements Assertion {
// TODO TODO
throw new UnsupportedOperationException("TODO");
}
+
+ public boolean isIgnorable() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
public PolicyComponent normalize() {
// TODO TODO
throw new UnsupportedOperationException("TODO");
}
+ public boolean isCacheEnabled() {
+ return cacheEnabled;
+ }
+
+ public void setCacheEnabled(boolean cacheEnabled) {
+ this.cacheEnabled = cacheEnabled;
+ }
+
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
String prefix = writer.getPrefix(RampartConfig.NS);
@@ -119,7 +138,9 @@ public class CryptoConfig implements Assertion {
writer.writeAttribute(CACHE_REFRESH_INTVL, getCacheRefreshInterval());
}
-
+ if(!isCacheEnabled()){
+ writer.writeAttribute(CACHE_ENABLED, Boolean.toString(isCacheEnabled()));
+ }
String key;
String value;
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
index d3d19b9..98ef8af 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
@@ -118,7 +118,9 @@ public class OptimizePartsConfig implements Assertion{
public boolean isOptional() {
throw new UnsupportedOperationException("Not relevant");
}
-
+ public boolean isIgnorable() {
+ throw new UnsupportedOperationException("Not relevant");
+ }
public boolean equal(PolicyComponent arg0) {
throw new UnsupportedOperationException("Not relevant");
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
index 45228b9..ca21fcb 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
@@ -267,6 +267,9 @@ public class RampartConfig implements Assertion {
// TODO TODO
throw new UnsupportedOperationException("TODO");
}
+ public boolean isIgnorable() {
+ throw new UnsupportedOperationException("TODO");
+ }
public PolicyComponent normalize() {
// TODO TODO
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/SSLConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/SSLConfig.java
index c293c5c..58e4a66 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/SSLConfig.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/SSLConfig.java
@@ -38,6 +38,9 @@ public class SSLConfig implements Assertion{
// TODO TODO
throw new UnsupportedOperationException("TODO");
}
+ public boolean isIgnorable() {
+ throw new UnsupportedOperationException("TODO");
+ }
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
String prefix = writer.getPrefix(RampartConfig.NS);
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java
new file mode 100644
index 0000000..1c3943d
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML1AssertionHandler.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.saml;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.impl.util.SAMLUtils;
+import org.apache.rampart.TokenCallbackHandler;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.saml.SAMLKeyInfo;
+import org.apache.ws.security.saml.SAMLUtil;
+import org.opensaml.saml1.core.Assertion;
+import org.opensaml.saml1.core.Conditions;
+
+/**
+ * This class handles SAML1 assertions.Processes SAML1 assertion and will extract SAML1 attributes
+ * such as assertion id, start date, end date etc ...
+ */
+public class SAML1AssertionHandler extends SAMLAssertionHandler{
+
+ private Assertion assertion;
+
+ public SAML1AssertionHandler(Assertion saml1Assertion) {
+ this.assertion = saml1Assertion;
+ this.processSAMLAssertion();
+ }
+
+ @Override
+ public boolean isBearerAssertion() {
+ return RahasConstants.SAML11_SUBJECT_CONFIRMATION_BEARER.equals(
+ SAMLUtils.getSAML11SubjectConfirmationMethod(assertion));
+ }
+
+ @Override
+ protected void processSAMLAssertion() {
+
+ this.setAssertionId(assertion.getID());
+
+ //Read the validity period from the 'Conditions' element, else read it from SC Data
+ if (assertion.getConditions() != null) {
+ Conditions conditions = assertion.getConditions();
+ if (conditions.getNotBefore() != null) {
+ this.setDateNotBefore(conditions.getNotBefore().toDate());
+ }
+ if (conditions.getNotOnOrAfter() != null) {
+ this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate());
+ }
+ }
+ }
+
+ @Override
+ public byte[] getAssertionKeyInfoSecret(Crypto signatureCrypto, TokenCallbackHandler tokenCallbackHandler)
+ throws WSSecurityException {
+
+ // TODO change this to use SAMLAssertion parameter once wss4j conversion is done ....
+ SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(assertion.getDOM(),
+ signatureCrypto, tokenCallbackHandler);
+ return samlKi.getSecret();
+ }
+
+
+ @Override
+ public OMElement getAssertionElement() throws TrustException {
+ return (OMElement)this.assertion.getDOM();
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML2AssertionHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML2AssertionHandler.java
new file mode 100644
index 0000000..a7dcae7
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAML2AssertionHandler.java
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.saml;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.impl.util.SAML2KeyInfo;
+import org.apache.rahas.impl.util.SAML2Utils;
+import org.apache.rampart.TokenCallbackHandler;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+
+
+/**
+ * This class handles SAML2 assertions.Processes SAML2 assertion and will extract SAML2 attributes
+ * such as assertion id, start date, end date etc ...
+ */
+public class SAML2AssertionHandler extends SAMLAssertionHandler{
+
+ private static final Log log = LogFactory.getLog(SAML2AssertionHandler.class);
+
+ private Assertion assertion;
+
+
+ public SAML2AssertionHandler(Assertion samlAssertion) {
+ this.assertion = samlAssertion;
+ this.processSAMLAssertion();
+ }
+
+ /**
+ * Checks whether SAML assertion is bearer - urn:oasis:names:tc:SAML:2.0:cm:bearer
+ *
+ * @return true if assertion is bearer else false.
+ */
+ public boolean isBearerAssertion() {
+
+ // if the subject confirmation method is Bearer, do not try to get the KeyInfo
+ return SAML2Utils.getSAML2SubjectConfirmationMethod(assertion).equals(
+ RahasConstants.SAML20_SUBJECT_CONFIRMATION_BEARER);
+ }
+
+ protected void processSAMLAssertion() {
+
+ this.setAssertionId(assertion.getID());
+
+ Subject subject = assertion.getSubject();
+
+ //Read the validity period from the 'Conditions' element, else read it from SC Data
+ if (assertion.getConditions() != null) {
+ Conditions conditions = assertion.getConditions();
+ if (conditions.getNotBefore() != null) {
+ this.setDateNotBefore(conditions.getNotBefore().toDate());
+ }
+ if (conditions.getNotOnOrAfter() != null) {
+ this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate());
+ }
+ } else {
+ SubjectConfirmationData scData = subject.getSubjectConfirmations()
+ .get(0).getSubjectConfirmationData();
+ if (scData.getNotBefore() != null) {
+ this.setDateNotBefore(scData.getNotBefore().toDate());
+ }
+ if (scData.getNotOnOrAfter() != null) {
+ this.setDateNotOnOrAfter(scData.getNotOnOrAfter().toDate());
+ }
+ }
+
+ }
+
+ public byte[] getAssertionKeyInfoSecret(Crypto signatureCrypto, TokenCallbackHandler tokenCallbackHandler)
+ throws WSSecurityException {
+ // TODO : SAML2KeyInfo element needs to be moved to WSS4J.
+ SAML2KeyInfo saml2KeyInfo = SAML2Utils.
+ getSAML2KeyInfo(assertion, signatureCrypto, tokenCallbackHandler);
+
+ return saml2KeyInfo.getSecret();
+ }
+
+ public OMElement getAssertionElement() throws TrustException{
+ try {
+ return (OMElement) SAML2Utils.getElementFromAssertion(assertion);
+ } catch (TrustException e) {
+ log.error("Error getting Axiom representation of SAML2 assertion.", e);
+ throw e;
+ }
+ }
+
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandler.java
new file mode 100644
index 0000000..4c1f569
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandler.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.saml;
+
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.TokenCallbackHandler;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+
+import java.util.Date;
+
+/**
+ * A class to handle attributes to common SAML1 and SAML2 assertions.
+ */
+public abstract class SAMLAssertionHandler {
+
+
+ private String assertionId;
+
+ private Date dateNotBefore;
+
+ private Date dateNotOnOrAfter;
+
+ public String getAssertionId() {
+ return assertionId;
+ }
+
+ protected void setAssertionId(String assertionId) {
+ this.assertionId = assertionId;
+ }
+
+ public Date getDateNotBefore() {
+ return dateNotBefore;
+ }
+
+ protected void setDateNotBefore(Date dateNotBefore) {
+ this.dateNotBefore = dateNotBefore;
+ }
+
+ public Date getDateNotOnOrAfter() {
+ return dateNotOnOrAfter;
+ }
+
+ protected void setDateNotOnOrAfter(Date dateNotOnOrAfter) {
+ this.dateNotOnOrAfter = dateNotOnOrAfter;
+ }
+
+ /**
+ * Checks whether SAML assertion is bearer - urn:oasis:names:tc:SAML:2.0:cm:bearer
+ *
+ * @return true if assertion is bearer else false.
+ */
+ public abstract boolean isBearerAssertion();
+
+ protected abstract void processSAMLAssertion();
+
+
+ /**
+ * Gets the secret in assertion.
+ * @param signatureCrypto Signature crypto info, private,public keys.
+ * @param tokenCallbackHandler The token callback class. TODO Why ?
+ * @return Secret as a byte array
+ * @throws WSSecurityException If an error occurred while validating the signature.
+ */
+ public abstract byte[] getAssertionKeyInfoSecret(Crypto signatureCrypto, TokenCallbackHandler tokenCallbackHandler)
+ throws WSSecurityException;
+
+ /**
+ * Gets the assertion element as an Axiom OMElement.
+ * @return OMElement representation of assertion.
+ * @throws TrustException if an error occurred while converting Assertion to an OMElement.
+ */
+ public abstract OMElement getAssertionElement() throws TrustException;
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandlerFactory.java b/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandlerFactory.java
new file mode 100644
index 0000000..d771f03
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/saml/SAMLAssertionHandlerFactory.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.saml;
+
+/**
+ * Creates SAML assertion handlers based on assertion type.
+ */
+public class SAMLAssertionHandlerFactory {
+
+ public static SAMLAssertionHandler createAssertionHandler(Object samlAssertion) {
+
+ if (samlAssertion instanceof org.opensaml.saml2.core.Assertion) {
+ SAMLAssertionHandler saml2AssertionHandler
+ = new SAML2AssertionHandler((org.opensaml.saml2.core.Assertion) samlAssertion);
+
+ return saml2AssertionHandler;
+ } else {
+ SAML1AssertionHandler saml1AssertionHandler
+ = new SAML1AssertionHandler((org.opensaml.saml1.core.Assertion) samlAssertion);
+ return saml1AssertionHandler;
+ }
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
index 0db238a..df8313d 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
@@ -16,32 +16,33 @@
package org.apache.rampart.util;
+import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMMetaFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.OMXMLBuilderFactory;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
-import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
import org.apache.axiom.soap.SOAP11Constants;
import org.apache.axiom.soap.SOAP12Constants;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPFactory;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axiom.soap.SOAPModelBuilder;
import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
-import org.apache.axiom.soap.impl.dom.SOAPHeaderBlockImpl;
-import org.apache.axiom.soap.impl.dom.factory.DOMSOAPFactory;
import org.apache.rampart.handler.WSSHandlerConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.DOMConfiguration;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.stream.FactoryConfigurationError;
-import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamReader;
import java.io.ByteArrayInputStream;
@@ -89,7 +90,35 @@ public class Axis2Util {
throws WSSecurityException {
try {
if(env instanceof Element) {
- return ((Element)env).getOwnerDocument();
+ Element element = (Element)env;
+ Document document = element.getOwnerDocument();
+ // For outgoing messages, Axis2 only creates the SOAPEnvelope, but no document. If
+ // the Axiom implementation also supports DOM, then the envelope (seen as a DOM
+ // element) will have an owner document, but the document and the envelope have no
+ // parent-child relationship. On the other hand, the input expected by WSS4J is
+ // a document with the envelope as document element. Therefore we need to set the
+ // envelope as document element on the owner document.
+ if (element.getParentNode() != document) {
+ document.appendChild(element);
+ }
+ // If the Axiom implementation supports DOM, then it is possible/likely that the
+ // DOM API was used to create the object model (or parts of it). In this case, the
+ // object model is not necessarily well formed with respect to namespaces because
+ // DOM doesn't generate namespace declarations automatically. This is an issue
+ // because WSS4J/Santuario expects that all namespace declarations are present.
+ // If this is not the case, then signature values or encryptions will be incorrect.
+ // To avoid this, we normalize the document. Note that if we disable the other
+ // normalizations supported by DOM, this is generally not a heavy operation.
+ // In particular, the Axiom implementation is not required to expand the object
+ // model (including OMSourcedElements) because the Axiom builder is required to
+ // perform namespace repairing, so that no modifications to unexpanded parts of
+ // the message are required.
+ DOMConfiguration domConfig = document.getDomConfig();
+ domConfig.setParameter("split-cdata-sections", Boolean.FALSE);
+ domConfig.setParameter("well-formed", Boolean.FALSE);
+ domConfig.setParameter("namespaces", Boolean.TRUE);
+ document.normalizeDocument();
+ return document;
}
if (useDoom) {
@@ -117,21 +146,22 @@ public class Axis2Util {
// Check the namespace and find SOAP version and factory
String nsURI = null;
+ OMMetaFactory metaFactory = OMAbstractFactory.getMetaFactory(OMAbstractFactory.FEATURE_DOM);
SOAPFactory factory;
if (env.getNamespace().getNamespaceURI().equals(
SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
nsURI = SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI;
- factory = DOOMAbstractFactory.getSOAP11Factory();
+ factory = metaFactory.getSOAP11Factory();
} else {
nsURI = SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI;
- factory = DOOMAbstractFactory.getSOAP12Factory();
+ factory = metaFactory.getSOAP12Factory();
}
StAXSOAPModelBuilder stAXSOAPModelBuilder = new StAXSOAPModelBuilder(
env.getXMLStreamReader(), factory, nsURI);
SOAPEnvelope envelope = (stAXSOAPModelBuilder)
.getSOAPEnvelope();
- ((OMNode) envelope.getParent()).build();
+ envelope.getParent().build();
//Set the processed flag of the processed headers
SOAPHeader header = envelope.getHeader();
@@ -173,6 +203,18 @@ public class Axis2Util {
public static SOAPEnvelope getSOAPEnvelopeFromDOMDocument(Document doc, boolean useDoom)
throws WSSecurityException {
+ Element documentElement = doc.getDocumentElement();
+ if (documentElement instanceof SOAPEnvelope) {
+ SOAPEnvelope env = (SOAPEnvelope)documentElement;
+ // If the DOM tree already implements the Axiom API and the corresponding
+ // Axiom implementation is also used as default implementation, then just return
+ // the SOAPEnvelope directly. Note that this will never be the case for DOOM,
+ // but may be the case for a non standard Axiom implementation.
+ if (env.getOMFactory().getMetaFactory() == OMAbstractFactory.getMetaFactory()) {
+ return env;
+ }
+ }
+
if(useDoom) {
try {
//Get processed headers
@@ -210,7 +252,7 @@ public class Axis2Util {
Iterator children = element.getChildren();
while (children.hasNext()) {
OMNode child = (OMNode)children.next();
- child.detach();
+ children.remove();
header.addChild(child);
}
@@ -230,8 +272,8 @@ public class Axis2Util {
}
XMLStreamReader reader = ((OMElement) doc.getDocumentElement())
.getXMLStreamReader();
- StAXSOAPModelBuilder stAXSOAPModelBuilder = new StAXSOAPModelBuilder(
- reader, null);
+ SOAPModelBuilder stAXSOAPModelBuilder = OMXMLBuilderFactory.createStAXSOAPModelBuilder(
+ reader);
SOAPEnvelope envelope = stAXSOAPModelBuilder.getSOAPEnvelope();
//Set the processed flag of the processed headers
@@ -258,7 +300,7 @@ public class Axis2Util {
XMLUtils.outputDOM(doc.getDocumentElement(), os, true);
ByteArrayInputStream bais = new ByteArrayInputStream(os.toByteArray());
- StAXSOAPModelBuilder stAXSOAPModelBuilder = new StAXSOAPModelBuilder(XMLInputFactory.newInstance().createXMLStreamReader(bais), null);
+ SOAPModelBuilder stAXSOAPModelBuilder = OMXMLBuilderFactory.createSOAPModelBuilder(bais, null);
return stAXSOAPModelBuilder.getSOAPEnvelope();
} catch (Exception e) {
throw new WSSecurityException(e.getMessage());
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
index 6ce74fe..bff27cf 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
@@ -49,6 +49,7 @@ import org.apache.rahas.client.STSClient;
import org.apache.rampart.PolicyBasedResultsValidator;
import org.apache.rampart.PolicyValidatorCallbackHandler;
import org.apache.rampart.RampartConfigCallbackHandler;
+import org.apache.rampart.RampartConstants;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
@@ -90,13 +91,14 @@ import javax.servlet.http.HttpServletRequest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
public class RampartUtil {
private static final String CRYPTO_PROVIDER = "org.apache.ws.security.crypto.provider";
private static Log log = LogFactory.getLog(RampartUtil.class);
- private static Map cryptoStore = new Hashtable();
+ private static Map<String, CachedCrypto> cryptoStore = new ConcurrentHashMap<String, CachedCrypto>();
private static class CachedCrypto {
private Crypto crypto;
@@ -130,9 +132,11 @@ public class RampartUtil {
String cbHandlerClass = rpd.getRampartConfig().getPwCbClass();
ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
-
- log.debug("loading class : " + cbHandlerClass);
-
+
+ if (log.isDebugEnabled()) {
+ log.debug("loading class : " + cbHandlerClass);
+ }
+
Class cbClass;
try {
cbClass = Loader.loadClass(classLoader, cbHandlerClass);
@@ -177,9 +181,11 @@ public class RampartUtil {
String cbHandlerClass = rpd.getRampartConfig().getPolicyValidatorCbClass();
ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
-
- log.debug("loading class : " + cbHandlerClass);
-
+
+ if (log.isDebugEnabled()) {
+ log.debug("loading class : " + cbHandlerClass);
+ }
+
Class cbClass;
try {
cbClass = Loader.loadClass(classLoader, cbHandlerClass);
@@ -210,9 +216,11 @@ public class RampartUtil {
String cbHandlerClass = rpd.getRampartConfig().getRampartConfigCbClass();
ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
-
- log.debug("loading class : " + cbHandlerClass);
-
+
+ if (log.isDebugEnabled()) {
+ log.debug("loading class : " + cbHandlerClass);
+ }
+
Class cbClass;
try {
cbClass = Loader.loadClass(classLoader, cbHandlerClass);
@@ -289,76 +297,51 @@ public class RampartUtil {
*/
public static Crypto getEncryptionCrypto(RampartConfig config, ClassLoader loader)
throws RampartException {
+
log.debug("Loading encryption crypto");
-
+
+ Crypto crypto = null;
+
if (config != null && config.getEncrCryptoConfig() != null) {
- CryptoConfig cryptoConfig = config.getEncrCryptoConfig();
- String provider = cryptoConfig.getProvider();
- log.debug("Usig provider: " + provider);
- Properties prop = cryptoConfig.getProp();
- prop.put(CRYPTO_PROVIDER, provider);
-
- String cryptoKey = null;
- String interval = null;
- if (cryptoConfig.getCryptoKey() != null) {
- cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
- interval = cryptoConfig.getCacheRefreshInterval();
- }
-
- Crypto crypto = null;
-
- if (cryptoKey != null) {
- // cache enabled
- crypto = retrieveCrytpoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
- }
-
- if (crypto == null) {
- // cache miss
- crypto = CryptoFactory.getInstance(prop, loader);
- if (cryptoKey != null) {
- // cache enabled - let's cache
- cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
- }
- }
- return crypto;
-
- } else {
- log.debug("Trying the signature crypto info");
-
- // Try using signature crypto information
- if (config != null && config.getSigCryptoConfig() != null) {
- CryptoConfig cryptoConfig = config.getSigCryptoConfig();
- String provider = cryptoConfig.getProvider();
- log.debug("Usig provider: " + provider);
- Properties prop = cryptoConfig.getProp();
- prop.put(CRYPTO_PROVIDER, provider);
- String cryptoKey = null;
- String interval = null;
- if (cryptoConfig.getCryptoKey() != null) {
- cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
- interval = cryptoConfig.getCacheRefreshInterval();
- }
-
- Crypto crypto = null;
- if (cryptoKey != null) {
- // cache enabled
- crypto = retrieveCrytpoFromCache(cryptoKey.trim() + "#" + provider.trim(),
- interval);
- }
-
- if (crypto == null) {
- // cache miss
- crypto = CryptoFactory.getInstance(prop, loader);
- if (cryptoKey != null) {
- // cache enabled - let's cache
- cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
- }
- }
- return crypto;
- } else {
- return null;
- }
- }
+ CryptoConfig cryptoConfig = config.getEncrCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ if (log.isDebugEnabled()) {
+ log.debug("Using provider: " + provider);
+ }
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+
+ String cryptoKey = null;
+ String interval = null;
+ if (cryptoConfig.isCacheEnabled()) {
+ if (cryptoConfig.getCryptoKey() != null) {
+ cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
+ interval = cryptoConfig.getCacheRefreshInterval();
+ }
+ else if(provider.equals(RampartConstants.MERLIN_CRYPTO_IMPL)){
+ cryptoKey = cryptoConfig.getProp().getProperty(RampartConstants.MERLIN_CRYPTO_IMPL_CACHE_KEY);
+ }
+ }
+
+
+ if (cryptoKey != null) {
+ // Crypto caching is enabled
+ crypto = retrieveCryptoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
+ }
+
+ if (crypto == null) {
+ // cache miss
+ crypto = CryptoFactory.getInstance(prop, loader);
+ if (cryptoKey != null) {
+ // Crypto caching is enabled - cache the Crypto object
+ cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
+ }
+ }
+ } else {
+ log.debug("Trying the signature crypto info");
+ crypto = getSignatureCrypto(config, loader);
+ }
+ return crypto;
}
/**
@@ -371,42 +354,47 @@ public class RampartUtil {
*/
public static Crypto getSignatureCrypto(RampartConfig config, ClassLoader loader)
throws RampartException {
+
log.debug("Loading Signature crypto");
-
- if (config != null && config.getSigCryptoConfig() != null) {
- CryptoConfig cryptoConfig = config.getSigCryptoConfig();
- String provider = cryptoConfig.getProvider();
- log.debug("Usig provider: " + provider);
- Properties prop = cryptoConfig.getProp();
- prop.put(CRYPTO_PROVIDER, provider);
- String cryptoKey = null;
- String interval = null;
- if (cryptoConfig.getCryptoKey() != null) {
- cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
- interval = cryptoConfig.getCacheRefreshInterval();
- }
-
- Crypto crypto = null;
-
- if (cryptoKey != null) {
- // cache enabled
- crypto = retrieveCrytpoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
- }
-
- if (crypto == null) {
- // cache miss
- crypto = CryptoFactory.getInstance(prop, loader);
- if (cryptoKey != null) {
- // cache enabled - let's cache
- cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
- }
- }
-
- return crypto;
-
- } else {
- return null;
- }
+
+ Crypto crypto = null;
+
+ if (config != null && config.getSigCryptoConfig() != null) {
+ CryptoConfig cryptoConfig = config.getSigCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ if (log.isDebugEnabled()) {
+ log.debug("Using provider: " + provider);
+ }
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+ String cryptoKey = null;
+ String interval = null;
+
+ if (cryptoConfig.isCacheEnabled()) {
+ if (cryptoConfig.getCryptoKey() != null) {
+ cryptoKey = prop.getProperty(cryptoConfig.getCryptoKey());
+ interval = cryptoConfig.getCacheRefreshInterval();
+ }
+ else if(provider.equals(RampartConstants.MERLIN_CRYPTO_IMPL)){
+ cryptoKey = cryptoConfig.getProp().getProperty(RampartConstants.MERLIN_CRYPTO_IMPL_CACHE_KEY);
+ }
+ }
+
+ if (cryptoKey != null) {
+ // cache enabled
+ crypto = retrieveCryptoFromCache(cryptoKey.trim() + "#" + provider.trim(), interval);
+ }
+
+ if (crypto == null) {
+ // cache miss
+ crypto = CryptoFactory.getInstance(prop, loader);
+ if (cryptoKey != null) {
+ // cache enabled - let's cache
+ cacheCrypto(cryptoKey.trim() + "#" + provider.trim(), crypto);
+ }
+ }
+ }
+ return crypto;
}
@@ -630,7 +618,7 @@ public class RampartUtil {
if(bsPol != null) {
log.debug("BootstrapPolicy found");
- bsPol.addAssertion(rmd.getPolicyData().getRampartConfig());
+ bsPol.addAssertion(rmd.getPolicyData().getRampartConfig());
//copy the <wsoma:OptimizedMimeSerialization/> to BootstrapPolicy
if (rmd.getPolicyData().getMTOMAssertion() != null) {
bsPol.addAssertion(rmd.getPolicyData().getMTOMAssertion());
@@ -644,8 +632,10 @@ public class RampartUtil {
String id = getToken(rmd, rstTemplate,
issuerEprAddress, action, stsPolicy);
-
- log.debug("SecureConversationToken obtained: id=" + id);
+
+ if (log.isDebugEnabled()) {
+ log.debug("SecureConversationToken obtained: id=" + id);
+ }
return id;
}
@@ -685,7 +675,9 @@ public class RampartUtil {
String id = getToken(rmd, rstTemplate, issuerEprAddress, action,
stsPolicy);
- log.debug("Issued token obtained: id=" + id);
+ if (log.isDebugEnabled()) {
+ log.debug("Issued token obtained: id=" + id);
+ }
return id;
} catch (TrustException e) {
throw new RampartException("errorInObtainingToken", e);
@@ -816,6 +808,25 @@ public class RampartUtil {
return id;
}
+ /**
+ * Change the owner document of the given node. The method first attempts to move the node using
+ * {@link Document#adoptNode(Node)}. If that fails, it will import the node into the target
+ * document using {@link Document#importNode(Node, boolean)}.
+ *
+ * @param targetDocument
+ * the target document
+ * @param node
+ * the node to adopt or import
+ * @return the adopted or imported node
+ */
+ public static Node adoptNode(Document targetDocument, Node node) {
+ Node result = targetDocument.adoptNode(node);
+ if (result == null) {
+ result = targetDocument.importNode(node, true);
+ }
+ return result;
+ }
+
public static Element appendChildToSecHeader(RampartMessageData rmd,
OMElement elem) {
return appendChildToSecHeader(rmd, (Element)elem);
@@ -824,8 +835,7 @@ public class RampartUtil {
public static Element appendChildToSecHeader(RampartMessageData rmd,
Element elem) {
Element secHeaderElem = rmd.getSecHeader().getSecurityHeader();
- Node node = secHeaderElem.getOwnerDocument().importNode(
- elem, true);
+ Node node = adoptNode(secHeaderElem.getOwnerDocument(), elem);
return (Element)secHeaderElem.appendChild(node);
}
@@ -1730,35 +1740,27 @@ public class RampartUtil {
}
}
- private static Crypto retrieveCrytpoFromCache(String cryptoKey, String refreshInterval) {
+ private static Crypto retrieveCryptoFromCache(String cryptoKey, String refreshInterval) {
// cache hit
if (cryptoStore.containsKey(cryptoKey)) {
- CachedCrypto cachedCrypto = (CachedCrypto) cryptoStore.get(cryptoKey);
+ CachedCrypto cachedCrypto = cryptoStore.get(cryptoKey);
if (refreshInterval != null) {
if (cachedCrypto.creationTime + new Long(refreshInterval).longValue() > Calendar
.getInstance().getTimeInMillis()) {
- if (log.isDebugEnabled()) {
- log.info("Cache Hit : Crypto Object was found in cache.");
- }
+ log.debug("Cache Hit : Crypto Object was found in cache.");
return cachedCrypto.crypto;
} else {
- if (log.isDebugEnabled()) {
- log.info("Cache Miss : Crypto Object found in cache is expired.");
- }
+ log.debug("Cache Miss : Crypto Object found in cache is expired.");
return null;
}
} else {
- if (log.isDebugEnabled()) {
- log.info("Cache Hit : Crypto Object was found in cache.");
- }
+ log.debug("Cache Hit : Crypto Object was found in cache.");
return cachedCrypto.crypto;
}
}
// cache miss
else {
- if (log.isDebugEnabled()) {
- log.info("Cache Miss : Crypto Object was not found in cache.");
- }
+ log.debug("Cache Miss : Crypto Object was not found in cache.");
return null;
}
}
@@ -1766,9 +1768,7 @@ public class RampartUtil {
private static void cacheCrypto(String cryptoKey, Crypto crypto) {
cryptoStore.put(cryptoKey, new CachedCrypto(crypto, Calendar.getInstance()
.getTimeInMillis()));
- if (log.isDebugEnabled()) {
- log.info("Crypto object is inserted into the Cache.");
- }
+ log.debug("Crypto object is inserted into the Cache.");
}
diff --git a/modules/rampart-integration/pom.xml b/modules/rampart-integration/pom.xml
index 2978090..4a0af24 100644
--- a/modules/rampart-integration/pom.xml
+++ b/modules/rampart-integration/pom.xml
@@ -1,18 +1,37 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-project</artifactId>
- <version>SNAPSHOT</version>
+ <version>1.7.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>rampart-integration</artifactId>
<packaging>jar</packaging>
- <version>SNAPSHOT</version>
<name>Rampart - Integration</name>
<build>
@@ -32,7 +51,7 @@
<artifactItem>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart</artifactId>
- <version>${rampart.mar.version}</version>
+ <version>${project.version}</version>
<type>mar</type>
<overWrite>true</overWrite>
<outputDirectory>target/artifacts</outputDirectory>
@@ -40,7 +59,7 @@
<artifactItem>
<groupId>org.apache.rampart</groupId>
<artifactId>rahas</artifactId>
- <version>${rahas.mar.version}</version>
+ <version>${project.version}</version>
<type>mar</type>
<overWrite>true</overWrite>
<outputDirectory>target/artifacts</outputDirectory>
@@ -56,6 +75,18 @@
</artifactItems>
</configuration>
</execution>
+ <execution>
+ <id>copy-endorsed</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>copy-dependencies</goal>
+ </goals>
+ <configuration>
+ <includeGroupIds>org.apache.xerces,org.apache.xalan</includeGroupIds>
+ <outputDirectory>${project.build.directory}/endorsed</outputDirectory>
+ <stripVersion>true</stripVersion>
+ </configuration>
+ </execution>
</executions>
</plugin>
<plugin>
@@ -80,35 +111,29 @@
<configuration>
<tasks>
<java classname="org.apache.axis2.wsdl.WSDL2Java" fork="true">
- <arg line="-uri src/main/resources/ping/ping.wsdl -ss -o target/generated-code -p org.apache.axis2.oasis.ping -d xmlbeans -g"/>
- <classpath refid="maven.dependency.classpath"/>
- <classpath refid="maven.compile.classpath"/>
- <classpath refid="maven.runtime.classpath"/>
+ <arg line="-uri src/main/resources/ping/ping.wsdl -ss -o target/generated-code -p org.apache.axis2.oasis.ping -d xmlbeans -g" />
+ <classpath refid="maven.dependency.classpath" />
+ <classpath refid="maven.compile.classpath" />
+ <classpath refid="maven.runtime.classpath" />
</java>
<!-- copy the service impl -->
- <copy file="src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java"
- tofile="target/generated-code/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java"
- overwrite="yes"/>
+ <copy file="src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java" tofile="target/generated-code/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java" overwrite="yes" />
<!-- Password callback class for the interop service -->
- <copy file="src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java"
- tofile="target/generated-code/src/org/apache/axis2/security/PWCallback.java"
- overwrite="yes"/>
+ <copy file="src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java" tofile="target/generated-code/src/org/apache/axis2/security/PWCallback.java" overwrite="yes" />
<!-- Interop client -->
- <copy file="src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java"
- tofile="target/generated-code/src/org/apache/axis2/security/InteropScenarioClient.java"
- overwrite="yes"/>
+ <copy file="src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java" tofile="target/generated-code/src/org/apache/axis2/security/InteropScenarioClient.java" overwrite="yes" />
<copy todir="target/test-classes">
<fileset dir="target/generated-code/resources">
- <include name="**/*"/>
+ <include name="**/*" />
</fileset>
</copy>
<javac srcdir="target/generated-code" destdir="target/classes" fork="true">
- <classpath refid="maven.dependency.classpath"/>
- <classpath refid="maven.compile.classpath"/>
- <classpath refid="maven.runtime.classpath"/>
+ <classpath refid="maven.dependency.classpath" />
+ <classpath refid="maven.compile.classpath" />
+ <classpath refid="maven.runtime.classpath" />
</javac>
</tasks>
@@ -119,606 +144,413 @@
<phase>process-test-resources</phase>
<configuration>
<tasks>
- <property name="addressing.mar" value="addressing-${axis2.version}.mar"/>
- <copy file="target/artifacts/addressing-${axis2.version}.mar"
- tofile="target/test-classes/modules/addressing-${axis2.version}.mar"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-classes/modules/rampart-${rampart.mar.version}.mar"/>
-
- <mkdir dir="target/temp-ramp"/>
- <mkdir dir="target/temp-ramp/META-INF"/>
-
- <copy overwrite="yes"
- file="target/classes/org/apache/rampart/Service.class"
- tofile="target/temp-ramp/org/apache/rampart/Service.class"/>
- <copy overwrite="yes"
- file="target/classes/org/apache/rampart/PWCallback.class"
- tofile="target/temp-ramp/org/apache/rampart/PWCallback.class"/>
- <copy overwrite="yes" file="src/test/resources/rampart/store.jks"
- tofile="target/temp-ramp/store.jks"/>
+ <property name="addressing.mar" value="addressing-${axis2.version}.mar" />
+ <copy file="target/artifacts/addressing-${axis2.version}.mar" tofile="target/test-classes/modules/addressing-${axis2.version}.mar" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-classes/modules/rampart-${project.version}.mar" />
+
+ <mkdir dir="target/temp-ramp" />
+ <mkdir dir="target/temp-ramp/META-INF" />
+
+ <copy overwrite="yes" file="target/classes/org/apache/rampart/Service.class" tofile="target/temp-ramp/org/apache/rampart/Service.class" />
+ <copy overwrite="yes" file="target/classes/org/apache/rampart/PWCallback.class" tofile="target/temp-ramp/org/apache/rampart/PWCallback.class" />
+ <copy overwrite="yes" file="src/test/resources/rampart/store.jks" tofile="target/temp-ramp/store.jks" />
<!--path id="ramp.client.props" location="test-resources/rampart"/-->
<!--maven:addPath id="maven.dependency.classpath" refid="ramp.client.props" -->
- <mkdir dir="target/test-resources/rampart_client_repo"/>
- <mkdir dir="target/test-resources/rampart_client_repo/conf"/>
- <mkdir dir="target/test-resources/rampart_client_repo/modules"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/rampart_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
- tofile="target/test-resources/rampart_client_repo/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${axis2.version}.mar"
- tofile="target/test-resources/rampart_client_repo/modules/addressing-${axis2.version}.mar"/>
- <mkdir dir="target/test-resources/rampart_service_repo"/>
- <mkdir dir="target/test-resources/rampart_service_repo/conf"/>
- <mkdir dir="target/test-resources/rampart_service_repo/services"/>
- <mkdir dir="target/test-resources/rampart_service_repo/modules"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/rampart_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
- tofile="target/test-resources/rampart_service_repo/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${axis2.version}.mar"
- tofile="target/test-resources/rampart_service_repo/modules/addressing-${axis2.version}.mar"/>
+ <mkdir dir="target/test-resources/rampart_client_repo" />
+ <mkdir dir="target/test-resources/rampart_client_repo/conf" />
+ <mkdir dir="target/test-resources/rampart_client_repo/modules" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/rampart_client_repo/modules/rampart-${project.version}.mar" />
+ <copy file="target/artifacts/rahas-${project.version}.mar" tofile="target/test-resources/rampart_client_repo/modules/rahas-${project.version}.mar" />
+ <copy file="target/artifacts/addressing-${axis2.version}.mar" tofile="target/test-resources/rampart_client_repo/modules/addressing-${axis2.version}.mar" />
+ <mkdir dir="target/test-resources/rampart_service_repo" />
+ <mkdir dir="target/test-resources/rampart_service_repo/conf" />
+ <mkdir dir="target/test-resources/rampart_service_repo/services" />
+ <mkdir dir="target/test-resources/rampart_service_repo/modules" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/rampart_service_repo/modules/rampart-${project.version}.mar" />
+ <copy file="target/artifacts/rahas-${project.version}.mar" tofile="target/test-resources/rampart_service_repo/modules/rahas-${project.version}.mar" />
+ <copy file="target/artifacts/addressing-${axis2.version}.mar" tofile="target/test-resources/rampart_service_repo/modules/addressing-${axis2.version}.mar" />
<!-- Service 1 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-1.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService1.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-1.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService1.aar" basedir="target/temp-ramp" />
<!-- Service 2 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-2.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService2.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-2.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService2.aar" basedir="target/temp-ramp" />
<!-- Service 3 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-3.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService3.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-3.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService3.aar" basedir="target/temp-ramp" />
<!-- Service 4 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-4.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService4.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-4.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService4.aar" basedir="target/temp-ramp" />
<!-- Service 5 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-5.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService5.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-5.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService5.aar" basedir="target/temp-ramp" />
<!-- Service 6 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-6.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService6.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-6.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService6.aar" basedir="target/temp-ramp" />
<!-- Service 7 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-7.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService7.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-7.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService7.aar" basedir="target/temp-ramp" />
<!-- Service 8 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-8.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService8.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-8.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService8.aar" basedir="target/temp-ramp" />
<!-- Service 9 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-9.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService9.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-9.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService9.aar" basedir="target/temp-ramp" />
<!-- Service 10 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-10.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService10.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-10.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService10.aar" basedir="target/temp-ramp" />
<!-- Service 11 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-11.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService11.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-11.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService11.aar" basedir="target/temp-ramp" />
<!-- Service 12 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-12.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService12.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-12.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService12.aar" basedir="target/temp-ramp" />
<!-- Service 13 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-13.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService13.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-13.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService13.aar" basedir="target/temp-ramp" />
<!-- Service 14 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-14.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService14.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-14.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService14.aar" basedir="target/temp-ramp" />
<!-- Service 15 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-15.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService15.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-15.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService15.aar" basedir="target/temp-ramp" />
<!-- Service 16 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-16.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService16.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-16.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService16.aar" basedir="target/temp-ramp" />
<!-- Service 17 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-17.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService17.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-17.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService17.aar" basedir="target/temp-ramp" />
<!-- Service 18 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-18.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService18.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-18.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService18.aar" basedir="target/temp-ramp" />
<!-- Service 19 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-19.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService19.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-19.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService19.aar" basedir="target/temp-ramp" />
<!-- Service 20 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-20.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService20.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-20.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService20.aar" basedir="target/temp-ramp" />
<!-- Service 21 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-21.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService21.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-21.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService21.aar" basedir="target/temp-ramp" />
<!-- Service 22 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-22.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService22.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-22.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService22.aar" basedir="target/temp-ramp" />
<!-- Service 23 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-23.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService23.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-23.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService23.aar" basedir="target/temp-ramp" />
<!-- Service 24 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-24.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService24.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-24.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService24.aar" basedir="target/temp-ramp" />
<!-- Service 25 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-25.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService25.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-25.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService25.aar" basedir="target/temp-ramp" />
<!-- Service 26 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-26.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService26.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-26.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService26.aar" basedir="target/temp-ramp" />
<!-- Service 27 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-27.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService27.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-27.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService27.aar" basedir="target/temp-ramp" />
<!-- Service 28 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-28.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService28.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-28.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService28.aar" basedir="target/temp-ramp" />
<!-- Service 29 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-29.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService29.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-29.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService29.aar" basedir="target/temp-ramp" />
<!-- Service 30 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-30.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService30.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-30.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService30.aar" basedir="target/temp-ramp" />
+
+ <!-- Service 31 -->
+ <copy overwrite="yes" file="src/test/resources/rampart/services-31.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService31.aar" basedir="target/temp-ramp" />
+
+ <!-- Service 32 -->
+ <copy overwrite="yes" file="src/test/resources/rampart/services-32.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService32.aar" basedir="target/temp-ramp" />
+
+ <!-- Service 33 -->
+ <copy overwrite="yes" file="src/test/resources/rampart/services-33.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService33.aar" basedir="target/temp-ramp" />
+
+ <!-- Service 34 -->
+ <copy overwrite="yes" file="src/test/resources/rampart/services-34.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService34.aar" basedir="target/temp-ramp" />
<!-- Service SC-1 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/issuer.properties"
- tofile="target/temp-ramp/issuer.properties"/>
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-sc-1.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC1.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/issuer.properties" tofile="target/temp-ramp/issuer.properties" />
+ <copy overwrite="yes" file="src/test/resources/rampart/services-sc-1.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC1.aar" basedir="target/temp-ramp" />
<!-- Service SC-2 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/issuer.properties"
- tofile="target/temp-ramp/issuer.properties"/>
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-sc-2.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC2.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/issuer.properties" tofile="target/temp-ramp/issuer.properties" />
+ <copy overwrite="yes" file="src/test/resources/rampart/services-sc-2.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC2.aar" basedir="target/temp-ramp" />
<!-- Service SC-3 -->
- <copy overwrite="yes"
- file="src/test/resources/rampart/issuer.properties"
- tofile="target/temp-ramp/issuer.properties"/>
- <copy overwrite="yes"
- file="src/test/resources/rampart/services-sc-3.xml"
- tofile="target/temp-ramp/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC3.aar"
- basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/issuer.properties" tofile="target/temp-ramp/issuer.properties" />
+ <copy overwrite="yes" file="src/test/resources/rampart/services-sc-3.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC3.aar" basedir="target/temp-ramp" />
+
+ <!-- Service SC-4 This is with standard secure conversation specification -->
+ <copy overwrite="yes" file="src/test/resources/rampart/issuer.properties" tofile="target/temp-ramp/issuer.properties"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-sc-4.xml" tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC4.aar" basedir="target/temp-ramp"/>
+
+ <!-- Service SC-5 This is with standard secure conversation specification -->
+ <copy overwrite="yes" file="src/test/resources/rampart/issuer.properties" tofile="target/temp-ramp/issuer.properties"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-sc-5.xml" tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC5.aar" basedir="target/temp-ramp"/>
+
+ <!-- Service SC-6 This is with standard secure conversation specification -->
+ <copy overwrite="yes" file="src/test/resources/rampart/issuer.properties" tofile="target/temp-ramp/issuer.properties"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/services-sc-6.xml" tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC6.aar" basedir="target/temp-ramp"/>
<!--
Set up the infra for rahas tests and the rahas client repo
-->
- <mkdir dir="target/temp-rahas"/>
- <mkdir dir="target/temp-rahas/META-INF"/>
- <copy overwrite="yes"
- file="target/classes/org/apache/rahas/Service.class"
- tofile="target/temp-rahas/org/apache/rahas/Service.class"/>
- <copy overwrite="yes"
- file="target/classes/org/apache/rahas/PWCallback.class"
- tofile="target/temp-rahas/org/apache/rahas/PWCallback.class"/>
+ <mkdir dir="target/temp-rahas" />
+ <mkdir dir="target/temp-rahas/META-INF" />
+ <copy overwrite="yes" file="target/classes/org/apache/rahas/Service.class" tofile="target/temp-rahas/org/apache/rahas/Service.class" />
+ <copy overwrite="yes" file="target/classes/org/apache/rahas/PWCallback.class" tofile="target/temp-rahas/org/apache/rahas/PWCallback.class" />
<copy overwrite="yes" todir="target/temp-rahas">
<fileset dir="src/test/resources/rahas">
- <include name="issuer.properties"/>
- <include name="rahas-sts.jks"/>
+ <include name="issuer.properties" />
+ <include name="rahas-sts.jks" />
</fileset>
</copy>
<!--path id="rahas.client.props" location="test-resources/rahas" -->
<!--addPath id="maven.dependency.classpath" refid="rahas.client.props"-->
- <mkdir dir="target/test-resources/rahas_client_repo"/>
- <mkdir dir="target/test-resources/rahas_client_repo/conf"/>
- <mkdir dir="target/test-resources/rahas_client_repo/modules"/>
- <copy file="target/artifacts/addressing-${axis2.version}.mar"
- tofile="target/test-resources/rahas_client_repo/modules/addressing-${axis2.version}.mar"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/rahas_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <mkdir dir="target/test-resources/rahas_client_repo" />
+ <mkdir dir="target/test-resources/rahas_client_repo/conf" />
+ <mkdir dir="target/test-resources/rahas_client_repo/modules" />
+ <copy file="target/artifacts/addressing-${axis2.version}.mar" tofile="target/test-resources/rahas_client_repo/modules/addressing-${axis2.version}.mar" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/rahas_client_repo/modules/rampart-${project.version}.mar" />
<!-- Rahas Test1: SAML Token test -->
- <mkdir dir="target/test-resources/rahas_service_repo_1"/>
- <mkdir dir="target/test-resources/rahas_service_repo_1/conf"/>
- <mkdir dir="target/test-resources/rahas_service_repo_1/services"/>
- <mkdir dir="target/test-resources/rahas_service_repo_1/modules"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/rahas_service_repo_1/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
- tofile="target/test-resources/rahas_service_repo_1/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${axis2.version}.mar"
- tofile="target/test-resources/rahas_service_repo_1/modules/addressing-${axis2.version}.mar"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_1" />
+ <mkdir dir="target/test-resources/rahas_service_repo_1/conf" />
+ <mkdir dir="target/test-resources/rahas_service_repo_1/services" />
+ <mkdir dir="target/test-resources/rahas_service_repo_1/modules" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/rahas_service_repo_1/modules/rampart-${project.version}.mar" />
+ <copy file="target/artifacts/rahas-${project.version}.mar" tofile="target/test-resources/rahas_service_repo_1/modules/rahas-${project.version}.mar" />
+ <copy file="target/artifacts/addressing-${axis2.version}.mar" tofile="target/test-resources/rahas_service_repo_1/modules/addressing-${axis2.version}.mar" />
<!-- copy the services.xml and create the aar -->
- <copy overwrite="yes"
- file="src/test/resources/rahas/s1-services.xml"
- tofile="target/temp-rahas/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rahas_service_repo_1/services/SecureService.aar"
- basedir="target/temp-rahas"/>
+ <copy overwrite="yes" file="src/test/resources/rahas/s1-services.xml" tofile="target/temp-rahas/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rahas_service_repo_1/services/SecureService.aar" basedir="target/temp-rahas" />
<!-- Rahas Test1: SAML Token test : END -->
<!--
Rahas Test 3 & 4: RahasSAMLTokenUTForHoKTest and RahasSAMLTokenUTForHoKV1205Test
-->
- <mkdir dir="target/test-resources/rahas_service_repo_3"/>
- <mkdir dir="target/test-resources/rahas_service_repo_3/conf"/>
- <mkdir dir="target/test-resources/rahas_service_repo_3/services"/>
- <mkdir dir="target/test-resources/rahas_service_repo_3/modules"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/rahas_service_repo_3/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
- tofile="target/test-resources/rahas_service_repo_3/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${axis2.version}.mar"
- tofile="target/test-resources/rahas_service_repo_3/modules/addressing-${axis2.version}.mar"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_3" />
+ <mkdir dir="target/test-resources/rahas_service_repo_3/conf" />
+ <mkdir dir="target/test-resources/rahas_service_repo_3/services" />
+ <mkdir dir="target/test-resources/rahas_service_repo_3/modules" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/rahas_service_repo_3/modules/rampart-${project.version}.mar" />
+ <copy file="target/artifacts/rahas-${project.version}.mar" tofile="target/test-resources/rahas_service_repo_3/modules/rahas-${project.version}.mar" />
+ <copy file="target/artifacts/addressing-${axis2.version}.mar" tofile="target/test-resources/rahas_service_repo_3/modules/addressing-${axis2.version}.mar" />
<!-- copy the services.xml and create the aar -->
- <copy overwrite="yes"
- file="src/test/resources/rahas/s3-services.xml"
- tofile="target/temp-rahas/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rahas_service_repo_3/services/SecureService.aar"
- basedir="target/temp-rahas"/>
+ <copy overwrite="yes" file="src/test/resources/rahas/s3-services.xml" tofile="target/temp-rahas/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rahas_service_repo_3/services/SecureService.aar" basedir="target/temp-rahas" />
<!--
Rahas Test 3 & 4: RahasSAMLTokenUTForHoKTest and RahasSAMLTokenUTForHoKV1205Test : END
-->
- <mkdir dir="target/test-resources/default_security_client_repo"/>
- <mkdir dir="target/test-resources/default_security_client_repo/conf"/>
- <mkdir dir="target/test-resources/default_security_client_repo/modules"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/default_security_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${axis2.version}.mar"
- tofile="target/test-resources/default_security_client_repo/modules/addressing-${axis2.version}.mar"/>
- <copy file="src/test/resources/conf/axis2.xml"
- tofile="target/test-resources/default_security_client_repo/conf/axis2.xml"/>
+ <mkdir dir="target/test-resources/default_security_client_repo" />
+ <mkdir dir="target/test-resources/default_security_client_repo/conf" />
+ <mkdir dir="target/test-resources/default_security_client_repo/modules" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/default_security_client_repo/modules/rampart-${project.version}.mar" />
+ <copy file="target/artifacts/addressing-${axis2.version}.mar" tofile="target/test-resources/default_security_client_repo/modules/addressing-${axis2.version}.mar" />
+ <copy file="src/test/resources/conf/axis2.xml" tofile="target/test-resources/default_security_client_repo/conf/axis2.xml" />
<!--
RahasSAMLTokenAttributeTest
-->
- <mkdir dir="target/test-resources/rahas_service_repo_5"/>
- <mkdir dir="target/test-resources/rahas_service_repo_5/conf"/>
- <mkdir dir="target/test-resources/rahas_service_repo_5/services"/>
- <mkdir dir="target/test-resources/rahas_service_repo_5/modules"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/rahas_service_repo_5/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
- tofile="target/test-resources/rahas_service_repo_5/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${axis2.version}.mar"
- tofile="target/test-resources/rahas_service_repo_5/modules/addressing-${axis2.version}.mar"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_5" />
+ <mkdir dir="target/test-resources/rahas_service_repo_5/conf" />
+ <mkdir dir="target/test-resources/rahas_service_repo_5/services" />
+ <mkdir dir="target/test-resources/rahas_service_repo_5/modules" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/rahas_service_repo_5/modules/rampart-${project.version}.mar" />
+ <copy file="target/artifacts/rahas-${project.version}.mar" tofile="target/test-resources/rahas_service_repo_5/modules/rahas-${project.version}.mar" />
+ <copy file="target/artifacts/addressing-${axis2.version}.mar" tofile="target/test-resources/rahas_service_repo_5/modules/addressing-${axis2.version}.mar" />
<!-- copy the services.xml and create the aar -->
- <copy overwrite="yes"
- file="src/test/resources/rahas/s5-services.xml"
- tofile="target/temp-rahas/META-INF/services.xml"/>
- <jar jarfile="target/test-resources/rahas_service_repo_5/services/SecureService.aar"
- basedir="target/temp-rahas"/>
+ <copy overwrite="yes" file="src/test/resources/rahas/s5-services.xml" tofile="target/temp-rahas/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rahas_service_repo_5/services/SecureService.aar" basedir="target/temp-rahas" />
<!--RahasAttributeTest END-->
<!-- Scenario 1 -->
- <mkdir dir="target/test-resources/scenario1_client_repo"/>
- <mkdir dir="target/test-resources/scenario1_client_repo/conf"/>
- <mkdir dir="target/test-resources/scenario1_client_repo/modules"/>
- <mkdir dir="target/test-resources/scenario1_client_repo/services"/>
- <mkdir dir="target/test-resources/scenario1_service_repo"/>
- <mkdir dir="target/test-resources/scenario1_service_repo/conf"/>
- <mkdir dir="target/test-resources/scenario1_service_repo/services"/>
- <mkdir dir="target/test-resources/scenario1_service_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario1_client_repo" />
+ <mkdir dir="target/test-resources/scenario1_client_repo/conf" />
+ <mkdir dir="target/test-resources/scenario1_client_repo/modules" />
+ <mkdir dir="target/test-resources/scenario1_client_repo/services" />
+ <mkdir dir="target/test-resources/scenario1_service_repo" />
+ <mkdir dir="target/test-resources/scenario1_service_repo/conf" />
+ <mkdir dir="target/test-resources/scenario1_service_repo/services" />
+ <mkdir dir="target/test-resources/scenario1_service_repo/modules" />
<!-- setup scenario 1 client repository-->
- <copy file="src/test/resources/security/s1.client.axis2.xml"
- tofile="target/test-resources/scenario1_client_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario1_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s1.client.axis2.xml" tofile="target/test-resources/scenario1_client_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario1_client_repo/modules/rampart-${project.version}.mar" />
<!-- setup scenario 1 service repository-->
- <copy file="src/test/resources/security/s1.service.axis2.xml"
- tofile="target/test-resources/scenario1_service_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario1_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s1.service.axis2.xml" tofile="target/test-resources/scenario1_service_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario1_service_repo/modules/rampart-${project.version}.mar" />
- <mkdir dir="target/temp-interop/META-INF"/>
+ <mkdir dir="target/temp-interop/META-INF" />
<!-- Create the .aar file -->
- <copy file="src/test/resources/security/s1.service.xml"
- tofile="target/temp-interop/META-INF/services.xml"
- overwrite="true"/>
- <jar jarfile="target/test-resources/scenario1_service_repo/services/PingPort.aar"
- basedir="target/temp-interop"/>
+ <copy file="src/test/resources/security/s1.service.xml" tofile="target/temp-interop/META-INF/services.xml" overwrite="true" />
+ <jar jarfile="target/test-resources/scenario1_service_repo/services/PingPort.aar" basedir="target/temp-interop" />
<!-- Scenario 2 - Setup the client and service repos -->
- <mkdir dir="target/test-resources/scenario2_client_repo"/>
- <mkdir dir="target/test-resources/scenario2_client_repo/conf"/>
- <mkdir dir="target/test-resources/scenario2_client_repo/modules"/>
- <mkdir dir="target/test-resources/scenario2_service_repo"/>
- <mkdir dir="target/test-resources/scenario2_service_repo/ conf"/>
- <mkdir dir="target/test-resources/scenario2_service_repo/services"/>
- <mkdir dir="target/test-resources/scenario2_service_repo/modules"/>
- <copy file="src/test/resources/security/s2.client.axis2.xml"
- tofile="target/test-resources/scenario2_client_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario2_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s2.service.axis2.xml"
- tofile="target/test-resources/scenario2_service_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario2_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s2.service.xml"
- tofile="target/temp-interop/META-INF/services.xml"
- overwrite="true"/>
- <jar jarfile="target/test-resources/scenario2_service_repo/services/PingPort.aar"
- basedir="target/temp-interop"/>
+ <mkdir dir="target/test-resources/scenario2_client_repo" />
+ <mkdir dir="target/test-resources/scenario2_client_repo/conf" />
+ <mkdir dir="target/test-resources/scenario2_client_repo/modules" />
+ <mkdir dir="target/test-resources/scenario2_service_repo" />
+ <mkdir dir="target/test-resources/scenario2_service_repo/ conf" />
+ <mkdir dir="target/test-resources/scenario2_service_repo/services" />
+ <mkdir dir="target/test-resources/scenario2_service_repo/modules" />
+ <copy file="src/test/resources/security/s2.client.axis2.xml" tofile="target/test-resources/scenario2_client_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario2_client_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s2.service.axis2.xml" tofile="target/test-resources/scenario2_service_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario2_service_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s2.service.xml" tofile="target/temp-interop/META-INF/services.xml" overwrite="true" />
+ <jar jarfile="target/test-resources/scenario2_service_repo/services/PingPort.aar" basedir="target/temp-interop" />
<!-- Scenario 2a - set up repos -->
- <mkdir dir="target/test-resources/scenario2a_client_repo"/>
- <mkdir dir="target/test-resources/scenario2a_client_repo/conf"/>
- <mkdir dir="target/test-resources/scenario2a_client_repo/modules"/>
- <mkdir dir="target/test-resources/scenario2a_service_repo"/>
- <mkdir dir="target/test-resources/scenario2a_service_repo/conf"/>
- <mkdir dir="target/test-resources/scenario2a_service_repo/services"/>
- <mkdir dir="target/test-resources/scenario2a_service_repo/modules"/>
- <copy file="src/test/resources/security/s2a.client.axis2.xml"
- tofile="target/test-resources/scenario2a_client_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario2a_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s2a.service.axis2.xml"
- tofile="target/test-resources/scenario2a_service_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario2a_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s2a.service.xml"
- tofile="target/temp-interop/META-INF/services.xml"
- overwrite="true"/>
- <jar jarfile="target/test-resources/scenario2a_service_repo/services/PingPort.aar"
- basedir="target/temp-interop"/>
+ <mkdir dir="target/test-resources/scenario2a_client_repo" />
+ <mkdir dir="target/test-resources/scenario2a_client_repo/conf" />
+ <mkdir dir="target/test-resources/scenario2a_client_repo/modules" />
+ <mkdir dir="target/test-resources/scenario2a_service_repo" />
+ <mkdir dir="target/test-resources/scenario2a_service_repo/conf" />
+ <mkdir dir="target/test-resources/scenario2a_service_repo/services" />
+ <mkdir dir="target/test-resources/scenario2a_service_repo/modules" />
+ <copy file="src/test/resources/security/s2a.client.axis2.xml" tofile="target/test-resources/scenario2a_client_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario2a_client_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s2a.service.axis2.xml" tofile="target/test-resources/scenario2a_service_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario2a_service_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s2a.service.xml" tofile="target/temp-interop/META-INF/services.xml" overwrite="true" />
+ <jar jarfile="target/test-resources/scenario2a_service_repo/services/PingPort.aar" basedir="target/temp-interop" />
<!-- Scenario 3 -->
- <mkdir dir="target/test-resources/scenario3_client_repo"/>
- <mkdir dir="target/test-resources/scenario3_client_repo/conf"/>
- <mkdir dir="target/test-resources/scenario3_client_repo/modules"/>
- <mkdir dir="target/test-resources/scenario3_service_repo"/>
- <mkdir dir="target/test-resources/scenario3_service_repo/conf"/>
- <mkdir dir="target/test-resources/scenario3_service_repo/services"/>
- <mkdir dir="target/test-resources/scenario3_service_repo/modules"/>
- <copy file="src/test/resources/security/s3.client.axis2.xml"
- tofile="target/test-resources/scenario3_client_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario3_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s3.service.axis2.xml"
- tofile="target/test-resources/scenario3_service_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario3_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s3.service.xml"
- tofile="target/temp-interop/META-INF/services.xml"
- overwrite="true"/>
- <jar jarfile="target/test-resources/scenario3_service_repo/services/PingPort.aar"
- basedir="target/temp-interop"/>
+ <mkdir dir="target/test-resources/scenario3_client_repo" />
+ <mkdir dir="target/test-resources/scenario3_client_repo/conf" />
+ <mkdir dir="target/test-resources/scenario3_client_repo/modules" />
+ <mkdir dir="target/test-resources/scenario3_service_repo" />
+ <mkdir dir="target/test-resources/scenario3_service_repo/conf" />
+ <mkdir dir="target/test-resources/scenario3_service_repo/services" />
+ <mkdir dir="target/test-resources/scenario3_service_repo/modules" />
+ <copy file="src/test/resources/security/s3.client.axis2.xml" tofile="target/test-resources/scenario3_client_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario3_client_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s3.service.axis2.xml" tofile="target/test-resources/scenario3_service_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario3_service_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s3.service.xml" tofile="target/temp-interop/META-INF/services.xml" overwrite="true" />
+ <jar jarfile="target/test-resources/scenario3_service_repo/services/PingPort.aar" basedir="target/temp-interop" />
<!-- Scenario 4 -->
- <mkdir dir="target/test-resources/scenario4_client_repo"/>
- <mkdir dir="target/test-resources/scenario4_client_repo/conf"/>
- <mkdir dir="target/test-resources/scenario4_client_repo/modules"/>
- <mkdir dir="target/test-resources/scenario4_service_repo"/>
- <mkdir dir="target/test-resources/scenario4_service_repo/conf"/>
- <mkdir dir="target/test-resources/scenario4_service_repo/services"/>
- <mkdir dir="target/test-resources/scenario4_service_repo/modules"/>
- <copy file="src/test/resources/security/s4.client.axis2.xml"
- tofile="target/test-resources/scenario4_client_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario4_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s4.service.axis2.xml"
- tofile="target/test-resources/scenario4_service_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario4_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s4.service.xml"
- tofile="target/temp-interop/META-INF/services.xml"
- overwrite="true"/>
- <jar jarfile="target/test-resources/scenario4_service_repo/services/PingPort.aar"
- basedir="target/temp-interop"/>
+ <mkdir dir="target/test-resources/scenario4_client_repo" />
+ <mkdir dir="target/test-resources/scenario4_client_repo/conf" />
+ <mkdir dir="target/test-resources/scenario4_client_repo/modules" />
+ <mkdir dir="target/test-resources/scenario4_service_repo" />
+ <mkdir dir="target/test-resources/scenario4_service_repo/conf" />
+ <mkdir dir="target/test-resources/scenario4_service_repo/services" />
+ <mkdir dir="target/test-resources/scenario4_service_repo/modules" />
+ <copy file="src/test/resources/security/s4.client.axis2.xml" tofile="target/test-resources/scenario4_client_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario4_client_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s4.service.axis2.xml" tofile="target/test-resources/scenario4_service_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario4_service_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s4.service.xml" tofile="target/temp-interop/META-INF/services.xml" overwrite="true" />
+ <jar jarfile="target/test-resources/scenario4_service_repo/services/PingPort.aar" basedir="target/temp-interop" />
<!-- Scenario 5 -->
- <mkdir dir="target/test-resources/scenario5_client_repo"/>
- <mkdir dir="target/test-resources/scenario5_client_repo/conf"/>
- <mkdir dir="target/test-resources/scenario5_client_repo/modules"/>
- <mkdir dir="target/test-resources/scenario5_service_repo"/>
- <mkdir dir="target/test-resources/scenario5_service_repo/conf"/>
- <mkdir dir="target/test-resources/scenario5_service_repo/services"/>
- <mkdir dir="target/test-resources/scenario5_service_repo/modules"/>
- <copy file="src/test/resources/security/s5.client.axis2.xml"
- tofile="target/test-resources/scenario5_client_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario5_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s5.service.axis2.xml"
- tofile="target/test-resources/scenario5_service_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario5_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s5.service.xml"
- tofile="target/temp-interop/META-INF/services.xml"
- overwrite="true"/>
- <jar jarfile="target/test-resources/scenario5_service_repo/services/PingPort.aar"
- basedir="target/temp-interop"/>
+ <mkdir dir="target/test-resources/scenario5_client_repo" />
+ <mkdir dir="target/test-resources/scenario5_client_repo/conf" />
+ <mkdir dir="target/test-resources/scenario5_client_repo/modules" />
+ <mkdir dir="target/test-resources/scenario5_service_repo" />
+ <mkdir dir="target/test-resources/scenario5_service_repo/conf" />
+ <mkdir dir="target/test-resources/scenario5_service_repo/services" />
+ <mkdir dir="target/test-resources/scenario5_service_repo/modules" />
+ <copy file="src/test/resources/security/s5.client.axis2.xml" tofile="target/test-resources/scenario5_client_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario5_client_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s5.service.axis2.xml" tofile="target/test-resources/scenario5_service_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario5_service_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s5.service.xml" tofile="target/temp-interop/META-INF/services.xml" overwrite="true" />
+ <jar jarfile="target/test-resources/scenario5_service_repo/services/PingPort.aar" basedir="target/temp-interop" />
<!-- Scenario 6 -->
- <mkdir dir="target/test-resources/scenario6_client_repo"/>
- <mkdir dir="target/test-resources/scenario6_client_repo/conf"/>
- <mkdir dir="target/test-resources/scenario6_client_repo/modules"/>
- <mkdir dir="target/test-resources/scenario6_service_repo"/>
- <mkdir dir="target/test-resources/scenario6_service_repo/conf"/>
- <mkdir dir="target/test-resources/scenario6_service_repo/services"/>
- <mkdir dir="target/test-resources/scenario6_service_repo/modules"/>
- <copy file="src/test/resources/security/s6.client.axis2.xml"
- tofile="target/test-resources/scenario6_client_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario6_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s6.service.axis2.xml"
- tofile="target/test-resources/scenario6_service_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario6_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s6.service.xml"
- tofile="target/temp-interop/META-INF/services.xml"
- overwrite="true"/>
- <jar jarfile="target/test-resources/scenario6_service_repo/services/PingPort.aar"
- basedir="target/temp-interop"/>
+ <mkdir dir="target/test-resources/scenario6_client_repo" />
+ <mkdir dir="target/test-resources/scenario6_client_repo/conf" />
+ <mkdir dir="target/test-resources/scenario6_client_repo/modules" />
+ <mkdir dir="target/test-resources/scenario6_service_repo" />
+ <mkdir dir="target/test-resources/scenario6_service_repo/conf" />
+ <mkdir dir="target/test-resources/scenario6_service_repo/services" />
+ <mkdir dir="target/test-resources/scenario6_service_repo/modules" />
+ <copy file="src/test/resources/security/s6.client.axis2.xml" tofile="target/test-resources/scenario6_client_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario6_client_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s6.service.axis2.xml" tofile="target/test-resources/scenario6_service_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario6_service_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s6.service.xml" tofile="target/temp-interop/META-INF/services.xml" overwrite="true" />
+ <jar jarfile="target/test-resources/scenario6_service_repo/services/PingPort.aar" basedir="target/temp-interop" />
<!-- Scenario 7 -->
- <mkdir dir="target/test-resources/scenario7_client_repo"/>
- <mkdir dir="target/test-resources/scenario7_client_repo/conf"/>
- <mkdir dir="target/test-resources/scenario7_client_repo/modules"/>
- <mkdir dir="target/test-resources/scenario7_service_repo"/>
- <mkdir dir="target/test-resources/scenario7_service_repo/conf"/>
- <mkdir dir="target/test-resources/scenario7_service_repo/services"/>
- <mkdir dir="target/test-resources/scenario7_service_repo/modules"/>
- <copy file="src/test/resources/security/s7.client.axis2.xml"
- tofile="target/test-resources/scenario7_client_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario7_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s7.service.axis2.xml"
- tofile="target/test-resources/scenario7_service_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenario7_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/s7.service.xml"
- tofile="target/temp-interop/META-INF/services.xml"
- overwrite="true"/>
- <jar jarfile="target/test-resources/scenario7_service_repo/services/PingPort.aar"
- basedir="target/temp-interop"/>
+ <mkdir dir="target/test-resources/scenario7_client_repo" />
+ <mkdir dir="target/test-resources/scenario7_client_repo/conf" />
+ <mkdir dir="target/test-resources/scenario7_client_repo/modules" />
+ <mkdir dir="target/test-resources/scenario7_service_repo" />
+ <mkdir dir="target/test-resources/scenario7_service_repo/conf" />
+ <mkdir dir="target/test-resources/scenario7_service_repo/services" />
+ <mkdir dir="target/test-resources/scenario7_service_repo/modules" />
+ <copy file="src/test/resources/security/s7.client.axis2.xml" tofile="target/test-resources/scenario7_client_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario7_client_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s7.service.axis2.xml" tofile="target/test-resources/scenario7_service_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenario7_service_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/s7.service.xml" tofile="target/temp-interop/META-INF/services.xml" overwrite="true" />
+ <jar jarfile="target/test-resources/scenario7_service_repo/services/PingPort.aar" basedir="target/temp-interop" />
<!-- Scenario ST1 -->
- <mkdir dir="target/test-resources/scenarioST1_client_repo"/>
- <mkdir dir="target/test-resources/scenarioST1_client_repo/conf"/>
- <mkdir dir="target/test-resources/scenarioST1_client_repo/modules"/>
- <mkdir dir="target/test-resources/scenarioST1_service_repo"/>
- <mkdir dir="target/test-resources/scenarioST1_service_repo/conf"/>
- <mkdir dir="target/test-resources/scenarioST1_service_repo/services"/>
- <mkdir dir="target/test-resources/scenarioST1_service_repo/modules"/>
- <copy file="src/test/resources/security/sST1.client.axis2.xml"
- tofile="target/test-resources/scenarioST1_client_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenarioST1_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/sST1.service.axis2.xml"
- tofile="target/test-resources/scenarioST1_service_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/scenarioST1_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/sST1.service.xml"
- tofile="target/temp-interop/META-INF/services.xml"
- overwrite="true"/>
- <jar jarfile="target/test-resources/scenarioST1_service_repo/services/PingPort.aar"
- basedir="target/temp-interop"/>
+ <mkdir dir="target/test-resources/scenarioST1_client_repo" />
+ <mkdir dir="target/test-resources/scenarioST1_client_repo/conf" />
+ <mkdir dir="target/test-resources/scenarioST1_client_repo/modules" />
+ <mkdir dir="target/test-resources/scenarioST1_service_repo" />
+ <mkdir dir="target/test-resources/scenarioST1_service_repo/conf" />
+ <mkdir dir="target/test-resources/scenarioST1_service_repo/services" />
+ <mkdir dir="target/test-resources/scenarioST1_service_repo/modules" />
+ <copy file="src/test/resources/security/sST1.client.axis2.xml" tofile="target/test-resources/scenarioST1_client_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenarioST1_client_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/sST1.service.axis2.xml" tofile="target/test-resources/scenarioST1_service_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/scenarioST1_service_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/sST1.service.xml" tofile="target/temp-interop/META-INF/services.xml" overwrite="true" />
+ <jar jarfile="target/test-resources/scenarioST1_service_repo/services/PingPort.aar" basedir="target/temp-interop" />
<!-- MTOM Optimized Security Test -->
- <mkdir dir="target/test-resources/mtom_sec_client_repo"/>
- <mkdir dir="target/test-resources/mtom_sec_client_repo/conf"/>
- <mkdir dir="target/test-resources/mtom_sec_client_repo/modules"/>
- <mkdir dir="target/test-resources/mtom_sec_service_repo"/>
- <mkdir dir="target/test-resources/mtom_sec_service_repo/conf"/>
- <mkdir dir="target/test-resources/mtom_sec_service_repo/services"/>
- <mkdir dir="target/test-resources/mtom_sec_service_repo/modules"/>
- <copy file="src/test/resources/security/secMtom.client.axis2.xml"
- tofile="target/test-resources/mtom_sec_client_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/mtom_sec_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/secMtom.service.axis2.xml"
- tofile="target/test-resources/mtom_sec_service_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/mtom_sec_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="src/test/resources/security/secMtom.service.xml"
- tofile="target/temp-interop/META-INF/services.xml"
- overwrite="true"/>
- <jar jarfile="target/test-resources/mtom_sec_service_repo/services/PingPort.aar"
- basedir="target/temp-interop"/>
+ <mkdir dir="target/test-resources/mtom_sec_client_repo" />
+ <mkdir dir="target/test-resources/mtom_sec_client_repo/conf" />
+ <mkdir dir="target/test-resources/mtom_sec_client_repo/modules" />
+ <mkdir dir="target/test-resources/mtom_sec_service_repo" />
+ <mkdir dir="target/test-resources/mtom_sec_service_repo/conf" />
+ <mkdir dir="target/test-resources/mtom_sec_service_repo/services" />
+ <mkdir dir="target/test-resources/mtom_sec_service_repo/modules" />
+ <copy file="src/test/resources/security/secMtom.client.axis2.xml" tofile="target/test-resources/mtom_sec_client_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/mtom_sec_client_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/secMtom.service.axis2.xml" tofile="target/test-resources/mtom_sec_service_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/mtom_sec_service_repo/modules/rampart-${project.version}.mar" />
+ <copy file="src/test/resources/security/secMtom.service.xml" tofile="target/temp-interop/META-INF/services.xml" overwrite="true" />
+ <jar jarfile="target/test-resources/mtom_sec_service_repo/services/PingPort.aar" basedir="target/temp-interop" />
<!-- Test with addressing and MTOM -->
- <mkdir dir="target/test-resources/complete_client_repo"/>
- <mkdir dir="target/test-resources/complete_client_repo/conf"/>
- <mkdir dir="target/test-resources/complete_client_repo/modules"/>
- <mkdir dir="target/test-resources/complete_service_repo"/>
- <mkdir dir="target/test-resources/complete_service_repo/conf"/>
- <mkdir dir="target/test-resources/complete_service_repo/services"/>
- <mkdir dir="target/test-resources/complete_service_repo/modules"/>
+ <mkdir dir="target/test-resources/complete_client_repo" />
+ <mkdir dir="target/test-resources/complete_client_repo/conf" />
+ <mkdir dir="target/test-resources/complete_client_repo/modules" />
+ <mkdir dir="target/test-resources/complete_service_repo" />
+ <mkdir dir="target/test-resources/complete_service_repo/conf" />
+ <mkdir dir="target/test-resources/complete_service_repo/services" />
+ <mkdir dir="target/test-resources/complete_service_repo/modules" />
<!-- Test with addressing and MTOM client repository-->
- <copy file="src/test/resources/security/complete.client.axis2.xml"
- tofile="target/test-resources/complete_client_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/complete_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${axis2.version}.mar"
- tofile="target/test-resources/complete_client_repo/modules/addressing-${axis2.version}.mar"/>
+ <copy file="src/test/resources/security/complete.client.axis2.xml" tofile="target/test-resources/complete_client_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/complete_client_repo/modules/rampart-${project.version}.mar" />
+ <copy file="target/artifacts/addressing-${axis2.version}.mar" tofile="target/test-resources/complete_client_repo/modules/addressing-${axis2.version}.mar" />
<!-- Test with addressing and MTOMservice repository-->
- <copy file="src/test/resources/security/complete.service.axis2.xml"
- tofile="target/test-resources/complete_service_repo/conf/axis2.xml"/>
- <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
- tofile="target/test-resources/complete_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${axis2.version}.mar"
- tofile="target/test-resources/complete_service_repo/modules/addressing-${axis2.version}.mar"/>
- <copy file="src/test/resources/security/complete.service.xml"
- tofile="target/temp-interop/META-INF/services.xml"
- overwrite="true"/>
+ <copy file="src/test/resources/security/complete.service.axis2.xml" tofile="target/test-resources/complete_service_repo/conf/axis2.xml" />
+ <copy file="target/artifacts/rampart-${project.version}.mar" tofile="target/test-resources/complete_service_repo/modules/rampart-${project.version}.mar" />
+ <copy file="target/artifacts/addressing-${axis2.version}.mar" tofile="target/test-resources/complete_service_repo/modules/addressing-${axis2.version}.mar" />
+ <copy file="src/test/resources/security/complete.service.xml" tofile="target/temp-interop/META-INF/services.xml" overwrite="true" />
<!-- Create the .aar file -->
- <jar jarfile="target/test-resources/complete_service_repo/services/PingPort.aar"
- basedir="target/temp-interop"/>
+ <jar jarfile="target/test-resources/complete_service_repo/services/PingPort.aar" basedir="target/temp-interop" />
</tasks>
</configuration>
<goals>
@@ -745,6 +577,13 @@
</execution>
</executions>
</plugin-->
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <!-- Add the Xerces/Xalan versions expected by OpenSAML to the boot classpath so that the build succeeds on older 1.5 JDKs -->
+ <argLine>-Xbootclasspath/p:${project.build.directory}/endorsed/xml-apis.jar${path.separator}${project.build.directory}/endorsed/xercesImpl.jar${path.separator}${project.build.directory}/endorsed/resolver.jar${path.separator}${project.build.directory}/endorsed/serializer.jar${path.separator}${project.build.directory}/endorsed/xalan.jar</argLine>
+ </configuration>
+ </plugin>
</plugins>
</build>
@@ -752,17 +591,17 @@
<dependency>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-policy</artifactId>
- <version>${pom.version}</version>
+ <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-trust</artifactId>
- <version>${pom.version}</version>
+ <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-core</artifactId>
- <version>${pom.version}</version>
+ <version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.axis2</groupId>
@@ -795,6 +634,14 @@
<version>${junit.version}</version>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </dependency>
</dependencies>
<reporting>
@@ -802,9 +649,10 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
+ <version>2.0-beta-5</version>
<configuration>
<templateDirectory>${basedir}</templateDirectory>
- <menu ref="parent"/>
+ <menu ref="parent" />
</configuration>
</plugin>
</plugins>
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java
index a6478e2..1adfb5c 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java
@@ -7,7 +7,6 @@ import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.neethi.Policy;
import org.apache.ws.secpolicy.SP11Constants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;/*
* Copyright 2004,2005 The Apache Software Foundation.
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java
index 8bd0334..cdf406d 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java
@@ -23,7 +23,6 @@ import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.neethi.Policy;
import org.apache.ws.secpolicy.SP11Constants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
public class RahasSAML2TokenTest extends TestClient{
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenUTForBearerTest.java
similarity index 57%
copy from modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
copy to modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenUTForBearerTest.java
index e9b9bcc..80a2989 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenUTForBearerTest.java
@@ -23,18 +23,28 @@ import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP11Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import java.io.ByteArrayInputStream;
+import java.util.List;
/**
*
* @author Ruchith Fernando (ruchith.fernando@gmail.com)
*/
-public class RahasSAMLTokenUTForBearerTest extends TestClient {
+public class RahasSAML2TokenUTForBearerTest extends TestClient {
- public RahasSAMLTokenUTForBearerTest(String name) {
+ public RahasSAML2TokenUTForBearerTest(String name) {
super(name);
}
@@ -43,15 +53,15 @@ public class RahasSAMLTokenUTForBearerTest extends TestClient {
OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
- tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
-
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_20);
+
TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
rstElem, RahasConstants.KEY_TYPE_BEARER);
TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
-
+
return rstElem;
-
+
} catch (Exception e) {
throw new RuntimeException(e);
}
@@ -70,7 +80,7 @@ public class RahasSAMLTokenUTForBearerTest extends TestClient {
InflowConfiguration ifc = new InflowConfiguration();
ifc.setActionItems("Timestamp");
-
+
return ifc;
}
@@ -87,8 +97,21 @@ public class RahasSAMLTokenUTForBearerTest extends TestClient {
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
- assertNotNull("Missing SAML Assertoin", elem);
+
+ OMElement elem = rst.getFirstChildWithName(new QName(
+ "urn:oasis:names:tc:SAML:2.0:assertion", "Assertion"));
+ assertNotNull("Missing SAML Assertion", elem);
+
+ Assertion assertion = getAssertionObjectFromOMElement(elem);
+ Subject subject = assertion.getSubject();
+ assertNotNull("SAML Subject of the assertion cannot be null", subject);
+
+ List<SubjectConfirmation> subjectConfirmations = subject.getSubjectConfirmations();
+ assertNotNull("At least one Subject Confirmation should be present in the SAML Subject",
+ subjectConfirmations.get(0));
+ assertEquals("Subject Confirmation should be BEARER : urn:oasis:names:tc:SAML:2.0:cm:bearer",
+ RahasConstants.SAML20_SUBJECT_CONFIRMATION_BEARER,
+ subjectConfirmations.get(0).getMethod());
}
/* (non-Javadoc)
@@ -111,14 +134,41 @@ public class RahasSAMLTokenUTForBearerTest extends TestClient {
public OMElement getRSTTemplate() throws TrustException {
OMFactory factory = OMAbstractFactory.getOMFactory();
OMElement elem = factory.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
-
- TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
- TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_BEARER);
-
+
+ TrustUtil.createTokenTypeElement(
+ RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_20);
+ TrustUtil.createKeyTypeElement(
+ RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_BEARER);
+
return elem;
}
-
+
public int getTrstVersion() {
return RahasConstants.VERSION_05_02;
}
+
+ /**
+ * Build the SAML Assertion object from the OMElement for the ease of processing
+ * @param omElement OMElement containing the SAML Assertion
+ * @return Assertion object
+ */
+ private Assertion getAssertionObjectFromOMElement(OMElement omElement){
+ Assertion assertion = null;
+ try {
+ DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+ documentBuilderFactory.setNamespaceAware(true);
+ DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
+ Document document = docBuilder.parse(new ByteArrayInputStream(omElement.toString().getBytes()));
+ Element element = document.getDocumentElement();
+ UnmarshallerFactory unmarshallerFactory = Configuration
+ .getUnmarshallerFactory();
+ Unmarshaller unmarshaller = unmarshallerFactory
+ .getUnmarshaller(element);
+ assertion = (org.opensaml.saml2.core.Assertion) unmarshaller
+ .unmarshall(element);
+ } catch (Exception e){
+ e.printStackTrace();
+ }
+ return assertion;
+ }
}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java
index 6e87267..7579887 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java
@@ -9,8 +9,6 @@ import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP11Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
public class RahasSAMLTokenAttributeTest extends TestClient{
@@ -67,7 +65,7 @@ public class RahasSAMLTokenAttributeTest extends TestClient{
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java
index 5fed698..45946e5 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java
@@ -19,13 +19,10 @@ package org.apache.rahas;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
-import org.apache.rahas.PWCallback;
import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP11Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
@@ -94,7 +91,7 @@ public class RahasSAMLTokenCertForHoKTest extends TestClient {
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
@@ -135,5 +132,4 @@ public class RahasSAMLTokenCertForHoKTest extends TestClient {
return RahasConstants.VERSION_05_02;
}
-
}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java
index d5b2596..f01ffc4 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java
@@ -24,9 +24,7 @@ import org.apache.rampart.handler.WSSHandlerConstants;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP12Constants;
-import org.apache.ws.secpolicy.SPConstants;
import org.apache.xml.security.encryption.XMLCipher;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
@@ -114,7 +112,7 @@ public class RahasSAMLTokenCertForHoKV1205Test extends TestClient {
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java
index 9d20d41..efd1f83 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java
@@ -19,13 +19,10 @@ package org.apache.rahas;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
-import org.apache.rahas.PWCallback;
import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP11Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
@@ -88,7 +85,7 @@ public class RahasSAMLTokenTest extends TestClient {
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
index e9b9bcc..df2433c 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
@@ -23,10 +23,21 @@ import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP11Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
+import org.opensaml.Configuration;
+import org.opensaml.saml1.core.Assertion;
+import org.opensaml.saml1.core.AuthenticationStatement;
+import org.opensaml.saml1.core.ConfirmationMethod;
+import org.opensaml.saml1.core.SubjectStatement;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import java.io.ByteArrayInputStream;
+import java.util.List;
/**
*
@@ -87,8 +98,23 @@ public class RahasSAMLTokenUTForBearerTest extends TestClient {
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
- assertNotNull("Missing SAML Assertoin", elem);
+
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertion", elem);
+
+ Assertion assertion = getAssertionObjectFromOMElement(elem);
+ List<AuthenticationStatement> authStmts = assertion.getAuthenticationStatements();
+ assertNotNull("At least one Authentication Statement should be present in the assertion",
+ authStmts.get(0));
+
+ SubjectStatement authStmt = authStmts.get(0);
+ List<ConfirmationMethod> subConfirmationMethods = authStmt.getSubject().
+ getSubjectConfirmation().getConfirmationMethods();
+ assertNotNull("At least one Subject Confirmation method should be present in the SAML Subject",
+ subConfirmationMethods.get(0));
+ assertEquals("Subject Confirmation should be BEARER : urn:oasis:names:tc:SAML:1.0:cm:bearer",
+ RahasConstants.SAML11_SUBJECT_CONFIRMATION_BEARER,
+ subConfirmationMethods.get(0).getConfirmationMethod());
}
/* (non-Javadoc)
@@ -121,4 +147,29 @@ public class RahasSAMLTokenUTForBearerTest extends TestClient {
public int getTrstVersion() {
return RahasConstants.VERSION_05_02;
}
+
+ /**
+ * Build the SAML Assertion object from the OMElement for the ease of processing
+ * @param omElement OMElement containing the SAML Assertion
+ * @return Assertion object
+ */
+ private Assertion getAssertionObjectFromOMElement(OMElement omElement){
+ Assertion assertion = null;
+ try {
+ DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+ documentBuilderFactory.setNamespaceAware(true);
+ DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
+ Document document = docBuilder.parse(new ByteArrayInputStream(omElement.toString().getBytes()));
+ Element element = document.getDocumentElement();
+ UnmarshallerFactory unmarshallerFactory = Configuration
+ .getUnmarshallerFactory();
+ Unmarshaller unmarshaller = unmarshallerFactory
+ .getUnmarshaller(element);
+ assertion = (org.opensaml.saml1.core.Assertion) unmarshaller
+ .unmarshall(element);
+ } catch (Exception e){
+ e.printStackTrace();
+ }
+ return assertion;
+ }
}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java
index 68aa800..9a93afc 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java
@@ -23,8 +23,6 @@ import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP12Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
@@ -90,7 +88,7 @@ public class RahasSAMLTokenUTForBearerV1205Test extends TestClient {
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java
index e3fa9cc..677c10e 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java
@@ -23,8 +23,6 @@ import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP11Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
@@ -83,7 +81,7 @@ public class RahasSAMLTokenUTForHoKTest extends TestClient {
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
index 5decbeb..9af8b92 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
@@ -26,10 +26,8 @@ import org.apache.neethi.Policy;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP12Constants;
-import org.apache.ws.secpolicy.SPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.util.WSSecurityUtil;
-import org.opensaml.XML;
public class RahasSAMLTokenUTForHoKV1205Test extends TestClient {
@@ -105,7 +103,7 @@ public class RahasSAMLTokenUTForHoKV1205Test extends TestClient {
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
//Uncomment for inteorp - START
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java
index 4c704d3..9a3a9a7 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java
@@ -20,12 +20,9 @@ import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.neethi.Policy;
-import org.apache.rahas.PWCallback;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
import org.apache.ws.secpolicy.SP12Constants;
-import org.apache.ws.secpolicy.SPConstants;
-import org.opensaml.XML;
import javax.xml.namespace.QName;
@@ -92,7 +89,7 @@ public class RahasSAMLTokenV1205Test extends TestClient {
RahasConstants.IssuanceBindingLocalNames.
REQUESTED_SECURITY_TOKEN));
assertNotNull("RequestedSecurityToken missing", rst);
- OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ OMElement elem = rst.getFirstChildWithName(new QName(RahasConstants.SAML_NS, "Assertion"));
assertNotNull("Missing SAML Assertoin", elem);
}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java b/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java
index afedce4..bd987e7 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java
@@ -1,30 +1,32 @@
package org.apache.rahas;
-import java.util.Arrays;
-
-import org.apache.rahas.impl.util.SAMLAttributeCallback;
-import org.apache.rahas.impl.util.SAMLCallback;
-import org.apache.rahas.impl.util.SAMLCallbackHandler;
-import org.apache.rahas.impl.util.SAMLNameIdentifierCallback;
-import org.opensaml.SAMLAttribute;
-import org.opensaml.SAMLException;
-import org.opensaml.SAMLNameIdentifier;
+import org.apache.rahas.impl.util.*;
+import org.opensaml.common.SAMLException;
+import org.opensaml.saml1.core.Attribute;
+import org.opensaml.saml1.core.NameIdentifier;
public class SAMLDataProvider implements SAMLCallbackHandler{
- public void handle(SAMLCallback callback) throws SAMLException{
+ public void handle(SAMLCallback callback) throws SAMLException {
if(callback.getCallbackType() == SAMLCallback.ATTR_CALLBACK){
SAMLAttributeCallback cb = (SAMLAttributeCallback)callback;
- SAMLAttribute attribute = new SAMLAttribute("Name",
- "https://rahas.apache.org/saml/attrns", null, -1, Arrays
- .asList(new String[] { "Custom/Rahas" }));
- cb.addAttributes(attribute);
+
+ try {
+ Attribute attribute = SAMLUtils.createAttribute("Name", "https://rahas.apache.org/saml/attrns", "Custom/Rahas");
+ cb.addAttributes(attribute);
+ } catch (TrustException e) {
+ throw new SAMLException("Error creating attribute", e);
+ }
+
}else if(callback.getCallbackType() == SAMLCallback.NAME_IDENTIFIER_CALLBACK){
SAMLNameIdentifierCallback cb = (SAMLNameIdentifierCallback)callback;
- SAMLNameIdentifier nameId = new SAMLNameIdentifier(
- "David", null, SAMLNameIdentifier.FORMAT_EMAIL);
- cb.setNameId(nameId);
+ try {
+ NameIdentifier nameId = SAMLUtils.createNamedIdentifier("David", NameIdentifier.EMAIL);
+ cb.setNameId(nameId);
+ } catch (TrustException e) {
+ throw new SAMLException("Error creating name identifier", e);
+ }
}
}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
index 8b0b84f..bd8e5bc 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
@@ -16,32 +16,44 @@
package org.apache.rampart;
+import junit.framework.TestCase;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
-import org.apache.axis2.Constants;
+import org.apache.axiom.om.util.AXIOMUtil;
+import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.context.ServiceContext;
-import org.apache.axis2.context.MessageContext;
import org.apache.axis2.integration.UtilServer;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
-import org.apache.ws.security.handler.WSHandlerConstants;
-import junit.framework.TestCase;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
public class RampartTest extends TestCase {
public final static int PORT = UtilServer.TESTING_PORT;
+ private static ResourceBundle resources;
+
+ static {
+ try {
+ resources = ResourceBundle.getBundle("org.apache.rampart.errors");
+ } catch (MissingResourceException e) {
+ throw new RuntimeException(e.getMessage());
+ }
+ }
+
public RampartTest(String name) {
super(name);
}
@@ -55,29 +67,36 @@ public class RampartTest extends TestCase {
UtilServer.stop();
}
-
+ private ServiceClient getServiceClientInstance() throws AxisFault {
+
+ String repository = Constants.TESTING_PATH + "rampart_client_repo";
+
+ ConfigurationContext configContext = ConfigurationContextFactory.
+ createConfigurationContextFromFileSystem(repository, null);
+ ServiceClient serviceClient = new ServiceClient(configContext, null);
+
+
+ serviceClient.engageModule("addressing");
+ serviceClient.engageModule("rampart");
+
+ return serviceClient;
+
+ }
+
public void testWithPolicy() {
try {
- String repo = Constants.TESTING_PATH + "rampart_client_repo";
-
- ConfigurationContext configContext = ConfigurationContextFactory.
- createConfigurationContextFromFileSystem(repo, null);
- ServiceClient serviceClient = new ServiceClient(configContext, null);
-
-
- serviceClient.engageModule("addressing");
- serviceClient.engageModule("rampart");
+ ServiceClient serviceClient = getServiceClientInstance();
//TODO : figure this out !!
- boolean basic256Supported = true;
+ boolean basic256Supported = false;
if(basic256Supported) {
System.out.println("\nWARNING: We are using key sizes from JCE " +
"Unlimited Strength Jurisdiction Policy !!!");
}
- for (int i = 1; i <= 30; i++) { //<-The number of tests we have
+ for (int i = 1; i <= 34; i++) { //<-The number of tests we have
if(!basic256Supported && (i == 3 || i == 4 || i == 5)) {
//Skip the Basic256 tests
continue;
@@ -106,19 +125,45 @@ public class RampartTest extends TestCase {
context.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy("/rampart/policy/" + i + ".xml"));
serviceClient.setOptions(options);
-
- // Invoking the serive in the TestCase-28 should fail. So handling it differently..
- if (i == 28) {
+
+ if (i == 31) {
+ OMNamespace omNamespace = OMAbstractFactory.getOMFactory().createOMNamespace(
+ "http://sample.com", "myNs");
+ SOAPHeaderBlock header = OMAbstractFactory.getSOAP12Factory()
+ .createSOAPHeaderBlock("VitalHeader", omNamespace);
+ header.addChild(AXIOMUtil.stringToOM("<foo>This is a sample Header</foo>"));
+ serviceClient.addHeader(header);
+ }
+
+ // Invoking the service in the TestCase-28 should fail. So handling it differently..
+ if (i == 28 || i == 34) {
try {
+
//Blocking invocation
serviceClient.sendReceive(getOMElement());
- fail("Service Should throw an error..");
+
+ String message = "";
+
+ if (i == 34) {
+ message = "Test case 34 should fail. We are running the service in symmetric binding mode " +
+ "and client in asymmetric binding mode. Therefore test case 34 should fail.";
+ }
+
+ fail("Service Should throw an error - " + message);
} catch (AxisFault axisFault) {
- assertEquals("Expected encrypted part missing", axisFault.getMessage());
+
+ if (i == 28) {
+ assertEquals(resources.getString("encryptionMissing"), axisFault.getMessage());
+ } else if (i == 34) {
+ // TODO this is failing in build server
+ // Need to find the exact cause
+ //assertEquals(resources.getString("invalidSignatureAlgo"), axisFault.getMessage());
+ System.out.println(axisFault.getMessage());
+ }
+
}
}
-
else{
//Blocking invocation
serviceClient.sendReceive(getEchoElement());
@@ -160,9 +205,9 @@ public class RampartTest extends TestCase {
}
- for (int i = 1; i <= 3; i++) { //<-The number of tests we have
+ for (int i = 1; i <= 6; i++) { //<-The number of tests we have
- if (i == 2 || i == 3) {
+ if (i == 3 || i == 6) {
continue; // Can't test Transport binding scenarios with Simple HTTP Server
}
@@ -170,6 +215,10 @@ public class RampartTest extends TestCase {
System.out.println("Testing WS-SecConv: custom scenario " + i);
options.setAction("urn:echo");
options.setTo(new EndpointReference("http://127.0.0.1:" + PORT + "/axis2/services/SecureServiceSC" + i));
+
+ //Create a new service client instance for each secure conversation scenario
+ serviceClient = getServiceClientInstance();
+
serviceClient.getServiceContext().setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("/rampart/policy/sc-" + i + ".xml"));
serviceClient.setOptions(options);
@@ -185,6 +234,8 @@ public class RampartTest extends TestCase {
serviceClient.sendReceive(getEchoElement());
options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_TRUE);
serviceClient.sendReceive(getEchoElement());
+ serviceClient.cleanupTransport();
+
}
} catch (Exception e) {
diff --git a/modules/rampart-integration/src/test/java/commons-logging.properties b/modules/rampart-integration/src/test/resources/log4j.properties
old mode 100755
new mode 100644
similarity index 57%
rename from modules/rampart-integration/src/test/java/commons-logging.properties
rename to modules/rampart-integration/src/test/resources/log4j.properties
index 1e570d6..8a80313
--- a/modules/rampart-integration/src/test/java/commons-logging.properties
+++ b/modules/rampart-integration/src/test/resources/log4j.properties
@@ -1,30 +1,25 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-# This is the logging properties that goes to the war, there are two logging conf kept at the
-# svn, one for developement (one at src/test-resources) and other for producation
-
-# Uncomment the next line to disable all logging.
-#org.apache.commons.logging.Log=org.apache.commons.logging.impl.NoOpLog
-
-# Uncomment the next line to enable the simple log based logging
-#org.apache.commons.logging.Log=org.apache.commons.logging.impl.SimpleLog
-
-# Uncomment the next line to enable log4j based logging
-org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+log4j.rootCategory=ERROR, CONSOLE
+
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d %-5p %c - %m%n
+
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/16.xml b/modules/rampart-integration/src/test/resources/rampart/policy/16.xml
index 4e1a484..9c4fd9d 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/16.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/16.xml
@@ -37,10 +37,10 @@
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Policy>
+ <wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
- </sp:Policy>
+ </wsp:Policy>
</sp:Wss10>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy/>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/3.xml b/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
index 897b4bc..cf7fa6f 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic128/>
+ <sp:Basic256Sha256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/30.xml b/modules/rampart-integration/src/test/resources/rampart/policy/30.xml
index be544e6..507b92e 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/30.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/30.xml
@@ -40,10 +40,10 @@
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10>
- <sp:Policy>
+ <wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
- </sp:Policy>
+ </wsp:Policy>
</sp:Wss10>
<sp:EncryptedElements>
<sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/3.xml b/modules/rampart-integration/src/test/resources/rampart/policy/31.xml
similarity index 88%
copy from modules/rampart-integration/src/test/resources/rampart/policy/3.xml
copy to modules/rampart-integration/src/test/resources/rampart/policy/31.xml
index 897b4bc..180a1c7 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/31.xml
@@ -1,73 +1,75 @@
-<wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic128/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Strict/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
- </sp:Wss10>
- <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:SignedParts>
- <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:EncryptedParts>
- <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:user>alice</ramp:user>
- <ramp:encryptionUser>bob</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
-
- <ramp:signatureCrypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
- </ramp:crypto>
- </ramp:signatureCrypto>
- <ramp:encryptionCypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
- </ramp:crypto>
- </ramp:encryptionCypto>
- </ramp:RampartConfig>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
-
+<wsp:Policy wsu:Id="EncrSigHeader" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="VitalHeader" Namespace="http://sample.com"/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="VitalHeader" Namespace="http://sample.com"/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/30.xml b/modules/rampart-integration/src/test/resources/rampart/policy/32.xml
similarity index 56%
copy from modules/rampart-integration/src/test/resources/rampart/policy/30.xml
copy to modules/rampart-integration/src/test/resources/rampart/policy/32.xml
index be544e6..66e613a 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/30.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/32.xml
@@ -1,18 +1,17 @@
-<wsp:Policy wsu:Id="RAMPART-218"
+<wsp:Policy wsu:Id="EncrSigHeader"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:AsymmetricBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
- sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
- <sp:WssX509PkiPathV1Token10/>
+ <sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
@@ -20,16 +19,16 @@
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
- sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
- <sp:WssX509PkiPathV1Token10/>
+ <sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:TripleDesRsa15/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -37,41 +36,55 @@
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning/>
+ <sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
- <sp:Wss10>
- <sp:Policy>
+ <sp:Wss10 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
- </sp:Policy>
+ </wsp:Policy>
</sp:Wss10>
- <sp:EncryptedElements>
- <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
- </sp:EncryptedElements>
+ <sp:ContentEncryptedElements
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:example1="http://example1.org/example1">
+ <sp:XPath>soapenv:Body/example1:echo/example1:Text</sp:XPath>
+ </sp:ContentEncryptedElements>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>alice</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
-
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback
+ </ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS
</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">
+ rampart/store.jks
+ </ramp:property>
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.password">
+ password
</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">
+ rampart/store.jks
</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.password">
+ password
</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
-</wsp:Policy>
\ No newline at end of file
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/33.xml b/modules/rampart-integration/src/test/resources/rampart/policy/33.xml
new file mode 100644
index 0000000..f5c7da8
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/33.xml
@@ -0,0 +1,103 @@
+<wsp:Policy wsu:Id="SignEncryptXPath"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+
+ <sp:AsymmetricBinding
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+
+ <sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ser="http://example1.org/example1"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ser:example1</sp:XPath>
+ </sp:EncryptedElements>
+ <sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:test="http://example1.org/example1"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/test:example1</sp:XPath>
+ </sp:SignedElements>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback
+ </ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.type">JKS
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">
+ rampart/store.jks
+ </ramp:property>
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.password">
+ password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.type">JKS
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">
+ rampart/store.jks
+ </ramp:property>
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.password">
+ password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/34.xml b/modules/rampart-integration/src/test/resources/rampart/policy/34.xml
new file mode 100644
index 0000000..8b30615
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/34.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<wsp:Policy wsu:Id="SigEncr"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback
+ </ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.type">JKS
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">
+ rampart/store.jks
+ </ramp:property>
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.password">
+ password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.type">JKS
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">
+ rampart/store.jks
+ </ramp:property>
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.password">
+ password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/sc-4.xml b/modules/rampart-integration/src/test/resources/rampart/policy/sc-4.xml
new file mode 100644
index 0000000..09d2b9c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/sc-4.xml
@@ -0,0 +1,123 @@
+<wsp:Policy wsu:Id="SecConvPolicy4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/sc-5.xml b/modules/rampart-integration/src/test/resources/rampart/policy/sc-5.xml
new file mode 100644
index 0000000..9aa9952
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/sc-5.xml
@@ -0,0 +1,131 @@
+<wsp:Policy wsu:Id="SecConvPolicy5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/sc-6.xml b/modules/rampart-integration/src/test/resources/rampart/policy/sc-6.xml
new file mode 100644
index 0000000..2455256
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/sc-6.xml
@@ -0,0 +1,98 @@
+<wsp:Policy wsu:Id="SecConvPolicy6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-16.xml b/modules/rampart-integration/src/test/resources/rampart/services-16.xml
index a245fa1..13a429b 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-16.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-16.xml
@@ -54,10 +54,10 @@
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Policy>
+ <wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
- </sp:Policy>
+ </wsp:Policy>
</sp:Wss10>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy/>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-3.xml b/modules/rampart-integration/src/test/resources/rampart/services-3.xml
index daeebce..753bc0c 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-3.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-3.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic128/>
+ <sp:Basic256Sha256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-30.xml b/modules/rampart-integration/src/test/resources/rampart/services-30.xml
index ab9eb3a..c34dc76 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-30.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-30.xml
@@ -52,10 +52,10 @@
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10>
- <sp:Policy>
+ <wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
- </sp:Policy>
+ </wsp:Policy>
</sp:Wss10>
<sp:EncryptedElements>
<sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/3.xml b/modules/rampart-integration/src/test/resources/rampart/services-31.xml
similarity index 62%
copy from modules/rampart-integration/src/test/resources/rampart/policy/3.xml
copy to modules/rampart-integration/src/test/resources/rampart/services-31.xml
index 897b4bc..d740300 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-31.xml
@@ -1,73 +1,111 @@
-<wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic128/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Strict/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
- </sp:Wss10>
- <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:SignedParts>
- <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:EncryptedParts>
- <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:user>alice</ramp:user>
- <ramp:encryptionUser>bob</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
-
- <ramp:signatureCrypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
- </ramp:crypto>
- </ramp:signatureCrypto>
- <ramp:encryptionCypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
- </ramp:crypto>
- </ramp:encryptionCypto>
- </ramp:RampartConfig>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
-
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<service name="SecureService31">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="EncrSigHeader" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="VitalHeader" Namespace="http://sample.com"/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="VitalHeader" Namespace="http://sample.com"/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-32.xml b/modules/rampart-integration/src/test/resources/rampart/services-32.xml
new file mode 100644
index 0000000..9d724ff
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-32.xml
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<service name="SecureService32">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="EncrSigHeader"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:ContentEncryptedElements
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:example1="http://example1.org/example1">
+ <sp:XPath>soapenv:Body/example1:echo/example1:Text</sp:XPath>
+ </sp:ContentEncryptedElements>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback
+ </ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.type">JKS
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">
+ rampart/store.jks
+ </ramp:property>
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.password">
+ password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.type">JKS
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">
+ rampart/store.jks
+ </ramp:property>
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.password">
+ password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-33.xml b/modules/rampart-integration/src/test/resources/rampart/services-33.xml
new file mode 100644
index 0000000..fecafe4
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-33.xml
@@ -0,0 +1,140 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<service name="SecureService33">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="EncryptOnly"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+
+ <sp:AsymmetricBinding
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+
+ <sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ser="http://example1.org/example1"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/ser:example1</sp:XPath>
+ </sp:EncryptedElements>
+ <sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:test="http://example1.org/example1"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Body/test:example1</sp:XPath>
+ </sp:SignedElements>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback
+ </ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.type">JKS
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">
+ rampart/store.jks
+ </ramp:property>
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.password">
+ password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.type">JKS
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">
+ rampart/store.jks
+ </ramp:property>
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.password">
+ password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-30.xml b/modules/rampart-integration/src/test/resources/rampart/services-34.xml
similarity index 56%
copy from modules/rampart-integration/src/test/resources/rampart/services-30.xml
copy to modules/rampart-integration/src/test/resources/rampart/services-34.xml
index ab9eb3a..556478e 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-30.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-34.xml
@@ -1,20 +1,23 @@
-<service name="SecureService30">
+<service name="SecureService34">
- <module ref="addressing"/>
- <module ref="rampart"/>
+ <module ref="addressing"/>
+ <module ref="rampart"/>
- <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
- <operation name="echo">
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
<messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
- <actionMapping>urn:echo</actionMapping>
+ <actionMapping>urn:returnError</actionMapping>
</operation>
- <wsp:Policy wsu:Id="RAMPART-218"
+ <wsp:Policy wsu:Id="SigEncr"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
@@ -24,7 +27,8 @@
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
- <sp:WssX509PkiPathV1Token10/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
@@ -34,7 +38,8 @@
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
- <sp:WssX509PkiPathV1Token10/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
@@ -49,37 +54,54 @@
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
- <sp:Wss10>
- <sp:Policy>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
- </sp:Policy>
+ </wsp:Policy>
</sp:Wss10>
- <sp:EncryptedElements>
- <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
- </sp:EncryptedElements>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:user>bob</ramp:user>
- <ramp:encryptionUser>alice</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback
+ </ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.type">JKS
</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">
+ rampart/store.jks
+ </ramp:property>
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.password">
+ password
</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.type">JKS
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">
+ rampart/store.jks
</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ <ramp:property
+ name="org.apache.ws.security.crypto.merlin.keystore.password">
+ password
</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
@@ -87,4 +109,5 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
-</service>
\ No newline at end of file
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-sc-4.xml b/modules/rampart-integration/src/test/resources/rampart/services-sc-4.xml
new file mode 100644
index 0000000..e6cd462
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-sc-4.xml
@@ -0,0 +1,177 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<service name="SecureServiceSC4">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rampart/sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-sc-5.xml b/modules/rampart-integration/src/test/resources/rampart/services-sc-5.xml
new file mode 100644
index 0000000..8ea316a
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-sc-5.xml
@@ -0,0 +1,186 @@
+<service name="SecureServiceSC5">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rampart/sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-sc-6.xml b/modules/rampart-integration/src/test/resources/rampart/services-sc-6.xml
new file mode 100644
index 0000000..e0e1f0e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-sc-6.xml
@@ -0,0 +1,154 @@
+<service name="SecureServiceSC6">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rampart/sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
diff --git a/modules/rampart-mar/module.xml b/modules/rampart-mar/module.xml
index 59ec0e7..31a7f44 100644
--- a/modules/rampart-mar/module.xml
+++ b/modules/rampart-mar/module.xml
@@ -28,6 +28,9 @@
</OutFlow>
<OutFaultFlow>
+ <handler name="SecurityOutHandler" class="org.apache.rampart.handler.WSDoAllSender">
+ <order phase="Security"/>
+ </handler>
<handler name="PolicyBasedSecurityOutHandler" class="org.apache.rampart.handler.RampartSender">
<order phase="Security" phaseLast="true"/>
</handler>
@@ -37,6 +40,9 @@
<handler name="PolicyBasedSecurityInHandler" class="org.apache.rampart.handler.RampartReceiver">
<order phase="Security" phaseFirst="true"/>
</handler>
+ <handler name="SecurityInHandler" class="org.apache.rampart.handler.WSDoAllReceiver">
+ <order phase="Security"/>
+ </handler>
</InFaultFlow>
<supported-policy-namespaces namespaces="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
diff --git a/modules/rampart-mar/pom.xml b/modules/rampart-mar/pom.xml
index d0f0763..66d7c3a 100644
--- a/modules/rampart-mar/pom.xml
+++ b/modules/rampart-mar/pom.xml
@@ -1,134 +1,108 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>org.apache.rampart</groupId>
- <artifactId>rampart-project</artifactId>
- <version>SNAPSHOT</version>
- <relativePath>../../pom.xml</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <groupId>org.apache.rampart</groupId>
- <artifactId>rampart</artifactId>
- <packaging>mar</packaging>
- <version>${rampart.mar.version}</version>
- <!-- TODO need to remove this-->
- <name>Rampart - Mar</name>
-
- <scm>
- <connection>scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</connection>
- <developerConnection>
- scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java
- </developerConnection>
- <url>https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</url>
- </scm>
-
- <build>
- <sourceDirectory>src/main/java</sourceDirectory>
- <resources>
- <resource>
- <directory>src/main/java</directory>
- </resource>
- </resources>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-compiler-plugin</artifactId>
- <configuration>
- <source>1.5</source>
- <target>1.5</target>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.axis2</groupId>
- <artifactId>axis2-mar-maven-plugin</artifactId>
- <version>1.2</version>
- <extensions>true</extensions>
- <configuration>
- <includeDependencies>false</includeDependencies>
- <moduleXmlFile>module.xml</moduleXmlFile>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>build-helper-maven-plugin</artifactId>
- <version>1.0</version>
- <executions>
- <execution>
- <id>aar</id>
- <phase>package</phase>
- <goals>
- <goal>attach-artifact</goal>
- </goals>
- <configuration>
- <artifacts>
- <artifact>
- <file>target/${pom.artifactId}-${pom.version}.mar</file>
- <type>jar</type>
- </artifact>
- </artifacts>
- </configuration>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>org.apache.rampart</groupId>
- <artifactId>rampart-policy</artifactId>
- <version>${pom.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.rampart</groupId>
- <artifactId>rampart-trust</artifactId>
- <version>${pom.version}</version>
- </dependency>
- </dependencies>
-
- <pluginRepositories>
- <pluginRepository>
- <id>apache-m2</id>
- <name>Apache M2 Repository</name>
- <url>http://people.apache.org/repo/m2-ibiblio-rsync-repository</url>
- <layout>default</layout>
- <snapshots>
- <enabled>false</enabled>
- <updatePolicy>daily</updatePolicy>
- <checksumPolicy>ignore</checksumPolicy>
- </snapshots>
- <releases>
- <enabled>true</enabled>
- </releases>
- </pluginRepository>
- <pluginRepository>
- <id>apache-snapshots</id>
- <name>Apache Snapshots Repository</name>
- <url>http://people.apache.org/repo/m2-snapshot-repository</url>
- <layout>default</layout>
- <snapshots>
- <enabled>true</enabled>
- <updatePolicy>daily</updatePolicy>
- <checksumPolicy>ignore</checksumPolicy>
- </snapshots>
- <releases>
- <enabled>false</enabled>
- </releases>
- </pluginRepository>
- </pluginRepositories>
- <distributionManagement>
- <repository>
- <id>apache-repo</id>
- <name>Maven Central Repository</name>
- <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-ibiblio-rsync-repository</url>
- </repository>
- <snapshotRepository>
- <id>apache-snapshots</id>
- <name>Apache Development Repository</name>
- <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-snapshot-repository</url>
- <uniqueVersion>false</uniqueVersion>
- </snapshotRepository>
- </distributionManagement>
-</project>
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.7.0-SNAPSHOT</version>
+ <relativePath>../../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart</artifactId>
+ <packaging>mar</packaging>
+ <name>Rampart - Mar</name>
+
+ <scm>
+ <connection>scm:svn:http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk</connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk
+ </developerConnection>
+ <url>http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk</url>
+ </scm>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-mar-maven-plugin</artifactId>
+ <extensions>true</extensions>
+ <configuration>
+ <includeDependencies>false</includeDependencies>
+ <moduleXmlFile>module.xml</moduleXmlFile>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <version>1.0</version>
+ <executions>
+ <execution>
+ <id>aar</id>
+ <phase>package</phase>
+ <goals>
+ <goal>attach-artifact</goal>
+ </goals>
+ <configuration>
+ <artifacts>
+ <artifact>
+ <file>target/${project.artifactId}-${project.version}.mar</file>
+ <type>jar</type>
+ </artifact>
+ </artifacts>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/modules/rampart-policy/pom.xml b/modules/rampart-policy/pom.xml
index b969498..5ba4c78 100644
--- a/modules/rampart-policy/pom.xml
+++ b/modules/rampart-policy/pom.xml
@@ -1,11 +1,31 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-project</artifactId>
- <version>SNAPSHOT</version>
+ <version>1.7.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
@@ -41,9 +61,10 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
+ <version>2.0-beta-5</version>
<configuration>
<templateDirectory>${basedir}</templateDirectory>
- <menu ref="parent"/>
+ <menu ref="parent" />
</configuration>
</plugin>
</plugins>
diff --git a/modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder b/modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
index aecbee6..a384ca6 100644
--- a/modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
+++ b/modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
@@ -44,4 +44,5 @@ org.apache.ws.secpolicy12.builders.SecureConversationTokenBuilder
org.apache.ws.secpolicy12.builders.SymmetricBindingBuilder
org.apache.ws.secpolicy12.builders.IssuedTokenBuilder
org.apache.ws.secpolicy12.builders.RequiredElementsBuilder
-org.apache.ws.secpolicy12.builders.ContentEncryptedElementsBuilder
\ No newline at end of file
+org.apache.ws.secpolicy12.builders.ContentEncryptedElementsBuilder
+org.apache.ws.secpolicy12.builders.HttpsTokenBuilder
\ No newline at end of file
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
index 27c780d..dd834e7 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
@@ -240,6 +240,12 @@ public class SPConstants {
public final static String HMAC_SHA1 = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
public final static String RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+
+ public final static String RSA_SHA256 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+
+ public final static String RSA_SHA384 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
+
+ public final static String RSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
public final static String SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
index 9ee66b2..8b207fb 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
@@ -15,6 +15,10 @@
*/
package org.apache.ws.secpolicy.model;
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
import org.apache.neethi.Assertion;
import org.apache.neethi.PolicyComponent;
import org.apache.ws.secpolicy.SP12Constants;
@@ -24,6 +28,7 @@ import org.apache.ws.secpolicy.SP12Constants;
public abstract class AbstractSecurityAssertion implements Assertion {
private boolean isOptional;
+ private boolean isIgnorable;
private boolean normalized = true;
@@ -36,6 +41,13 @@ public abstract class AbstractSecurityAssertion implements Assertion {
public void setOptional(boolean isOptional) {
this.isOptional = isOptional;
}
+ public boolean isIgnorable() {
+ return isIgnorable;
+ }
+
+ public void setIgnorable(boolean isIgnorable) {
+ this.isIgnorable = isIgnorable;
+ }
public short getType() {
return org.apache.neethi.Constants.TYPE_ASSERTION;
@@ -69,5 +81,41 @@ public abstract class AbstractSecurityAssertion implements Assertion {
return version;
}
-
+ protected static void writeStartElement(XMLStreamWriter writer, String defaultPrefix, String localPart, String uri) throws XMLStreamException {
+ String prefix = writer.getPrefix(uri);
+ if (prefix != null) {
+ writer.writeStartElement(prefix, localPart, uri);
+ } else {
+ prefix = defaultPrefix;
+ writer.writeStartElement(prefix, localPart, uri);
+ writer.writeNamespace(prefix, uri);
+ writer.setPrefix(prefix, uri);
+ }
+ }
+
+ protected static void writeStartElement(XMLStreamWriter writer, QName name) throws XMLStreamException {
+ writeStartElement(writer, name.getPrefix(), name.getLocalPart(), name.getNamespaceURI());
+ }
+
+ protected static void writeEmptyElement(XMLStreamWriter writer, String defaultPrefix, String localPart, String uri) throws XMLStreamException {
+ String prefix = writer.getPrefix(uri);
+ if (prefix != null) {
+ writer.writeEmptyElement(prefix, localPart, uri);
+ } else {
+ prefix = defaultPrefix;
+ writer.writeStartElement(prefix, localPart, uri);
+ writer.writeNamespace(prefix, uri);
+ writer.writeEndElement();
+ }
+ }
+
+ protected static void writeAttribute(XMLStreamWriter writer, String defaultPrefix, String uri, String localPart, String value) throws XMLStreamException {
+ String prefix = writer.getPrefix(uri);
+ if (prefix == null) {
+ prefix = defaultPrefix;
+ writer.writeNamespace(prefix, uri);
+ writer.setPrefix(prefix, uri);
+ }
+ writer.writeAttribute(prefix, uri, localPart, value);
+ }
}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
index 6eacac8..0b1be94 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
@@ -289,6 +289,11 @@ public class AlgorithmSuite extends AbstractConfigurableSecurityAssertion {
* @return Returns the asymmetricSignature.
*/
public String getAsymmetricSignature() {
+ if(this.digest == SPConstants.SHA256) {
+ return SPConstants.RSA_SHA256;
+ } else if(this.digest == SPConstants.SHA512) {
+ return SPConstants.RSA_SHA512;
+ }
return asymmetricSignature;
}
@@ -452,53 +457,36 @@ public class AlgorithmSuite extends AbstractConfigurableSecurityAssertion {
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localName = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix = writer.getPrefix(namespaceURI);
-
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
- writer.writeStartElement(prefix, localName, namespaceURI);
- writer.writeNamespace(prefix, namespaceURI);
+ writeStartElement(writer, prefix, localName, namespaceURI);
// <wsp:Policy>
- writer.writeStartElement(SPConstants.POLICY.getPrefix(), SPConstants.POLICY
- .getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
//
- writer.writeStartElement(prefix, getAlgoSuiteString(), namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, getAlgoSuiteString(), namespaceURI);
if (SPConstants.C14N.equals(getInclusiveC14n())) {
- writer.writeStartElement(prefix, SPConstants.INCLUSIVE_C14N, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.INCLUSIVE_C14N, namespaceURI);
}
if (SPConstants.SNT.equals(getSoapNormalization())) {
- writer.writeStartElement(prefix, SPConstants.SOAP_NORMALIZATION_10,
- namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.SOAP_NORMALIZATION_10, namespaceURI);
}
if (SPConstants.STRT10.equals(getStrTransform())) {
- writer.writeStartElement(prefix, SPConstants.STR_TRANSFORM_10,
- namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.STR_TRANSFORM_10, namespaceURI);
}
if (SPConstants.XPATH.equals(getXPath())) {
- writer.writeStartElement(prefix, SPConstants.XPATH10, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.XPATH10, namespaceURI);
}
if (SPConstants.XPATH20.equals(getXPath())) {
- writer.writeStartElement(prefix, SPConstants.XPATH_FILTER20,
- namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.XPATH_FILTER20, namespaceURI);
}
// </wsp:Policy>
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java
index 78c8dbc..4feeaf7 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java
@@ -123,29 +123,15 @@ public class AsymmetricBinding extends SymmetricAsymmetricBindingBase {
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localname = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix = writer.getPrefix(namespaceURI);
-
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:AsymmetricBinding>
- writer.writeStartElement(prefix, localname, namespaceURI);
- writer.writeNamespace(prefix, namespaceURI);
-
- String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
- if (pPrefix == null) {
- pPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
- }
+ writeStartElement(writer, prefix, localname, namespaceURI);
// <wsp:Policy>
- writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(),
- SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
if (initiatorToken == null) {
throw new RuntimeException("InitiatorToken is not set");
@@ -180,40 +166,30 @@ public class AsymmetricBinding extends SymmetricAsymmetricBindingBase {
}
if (isIncludeTimestamp()) {
- // <sp:IncludeTimestamp>
- writer.writeStartElement(prefix, SPConstants.INCLUDE_TIMESTAMP,
- namespaceURI);
- writer.writeEndElement();
- // </sp:IncludeTimestamp>
+ // <sp:IncludeTimestamp />
+ writeEmptyElement(writer, prefix, SPConstants.INCLUDE_TIMESTAMP, namespaceURI);
}
if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(getProtectionOrder())) {
// <sp:EncryptBeforeSign />
- writer.writeStartElement(prefix, SPConstants.ENCRYPT_BEFORE_SIGNING,
- namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.ENCRYPT_BEFORE_SIGNING, namespaceURI);
}
if (isSignatureProtection()) {
// <sp:EncryptSignature />
// FIXME move the String constants to a QName
- writer.writeStartElement(prefix, SPConstants.ENCRYPT_SIGNATURE,
- namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.ENCRYPT_SIGNATURE, namespaceURI);
}
if (isTokenProtection()) {
// <sp:ProtectTokens />
- writer.writeStartElement(prefix, SPConstants.PROTECT_TOKENS,
- namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.PROTECT_TOKENS, namespaceURI);
}
if (isEntireHeadersAndBodySignatures()) {
// <sp:OnlySignEntireHeaderAndBody />
- writer.writeStartElement(prefix,
- SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY,
+ namespaceURI);
}
// </wsp:Policy>
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ContentEncryptedElements.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ContentEncryptedElements.java
index def1b53..0c441d8 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ContentEncryptedElements.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ContentEncryptedElements.java
@@ -77,32 +77,15 @@ public class ContentEncryptedElements extends AbstractSecurityAssertion {
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localName = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix;
- String writerPrefix = writer.getPrefix(namespaceURI);
-
- if (writerPrefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- } else {
- prefix = writerPrefix;
- }
-
// <sp:ContentEncryptedElements>
- writer.writeStartElement(prefix, localName, namespaceURI);
+ writeStartElement(writer, prefix, localName, namespaceURI);
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
-
- if (writerPrefix == null) {
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
- }
-
if (xPathVersion != null) {
- writer.writeAttribute(prefix, namespaceURI, SPConstants.XPATH_VERSION, xPathVersion);
+ writeAttribute(writer, prefix, namespaceURI, SPConstants.XPATH_VERSION, xPathVersion);
}
String xpathExpression;
@@ -111,7 +94,7 @@ public class ContentEncryptedElements extends AbstractSecurityAssertion {
.hasNext();) {
xpathExpression = (String) iterator.next();
// <sp:XPath ..>
- writer.writeStartElement(prefix, SPConstants.XPATH_EXPR, namespaceURI);
+ writeStartElement(writer, prefix, SPConstants.XPATH_EXPR, namespaceURI);
writer.writeCharacters(xpathExpression);
writer.writeEndElement();
}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java
index bd55bd0..cdc2414 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java
@@ -60,49 +60,11 @@ public class EncryptionToken extends AbstractSecurityAssertion implements TokenW
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
- String localname = getName().getLocalPart();
- String namespaceURI = getName().getNamespaceURI();
- String prefix;
-
- String writerPrefix = writer.getPrefix(namespaceURI);
-
- if (writerPrefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- } else {
- prefix = writerPrefix;
- }
-
// <sp:EncryptionToken>
- writer.writeStartElement(prefix, localname, namespaceURI);
-
- if (writerPrefix == null) {
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
- }
-
-
- String wspNamespaceURI = SPConstants.POLICY.getNamespaceURI();
-
- String wspPrefix;
-
- String wspWriterPrefix = writer.getPrefix(wspNamespaceURI);
-
- if (wspWriterPrefix == null) {
- wspPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(wspPrefix, wspNamespaceURI);
-
- } else {
- wspPrefix = wspWriterPrefix;
- }
+ writeStartElement(writer, getName());
// <wsp:Policy>
- writer.writeStartElement(wspPrefix, SPConstants.POLICY.getLocalPart(), wspNamespaceURI);
-
- if (wspWriterPrefix == null) {
- // xmlns:wsp=".."
- writer.writeNamespace(wspPrefix, wspNamespaceURI);
- }
+ writeStartElement(writer, SPConstants.POLICY);
if (encryptionToken == null) {
throw new RuntimeException("EncryptionToken is not set");
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
index feb987d..13e3040 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
@@ -93,17 +93,12 @@ public class HttpsToken extends Token {
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localname = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix = writer.getPrefix(namespaceURI);
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:HttpsToken
- writer.writeStartElement(prefix, localname, namespaceURI);
+ writeStartElement(writer, prefix, localname, namespaceURI);
if (version == SPConstants.SP_V12) {
@@ -112,7 +107,7 @@ public class HttpsToken extends Token {
isHttpBasicAuthentication() ||
isHttpDigestAuthentication()) {
// <wsp:Policy>
- writer.writeStartElement(SPConstants.POLICY.getPrefix(), SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
/*
* The ws policy 1.2 specification states that only one of those should be present, although
@@ -120,14 +115,11 @@ public class HttpsToken extends Token {
* a http user/pwd authentication. Nevertheless stick to the specification.
*/
if(isHttpBasicAuthentication()) {
- writer.writeStartElement(prefix, SPConstants.HTTP_BASIC_AUTHENTICATION.getLocalPart(), namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.HTTP_BASIC_AUTHENTICATION.getLocalPart(), namespaceURI);
} else if(isHttpDigestAuthentication()) {
- writer.writeStartElement(prefix, SPConstants.HTTP_DIGEST_AUTHENTICATION.getLocalPart(), namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.HTTP_DIGEST_AUTHENTICATION.getLocalPart(), namespaceURI);
} else if(isRequireClientCertificate()) {
- writer.writeStartElement(prefix, SPConstants.REQUIRE_CLIENT_CERTIFICATE.getLocalPart(), namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_CLIENT_CERTIFICATE.getLocalPart(), namespaceURI);
}
// </wsp:Policy>
writer.writeEndElement();
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java
index 0b91962..85fd0a9 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java
@@ -65,27 +65,11 @@ public class InitiatorToken extends AbstractSecurityAssertion implements TokenWr
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
- String localName = getName().getLocalPart();
- String namespaceURI = getName().getNamespaceURI();
-
- String prefix = writer.getPrefix(namespaceURI);
-
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:InitiatorToken>
- writer.writeStartElement(prefix, localName, namespaceURI);
-
- String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
- if (pPrefix == null) {
- pPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
- }
+ writeStartElement(writer, getName());
// <wsp:Policy>
- writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
Token token = getInitiatorToken();
if (token == null) {
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java
index 46674d6..5fd056b 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java
@@ -113,26 +113,12 @@ public class IssuedToken extends Token {
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localname = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix;
- String writerPrefix = writer.getPrefix(namespaceURI);
-
- if (writerPrefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
-
- } else {
- prefix = writerPrefix;
- }
-
// <sp:IssuedToken>
- writer.writeStartElement(prefix, localname, namespaceURI);
-
- if (writerPrefix == null) {
- writer.writeNamespace(prefix, namespaceURI);
- }
+ writeStartElement(writer, prefix, localname, namespaceURI);
String inclusion;
@@ -143,12 +129,12 @@ public class IssuedToken extends Token {
}
if (inclusion != null) {
- writer.writeAttribute(prefix, namespaceURI,
+ writeAttribute(writer, prefix, namespaceURI,
SPConstants.ATTR_INCLUDE_TOKEN, inclusion);
}
if (issuerEpr != null) {
- writer.writeStartElement(prefix, SPConstants.ISSUER,
+ writeStartElement(writer, prefix, SPConstants.ISSUER,
namespaceURI);
issuerEpr.serialize(writer);
writer.writeEndElement();
@@ -160,47 +146,27 @@ public class IssuedToken extends Token {
}
- String policyLocalName = SPConstants.POLICY.getLocalPart();
- String policyNamespaceURI = SPConstants.POLICY.getNamespaceURI();
-
- String wspPrefix;
-
- String wspWriterPrefix = writer.getPrefix(policyNamespaceURI);
-
- if (wspWriterPrefix == null) {
- wspPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(wspPrefix, policyNamespaceURI);
- } else {
- wspPrefix = wspWriterPrefix;
- }
-
if (isRequireExternalReference() || isRequireInternalReference() ||
this.isDerivedKeys()) {
// <wsp:Policy>
- writer.writeStartElement(wspPrefix, policyLocalName,
- policyNamespaceURI);
-
- if (wspWriterPrefix == null) {
- // xmlns:wsp=".."
- writer.writeNamespace(wspPrefix, policyNamespaceURI);
- }
+ writeStartElement(writer, SPConstants.POLICY);
if (isRequireExternalReference()) {
// <sp:RequireExternalReference />
- writer.writeEmptyElement(prefix, SPConstants.REQUIRE_EXTERNAL_REFERNCE,
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_EXTERNAL_REFERNCE,
namespaceURI);
}
if (isRequireInternalReference()) {
// <sp:RequireInternalReference />
- writer.writeEmptyElement(prefix, SPConstants.REQUIRE_INTERNAL_REFERNCE,
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_INTERNAL_REFERNCE,
namespaceURI);
}
if (this.isDerivedKeys()) {
// <sp:RequireDerivedKeys />
- writer.writeEmptyElement(prefix, SPConstants.REQUIRE_DERIVED_KEYS,
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_DERIVED_KEYS,
namespaceURI);
}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java
index a1ff7f8..dc0a7b2 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java
@@ -70,39 +70,30 @@ public class Layout extends AbstractSecurityAssertion {
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localName = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix = writer.getPrefix(namespaceURI);
-
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:Layout>
- writer.writeStartElement(prefix, localName, namespaceURI);
+ writeStartElement(writer, prefix, localName, namespaceURI);
// <wsp:Policy>
- writer.writeStartElement(SPConstants.POLICY.getPrefix(), SPConstants.POLICY
- .getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
// .. <sp:Strict /> | <sp:Lax /> | <sp:LaxTsFirst /> | <sp:LaxTsLast /> ..
if (SPConstants.LAYOUT_STRICT.equals(value)) {
- writer.writeStartElement(prefix, SPConstants.LAYOUT_STRICT, namespaceURI);
+ writeEmptyElement(writer, prefix, SPConstants.LAYOUT_STRICT, namespaceURI);
} else if (SPConstants.LAYOUT_LAX.equals(value)) {
- writer.writeStartElement(prefix, SPConstants.LAYOUT_LAX, namespaceURI);
+ writeEmptyElement(writer, prefix, SPConstants.LAYOUT_LAX, namespaceURI);
} else if (SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST.equals(value)) {
- writer.writeStartElement(prefix, SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST, namespaceURI);
+ writeEmptyElement(writer, prefix, SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST, namespaceURI);
} else if (SPConstants.LAYOUT_LAX_TIMESTAMP_LAST.equals(value)) {
- writer.writeStartElement(prefix, SPConstants.LAYOUT_LAX_TIMESTAMP_LAST, namespaceURI);
+ writeEmptyElement(writer, prefix, SPConstants.LAYOUT_LAX_TIMESTAMP_LAST, namespaceURI);
}
- writer.writeEndElement();
-
// </wsp:Policy>
writer.writeEndElement();
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java
index 4e64d08..0809953 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java
@@ -68,49 +68,11 @@ public class ProtectionToken extends AbstractSecurityAssertion implements TokenW
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
- String localname = getName().getLocalPart();
- String namespaceURI = getName().getNamespaceURI();
-
- String prefix;
-
- String writerPrefix = writer.getPrefix(namespaceURI);
- if (writerPrefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
-
- } else {
- prefix = writerPrefix;
- }
-
// <sp:ProtectionToken>
- writer.writeStartElement(prefix, localname, namespaceURI);
-
- if (writerPrefix == null) {
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
- }
-
- String policyLocalName = SPConstants.POLICY.getLocalPart();
- String policyNamespaceURI = SPConstants.POLICY.getNamespaceURI();
-
- String wspPrefix;
-
- String wspWriterPrefix = writer.getPrefix(policyNamespaceURI);
-
- if (wspWriterPrefix == null) {
- wspPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(wspPrefix, policyNamespaceURI);
- } else {
- wspPrefix = wspWriterPrefix;
- }
+ writeStartElement(writer, getName());
// <wsp:Policy>
- writer.writeStartElement(wspPrefix, policyLocalName, policyNamespaceURI);
-
- if (wspWriterPrefix == null) {
- // xmlns:wsp=".."
- writer.writeNamespace(wspPrefix, policyNamespaceURI);
- }
+ writeStartElement(writer, SPConstants.POLICY);
if (protectionToken == null) {
throw new RuntimeException("ProtectionToken is not set");
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java
index 2e0cc2d..6f09bf9 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java
@@ -67,27 +67,11 @@ public class RecipientToken extends AbstractSecurityAssertion implements TokenWr
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
- String localName = getName().getLocalPart();
- String namespaceURI = getName().getNamespaceURI();
-
- String prefix = writer.getPrefix(namespaceURI);
-
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:RecipientToken>
- writer.writeStartElement(prefix, localName, namespaceURI);
-
- String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
- if (pPrefix == null) {
- pPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
- }
+ writeStartElement(writer, getName());
// <wsp:Policy>
- writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
Token token = getReceipientToken();
if (token == null) {
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredElements.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredElements.java
index e2d5666..e940d43 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredElements.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredElements.java
@@ -77,32 +77,15 @@ public class RequiredElements extends AbstractSecurityAssertion {
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localName = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix;
- String writerPrefix = writer.getPrefix(namespaceURI);
-
- if (writerPrefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- } else {
- prefix = writerPrefix;
- }
-
// <sp:RequiredElements>
- writer.writeStartElement(prefix, localName, namespaceURI);
+ writeStartElement(writer, prefix, localName, namespaceURI);
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
-
- if (writerPrefix == null) {
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
- }
-
if (xPathVersion != null) {
- writer.writeAttribute(prefix, namespaceURI, SPConstants.XPATH_VERSION, xPathVersion);
+ writeAttribute(writer, prefix, namespaceURI, SPConstants.XPATH_VERSION, xPathVersion);
}
String xpathExpression;
@@ -111,7 +94,7 @@ public class RequiredElements extends AbstractSecurityAssertion {
.hasNext();) {
xpathExpression = (String) iterator.next();
// <sp:XPath ..>
- writer.writeStartElement(prefix, SPConstants.XPATH_EXPR, namespaceURI);
+ writeStartElement(writer, prefix, SPConstants.XPATH_EXPR, namespaceURI);
writer.writeCharacters(xpathExpression);
writer.writeEndElement();
}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredParts.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredParts.java
index 3542bb4..3ccd530 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredParts.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RequiredParts.java
@@ -60,27 +60,18 @@ public class RequiredParts extends AbstractSecurityAssertion {
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localName = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix = writer.getPrefix(namespaceURI);
-
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:RequiredParts>
- writer.writeStartElement(prefix, localName, namespaceURI);
-
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
+ writeStartElement(writer, prefix, localName, namespaceURI);
Header header;
for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
header = (Header) iterator.next();
// <sp:Header Name=".." Namespace=".." />
- writer.writeStartElement(prefix, SPConstants.HEADER, namespaceURI);
+ writeStartElement(writer, prefix, SPConstants.HEADER, namespaceURI);
// Name attribute is optional
if (header.getName() != null) {
writer.writeAttribute("Name", header.getName());
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java
index 54f1b24..4796cf0 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java
@@ -69,26 +69,12 @@ public class SecureConversationToken extends SecurityContextToken {
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localname = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix;
-
- String writerPrefix = writer.getPrefix(namespaceURI);
-
- if (writerPrefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- } else {
- prefix = writerPrefix;
- }
// <sp:SecureConversationToken>
- writer.writeStartElement(prefix, localname, namespaceURI);
-
- if (writerPrefix == null) {
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
- }
+ writeStartElement(writer, prefix, localname, namespaceURI);
String inclusion;
@@ -99,12 +85,12 @@ public class SecureConversationToken extends SecurityContextToken {
}
if (inclusion != null) {
- writer.writeAttribute(prefix, namespaceURI, SPConstants.ATTR_INCLUDE_TOKEN, inclusion);
+ writeAttribute(writer, prefix, namespaceURI, SPConstants.ATTR_INCLUDE_TOKEN, inclusion);
}
if (issuerEpr != null) {
// <sp:Issuer>
- writer.writeStartElement(prefix, SPConstants.ISSUER , namespaceURI);
+ writeStartElement(writer, prefix, SPConstants.ISSUER , namespaceURI);
issuerEpr.serialize(writer);
@@ -114,47 +100,27 @@ public class SecureConversationToken extends SecurityContextToken {
if (isDerivedKeys() || isRequireExternalUriRef()
|| isSc10SecurityContextToken() || (bootstrapPolicy != null)) {
- String wspNamespaceURI = SPConstants.POLICY.getNamespaceURI();
-
- String wspPrefix;
-
- String wspWriterPrefix = writer.getPrefix(wspNamespaceURI);
-
- if (wspWriterPrefix == null) {
- wspPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(wspPrefix, wspNamespaceURI);
-
- } else {
- wspPrefix = wspWriterPrefix;
- }
-
// <wsp:Policy>
- writer.writeStartElement(wspPrefix,
- SPConstants.POLICY.getLocalPart(), wspNamespaceURI);
+ writeStartElement(writer, SPConstants.POLICY);
- if (wspWriterPrefix == null) {
- // xmlns:wsp=".."
- writer.writeNamespace(wspPrefix, wspNamespaceURI);
- }
-
if (isDerivedKeys()) {
// <sp:RequireDerivedKeys />
- writer.writeEmptyElement(prefix, SPConstants.REQUIRE_DERIVED_KEYS, namespaceURI);
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_DERIVED_KEYS, namespaceURI);
}
if (isRequireExternalUriRef()) {
// <sp:RequireExternalUriReference />
- writer.writeEmptyElement(prefix, SPConstants.REQUIRE_EXTERNAL_URI_REFERNCE, namespaceURI);
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_EXTERNAL_URI_REFERNCE, namespaceURI);
}
if (isSc10SecurityContextToken()) {
// <sp:SC10SecurityContextToken />
- writer.writeEmptyElement(prefix, SPConstants.SC10_SECURITY_CONTEXT_TOKEN, namespaceURI);
+ writeEmptyElement(writer, prefix, SPConstants.SC10_SECURITY_CONTEXT_TOKEN, namespaceURI);
}
if (bootstrapPolicy != null) {
// <sp:BootstrapPolicy ..>
- writer.writeStartElement(prefix, SPConstants.BOOTSTRAP_POLICY, namespaceURI);
+ writeStartElement(writer, prefix, SPConstants.BOOTSTRAP_POLICY, namespaceURI);
bootstrapPolicy.serialize(writer);
writer.writeEndElement();
}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java
index eff9548..c8ba854 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java
@@ -59,51 +59,11 @@ public class SignatureToken extends AbstractSecurityAssertion implements TokenWr
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
-
- String localname = getName().getLocalPart();
- String namespaceURI = getName().getNamespaceURI();
-
- String prefix;
- String writerPrefix = writer.getPrefix(namespaceURI);
-
- if (writerPrefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
-
- } else {
- prefix = writerPrefix;
- }
-
// <sp:SignatureToken>
- writer.writeStartElement(prefix, localname, namespaceURI);
-
- if (writerPrefix == null) {
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
- }
-
-
- String wspNamespaceURI = SPConstants.POLICY.getNamespaceURI();
-
- String wspPrefix;
-
- String wspWriterPrefix = writer.getPrefix(wspNamespaceURI);
-
- if (wspWriterPrefix == null) {
- wspPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(wspPrefix, wspNamespaceURI);
-
- } else {
- wspPrefix = wspWriterPrefix;
- }
+ writeStartElement(writer, getName());
// <wsp:Policy>
- writer.writeStartElement(wspPrefix, SPConstants.POLICY.getLocalPart(), wspNamespaceURI);
-
- if (wspWriterPrefix == null) {
- // xmlns:wsp=".."
- writer.writeNamespace(wspPrefix, wspNamespaceURI);
- }
+ writeStartElement(writer, SPConstants.POLICY);
if (signatureToken == null) {
throw new RuntimeException("EncryptionToken is not set");
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
index 062ddcc..915f2f1 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
@@ -91,24 +91,15 @@ public class SignedEncryptedElements extends AbstractSecurityAssertion {
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localName = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix = writer.getPrefix(namespaceURI);
-
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:SignedElements> | <sp:EncryptedElements>
- writer.writeStartElement(prefix, localName, namespaceURI);
+ writeStartElement(writer, prefix, localName, namespaceURI);
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
-
if (xPathVersion != null) {
- writer.writeAttribute(prefix, namespaceURI, SPConstants.XPATH_VERSION, xPathVersion);
+ writeAttribute(writer, prefix, namespaceURI, SPConstants.XPATH_VERSION, xPathVersion);
}
String xpathExpression;
@@ -117,7 +108,7 @@ public class SignedEncryptedElements extends AbstractSecurityAssertion {
.hasNext();) {
xpathExpression = (String) iterator.next();
// <sp:XPath ..>
- writer.writeStartElement(prefix, SPConstants.XPATH_EXPR, namespaceURI);
+ writeStartElement(writer, prefix, SPConstants.XPATH_EXPR, namespaceURI);
Iterator<String> namespaces = declaredNamespaces.keySet().iterator();
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
index fc47d27..cdf3576 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
@@ -124,33 +124,23 @@ public class SignedEncryptedParts extends AbstractSecurityAssertion {
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localName = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
-
- String prefix = writer.getPrefix(namespaceURI);
-
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
// <sp:SignedParts> | <sp:EncryptedParts>
- writer.writeStartElement(prefix, localName, namespaceURI);
-
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
+ writeStartElement(writer, prefix, localName, namespaceURI);
if (isBody()) {
// <sp:Body />
- writer.writeStartElement(prefix, SPConstants.BODY, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.BODY, namespaceURI);
}
Header header;
for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
header = (Header) iterator.next();
// <sp:Header Name=".." Namespace=".." />
- writer.writeStartElement(prefix, SPConstants.HEADER, namespaceURI);
+ writeStartElement(writer, prefix, SPConstants.HEADER, namespaceURI);
// Name attribute is optional
if (header.getName() != null) {
writer.writeAttribute("Name", header.getName());
@@ -162,8 +152,7 @@ public class SignedEncryptedParts extends AbstractSecurityAssertion {
if (isAttachments() && version == SPConstants.SP_V12) {
// <sp:Attachments />
- writer.writeStartElement(prefix, SPConstants.ATTACHMENTS, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.ATTACHMENTS, namespaceURI);
}
// </sp:SignedParts> | </sp:EncryptedParts>
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java
index a1ae7d2..9a0a7b5 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java
@@ -282,30 +282,11 @@ public class SupportingToken extends AbstractSecurityAssertion implements
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
- String namespaceURI = getName().getNamespaceURI();
-
- String prefix = writer.getPrefix(namespaceURI);
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
- String localname = getName().getLocalPart();
-
// <sp:SupportingToken>
- writer.writeStartElement(prefix, localname, namespaceURI);
-
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
+ writeStartElement(writer, getName());
- String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
- if (pPrefix == null) {
- pPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
- }
// <wsp:Policy>
- writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(),
- SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
Token token;
for (Iterator iterator = getTokens().iterator(); iterator.hasNext();) {
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java
index bc068e7..b4c04f9 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java
@@ -151,40 +151,15 @@ public class SymmetricBinding extends SymmetricAsymmetricBindingBase {
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localname = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix;
- String writerPrefix = writer.getPrefix(namespaceURI);
-
- if (writerPrefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- } else {
- prefix = writerPrefix;
- }
-
// <sp:SymmetricBinding>
- writer.writeStartElement(prefix, localname, namespaceURI);
-
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
-
- String policyLocalName = SPConstants.POLICY.getLocalPart();
- String policyNamespaceURI = SPConstants.POLICY.getNamespaceURI();
+ writeStartElement(writer, prefix, localname, namespaceURI);
- String wspPrefix;
-
- String wspWriterPrefix = writer.getPrefix(policyNamespaceURI);
- if (wspWriterPrefix == null) {
- wspPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(wspPrefix, policyNamespaceURI);
-
- } else {
- wspPrefix = wspWriterPrefix;
- }
// <wsp:Policy>
- writer.writeStartElement(wspPrefix, policyLocalName, policyNamespaceURI);
+ writeStartElement(writer, SPConstants.POLICY);
if (encryptionToken != null) {
encryptionToken.serialize(writer);
@@ -212,20 +187,17 @@ public class SymmetricBinding extends SymmetricAsymmetricBindingBase {
if (isIncludeTimestamp()) {
// <sp:IncludeTimestamp />
- writer.writeStartElement(prefix, SPConstants.INCLUDE_TIMESTAMP, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.INCLUDE_TIMESTAMP, namespaceURI);
}
if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(getProtectionOrder())) {
// <sp:EncryptBeforeSigning />
- writer.writeStartElement(prefix, SPConstants.ENCRYPT_BEFORE_SIGNING, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.ENCRYPT_BEFORE_SIGNING, namespaceURI);
}
if (isSignatureProtection()) {
// <sp:EncryptSignature />
- writer.writeStartElement(prefix, SPConstants.ENCRYPT_SIGNATURE , namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.ENCRYPT_SIGNATURE , namespaceURI);
}
if(isEntireHeadersAndBodySignatures()) {
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
index 123be97..e9472cd 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
@@ -142,28 +142,15 @@ public class TransportBinding extends Binding {
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localName = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix = writer.getPrefix(namespaceURI);
-
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:TransportBinding>
- writer.writeStartElement(prefix, localName, namespaceURI);
- writer.writeNamespace(prefix, namespaceURI);
-
- String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
- if (pPrefix == null) {
- pPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
- }
+ writeStartElement(writer, prefix, localName, namespaceURI);
// <wsp:Policy>
- writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
if (transportToken == null) {
@@ -192,10 +179,8 @@ public class TransportBinding extends Binding {
}
if (isIncludeTimestamp()) {
- // <sp:IncludeTimestamp>
- writer.writeStartElement(prefix, SPConstants.INCLUDE_TIMESTAMP, namespaceURI);
- writer.writeEndElement();
- // </sp:IncludeTimestamp>
+ // <sp:IncludeTimestamp />
+ writeEmptyElement(writer, prefix, SPConstants.INCLUDE_TIMESTAMP, namespaceURI);
}
// </wsp:Policy>
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java
index 8d9963b..d477d52 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java
@@ -62,29 +62,11 @@ public class TransportToken extends AbstractSecurityAssertion implements TokenWr
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
-
- String localName = getName().getLocalPart();
- String namespaceURI = getName().getNamespaceURI();
-
- String prefix = writer.getPrefix(namespaceURI);
-
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:TransportToken>
-
- writer.writeStartElement(prefix, localName, namespaceURI);
-
- String wspPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
- if (wspPrefix == null) {
- wspPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(wspPrefix, SPConstants.POLICY.getNamespaceURI());
- }
+ writeStartElement(writer, getName());
// <wsp:Policy>
- writer.writeStartElement(SPConstants.POLICY.getPrefix(), SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
// serialization of the token ..
if (transportToken != null) {
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java
index 264a7b5..9ad5b3d 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java
@@ -131,58 +131,40 @@ public class Trust10 extends AbstractSecurityAssertion {
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localname = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix = writer.getPrefix(namespaceURI);
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:Trust10>
- writer.writeStartElement(prefix, localname, namespaceURI);
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
-
- String wspPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
- if (wspPrefix == null) {
- wspPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(wspPrefix, SPConstants.POLICY.getNamespaceURI());
- }
+ writeStartElement(writer, prefix, localname, namespaceURI);
// <wsp:Policy>
- writer.writeStartElement(SPConstants.POLICY.getPrefix(), SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
if (isMustSupportClientChallenge()) {
// <sp:MustSupportClientChallenge />
- writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE, namespaceURI);
}
if (isMustSupportServerChallenge()) {
// <sp:MustSupportServerChallenge />
- writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE, namespaceURI);
}
if (isRequireClientEntropy()) {
// <sp:RequireClientEntropy />
- writer.writeStartElement(prefix, SPConstants.REQUIRE_CLIENT_ENTROPY, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_CLIENT_ENTROPY, namespaceURI);
}
if (isRequireServerEntropy()) {
// <sp:RequireServerEntropy />
- writer.writeStartElement(prefix, SPConstants.REQUIRE_SERVER_ENTROPY, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_SERVER_ENTROPY, namespaceURI);
}
if (isMustSupportIssuedTokens()) {
// <sp:MustSupportIssuedTokens />
- writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_ISSUED_TOKENS, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.MUST_SUPPORT_ISSUED_TOKENS, namespaceURI);
}
// </wsp:Policy>
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust13.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust13.java
index 13e4088..56e14b2 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust13.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust13.java
@@ -161,71 +161,50 @@ public class Trust13 extends AbstractSecurityAssertion {
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localname = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix = writer.getPrefix(namespaceURI);
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:Trust13>
- writer.writeStartElement(prefix, localname, namespaceURI);
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
-
- String wspPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
-
- if (wspPrefix == null) {
- wspPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(wspPrefix, SPConstants.POLICY.getNamespaceURI());
- }
+ writeStartElement(writer, prefix, localname, namespaceURI);
// <wsp:Policy>
- writer.writeStartElement(SPConstants.POLICY.getPrefix(), SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
if (isMustSupportClientChallenge()) {
// <sp:MustSupportClientChallenge />
- writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE, namespaceURI);
}
if (isMustSupportServerChallenge()) {
// <sp:MustSupportServerChallenge />
- writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE, namespaceURI);
}
if (isRequireClientEntropy()) {
// <sp:RequireClientEntropy />
- writer.writeStartElement(prefix, SPConstants.REQUIRE_CLIENT_ENTROPY, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_CLIENT_ENTROPY, namespaceURI);
}
if (isRequireServerEntropy()) {
// <sp:RequireServerEntropy />
- writer.writeStartElement(prefix, SPConstants.REQUIRE_SERVER_ENTROPY, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_SERVER_ENTROPY, namespaceURI);
}
if (isMustSupportIssuedTokens()) {
// <sp:MustSupportIssuedTokens />
- writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_ISSUED_TOKENS, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.MUST_SUPPORT_ISSUED_TOKENS, namespaceURI);
}
if (isRequireRequestSecurityTokenCollection()) {
// <sp:RequireRequestSecurityTokenCollection />
- writer.writeStartElement(prefix, SPConstants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION, namespaceURI);
}
if (isRequireAppliesTo()) {
// <sp:RequireAppliesTo />
- writer.writeStartElement(prefix, SPConstants.REQUIRE_APPLIES_TO, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_APPLIES_TO, namespaceURI);
}
// </wsp:Policy>
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java
index 1432dcb..2d99399 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java
@@ -91,19 +91,12 @@ public class UsernameToken extends Token {
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localname = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix = writer.getPrefix(namespaceURI);
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:UsernameToken
- writer.writeStartElement(prefix, localname, namespaceURI);
-
- writer.writeNamespace(prefix, namespaceURI);
+ writeStartElement(writer, prefix, localname, namespaceURI);
String inclusion;
@@ -114,49 +107,36 @@ public class UsernameToken extends Token {
}
if (inclusion != null) {
- writer.writeAttribute(prefix, namespaceURI, SPConstants.ATTR_INCLUDE_TOKEN, inclusion);
+ writeAttribute(writer, prefix, namespaceURI, SPConstants.ATTR_INCLUDE_TOKEN, inclusion);
}
if (isUseUTProfile10() || isUseUTProfile11()) {
- String pPrefix = writer.getPrefix(SPConstants.POLICY
- .getNamespaceURI());
- if (pPrefix == null) {
- writer.setPrefix(SPConstants.POLICY.getPrefix(), SPConstants.POLICY
- .getNamespaceURI());
- }
-
// <wsp:Policy>
- writer.writeStartElement(prefix, SPConstants.POLICY.getLocalPart(),
- SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
// CHECKME
if (isUseUTProfile10()) {
// <sp:WssUsernameToken10 />
- writer.writeStartElement(prefix, SPConstants.USERNAME_TOKEN10 , namespaceURI);
+ writeStartElement(writer, prefix, SPConstants.USERNAME_TOKEN10 , namespaceURI);
} else {
// <sp:WssUsernameToken11 />
- writer.writeStartElement(prefix, SPConstants.USERNAME_TOKEN11 , namespaceURI);
+ writeStartElement(writer, prefix, SPConstants.USERNAME_TOKEN11 , namespaceURI);
}
if (version == SPConstants.SP_V12) {
if (isNoPassword()) {
- writer.writeStartElement(prefix, SPConstants.NO_PASSWORD, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.NO_PASSWORD, namespaceURI);
} else if (isHashPassword()){
- writer.writeStartElement(prefix, SPConstants.HASH_PASSWORD, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.HASH_PASSWORD, namespaceURI);
}
if (isDerivedKeys()) {
- writer.writeStartElement(prefix, SPConstants.REQUIRE_DERIVED_KEYS, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_DERIVED_KEYS, namespaceURI);
} else if (isExplicitDerivedKeys()) {
- writer.writeStartElement(prefix, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS, namespaceURI);
} else if (isImpliedDerivedKeys()) {
- writer.writeStartElement(prefix, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS, namespaceURI);
}
}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java
index 7e46655..7eaf475 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java
@@ -98,53 +98,34 @@ public class Wss10 extends AbstractSecurityAssertion {
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localname = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix = writer.getPrefix(namespaceURI);
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:Wss10>
- writer.writeStartElement(prefix, localname, namespaceURI);
-
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
-
- String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
- if (pPrefix == null) {
- writer.setPrefix(SPConstants.POLICY.getPrefix(), SPConstants.POLICY.getNamespaceURI());
- }
+ writeStartElement(writer, prefix, localname, namespaceURI);
// <wsp:Policy>
- writer.writeStartElement(prefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
if (isMustSupportRefKeyIdentifier()) {
// <sp:MustSupportRefKeyIdentifier />
- writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER, namespaceURI);
}
if (isMustSupportRefIssuerSerial()) {
// <sp:MustSupportRefIssuerSerial />
- writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL, namespaceURI);
}
if (isMustSupportRefExternalURI()) {
// <sp:MustSupportRefExternalURI />
- writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI, namespaceURI);
- writer.writeEndElement();
+ writeEmptyElement(writer, prefix, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI, namespaceURI);
}
if (isMustSupportRefEmbeddedToken()) {
// <sp:MustSupportRefEmbeddedToken />
- writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN, namespaceURI);
- writer.writeEndElement();
-
-
+ writeEmptyElement(writer, prefix, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN, namespaceURI);
}
// </wsp:Policy>
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java
index 04037d9..57f435b 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java
@@ -80,69 +80,49 @@ public class Wss11 extends Wss10 {
}
public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = getName().getPrefix();
String localname = getName().getLocalPart();
String namespaceURI = getName().getNamespaceURI();
- String prefix = writer.getPrefix(namespaceURI);
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
// <sp:Wss11>
- writer.writeStartElement(prefix, localname, namespaceURI);
-
- // xmlns:sp=".."
- writer.writeNamespace(prefix, namespaceURI);
-
- String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
- if (pPrefix == null) {
- writer.setPrefix(SPConstants.POLICY.getPrefix(), SPConstants.POLICY.getNamespaceURI());
- }
+ writeStartElement(writer, prefix, localname, namespaceURI);
// <wsp:Policy>
- writer.writeStartElement(prefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY.getNamespaceURI());
+ writeStartElement(writer, SPConstants.POLICY);
// <sp:MustSupportRefKeyIndentifier />
if (isMustSupportRefKeyIdentifier()) {
- writer.writeStartElement(prefix, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER , namespaceURI);
... 8186 lines suppressed ...
[axis-axis2-java-rampart] 04/10: Merge changes up to r1052171 from
trunk.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-289
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit f64557fda3f023bd2346f1aa7b241bf776f0bcf1
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Mon Jan 30 17:08:19 2017 +0000
Merge changes up to r1052171 from trunk.
---
modules/distribution/bin.xml | 17 +-
.../documentation/src/site/resources/css/site.css | 535 ++++++++++-----------
.../resources/images/apache-rampart-banner.jpg | Bin 14840 -> 27612 bytes
.../site/resources/images/apache-rampart-logo.jpg | Bin 4906 -> 10154 bytes
.../src/site/resources/images/axis.jpg | Bin 0 -> 13887 bytes
.../src/site/resources/images/axis.png | Bin 0 -> 13745 bytes
.../src/site/resources/images/breadcrumbs-bg.gif | Bin 0 -> 198 bytes
.../src/site/resources/images/h2-bg.gif | Bin 0 -> 202 bytes
.../src/site/resources/images/home-top.gif | Bin 0 -> 804 bytes
.../src/site/resources/images/leftcolumn-bg.gif | Bin 0 -> 523 bytes
.../src/site/resources/images/menu-back.gif | Bin 0 -> 827 bytes
.../src/site/resources/rampart-config.xsd | 27 +-
.../src/site/resources/samples/policy/sample01.xml | 2 +-
.../src/site/resources/samples/policy/sample05.xml | 2 +-
.../src/site/resources/samples/policy/sample06.xml | 2 +-
modules/documentation/src/site/site.xml | 61 ++-
modules/documentation/src/site/xdoc/download.xml | 124 +++--
.../src/site/xdoc/download/1.1/download.xml | 64 +--
.../src/site/xdoc/download/1.2/download.xml | 64 +--
.../src/site/xdoc/download/1.3/download.xml | 64 +--
.../src/site/xdoc/download/1.4/download.cgi | 6 +
.../src/site/xdoc/download/1.4/download.xml | 82 ++++
.../src/site/xdoc/download/1.5.1/download.cgi | 6 +
.../site/xdoc/download/{1.2 => 1.5.1}/download.xml | 235 +++++----
.../src/site/xdoc/download/1.5/download.cgi | 6 +
.../src/site/xdoc/download/1.5/download.xml | 82 ++++
.../src/site/xdoc/rampartconfig-guide.xml | 68 ++-
modules/documentation/src/site/xdoc/svn.xml | 8 +-
.../AbstractUniqueMessageAttributeCache.java | 61 +++
.../main/java/org/apache/rampart/NonceCache.java | 160 ++++++
.../rampart/PolicyBasedResultsValidator.java | 2 +-
.../src/main/java/org/apache/rampart/Rampart.java | 19 +-
.../java/org/apache/rampart/RampartEngine.java | 152 ++++--
.../org/apache/rampart/RampartMessageData.java | 13 +-
.../java/org/apache/rampart/ServiceNonceCache.java | 69 +++
.../rampart/UniqueMessageAttributeCache.java | 65 +++
.../rampart/builder/AsymmetricBindingBuilder.java | 10 +-
.../org/apache/rampart/builder/BindingBuilder.java | 30 +-
.../rampart/builder/TransportBindingBuilder.java | 2 +-
.../main/java/org/apache/rampart/errors.properties | 5 +-
.../apache/rampart/handler/RampartReceiver.java | 20 +-
.../org/apache/rampart/handler/WSDoAllSender.java | 2 +-
.../rampart/policy/RampartPolicyBuilder.java | 2 +
.../apache/rampart/policy/RampartPolicyData.java | 10 +
.../policy/builders/RampartConfigBuilder.java | 19 +
.../rampart/policy/model/OptimizePartsConfig.java | 1 +
.../apache/rampart/policy/model/RampartConfig.java | 28 ++
.../java/org/apache/rampart/util/Axis2Util.java | 8 +-
.../rampart/util/HandlerParameterDecoder.java | 2 +-
.../java/org/apache/rampart/util/RampartUtil.java | 82 +++-
modules/rampart-integration/pom.xml | 55 +--
.../apache/axis2/integration/UtilsTCPServer.java | 99 ----
.../test/java/org/apache/rampart/RampartTest.java | 2 +-
.../src/test/resources/conf/axis2.xml | 10 -
...service-policy-symm-binding-saml2-publicKey.xml | 2 +-
.../policy/service-policy-symm-binding-saml2.xml | 2 +-
.../rahas/policy/service-policy-symm-binding.xml | 2 +-
.../policy/service-policy-transport-binding.xml | 2 +-
.../rahas/policy/sts-policy-asymm-binding.xml | 2 +-
.../rahas/policy/sts-policy-symm-binding.xml | 2 +-
.../rahas/policy/sts-policy-transport-binding.xml | 2 +-
.../src/test/resources/rampart/policy/1.xml | 2 +-
.../src/test/resources/rampart/policy/10.xml | 4 +-
.../src/test/resources/rampart/policy/13.xml | 2 +-
.../src/test/resources/rampart/policy/14.xml | 2 +-
.../src/test/resources/rampart/policy/15.xml | 2 +-
.../src/test/resources/rampart/policy/17.xml | 2 +-
.../src/test/resources/rampart/policy/18.xml | 2 +-
.../src/test/resources/rampart/policy/19.xml | 2 +-
.../src/test/resources/rampart/policy/2.xml | 2 +-
.../src/test/resources/rampart/policy/20.xml | 2 +-
.../src/test/resources/rampart/policy/21.xml | 4 +-
.../src/test/resources/rampart/policy/22.xml | 2 +-
.../src/test/resources/rampart/policy/23.xml | 2 +-
.../src/test/resources/rampart/policy/24.xml | 2 +-
.../src/test/resources/rampart/policy/25.xml | 2 +-
.../src/test/resources/rampart/policy/26.xml | 2 +-
.../src/test/resources/rampart/policy/27.xml | 2 +-
.../src/test/resources/rampart/policy/28.xml | 2 +-
.../src/test/resources/rampart/policy/3.xml | 2 +-
.../resources/rampart/policy/{28.xml => 30.xml} | 29 +-
.../src/test/resources/rampart/policy/4.xml | 2 +-
.../src/test/resources/rampart/policy/5.xml | 2 +-
.../src/test/resources/rampart/policy/sc-1.xml | 2 +-
.../src/test/resources/rampart/policy/sc-3.xml | 4 +-
.../src/test/resources/rampart/services-1.xml | 2 +-
.../src/test/resources/rampart/services-10.xml | 2 +-
.../src/test/resources/rampart/services-13.xml | 2 +-
.../src/test/resources/rampart/services-14.xml | 2 +-
.../src/test/resources/rampart/services-15.xml | 2 +-
.../src/test/resources/rampart/services-17.xml | 2 +-
.../src/test/resources/rampart/services-18.xml | 2 +-
.../src/test/resources/rampart/services-19.xml | 2 +-
.../src/test/resources/rampart/services-2.xml | 2 +-
.../src/test/resources/rampart/services-20.xml | 2 +-
.../src/test/resources/rampart/services-21.xml | 2 +-
.../src/test/resources/rampart/services-22.xml | 2 +-
.../src/test/resources/rampart/services-23.xml | 2 +-
.../src/test/resources/rampart/services-24.xml | 2 +-
.../src/test/resources/rampart/services-25.xml | 2 +-
.../src/test/resources/rampart/services-26.xml | 2 +-
.../src/test/resources/rampart/services-27.xml | 2 +-
.../src/test/resources/rampart/services-28.xml | 2 +-
.../src/test/resources/rampart/services-3.xml | 2 +-
.../rampart/{services-25.xml => services-30.xml} | 43 +-
.../src/test/resources/rampart/services-4.xml | 2 +-
.../src/test/resources/rampart/services-5.xml | 2 +-
.../src/test/resources/rampart/services-sc-1.xml | 2 +-
.../src/test/resources/rampart/services-sc-3.xml | 2 +-
.../resources/security/complete.service.axis2.xml | 5 -
.../test/resources/security/s1.service.axis2.xml | 5 -
.../test/resources/security/s2.service.axis2.xml | 5 -
.../test/resources/security/s2a.service.axis2.xml | 5 -
.../test/resources/security/s3.service.axis2.xml | 5 -
.../test/resources/security/s4.service.axis2.xml | 5 -
.../test/resources/security/s5.service.axis2.xml | 5 -
.../test/resources/security/s6.service.axis2.xml | 5 -
.../test/resources/security/s7.service.axis2.xml | 5 -
.../test/resources/security/sST1.service.axis2.xml | 5 -
.../resources/security/secMtom.service.axis2.xml | 5 -
.../secpolicy/model/AbstractSecurityAssertion.java | 4 +-
.../secpolicy/model/SignedEncryptedElements.java | 6 +-
.../ws/secpolicy/model/SignedEncryptedParts.java | 10 +
.../ws/secpolicy/model/TransportBinding.java | 18 +
.../builders/EncryptedElementsBuilder.java | 4 +-
.../builders/EncryptedPartsBuilder.java | 4 +-
.../builders/SignedElementsBuilder.java | 4 +-
.../secpolicy11/builders/SignedPartsBuilder.java | 12 +-
.../builders/SupportingTokensBuilder.java | 4 +-
.../secpolicy11/builders/UsernameTokenBuilder.java | 4 +-
.../ws/secpolicy11/builders/X509TokenBuilder.java | 4 +-
.../builders/EncryptedElementsBuilder.java | 4 +-
.../builders/EncryptedPartsBuilder.java | 4 +-
.../builders/SignedElementsBuilder.java | 4 +-
.../secpolicy12/builders/SignedPartsBuilder.java | 10 +-
.../builders/SupportingTokensBuilder.java | 4 +-
.../builders/TransportBindingBuilder.java | 3 +
.../secpolicy12/builders/UsernameTokenBuilder.java | 4 +-
.../ws/secpolicy12/builders/X509TokenBuilder.java | 4 +-
modules/rampart-samples/README.txt | 4 +
modules/rampart-samples/keys/client.jks | Bin 4008 -> 4014 bytes
modules/rampart-samples/keys/service.jks | Bin 2675 -> 2683 bytes
modules/rampart-samples/keys/sts.jks | Bin 2677 -> 2683 bytes
modules/rampart-samples/policy/build.xml | 11 +
.../policy/sample-tomcat/policy.xml | 2 +-
.../policy/sample-tomcat/services.xml | 4 +-
modules/rampart-samples/policy/sample01/policy.xml | 2 +-
.../rampart-samples/policy/sample01/services.xml | 2 +-
modules/rampart-samples/policy/sample05/policy.xml | 2 +-
.../rampart-samples/policy/sample05/services.xml | 216 ++++-----
modules/rampart-samples/policy/sample06/policy.xml | 5 +-
.../rampart-samples/policy/sample06/services.xml | 255 +++++-----
.../samples/policy/sample06/MexService.java | 16 +
modules/rampart-samples/policy/sample08/README.txt | 8 +
.../policy/sample08/policy.xml} | 8 +-
.../policy/{sample05 => sample08}/services.xml | 318 +++++-------
.../rampart/samples/policy/sample08/Client.java | 94 ++++
.../samples/policy/sample08/PWCBHandler.java | 42 ++
.../samples/policy/sample08/SimpleService.java | 24 +
.../policy/sample08/sts_policy.xml} | 152 +++---
.../org/apache/rahas/SimpleTokenStoreTest.java | 71 ++-
.../org/apache/rampart/MessageBuilderTestBase.java | 37 +-
.../java/org/apache/rampart/NonceCacheTest.java | 75 +++
...rtEngineTest.java => PolicyAssertionsTest.java} | 66 +--
.../java/org/apache/rampart/RampartEngineTest.java | 84 +++-
.../test-resources/policy-asymm-binding.xml | 2 +-
.../test-resources/policy-symm-binding.xml | 2 +-
.../test-resources/policy-transport-binding.xml | 2 +-
.../policy/rampart-asymm-binding-1.xml | 2 +-
.../policy/rampart-asymm-binding-2-sig-dk.xml | 2 +-
.../policy/rampart-asymm-binding-3-dk.xml | 2 +-
.../policy/rampart-asymm-binding-4-dk-ebs.xml | 2 +-
.../policy/rampart-asymm-binding-5-ebs.xml | 2 +-
.../policy/rampart-asymm-required-elements-2.xml} | 56 ++-
.../policy/rampart-asymm-required-elements.xml} | 56 ++-
.../policy/rampart-symm-binding-1.xml | 2 +-
.../policy/rampart-symm-binding-2-dk.xml | 2 +-
.../policy/rampart-symm-binding-3-dk-es.xml | 2 +-
.../policy/rampart-symm-binding-4-ebs.xml | 2 +-
.../policy/rampart-symm-binding-5-dk-ebs.xml | 2 +-
.../policy/rampart-transport-binding-dk.xml | 2 +-
.../policy/rampart-transport-binding-no-bst.xml | 2 +-
.../policy/rampart-transport-binding.xml | 2 +-
.../java/org/apache/rahas/EncryptedKeyToken.java | 23 +
.../src/main/java/org/apache/rahas/RahasData.java | 9 +
.../java/org/apache/rahas/SimpleTokenStore.java | 7 +-
.../src/main/java/org/apache/rahas/Token.java | 301 +++++++++---
.../java/org/apache/rahas/client/STSClient.java | 143 +++++-
.../main/java/org/apache/rahas/errors.properties | 4 +-
.../org/apache/rahas/impl/SAML2TokenIssuer.java | 150 +++---
.../org/apache/rahas/impl/SAMLTokenIssuer.java | 10 +-
.../apache/rahas/impl/SAMLTokenIssuerConfig.java | 23 +-
.../org/apache/rahas/impl/util/SAML2Utils.java | 24 +-
pom.xml | 168 +++----
release-docs/ChangeLog.txt | 69 ++-
release-docs/NOTICE.txt | 15 +-
release-docs/README.txt | 48 +-
release-docs/release-notes.html | 34 +-
198 files changed, 3383 insertions(+), 2020 deletions(-)
diff --git a/modules/distribution/bin.xml b/modules/distribution/bin.xml
index b1a8a50..6e197ae 100644
--- a/modules/distribution/bin.xml
+++ b/modules/distribution/bin.xml
@@ -22,14 +22,15 @@
<include>org.apache.rampart:rampart-core:jar</include>
<include>org.apache.rampart:rampart-policy:jar</include>
<include>org.apache.rampart:rampart-trust:jar</include>
- <include>org.opensaml:opensaml:jar</include>
- <include>org.opensaml:xmltooling:jar</include>
- <include>joda-time:joda-time:jar</include>
- <include>org.slf4j:slf4j-api:jar</include>
- <include>org.slf4j:slf4j-jdk14:jar</include>
- <include>velocity:velocity:jar</include>
- <include>commons-collections:commons-collections:jar</include>
- <include>org.opensaml:openws:jar</include>
+ <include>org.opensaml:opensaml:jar</include>
+ <include>org.opensaml:xmltooling:jar</include>
+ <include>joda-time:joda-time:jar</include>
+ <include>org.slf4j:slf4j-api:jar</include>
+ <include>org.slf4j:slf4j-jdk14:jar</include>
+ <include>velocity:velocity:jar</include>
+ <include>commons-collections:commons-collections:jar</include>
+ <include>org.opensaml:openws:jar</include>
+ <include>commons-lang:commons-lang:jar</include>
</includes>
</dependencySet>
</dependencySets>
diff --git a/modules/documentation/src/site/resources/css/site.css b/modules/documentation/src/site/resources/css/site.css
index 9a3c9f9..5182c6e 100755
--- a/modules/documentation/src/site/resources/css/site.css
+++ b/modules/documentation/src/site/resources/css/site.css
@@ -1,297 +1,272 @@
-/* page general styles */
-body{
- padding:0px;
- margin:0px;
- width:1000px;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+.img-title {
+ text-align: center
}
-a{
- color:#557f95;
- text-decoration:none;
+
+.img {
+ text-align: center
+}
+
+.special-td {
+ font-family: Arial;
+ font-size: 10pt;
+ font-weight: bold
}
-a:hover{
- color:#000000;
- text-decoration:underline;
+
+.special {
+ font-family: Arial;
+ font-weight: bold;
+ border-style: solid;
+ border-width: 1;
+ padding-left: 4;
+ padding-right: 4;
+ padding-top: 1;
+ padding-bottom: 1;
+ background-color: #C0C0C0;
+ font-size: 10pt
}
-body, td, tr, input,h1,h2,h3,h4,h5,h6,a{
- font: 12px Verdana, Arial, Helvetica, sans-serif;
- line-height:18px;
+
+.xml {
+ font-family: Arial;
+ font-size: 10pt;
+ color: #0000FF;
+ font-style: italic
}
-pre{
- overflow-x:auto;
+
+/*
+.code {
+ font-family: Courier New;
+ font-size: 10pt;
+ color: #800000
}
-h1 {
- color:#575757;
- font-size:24px;
- font-weight:bold;
- line-height:normal;
- margin:5px 0px;
- padding:2px;
-}
-}
-h2{
- padding:0px;
- margin:0px;
- font-size:14px;
- font-weight:bold;
- height:22px;
- background-color:#bcbcbc;
- text-indent:10px;
- color:#000000;
-}
-h3{
- padding:0px;
- margin:0px;
- font-weight:bold;
-}
-h4{
- font-weight:bold;
- color:#777777;
-}
-p{
- padding-top:5px;
- padding-bottom:5px;
- line-height:18px;
-}
-/* page styles */
-.page-padding{
- padding-left:10px;
- padding-right:10px;
-}
-.composite{
-/* Uncomment these lines to give a fixed width with centered positioning ....*/
- position:absolute;
- left:50%;
- width:980px;
- margin-left:-490px;
- border:solid 1px #83b0c0;
- margin-top:5px;
-}
-
-/* header styles */
+*/
+
+/*
+-----------------------------------------------------------------------
+Generic element styles
+----------------------------------------------------------------------- */
+body {
+ color: #111;
+ font-family: "Trebuchet MS", Verdana, sans-serif;
+ font-size: 1em;
+ padding: 5;
+ padding-bottom:0px;
+ border-width: 0;
+ outline-width: 0;
+ list-style-position: outside;
+ display: block;
+
+ margin: 0 auto; /* center, not in IE5 */
+ height: auto !important; /* real browsers */
+ height: 100%; /* IE6: treaded as min-height*/
+
+ min-height: 100%; /* real browsers */
+ width: 980px;
+ background-image: url(../images/home-top.gif);
+ background-position: left top;
+ background-repeat: repeat-x;
+}
+
+#breadcrumbs {
+ background-image: url(../images/menu-back.gif);
+ background-position: left top;
+ background-repeat: repeat-x;
+ border-bottom: solid 1px #d4d4d4;
+ height: 28px;
+ font-size: 0.8em;
+ background-color: transparent;
+ border: 1px solid #6895c2;
+}
+
#banner{
- background-image:url(../images/apache-rampart-banner-background.jpg);
- background-repeat:repeat-x;
- background-position:0px 0px;
- height:98px;
+ margin-top:10px;
+ padding-top:10px;
+ padding-bottom:10px;
}
#bannerLeft{
- background-image:url(../images/apache-rampart-logo.jpg);
- background-repeat:no-repeat;
- background-position:0px 0px;
- height:103px;
- text-align:right;
- padding-right:10px;
+ background-image: url(../images/apache-rampart-logo.jpg);
+ background-position: left top;
+ background-repeat: no-repeat;
+ text-indent:-1700px;/*We do this to hide the text. This needs to be updated to a beter solution.*/
+ width:204px;
+ height:56px;
display:block;
-}
-#breadcrumbs{
- position:absolute;
- top:70px;
- background-color:transparent;
- border-bottom:none;
- border-top:none;
- font-size:auto;
- margin:0pt;
- padding:0px;
+ float:left;
}
#bannerRight{
- background-image:url(../images/apache-rampart-banner.jpg);
- background-repeat:no-repeat;
- background-position:right 0px;
display:block;
- height:65px;
- position:absolute;
- right:0px;
- top:0px;
-}
-.xleft{
- color:#929292;
- right:200px;
- position:absolute;
-}
-.top-menu a{
- color:#000000;
- text-decoration:none;
-}
-.top-menu a:hover{
- text-decoration:underline;
-}
-.top-menu-gap{
- padding-left:30px;
-}
-
-/* content text */
-.content{
-
-}
-#leftColumn{
- width:179px;
- background-color:transparent;
- border:none;
- margin:10px 0px 0px 5px;
-}
-#navcolumn h5{
- text-indent:15px;
- height:23px;
- color:#ffffff;
- background-image:url(../images/apache-rampart-menu-top.jpg);
- background-repeat:no-repeat;
- background-position:left 0px;
-}
-#navcolumn{
- background-image:url(../images/apache-rampart-menu.jpg);
- background-repeat:no-repeat;
- background-position:0px 0px;
- background-color:#e5e5e5;
- border-bottom:solid 1px #b4b4b4;
- padding:0px 0px 0pt 0px;
- font-size:11px;
-}
-#navcolumn ul{
- padding:0px;
- margin:0px;
- list-style:none;
- padding-left:10px;
-}
-#navcolumn ul ul{
- margin-left:-10px;
-}
-#navcolumn li{
- margin-top:3px;
-}
-#navcolumn strong{
- font-weight:bold;
-}
-#navcolumn ul li a {
- text-indent:0px;
- font-size:12px;
- color:#224351;
-}
-#navcolumn li.expanded {
- background-image:url(../images/apache-rampart-menu-button.gif);
- background-repeat:no-repeat;
- background-position:0px 5px;
-}
-#navcolumn ul li ul li a{
- background-image:none;
- text-indent:0px;
- font-size:11px;
- color:#557f95;
- font-size:11px;
-}
-#bodyColumn{
- background-color:#F3F3F3;
- border:1px solid #B4B4B4;
- margin-right:10px;
- margin-left:194px;
- margin-top:10px;
- padding-left:10px;
-}
-.menu-bottom-left{
- background-image:url(../images/apache-rampart-menu-bottom.jpg);
- background-repeat:no-repeat;
- background-position:0px 0px;
- background-color:#e5e5e5;
- width:15px;
- height:13px;
- float:left;
-}
-.menu-bottom-right{
- background-color:#e5e5e5;
- border-bottom:solid 1px #b4b4b4;
- height:13px;
float:right;
- width:164px;
-}
-.content-back1{
- background-image:url(../images/apache-rampart-spliter.jpg);
- background-repeat:no-repeat;
- background-position:0px 0px;
-}
-.content-back2{
- background-image:url(../images/apache-rampart-content-back.jpg);
- background-repeat:repeat-y;
- background-position:0px 0px;
- background-color:#f3f3f3;
- border-bottom:solid 1px #b4b4b4;
- border-right:solid 1px #b4b4b4;
- margin-right:10px;
-}
-.content-display{
- margin-left:32px;
- padding-bottom:10px;
+ height:51px;
+ width:537px;
}
-.poweredBy{
- margin-left:30px;
- margin-top:5px;
+.xright, #bannerRight {
+ text-shadow: none;
}
-.footer{
- color:#929292;
- margin-top:10px;
- margin-left:10px;
-}
-.command {
- border: 1px dashed #3c78b5;
- text-align: left;
- background-color: #f0f0f0;
- padding: 3px;
- font-size: 11px;
- font-family: Courier;
- margin: 10px;
- line-height: 13px;
-}
-.consoleOutput {
- border: 1px dashed #3c78b5;
- font-size: 11px;
- font-family: Courier;
- margin: 10px;
- line-height: 13px;
- background-color: #f0f0f0;
- border-bottom: 1px dashed #3c78b5;
- padding: 3px;
- border-style: solid;
+
+#leftColumn {
+ border: none;
+ background-color: transparent;
+ margin: 1em 0 0 0;
}
-.info {
- border-style: solid;
- border-width: 1px;
- border-color: #090;
- background-color: #dfd;
- text-align:left;
- margin-top: 5px;
- margin-bottom: 5px;
-}
-.data-table{
- font-family:Verdana,Arial,Helvetica,sans-serif;
- font-size:11px;
- border:0px;
- margin:0px;
- border:solid 1px #cdcdcd;
-}
-.data-table th{
- background-color:#eeeeee;
- border-bottom:solid 1px #8d8d8d;
- padding-top:5px;
- padding-left:3px;
- text-align:left;
-}
-.data-table td{
- padding-top:4px;
- padding-left:3px;
- border-bottom:solid 1px #e1e1e1;
-}
-.download-pre {
- font-family:Verdana,Arial,Helvetica,sans-serif;
- font-size:11px;
- font-style:normal;
- margin:0;
- padding-bottom:3px;
- padding-top:3px;
-}
-
-.download-header-pre {
- font-family:Verdana,Arial,Helvetica,sans-serif;
- font-size:12px;
- font-weight:bold;
- margin:0;
- padding-top:3px;
- padding-bottom:3px;
+
+#navcolumn {
+ padding: 0;
+}
+
+#navcolumn h5 {
+ background-color: #e8f4ff;
+ border-left: solid 1px #ff2700;
+ border-bottom: none;
+ font-size: 0.9em;
+ padding: 5px;
+ color: #333333;
+ font-weight: normal;
+}
+
+#navcolumn li {
+ font-size: 0.9em;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+
+#bodyColumn {
+ margin-left: 190px;
+ margin-right: 0;
+}
+
+#contentBox {
+ color: #333333;
+}
+
+#contentBox p, #contentBox td, #contentBox li {
+ font-family: "Trebuchet MS", Verdana, sans-serif;
+ line-height: 1.5em;
+ font-size: 0.94em;
+}
+
+#contentBox p, #contentBox li {
+ text-align: justify;
+}
+
+a:link {
+ color: #039;
+}
+
+a:hover {
+ color: #03c;
+ text-decoration: none;
+}
+
+a.externalLink, a.externalLink:link, a.externalLink:visited, a.externalLink:active, a.externalLink:hover {
+ background: none;
+ padding: 0;
+}
+
+table.bodyTable th {
+ background-color: #6f8aa5;
+}
+
+table.bodyTable tr.a {
+ background-color: #d1dce7;
+}
+
+table.bodyTable tr.b {
+ background-color: #eceef1;
+}
+
+h1 {
+ color: #4f4f4f;
+ font-size: 2.5em;
+ font-weight: normal;
+}
+
+h2 {
+ color: #646b71;
+ font-size: 1.7em;
+ background-color: transparent;
+ border: none;
+ padding: 0;
+ font-weight: normal;
+}
+
+h3 {
+ color: #7d858d;
+ font-weight: bold;
+ font-size: 1.2em;
+ background-color: transparent;
+ border: none;
+ padding: 0;
+}
+
+h4 {
+ color: #333333;
+ font-size: 1em;
+ font-weight: bold;
+ background-color: transparent;
+ border: none;
+ padding: 0;
+}
+
+th {
+ background-color: #f5f5f5;
+ height: 20;
+ paddong: 0px;
+ spacing: 0px;
+}
+
+table {
+ margin: 0;
+ padding: 0;
+ border: solid 0 #dcdcdc;
+}
+
+.header {
+ height: 80px;
+ background-image: url( ../images/doc_header.jpg );
+ background-repeat: no-repeat;
+ background-attachment: scroll;
+ background-position: left top;
+}
+
+pre, div.source {
+ border: 1px dotted;
+ background-color: #e2ecf6;
+ padding: 0.8em;
+ margin: 0;
+ overflow: auto;
+ font-size: 0.9em;
+}
+
+/* Xdoc generates <div class="source"><pre>...</pre></div> for <source> elements.
+ Because we already apply styles to every <pre>, we need to suppress styles here. */
+div.source pre {
+ border: none;
+ background-color: transparent;
+ padding: none;
+}
+#footer{
+ background-color:#E9E9E9;
+ color:#828282;
+ left:0;
+ padding-top:10px;
+ text-indent:10px;
+ width:100%;
+ height:100px;
}
\ No newline at end of file
diff --git a/modules/documentation/src/site/resources/images/apache-rampart-banner.jpg b/modules/documentation/src/site/resources/images/apache-rampart-banner.jpg
index e3b3738..abcd2d1 100644
Binary files a/modules/documentation/src/site/resources/images/apache-rampart-banner.jpg and b/modules/documentation/src/site/resources/images/apache-rampart-banner.jpg differ
diff --git a/modules/documentation/src/site/resources/images/apache-rampart-logo.jpg b/modules/documentation/src/site/resources/images/apache-rampart-logo.jpg
index 7ebc608..5a1d638 100644
Binary files a/modules/documentation/src/site/resources/images/apache-rampart-logo.jpg and b/modules/documentation/src/site/resources/images/apache-rampart-logo.jpg differ
diff --git a/modules/documentation/src/site/resources/images/axis.jpg b/modules/documentation/src/site/resources/images/axis.jpg
new file mode 100644
index 0000000..73371d8
Binary files /dev/null and b/modules/documentation/src/site/resources/images/axis.jpg differ
diff --git a/modules/documentation/src/site/resources/images/axis.png b/modules/documentation/src/site/resources/images/axis.png
new file mode 100644
index 0000000..6d4161f
Binary files /dev/null and b/modules/documentation/src/site/resources/images/axis.png differ
diff --git a/modules/documentation/src/site/resources/images/breadcrumbs-bg.gif b/modules/documentation/src/site/resources/images/breadcrumbs-bg.gif
new file mode 100644
index 0000000..2d10304
Binary files /dev/null and b/modules/documentation/src/site/resources/images/breadcrumbs-bg.gif differ
diff --git a/modules/documentation/src/site/resources/images/h2-bg.gif b/modules/documentation/src/site/resources/images/h2-bg.gif
new file mode 100644
index 0000000..0ddb32e
Binary files /dev/null and b/modules/documentation/src/site/resources/images/h2-bg.gif differ
diff --git a/modules/documentation/src/site/resources/images/home-top.gif b/modules/documentation/src/site/resources/images/home-top.gif
new file mode 100644
index 0000000..4103c66
Binary files /dev/null and b/modules/documentation/src/site/resources/images/home-top.gif differ
diff --git a/modules/documentation/src/site/resources/images/leftcolumn-bg.gif b/modules/documentation/src/site/resources/images/leftcolumn-bg.gif
new file mode 100644
index 0000000..a2faa21
Binary files /dev/null and b/modules/documentation/src/site/resources/images/leftcolumn-bg.gif differ
diff --git a/modules/documentation/src/site/resources/images/menu-back.gif b/modules/documentation/src/site/resources/images/menu-back.gif
new file mode 100644
index 0000000..0bcccda
Binary files /dev/null and b/modules/documentation/src/site/resources/images/menu-back.gif differ
diff --git a/modules/documentation/src/site/resources/rampart-config.xsd b/modules/documentation/src/site/resources/rampart-config.xsd
index ed8dd06..c0e94d4 100644
--- a/modules/documentation/src/site/resources/rampart-config.xsd
+++ b/modules/documentation/src/site/resources/rampart-config.xsd
@@ -20,18 +20,29 @@
<xs:element name="timestampMaxSkew" type="xs:integer" minOccurs="0"/>
<xs:element name="tokenStoreClass" type="xs:string" minOccurs="0"/>
<xs:element name="optimizeParts" type="xs:string" minOccurs="0"/>
- <xs:element name="sslConfig" type="ssl" minOccurs="0"/>
+ <xs:element name="sslConfig" type="ramp:ssl" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:complexType name="crypto">
- <xs:annotation>
- <xs:documentation>http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/components/crypto/Crypto.html</xs:documentation>
- </xs:annotation>
- <xs:sequence maxOccurs="unbounded">
- <xs:element name="property" type="xs:string"/>
- </xs:sequence>
- <xs:attribute name="provider"/>
+ <xs:sequence maxOccurs="1">
+ <xs:element name="crypto">
+ <xs:complexType>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="property">
+ <xs:complexType>
+ <xs:simpleContent>
+ <xs:extension base="xs:string">
+ <xs:attribute name="name" type="xs:string" use="required"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ <xs:attribute name="provider" type="xs:string" use="required"/>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
</xs:complexType>
<xs:complexType name="ssl">
<xs:sequence maxOccurs="unbounded">
diff --git a/modules/documentation/src/site/resources/samples/policy/sample01.xml b/modules/documentation/src/site/resources/samples/policy/sample01.xml
index c4df639..5a4190a 100644
--- a/modules/documentation/src/site/resources/samples/policy/sample01.xml
+++ b/modules/documentation/src/site/resources/samples/policy/sample01.xml
@@ -11,7 +11,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/documentation/src/site/resources/samples/policy/sample05.xml b/modules/documentation/src/site/resources/samples/policy/sample05.xml
index d16bca6..218d297 100644
--- a/modules/documentation/src/site/resources/samples/policy/sample05.xml
+++ b/modules/documentation/src/site/resources/samples/policy/sample05.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/documentation/src/site/resources/samples/policy/sample06.xml b/modules/documentation/src/site/resources/samples/policy/sample06.xml
index bccbfe6..04453b4 100644
--- a/modules/documentation/src/site/resources/samples/policy/sample06.xml
+++ b/modules/documentation/src/site/resources/samples/policy/sample06.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/documentation/src/site/site.xml b/modules/documentation/src/site/site.xml
index 3731d60..dce5c7d 100644
--- a/modules/documentation/src/site/site.xml
+++ b/modules/documentation/src/site/site.xml
@@ -40,41 +40,40 @@
<body>
<links>
- <item name="WebServices" href="http://ws.apache.org/"/>
- <item name="Axis2/Java" href="http://ws.apache.org/axis2" />
+ <item name="Apache Axis2/Java" href="http://axis.apache.org/axis2/java/core/" />
</links>
<menu name="Apache Rampart">
- <item name="Home" href="index.html" />
- <item name="Downloads">
- <item name="Releases" href="download.html"/>
- <item name="Source Code" href="source-repository.html"/>
- </item>
- <item name="Documentation">
- <item name="Getting Started" href="quick-start.html"/>
- <item name="Samples" href="samples.html"/>
- <item name="FAQ" href="http://wiki.apache.org/ws/FrontPage/Rampart/FAQ"/>
- <item name="Rampart Configuration" href="rampartconfig-guide.html"/>
- <item name="STS Configuration" href="setting-up-sts.html"/>
- <item name="Developer Guide" href="developer-guide.html"/>
- <item name="Build the Site" href="siteHowTo.html" />
- </item>
- <item name="Resources">
- <item name="Articles" href="articles.html" />
- <item name="Specifications" href="specifications.html"/>
- <item name="Online Javadocs" href="apidocs/index.html"/>
+ <item name="Home" href="index.html" />
+ <item name="Downloads">
+ <item name="Releases" href="download.html"/>
+ <item name="Source Code" href="svn.html"/>
</item>
- <item name="Project Information">
- <item name="Project Team" href="team-list.html" />
- <item name="Issue Tracking" href="http://issues.apache.org/jira/browse/Rampart" />
- <item name="Mailing Lists" href="mail-lists.html"/>
- <item name="Source Code"
- href="http://svn.apache.org/viewcvs.cgi/webservices/rampart/trunk/?root=Apache-SVN" />
- <item name="Dependencies" href="dependencies.html"/>
- <item name="License"
- href="http://www.apache.org/licenses/LICENSE-2.0.html" />
- </item>
- </menu>
+ </menu>
+ <menu name="Documentation">
+ <item name="Getting Started" href="quick-start.html"/>
+ <item name="Samples" href="samples.html"/>
+ <item name="FAQ" href="http://wiki.apache.org/ws/FrontPage/Rampart/FAQ"/>
+ <item name="Rampart Configuration" href="rampartconfig-guide.html"/>
+ <item name="STS Configuration" href="setting-up-sts.html"/>
+ <item name="Developer Guide" href="developer-guide.html"/>
+ <item name="Build the Site" href="siteHowTo.html" />
+ </menu>
+ <menu name="Resources">
+ <item name="Articles" href="articles.html" />
+ <item name="Specifications" href="specifications.html"/>
+ <item name="Online Javadocs" href="apidocs/index.html"/>
+ </menu>
+ <menu name="Project Information">
+ <item name="Project Team" href="team-list.html" />
+ <item name="Issue Tracking" href="http://issues.apache.org/jira/browse/Rampart" />
+ <item name="Mailing Lists" href="mail-lists.html"/>
+ <item name="Source Code"
+ href="http://svn.apache.org/viewvc/axis/axis2/java/rampart/" />
+ <item name="Dependencies" href="dependencies.html"/>
+ <item name="License"
+ href="http://www.apache.org/licenses/LICENSE-2.0.html" />
+ </menu>
</body>
</project>
diff --git a/modules/documentation/src/site/xdoc/download.xml b/modules/documentation/src/site/xdoc/download.xml
index 823016f..3ed1a48 100644
--- a/modules/documentation/src/site/xdoc/download.xml
+++ b/modules/documentation/src/site/xdoc/download.xml
@@ -19,63 +19,81 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
- <body>
- <h1>Download Apache Rampart module</h1>
- <h2>Apache Rampart Releases</h2>
- <p>This page provides links to the release versions of Apache Rampart Java.</p>
- <table border="1" style="border-collapse: collapse" width="93%" id="table1">
- <tbody>
- <tr>
- <th>Version</th>
- <th>Date</th>
- <th>Description</th>
- </tr>
- <tr>
+ <body>
+ <h1>Download Apache Rampart Module</h1>
+ <h2>Apache Rampart Releases</h2>
+ <p>This page provides links to the release versions of Apache Rampart Java.</p>
+ <table border="1" style="border-collapse: collapse" width="93%" id="table1">
+ <tbody>
+ <tr>
+ <th>Version</th>
+ <th>Date</th>
+ <th>Description</th>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.5.1/download.cgi">
+ <strong>1.5.1</strong>
+ </a>
+ </td>
+ <td></td>
+ <td>1.5.1 Release (Mirrored)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.5/download.cgi">
+ <strong>1.5</strong>
+ </a>
+ </td>
+ <td>01 Feb 2010</td>
+ <td>1.5 Release (Archived)</td>
+ </tr>
+ <tr>
<td>
<a href="download/1.4/download.cgi">
<strong>1.4</strong>
</a>
</td>
- <td></td>
- <td>1.4 Release (Mirrored)</td>
+ <td>12 Jun 2008</td>
+ <td>1.4 Release (Archived)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.3/download.cgi">
+ <strong>1.3</strong>
+ </a>
+ </td>
+ <td>06 Sep 2007</td>
+ <td>1.3 Release (Archived)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.2/download.cgi">
+ <strong>1.2</strong>
+ </a>
+ </td>
+ <td>02 Jun 2007</td>
+ <td>1.2 Release (Archived)</td>
+ </tr>
+ <tr>
+ <td>
+ <a href="download/1.1/download.cgi">
+ <strong>1.1</strong>
+ </a>
+ </td>
+ <td>11 Dec 2006</td>
+ <td>1.1 Release (Archived)</td>
</tr>
- <tr>
- <td>
- <a href="download/1.3/download.cgi">
- <strong>1.3</strong>
- </a>
- </td>
- <td></td>
- <td>1.3 Release (Mirrored)</td>
- </tr>
- <tr>
- <td>
- <a href="download/1.2/download.cgi">
- <strong>1.2</strong>
- </a>
- </td>
- <td></td>
- <td>1.2 Release (Mirrored)</td>
- </tr>
- <tr>
- <td>
- <a href="download/1.1/download.cgi">
- <strong>1.1</strong>
- </a>
- </td>
- <td></td>
- <td>1.1 Release (Mirrored)</td>
- </tr>
- </tbody>
- </table>
- <p>
- <strong>Apache Rampart Distributions : <a href="http://people.apache.org/~ruchithf/rampart/SNAPSHOT">Nightly builds</a>
- </strong>
- </p>
- <p>
- <strong>Maven Repository: <a href="http://people.apache.org/repo/m2-ibiblio-rsync-repository/">Released Apache Rampart jars</a> | <a href="http://people.apache.org/repo/m2-snapshot-repository/">Nightly SNAPSHOT</a>
- <a href=""></a>
- </strong>
- </p>
- </body>
+ </tbody>
+ </table>
+ <p>
+ <strong>Apache Rampart Distributions : <a href="http://people.apache.org/~ruchithf/rampart/SNAPSHOT">Nightly builds</a>
+ </strong>
+ </p>
+ <p>
+ <strong>Maven Repository: <a href="http://people.apache.org/repo/m2-ibiblio-rsync-repository/">Released Apache Rampart jars</a> | <a href="http://people.apache.org/repo/m2-snapshot-repository/">Nightly SNAPSHOT</a>
+ <a href=""></a>
+ </strong>
+ </p>
+ </body>
</html>
diff --git a/modules/documentation/src/site/xdoc/download/1.1/download.xml b/modules/documentation/src/site/xdoc/download/1.1/download.xml
index 73113dc..b8ce317 100644
--- a/modules/documentation/src/site/xdoc/download/1.1/download.xml
+++ b/modules/documentation/src/site/xdoc/download/1.1/download.xml
@@ -51,75 +51,47 @@ urchinTracker();
Distribution</strong></td>
<td>This is the complete version of Apache Rampart and will contain samples
as well.</td>
-<td><a href="[preferred]/ws/rampart/1_1/rampart-1.1.zip" title=
-"[preferred]/ws/rampart/1_1/rampart-1.1.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.1.zip');">zip</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.md5"
-title="http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.md5">MD5</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.asc"
-title="http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.asc">PGP</a></td>
+<a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.md5"
+title="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.asc"
+title="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1.zip.asc">PGP</a></td>
</tr>
<tr>
<td><a name="src" id="src"></a> <strong>Source
Distribution</strong></td>
<td>This will contain the sources of Apache Rampart distribution.</td>
-<td><a href="[preferred]/ws/rampart/1_1/rampart-1.1-src.zip" title=
-"[preferred]/ws/rampart/1_1/rampart-1.1-src.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.1-src.zip');">zip</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.md5"
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.md5"
title=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.md5">MD5</a>
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.md5">MD5</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.asc"
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.asc"
title=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-src.zip.asc">PGP</a></td>
</tr>
<tr>
<td><strong>Documents Distribution</strong></td>
<td>This will contain all the documentation in one package.</td>
-<td><a href="[preferred]/ws/rampart/1_1/rampart-1.1-docs.zip" title=
-"[preferred]/ws/rampart/1_1/rampart-1.1-docs.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.1-docs.zip');">zip</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.md5"
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.md5"
title=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.md5">MD5</a>
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.md5">MD5</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.asc"
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.asc"
title=
-"http://www.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/ws/rampart/1_1/rampart-1.1-docs.zip.asc">PGP</a></td>
</tr>
</tbody>
</table>
</div>
-<div align="left"><br />
-<p>[if-any logo] <a href="[link]"><img align="right" src="[logo]"
-border="0" /></a>[end] The currently selected mirror is
-<b>[preferred]</b>. If you encounter a problem with this mirror,
-please select another mirror. If all mirrors are failing, there are
-<i>backup</i> mirrors (at the end of the mirrors list) that should
-be available.</p>
-<form action="[location]" method="get" id="SelectMirror" name=
-"SelectMirror">Other mirrors: <select name="Preferred">
-<option value="[http]" selected="selected">[http]</option>
-<option value="[ftp]">[ftp]</option>
-<option value="[backup]">[backup] (backup)</option>
-</select> <input type="submit" value="Change" /></form>
-<p>You may also consult the <a href=
-"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
-<p><strong>Note:</strong> when downloading from a mirror please
-check the <a href=
-"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
-verify the <a href=
-"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
-compatible signature from the main Apache site. These can be
-downloaded by following the links above. This <a href=
-"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
-the public keys that can be used for verifying signatures. It is
-recommended that (when possible)a <a href=
-"http://www.apache.org/dev/release-signing#web-of-trust">Web of
-trust</a> is used to confirm the identity of these keys.</p>
-</div>
</body>
</html>
diff --git a/modules/documentation/src/site/xdoc/download/1.2/download.xml b/modules/documentation/src/site/xdoc/download/1.2/download.xml
index 3919f15..70822ce 100644
--- a/modules/documentation/src/site/xdoc/download/1.2/download.xml
+++ b/modules/documentation/src/site/xdoc/download/1.2/download.xml
@@ -51,75 +51,47 @@ urchinTracker();
Distribution</strong></td>
<td>This is the complete version of Apache Rampart and will contain samples
as well.</td>
-<td><a href="[preferred]/ws/rampart/1_2/rampart-1.2.zip" title=
-"[preferred]/ws/rampart/1_2/rampart-1.2.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.2.zip');">zip</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5"
-title="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5">MD5</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc"
-title="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc">PGP</a></td>
+<a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5"
+title="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc"
+title="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc">PGP</a></td>
</tr>
<tr>
<td><a name="src" id="src"></a> <strong>Source
Distribution</strong></td>
<td>This will contain the sources of Apache Rampart distribution.</td>
-<td><a href="[preferred]/ws/rampart/1_2/rampart-1.2-src.zip" title=
-"[preferred]/ws/rampart/1_2/rampart-1.2-src.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.2-src.zip');">zip</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5"
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5"
title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5">MD5</a>
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5">MD5</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc"
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc"
title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc">PGP</a></td>
</tr>
<tr>
<td><strong>Documents Distribution</strong></td>
<td>This will contain all the documentation in one package.</td>
-<td><a href="[preferred]/ws/rampart/1_2/rampart-1.2-docs.zip" title=
-"[preferred]/ws/rampart/1_2/rampart-1.2-docs.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.2-docs.zip');">zip</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5"
+"hhttp://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5"
title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5">MD5</a>
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5">MD5</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc"
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc"
title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc">PGP</a></td>
</tr>
</tbody>
</table>
</div>
-<div align="left"><br />
-<p>[if-any logo] <a href="[link]"><img align="right" src="[logo]"
-border="0" /></a>[end] The currently selected mirror is
-<b>[preferred]</b>. If you encounter a problem with this mirror,
-please select another mirror. If all mirrors are failing, there are
-<i>backup</i> mirrors (at the end of the mirrors list) that should
-be available.</p>
-<form action="[location]" method="get" id="SelectMirror" name=
-"SelectMirror">Other mirrors: <select name="Preferred">
-<option value="[http]" selected="selected">[http]</option>
-<option value="[ftp]">[ftp]</option>
-<option value="[backup]">[backup] (backup)</option>
-</select> <input type="submit" value="Change" /></form>
-<p>You may also consult the <a href=
-"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
-<p><strong>Note:</strong> when downloading from a mirror please
-check the <a href=
-"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
-verify the <a href=
-"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
-compatible signature from the main Apache site. These can be
-downloaded by following the links above. This <a href=
-"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
-the public keys that can be used for verifying signatures. It is
-recommended that (when possible)a <a href=
-"http://www.apache.org/dev/release-signing#web-of-trust">Web of
-trust</a> is used to confirm the identity of these keys.</p>
-</div>
</body>
</html>
diff --git a/modules/documentation/src/site/xdoc/download/1.3/download.xml b/modules/documentation/src/site/xdoc/download/1.3/download.xml
index b06fe22..50dde84 100644
--- a/modules/documentation/src/site/xdoc/download/1.3/download.xml
+++ b/modules/documentation/src/site/xdoc/download/1.3/download.xml
@@ -51,75 +51,47 @@ urchinTracker();
Distribution</strong></td>
<td>This is the complete version of Apache Rampart and will contain samples
as well.</td>
-<td><a href="[preferred]/ws/rampart/1_3/rampart-1.3.zip" title=
-"[preferred]/ws/rampart/1_3/rampart-1.3.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.3.zip');">zip</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.md5"
-title="http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.md5">MD5</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.asc"
-title="http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.asc">PGP</a></td>
+<a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.md5"
+title="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.asc"
+title="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3.zip.asc">PGP</a></td>
</tr>
<tr>
<td><a name="src" id="src"></a> <strong>Source
Distribution</strong></td>
<td>This will contain the sources of Apache Rampart distribution.</td>
-<td><a href="[preferred]/ws/rampart/1_3/rampart-1.3-src.zip" title=
-"[preferred]/ws/rampart/1_3/rampart-1.3-src.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.3-src.zip');">zip</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.md5"
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.md5"
title=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.md5">MD5</a>
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.md5">MD5</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.asc"
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.asc"
title=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-src.zip.asc">PGP</a></td>
</tr>
<tr>
<td><strong>Documents Distribution</strong></td>
<td>This will contain all the documentation in one package.</td>
-<td><a href="[preferred]/ws/rampart/1_3/rampart-1.3-docs.zip" title=
-"[preferred]/ws/rampart/1_3/rampart-1.3-docs.zip" onClick=
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip" onClick=
"javascript:urchinTracker ('/downloads/rampart-1.3-docs.zip');">zip</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.md5"
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.md5"
title=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.md5">MD5</a>
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.md5">MD5</a>
<a href=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.asc"
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.asc"
title=
-"http://www.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.asc">PGP</a></td>
+"http://archive.apache.org/dist/ws/rampart/1_3/rampart-1.3-docs.zip.asc">PGP</a></td>
</tr>
</tbody>
</table>
</div>
-<div align="left"><br />
-<p>[if-any logo] <a href="[link]"><img align="right" src="[logo]"
-border="0" /></a>[end] The currently selected mirror is
-<b>[preferred]</b>. If you encounter a problem with this mirror,
-please select another mirror. If all mirrors are failing, there are
-<i>backup</i> mirrors (at the end of the mirrors list) that should
-be available.</p>
-<form action="[location]" method="get" id="SelectMirror" name=
-"SelectMirror">Other mirrors: <select name="Preferred">
-<option value="[http]" selected="selected">[http]</option>
-<option value="[ftp]">[ftp]</option>
-<option value="[backup]">[backup] (backup)</option>
-</select> <input type="submit" value="Change" /></form>
-<p>You may also consult the <a href=
-"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
-<p><strong>Note:</strong> when downloading from a mirror please
-check the <a href=
-"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
-verify the <a href=
-"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
-compatible signature from the main Apache site. These can be
-downloaded by following the links above. This <a href=
-"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
-the public keys that can be used for verifying signatures. It is
-recommended that (when possible)a <a href=
-"http://www.apache.org/dev/release-signing#web-of-trust">Web of
-trust</a> is used to confirm the identity of these keys.</p>
-</div>
</body>
</html>
diff --git a/modules/documentation/src/site/xdoc/download/1.4/download.cgi b/modules/documentation/src/site/xdoc/download/1.4/download.cgi
new file mode 100644
index 0000000..8bdb438
--- /dev/null
+++ b/modules/documentation/src/site/xdoc/download/1.4/download.cgi
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Wrapper script around mirrors.cgi script
+# (we must change to that directory in order for python to pick up the
+# python includes correctly)
+cd /www/www.apache.org/dyn/mirrors
+/www/www.apache.org/dyn/mirrors/mirrors.cgi $*
\ No newline at end of file
diff --git a/modules/documentation/src/site/xdoc/download/1.4/download.xml b/modules/documentation/src/site/xdoc/download/1.4/download.xml
new file mode 100644
index 0000000..ca564c0
--- /dev/null
+++ b/modules/documentation/src/site/xdoc/download/1.4/download.xml
@@ -0,0 +1,82 @@
+<!--
+~ Licensed to the Apache Software Foundation (ASF) under one
+~ or more contributor license agreements. See the NOTICE file
+~ distributed with this work for additional information
+~ regarding copyright ownership. The ASF licenses this file
+~ to you under the Apache License, Version 2.0 (the
+~ "License"); you may not use this file except in compliance
+~ with the License. You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing,
+~ software distributed under the License is distributed on an
+~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~ KIND, either express or implied. See the License for the
+~ specific language governing permissions and limitations
+~ under the License.
+-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content=
+"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
+<meta http-equiv="content-type" content="" />
+<title>Apache Rampart 1.4 Release</title>
+</head>
+<body>
+<!--Google Anayitcs tracking code-->
+<script type="text/javascript" src=
+"http://www.google-analytics.com/urchin.js">
+</script><script type="text/javascript">
+//<![CDATA[
+_uacct = "UA-1954378-3";
+urchinTracker();
+//]]>
+</script>
+<!--End of Google Anayitcs tracking code-->
+<h2>Apache Rampart 1.4 Release</h2>
+<div>
+<table border="1" cellpadding="1">
+<tbody>
+<tr>
+<th scope="col">Distribution Name</th>
+<th scope="col">Description</th>
+<!--<th scope="col">Items</th>-->
+<th scope="col">Download</th>
+</tr>
+<tr>
+<td><a name="std-bin" id="std-bin"></a><strong>Standard Binary
+Distribution</strong></td>
+<td>This is the complete version of Apache Rampart and will contain samples
+as well.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.4.zip');">zip</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip.md5"
+title="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip.asc"
+title="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-bin.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><a name="src" id="src"></a> <strong>Source
+Distribution</strong></td>
+<td>This will contain the sources of Apache Rampart distribution.</td>
+<td><a href="http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip" title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-dist-1.4-src.zip');">zip</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.md5"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.md5">MD5</a>
+<a href=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.asc"
+title=
+"http://archive.apache.org/dist/ws/rampart/1_4/rampart-dist-1.4-src.zip.asc">PGP</a></td>
+</tr>
+</tbody>
+</table>
+</div>
+</body>
+</html>
diff --git a/modules/documentation/src/site/xdoc/download/1.5.1/download.cgi b/modules/documentation/src/site/xdoc/download/1.5.1/download.cgi
new file mode 100644
index 0000000..8bdb438
--- /dev/null
+++ b/modules/documentation/src/site/xdoc/download/1.5.1/download.cgi
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Wrapper script around mirrors.cgi script
+# (we must change to that directory in order for python to pick up the
+# python includes correctly)
+cd /www/www.apache.org/dyn/mirrors
+/www/www.apache.org/dyn/mirrors/mirrors.cgi $*
\ No newline at end of file
diff --git a/modules/documentation/src/site/xdoc/download/1.2/download.xml b/modules/documentation/src/site/xdoc/download/1.5.1/download.xml
similarity index 65%
copy from modules/documentation/src/site/xdoc/download/1.2/download.xml
copy to modules/documentation/src/site/xdoc/download/1.5.1/download.xml
index 3919f15..aae2539 100644
--- a/modules/documentation/src/site/xdoc/download/1.2/download.xml
+++ b/modules/documentation/src/site/xdoc/download/1.5.1/download.xml
@@ -1,125 +1,110 @@
-<!--
-~ Licensed to the Apache Software Foundation (ASF) under one
-~ or more contributor license agreements. See the NOTICE file
-~ distributed with this work for additional information
-~ regarding copyright ownership. The ASF licenses this file
-~ to you under the Apache License, Version 2.0 (the
-~ "License"); you may not use this file except in compliance
-~ with the License. You may obtain a copy of the License at
-~
-~ http://www.apache.org/licenses/LICENSE-2.0
-~
-~ Unless required by applicable law or agreed to in writing,
-~ software distributed under the License is distributed on an
-~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-~ KIND, either express or implied. See the License for the
-~ specific language governing permissions and limitations
-~ under the License.
--->
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta name="generator" content=
-"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
-<meta http-equiv="content-type" content="" />
-<title>Apache Rampart 1.2 Release</title>
-</head>
-<body>
-<!--Google Anayitcs tracking code-->
-<script type="text/javascript" src=
-"http://www.google-analytics.com/urchin.js">
-</script><script type="text/javascript">
-//<![CDATA[
-_uacct = "UA-1954378-3";
-urchinTracker();
-//]]>
-</script>
-<!--End of Google Anayitcs tracking code-->
-<h2>Apache Rampart 1.2 Release</h2>
-<div>
-<table border="1" cellpadding="1">
-<tbody>
-<tr>
-<th scope="col">Distribution Name</th>
-<th scope="col">Description</th>
-<!--<th scope="col">Items</th>-->
-<th scope="col">Download</th>
-</tr>
-<tr>
-<td><a name="std-bin" id="std-bin"></a><strong>Standard Binary
-Distribution</strong></td>
-<td>This is the complete version of Apache Rampart and will contain samples
-as well.</td>
-<td><a href="[preferred]/ws/rampart/1_2/rampart-1.2.zip" title=
-"[preferred]/ws/rampart/1_2/rampart-1.2.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.2.zip');">zip</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5"
-title="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.md5">MD5</a>
-<a href="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc"
-title="http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2.zip.asc">PGP</a></td>
-</tr>
-<tr>
-<td><a name="src" id="src"></a> <strong>Source
-Distribution</strong></td>
-<td>This will contain the sources of Apache Rampart distribution.</td>
-<td><a href="[preferred]/ws/rampart/1_2/rampart-1.2-src.zip" title=
-"[preferred]/ws/rampart/1_2/rampart-1.2-src.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.2-src.zip');">zip</a>
-<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5"
-title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.md5">MD5</a>
-<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc"
-title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-src.zip.asc">PGP</a></td>
-</tr>
-<tr>
-<td><strong>Documents Distribution</strong></td>
-<td>This will contain all the documentation in one package.</td>
-<td><a href="[preferred]/ws/rampart/1_2/rampart-1.2-docs.zip" title=
-"[preferred]/ws/rampart/1_2/rampart-1.2-docs.zip" onClick=
-"javascript:urchinTracker ('/downloads/rampart-1.2-docs.zip');">zip</a>
-<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5"
-title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.md5">MD5</a>
-<a href=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc"
-title=
-"http://www.apache.org/dist/ws/rampart/1_2/rampart-1.2-docs.zip.asc">PGP</a></td>
-</tr>
-</tbody>
-</table>
-</div>
-<div align="left"><br />
-<p>[if-any logo] <a href="[link]"><img align="right" src="[logo]"
-border="0" /></a>[end] The currently selected mirror is
-<b>[preferred]</b>. If you encounter a problem with this mirror,
-please select another mirror. If all mirrors are failing, there are
-<i>backup</i> mirrors (at the end of the mirrors list) that should
-be available.</p>
-<form action="[location]" method="get" id="SelectMirror" name=
-"SelectMirror">Other mirrors: <select name="Preferred">
-<option value="[http]" selected="selected">[http]</option>
-<option value="[ftp]">[ftp]</option>
-<option value="[backup]">[backup] (backup)</option>
-</select> <input type="submit" value="Change" /></form>
-<p>You may also consult the <a href=
-"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
-<p><strong>Note:</strong> when downloading from a mirror please
-check the <a href=
-"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
-verify the <a href=
-"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
-compatible signature from the main Apache site. These can be
-downloaded by following the links above. This <a href=
-"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
-the public keys that can be used for verifying signatures. It is
-recommended that (when possible)a <a href=
-"http://www.apache.org/dev/release-signing#web-of-trust">Web of
-trust</a> is used to confirm the identity of these keys.</p>
-</div>
-</body>
-</html>
+<!--
+~ Licensed to the Apache Software Foundation (ASF) under one
+~ or more contributor license agreements. See the NOTICE file
+~ distributed with this work for additional information
+~ regarding copyright ownership. The ASF licenses this file
+~ to you under the Apache License, Version 2.0 (the
+~ "License"); you may not use this file except in compliance
+~ with the License. You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing,
+~ software distributed under the License is distributed on an
+~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~ KIND, either express or implied. See the License for the
+~ specific language governing permissions and limitations
+~ under the License.
+-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content=
+"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
+<meta http-equiv="content-type" content="" />
+<title>Apache Rampart 1.5.1 Release</title>
+</head>
+<body>
+<!--Google Anayitcs tracking code-->
+<script type="text/javascript" src=
+"http://www.google-analytics.com/urchin.js">
+</script><script type="text/javascript">
+//<![CDATA[
+_uacct = "UA-1954378-3";
+urchinTracker();
+//]]>
+</script>
+<!--End of Google Anayitcs tracking code-->
+<h2>Apache Rampart 1.5.1 Release</h2>
+<div>
+<table border="1" cellpadding="1">
+<tbody>
+<tr>
+<th scope="col">Distribution Name</th>
+<th scope="col">Description</th>
+<!--<th scope="col">Items</th>-->
+<th scope="col">Download</th>
+</tr>
+<tr>
+<td><a name="std-bin" id="std-bin"></a><strong>Standard Binary
+Distribution</strong></td>
+<td>This is the complete version of Apache Rampart and will contain samples
+as well.</td>
+<td><a href="[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip" title=
+ "[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.5.1.zip');">zip</a>
+<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.md5"
+ title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.md5">MD5</a>
+<a href="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.asc"
+ title="http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><a name="src" id="src"></a> <strong>Source
+Distribution</strong></td>
+<td>This will contain the sources of Apache Rampart distribution.</td>
+<td><a href="[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip" title=
+ "[preferred]/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.5.1-src.zip');">zip</a>
+<a href=
+ "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.md5"
+title=
+"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.md5">MD5</a>
+<a href=
+ "http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.asc"
+title=
+"http://www.apache.org/dist/axis/axis2/java/rampart/1.5.1/rampart-1.5.1-src.zip.asc">PGP</a></td>
+</tr>
+</tbody>
+</table>
+</div>
+<div align="left"><br />
+<p>[if-any logo] <a href="[link]"><img align="right" src="[logo]"
+border="0" /></a>[end] The currently selected mirror is
+<b>[preferred]</b>. If you encounter a problem with this mirror,
+please select another mirror. If all mirrors are failing, there are
+<i>backup</i> mirrors (at the end of the mirrors list) that should
+be available.</p>
+<form action="[location]" method="get" id="SelectMirror" name=
+"SelectMirror">Other mirrors: <select name="Preferred">
+<option value="[http]" selected="selected">[http]</option>
+<option value="[ftp]">[ftp]</option>
+<option value="[backup]">[backup] (backup)</option>
+</select> <input type="submit" value="Change" /></form>
+<p>You may also consult the <a href=
+"http://www.apache.org/mirrors/">complete list of mirrors</a>.</p>
+<p><strong>Note:</strong> when downloading from a mirror please
+check the <a href=
+"http://www.apache.org/dev/release-signing#md5">md5sum</a> and
+verify the <a href=
+"http://www.apache.org/dev/release-signing#openpgp">OpenPGP</a>
+compatible signature from the main Apache site. These can be
+downloaded by following the links above. This <a href=
+"http://www.apache.org/dist/ws/axis2/KEYS">KEYS</a> file contains
+the public keys that can be used for verifying signatures. It is
+recommended that (when possible)a <a href=
+"http://www.apache.org/dev/release-signing#web-of-trust">Web of
+trust</a> is used to confirm the identity of these keys.</p>
+</div>
+</body>
+</html>
diff --git a/modules/documentation/src/site/xdoc/download/1.5/download.cgi b/modules/documentation/src/site/xdoc/download/1.5/download.cgi
new file mode 100644
index 0000000..8bdb438
--- /dev/null
+++ b/modules/documentation/src/site/xdoc/download/1.5/download.cgi
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Wrapper script around mirrors.cgi script
+# (we must change to that directory in order for python to pick up the
+# python includes correctly)
+cd /www/www.apache.org/dyn/mirrors
+/www/www.apache.org/dyn/mirrors/mirrors.cgi $*
\ No newline at end of file
diff --git a/modules/documentation/src/site/xdoc/download/1.5/download.xml b/modules/documentation/src/site/xdoc/download/1.5/download.xml
new file mode 100644
index 0000000..89f6c90
--- /dev/null
+++ b/modules/documentation/src/site/xdoc/download/1.5/download.xml
@@ -0,0 +1,82 @@
+<!--
+~ Licensed to the Apache Software Foundation (ASF) under one
+~ or more contributor license agreements. See the NOTICE file
+~ distributed with this work for additional information
+~ regarding copyright ownership. The ASF licenses this file
+~ to you under the Apache License, Version 2.0 (the
+~ "License"); you may not use this file except in compliance
+~ with the License. You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing,
+~ software distributed under the License is distributed on an
+~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+~ KIND, either express or implied. See the License for the
+~ specific language governing permissions and limitations
+~ under the License.
+-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta name="generator" content=
+"HTML Tidy for Windows (vers 14 June 2007), see www.w3.org" />
+<meta http-equiv="content-type" content="" />
+<title>Apache Rampart 1.5 Release</title>
+</head>
+<body>
+<!--Google Anayitcs tracking code-->
+<script type="text/javascript" src=
+"http://www.google-analytics.com/urchin.js">
+</script><script type="text/javascript">
+//<![CDATA[
+_uacct = "UA-1954378-3";
+urchinTracker();
+//]]>
+</script>
+<!--End of Google Anayitcs tracking code-->
+<h2>Apache Rampart 1.5 Release</h2>
+<div>
+<table border="1" cellpadding="1">
+<tbody>
+<tr>
+<th scope="col">Distribution Name</th>
+<th scope="col">Description</th>
+<!--<th scope="col">Items</th>-->
+<th scope="col">Download</th>
+</tr>
+<tr>
+<td><a name="std-bin" id="std-bin"></a><strong>Standard Binary
+Distribution</strong></td>
+<td>This is the complete version of Apache Rampart and will contain samples
+as well.</td>
+<td><a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-bin.zip" title=
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-bin.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-1.5.zip');">zip</a>
+<a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-bin.zip.md5"
+title="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-bin.zip.md5">MD5</a>
+<a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-bin.zip.asc"
+title="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-bin.zip.asc">PGP</a></td>
+</tr>
+<tr>
+<td><a name="src" id="src"></a> <strong>Source
+Distribution</strong></td>
+<td>This will contain the sources of Apache Rampart distribution.</td>
+<td><a href="http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-src.zip" title=
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-src.zip" onClick=
+"javascript:urchinTracker ('/downloads/rampart-dist-1.5-src.zip');">zip</a>
+<a href=
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-src.zip.md5"
+title=
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-src.zip.md5">MD5</a>
+<a href=
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-src.zip.asc"
+title=
+"http://archive.apache.org/dist/axis/axis2/java/rampart/1.5/rampart-dist-1.5-src.zip.asc">PGP</a></td>
+</tr>
+</tbody>
+</table>
+</div>
+</body>
+</html>
diff --git a/modules/documentation/src/site/xdoc/rampartconfig-guide.xml b/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
index 3dccfb6..1536bae 100644
--- a/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
+++ b/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
@@ -43,14 +43,14 @@
</td></tr>
<tr class="b"><td>encryptionCypto</td><td>properties to needed perform signature, such as crypto
provider, keystore and its password</td><td>
-<pre>
+<pre>
<encryptionCypto>
....crypto element ......
</encryptionCypto>
</pre></td></tr>
<tr class="a"><td>decryptionCrypto</td><td>properties to needed perform signature, such as crypto
provider, keystore and its password</td><td>
-<pre>
+<pre>
<decryptionCrypto>
....crypto element ......
</decryptionCrypto></pre></td></tr>
@@ -67,10 +67,66 @@
the org.apache.ws.security.components.crypto.Crypto interface to provide the
crypto information required by WSS4J. The other properties defined are the
configuration properties used by the implementation class
-(org.apache.ws.security.components.crypto.Merlin).
+(org.apache.ws.security.components.crypto.Merlin).
<br></br>
-<a name="ref"></a><a name="references"></a></p>
-<a name="References"></a>
-<h3>References</h3>1. <a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a>
+ <a name="ref"></a>
+ <a name="references"></a>
+ </p>
+ <a name="References"></a>
+ <h3>Crypto Caching</h3>
+ <p>Enabling caching of crypto objects will improve the performance of security processing.
+ After
+ enabling crypto caching, the crypto objects will be read from a cache instead of
+ constructing them by reading the keystore files.
+ </p>
+ <p>To enable caching of Crypto objects, two attributes should be added to the crypto elements
+ of signatureCrypto/encryptionCrypto of RampartConfig.
+ </p>
+ <ol>
+ <li xmlns="http://www.w3.org/1999/xhtml" xml:space="preserve">
+ <b>cryptoKey</b> - <p>As the value of this attribute, specify the property of a Crypto
+ implementation which points to the location of the keystore. For example in
+ Merlin, the
+ property "org.apache.ws.security.crypto.merlin.file" is unique and its pointing to
+ the
+ location of the keystore. Absence of this attribute will not enable caching.</p>
+ </li>
+ <li xmlns="http://www.w3.org/1999/xhtml" xml:space="preserve">
+ <b>cacheRefreshInterval</b> - <p>This is the cache refresh interval specified in
+ milliseconds. Any
+ object that resides in the cache longer than this period will be considered as
+ expired.
+ Cache will not be refreshed if this attribute is not present in the configuration.
+ If you
+ do not want to refresh the cache, provide only the "cryptoKey" attribute.</p>
+ </li>
+ </ol>
+ <p>
+ A sample configuration is provided below. It uses the Merlin crypto implementation for
+ signing and encryption. Here, the value of the cryptoKey attribute is eqaul to
+ "org.apache.ws.security.crypto.merlin.file" and the cache refresh interval is 300000
+ milliseconds.
+ </p>
+ <pre xmlns="http://www.w3.org/1999/xhtml" xml:space="preserve">
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" cryptoKey="org.apache.ws.security.crypto.merlin.file" cacheRefreshInterval="300000">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">servicePW</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" cryptoKey="org.apache.ws.security.crypto.merlin.file" cacheRefreshInterval="300000>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </pre>
+ <br></br>
+ <h3>References</h3>1.
+ <a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a>
</body>
</html>
diff --git a/modules/documentation/src/site/xdoc/svn.xml b/modules/documentation/src/site/xdoc/svn.xml
index 21da0ff..7e0d679 100644
--- a/modules/documentation/src/site/xdoc/svn.xml
+++ b/modules/documentation/src/site/xdoc/svn.xml
@@ -55,13 +55,13 @@ Subversion repository, you must use one of the following URLs
depending on your level of access to the Rampart source code:</p>
<ul>
<li><b>If you are not a committer:</b> <a href=
-"http://svn.apache.org/repos/asf/webservices/rampart/trunk/java"
+"http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk"
target=
-"_blank">http://svn.apache.org/repos/asf/webservices/rampart/trunk/java</a></li>
+"_blank">http://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk</a></li>
<li><b>If you are a committer:</b> <a href=
-"https://svn.apache.org/repos/asf/webservices/rampart/trunk/java"
+"https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk"
target=
-"_blank">https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</a></li>
+"_blank">https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk</a></li>
</ul>
If you are a committer, make sure that you have selected an
svnpasswd. To do this, you must log into svn.apache.org. For more
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/AbstractUniqueMessageAttributeCache.java b/modules/rampart-core/src/main/java/org/apache/rampart/AbstractUniqueMessageAttributeCache.java
new file mode 100644
index 0000000..0cf3e3f
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/AbstractUniqueMessageAttributeCache.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart;
+
+/**
+ * An abstract class which implements UniqueMessageAttributeCache interface.
+ */
+public abstract class AbstractUniqueMessageAttributeCache implements UniqueMessageAttributeCache {
+
+ /**
+ * Maximum lift time of a cached value. If cached value exceeds this value it will be discarded.
+ */
+ private int maximumLifeTimeOfNonce = 60 * 5;
+
+ /**
+ * Default constructor.
+ */
+ public AbstractUniqueMessageAttributeCache()
+ {
+ }
+
+ /**
+ * Constructor with maximum life time as a parameter.
+ * @param maxTime Maximum life time in seconds.
+ */
+ public AbstractUniqueMessageAttributeCache(int maxTime)
+ {
+ maximumLifeTimeOfNonce = maxTime;
+ }
+
+ /**
+ * Sets the maximum life time of a message id.
+ * @param maxTime Maximum life time in seconds.
+ */
+ public void setMaximumLifeTimeOfAnAttribute(int maxTime)
+ {
+ maximumLifeTimeOfNonce = maxTime;
+ }
+
+ /**
+ * Gets the maximum life time of a message id.
+ * @return Gets message id life time in seconds.
+ */
+ public int getMaximumLifeTimeOfAnAttribute()
+ {
+ return maximumLifeTimeOfNonce;
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/NonceCache.java b/modules/rampart-core/src/main/java/org/apache/rampart/NonceCache.java
new file mode 100644
index 0000000..a0681fa
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/NonceCache.java
@@ -0,0 +1,160 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart;
+
+import java.util.*;
+import java.util.concurrent.locks.ReentrantLock;
+
+/**
+ * This is a basic implementation of UniqueMessageAttributeCache. In this implementation we will cache incomming
+ * nonce value for a period of time. The life time can be defined in the services.xml. If not defined
+ * the default value will be 5 minutes.
+ */
+public class NonceCache extends AbstractUniqueMessageAttributeCache {
+
+ class Nonce
+ {
+ String nonceValue;
+ String userName;
+
+ public Nonce(String nonce, String user)
+ {
+ this.nonceValue = nonce;
+ this.userName = user;
+ }
+
+ @Override
+ public boolean equals(Object another)
+ {
+ if (another == null){
+ return false;
+ }
+
+ if (another == this) {
+ return true;
+ }
+
+ if (!(another instanceof Nonce)){
+ return false;
+ }
+
+
+ Nonce otherNonce = (Nonce)another;
+ if (this.userName.equals(otherNonce.userName) && this.nonceValue.equals(otherNonce.nonceValue))
+ {
+ return true;
+ }
+ return false;
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return (this.userName.hashCode() * 13 + this.nonceValue.hashCode() * 7);
+ }
+ }
+
+ private Map<Nonce, Calendar> mapIdNonce = new HashMap<Nonce, Calendar>();
+
+ private final ReentrantLock lock = new ReentrantLock();
+
+ public NonceCache()
+ {
+ super();
+ }
+
+ public NonceCache(int maxLifeTime)
+ {
+ super(maxLifeTime);
+ }
+
+ /**
+ * @inheritdoc
+ */
+ public void addToCache(String id, String userName) {
+
+ Nonce nonce = new Nonce(id, userName);
+ Calendar rightNow = Calendar.getInstance();
+
+ lock.lock();
+ try {
+ mapIdNonce.put(nonce, rightNow);
+ } finally {
+ lock.unlock();
+ }
+
+ }
+
+ /**
+ * @inheritdoc
+ */
+ public boolean valueExistsInCache(String id, String userName) {
+
+ lock.lock();
+
+ try {
+ clearStaleNonceIds();
+ } finally {
+ lock.unlock();
+ }
+
+ Nonce nonce = new Nonce(id, userName);
+ return mapIdNonce.containsKey(nonce);
+ }
+
+ /**
+ * @inheritdoc
+ */
+ public void clearCache() {
+
+ lock.lock();
+ try {
+ mapIdNonce.clear();
+ } finally {
+ lock.unlock();
+ }
+ }
+
+ /**
+ * This method will clear stale nonce ids from the map.
+ */
+ private void clearStaleNonceIds()
+ {
+ Calendar rightNow = Calendar.getInstance();
+
+ int maxLifeTime = getMaximumLifeTimeOfAnAttribute();
+
+ rightNow.add(Calendar.SECOND, -(maxLifeTime));
+ long timeBeforeMaxLifeTime = rightNow.getTimeInMillis();
+
+ Iterator iterator = mapIdNonce.entrySet().iterator();
+
+ while (iterator.hasNext()) {
+
+ Map.Entry pair = (Map.Entry)iterator.next();
+ Calendar itemDate = (Calendar)pair.getValue();
+
+ long itemAddedTime = itemDate.getTimeInMillis();
+
+ if (timeBeforeMaxLifeTime > itemAddedTime)
+ {
+ iterator.remove();
+ }
+ }
+
+
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index a0d24c5..3f69f8e 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -495,7 +495,7 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
.get(WSSecurityEngineResult.TAG_ACTION);
int action = actInt.intValue();
if(WSConstants.SIGN == action || WSConstants.ENCR == action) {
- sigEncrActions.add(new Integer(action));
+ sigEncrActions.add(Integer.valueOf(action));
}
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java b/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
index 87cac0e..72f2316 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
@@ -23,6 +23,9 @@ import org.apache.axis2.description.AxisModule;
import org.apache.axis2.modules.Module;
import org.apache.neethi.Assertion;
import org.apache.neethi.Policy;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
public class Rampart implements Module /* , ModulePolicyExtension */ {
@@ -48,8 +51,18 @@ public class Rampart implements Module /* , ModulePolicyExtension */ {
}
public boolean canSupportAssertion(Assertion assertion) {
- //TODO doesn't we need to check whether policy is security policy or
- // RampartConfig assertion
- return true;
+ if(assertion == null) {
+ return false;
+ }
+
+ String ns = assertion.getName().getNamespaceURI();
+
+ // Rampart module can handle WS-SecurityPolicy 1.1 & 1.2 and RampartConfig assertions
+ if (SP11Constants.SP_NS.equals(ns) || SP12Constants.SP_NS.equals(ns) || RampartConfig.NS.equals(ns)) {
+ return true;
+ } else {
+ return false;
+ }
+
}
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
index 5e3e5b8..3d20bba 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@ -18,6 +18,8 @@ package org.apache.rampart;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.*;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
@@ -30,10 +32,7 @@ import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityEngine;
-import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.*;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.saml.SAMLKeyInfo;
import org.apache.ws.security.saml.SAMLUtil;
@@ -41,6 +40,7 @@ import org.opensaml.SAMLAssertion;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.core.Conditions;
import javax.xml.namespace.QName;
import java.security.Principal;
@@ -53,7 +53,8 @@ import java.util.Vector;
public class RampartEngine {
private static Log log = LogFactory.getLog(RampartEngine.class);
- private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
+ private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
+ private static ServiceNonceCache serviceNonceCache = new ServiceNonceCache();
public Vector process(MessageContext msgCtx) throws WSSPolicyException,
RampartException, WSSecurityException, AxisFault {
@@ -182,10 +183,29 @@ public class RampartEngine {
final Assertion assertion = (Assertion) wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
String id = assertion.getID();
Subject subject = assertion.getSubject();
- SubjectConfirmationData scData = subject.getSubjectConfirmations()
- .get(0).getSubjectConfirmationData();
- Date dateOfCreation = scData.getNotBefore().toDate();
- Date dateOfExpiration = scData.getNotOnOrAfter().toDate();
+
+ Date dateOfCreation = null;
+ Date dateOfExpiration = null;
+
+ //Read the validity period from the 'Conditions' element, else read it from SC Data
+ if (assertion.getConditions() != null) {
+ Conditions conditions = assertion.getConditions();
+ if (conditions.getNotBefore() != null) {
+ dateOfCreation = conditions.getNotBefore().toDate();
+ }
+ if (conditions.getNotOnOrAfter() != null) {
+ dateOfExpiration = conditions.getNotOnOrAfter().toDate();
+ }
+ } else {
+ SubjectConfirmationData scData = subject.getSubjectConfirmations()
+ .get(0).getSubjectConfirmationData();
+ if (scData.getNotBefore() != null) {
+ dateOfCreation = scData.getNotBefore().toDate();
+ }
+ if (scData.getNotOnOrAfter() != null) {
+ dateOfExpiration = scData.getNotOnOrAfter().toDate();
+ }
+ }
// TODO : SAML2KeyInfo element needs to be moved to WSS4J.
SAML2KeyInfo saml2KeyInfo = SAML2Utils.
@@ -230,9 +250,42 @@ public class RampartEngine {
}
} else if (WSConstants.UT == actInt.intValue()) {
- String username = ((Principal) wser.get(WSSecurityEngineResult.TAG_PRINCIPAL))
- .getName();
+
+ WSUsernameTokenPrincipal userNameTokenPrincipal = (WSUsernameTokenPrincipal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+
+ String username = userNameTokenPrincipal.getName();
msgCtx.setProperty(RampartMessageData.USERNAME, username);
+
+ if (userNameTokenPrincipal.getNonce() != null) {
+ // Check whether this is a replay attack. To verify that we need to check whether nonce value
+ // is a repeating one
+ int nonceLifeTimeInSeconds = 0;
+
+ if (rpd.getRampartConfig() != null) {
+
+ String stringLifeTime = rpd.getRampartConfig().getNonceLifeTime();
+
+ try {
+ nonceLifeTimeInSeconds = Integer.parseInt(stringLifeTime);
+
+ } catch (NumberFormatException e) {
+ log.error("Invalid value for nonceLifeTime in rampart configuration file.", e);
+ throw new RampartException(
+ "invalidNonceLifeTime", e);
+
+ }
+ }
+
+ String serviceEndpointName = msgCtx.getAxisService().getEndpointName();
+
+ boolean valueRepeating = serviceNonceCache.isNonceRepeatingForService(serviceEndpointName, username, userNameTokenPrincipal.getNonce());
+
+ if (valueRepeating){
+ throw new RampartException("repeatingNonceValue", new Object[]{ userNameTokenPrincipal.getNonce(), username} );
+ }
+
+ serviceNonceCache.addNonceForService(serviceEndpointName, username, userNameTokenPrincipal.getNonce(), nonceLifeTimeInSeconds);
+ }
} else if (WSConstants.SIGN == actInt.intValue()) {
X509Certificate cert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
msgCtx.setProperty(RampartMessageData.X509_CERT, cert);
@@ -274,46 +327,41 @@ public class RampartEngine {
private boolean isSecurityFault(RampartMessageData rmd) {
-
- SOAPEnvelope soapEnvelope = rmd.getMsgContext().getEnvelope();
-
- SOAPFault soapFault = soapEnvelope.getBody().getFault();
-
- // This is not a soap fault
- if (soapFault == null) {
- return false;
- }
-
- String soapVersionURI = rmd.getMsgContext().getEnvelope().getNamespace().getNamespaceURI();
-
- if (soapVersionURI.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI) ) {
-
- SOAPFaultCode faultCode = soapFault.getCode();
-
- // This is a fault processing the security header
- if (faultCode.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
- return true;
- }
-
-
- } else if (soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
-
- //TODO AXIOM API returns only one fault sub code, there can be many
- SOAPFaultSubCode faultSubCode = soapFault.getCode().getSubCode();
-
- if (faultSubCode != null) {
- SOAPFaultValue faultSubCodeValue = faultSubCode.getValue();
-
- // This is a fault processing the security header
- if (faultSubCodeValue != null &&
- faultSubCodeValue.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
- return true;
- }
- }
-
- }
-
- return false;
- }
+ SOAPEnvelope soapEnvelope = rmd.getMsgContext().getEnvelope();
+ SOAPFault soapFault = soapEnvelope.getBody().getFault();
+
+ // This is not a soap fault
+ if (soapFault == null) {
+ return false;
+ }
+
+ String soapVersionURI = rmd.getMsgContext().getEnvelope().getNamespace().getNamespaceURI();
+ SOAPFaultCode faultCode = soapFault.getCode();
+ if(faultCode == null){
+ //If no fault code is given, then it can't be security fault
+ return false;
+ }
+
+ if (soapVersionURI.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
+ // This is a fault processing the security header
+ if (faultCode.getTextAsQName().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ return true;
+ }
+ } else if (soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
+ // TODO AXIOM API returns only one fault sub code, there can be many
+ SOAPFaultSubCode faultSubCode = faultCode.getSubCode();
+ if (faultSubCode != null) {
+ SOAPFaultValue faultSubCodeValue = faultSubCode.getValue();
+
+ // This is a fault processing the security header
+ if (faultSubCodeValue != null && faultSubCodeValue.getTextAsQName().
+ getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
index 6e1921b..1a1c4be 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
@@ -56,6 +56,7 @@ import org.apache.ws.security.util.WSSecurityUtil;
import org.opensaml.SAMLAssertion;
import org.w3c.dom.Document;
+import java.util.Date;
import java.util.List;
import java.util.Vector;
import java.util.ArrayList;
@@ -369,7 +370,9 @@ public class RampartMessageData {
// To handle scenarios where password type is not set by default.
this.config.setHandleCustomPasswordTypes(true);
- this.customClassLoader = msgCtx.getAxisService().getClassLoader();
+ if (axisService != null) {
+ this.customClassLoader = axisService.getClassLoader();
+ }
if(this.sender && this.policyData != null) {
this.secHeader = new WSSecHeader();
@@ -621,21 +624,19 @@ public class RampartMessageData {
return this.tokenStorage;
}
- TokenStorage storage = (TokenStorage) this.msgContext.getProperty(
+ TokenStorage storage = (TokenStorage) this.msgContext.getConfigurationContext().getProperty(
TokenStorage.TOKEN_STORAGE_KEY);
if (storage != null) {
this.tokenStorage = storage;
} else {
-
if (this.policyData.getRampartConfig() != null &&
this.policyData.getRampartConfig().getTokenStoreClass() != null) {
Class stClass = null;
String storageClass = this.policyData.getRampartConfig()
- .getTokenStoreClass();
+ .getTokenStoreClass();
try {
- stClass = Loader.loadClass(msgContext.getAxisService()
- .getClassLoader(), storageClass);
+ stClass = Loader.loadClass(this.customClassLoader, storageClass);
} catch (ClassNotFoundException e) {
throw new RampartException(
"WSHandler: cannot load token storage class: "
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/ServiceNonceCache.java b/modules/rampart-core/src/main/java/org/apache/rampart/ServiceNonceCache.java
new file mode 100644
index 0000000..ca8c08d
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/ServiceNonceCache.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * This class holds nonce information per service.
+ */
+public class ServiceNonceCache {
+
+ private Map<String, UniqueMessageAttributeCache> mapServiceNonceCache = Collections.synchronizedMap(new HashMap<String, UniqueMessageAttributeCache>());
+
+ /**
+ * This method will add a nonce value for a given service.
+ * @param service The service url.
+ * @param userName Given user name.
+ * @param nonceValue Passed nonce value.
+ * @param nonceLifeTime Maximum life span of a nonce value.
+ */
+ public void addNonceForService(String service, String userName, String nonceValue, int nonceLifeTime) {
+
+ UniqueMessageAttributeCache nonceCache;
+ if (this.mapServiceNonceCache.containsKey(service)) {
+ nonceCache = this.mapServiceNonceCache.get(service);
+ } else {
+ nonceCache = new NonceCache(nonceLifeTime);
+ this.mapServiceNonceCache.put(service, nonceCache);
+ }
+
+ nonceCache.addToCache(nonceValue, userName);
+ }
+
+ /**
+ * This method will check whether the nonce value is repeating for the given service.
+ * @param service The service url.
+ * @param userName User name.
+ * @param nonceValue Nonce value.
+ * @return true if nonce value is repeating else false.
+ */
+ public boolean isNonceRepeatingForService(String service, String userName, String nonceValue){
+
+ if (this.mapServiceNonceCache.containsKey(service)) {
+
+ UniqueMessageAttributeCache nonceCache = this.mapServiceNonceCache.get(service);
+ return nonceCache.valueExistsInCache(nonceValue, userName);
+
+ }
+
+ return false;
+
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/UniqueMessageAttributeCache.java b/modules/rampart-core/src/main/java/org/apache/rampart/UniqueMessageAttributeCache.java
new file mode 100644
index 0000000..e5a5d8e
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/UniqueMessageAttributeCache.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart;
+
+/**
+ * An interface to cache nonce/sequence number values coming with messages.
+ * This mainly helps to prevent replay attacks. There are few different ways to handle replay attacks.
+ * 1. Cache nonce values.
+ * 2. Use a sequence number.
+ *
+ * "Web Services Security UsernameToken Profile 1.1 OASIS Standard Specification, 1 February 2006" specification only recommends
+ * to cache nonce for a period. But there can be other mechanisms like using sequence number.
+ * Therefore cache is implemented as an interface and later if we need to support sequence number scenario we can easily extend this.
+ * User: aj
+ * Date: Apr 30, 2010
+ * Time: 12:15:52 PM
+ * To change this template use File | Settings | File Templates.
+ */
+public interface UniqueMessageAttributeCache {
+
+ /**
+ * Sets the maximum life time of a message id.
+ * @param maxTime Maximum life time in seconds.
+ */
+ public void setMaximumLifeTimeOfAnAttribute(int maxTime);
+
+ /**
+ * Gets the maximum life time of a message id.
+ * @return Gets message id life time in seconds.
+ */
+ public int getMaximumLifeTimeOfAnAttribute();
+
+ /**
+ * Add value to a cache. Value can be sequence or nonce value.
+ * @param id - Nonce value or sequence number.
+ * @param userName - User name parameter value of the UserNameToken.
+ */
+ public void addToCache(String id, String userName);
+
+ /**
+ * Checks whether value already exists in the cache for a given user name.
+ * @param id - Nonce or sequence id value of the newly received message.
+ * @param userName - User name parameter value of the UserName token.
+ * @return Returns true if nonce or sequence id is already received for given user name. Else false.
+ */
+ public boolean valueExistsInCache(String id, String userName);
+
+ /**
+ * Clears all recorded nonce values/sequence numbers.
+ */
+ public void clearCache();
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
index 5c909b8..6c0caeb 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
@@ -175,7 +175,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
encr.setDocument(doc);
RampartUtil.setEncryptionUser(rmd, encr);
encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
- RampartUtil.setKeyIdentifierType(rpd,encr, encryptionToken);
+ RampartUtil.setKeyIdentifierType(rmd, encr, encryptionToken);
encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader()));
@@ -528,7 +528,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
WSSecEncrypt encr = new WSSecEncrypt();
- RampartUtil.setKeyIdentifierType(rpd, encr, encrToken);
+ RampartUtil.setKeyIdentifierType(rmd, encr, encrToken);
encr.setWsConfig(rmd.getConfig());
@@ -616,7 +616,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
if (!(supportingSigToken instanceof X509Token)) {
return;
}
- supportingSig = this.getSignatureBuider(rmd, supportingSigToken,
+ supportingSig = this.getSignatureBuilder(rmd, supportingSigToken,
((X509Token) supportingSigToken).getUserCertAlias());
Element bstElem = supportingSig.getBinarySecurityTokenElement();
if (bstElem != null) {
@@ -719,7 +719,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
}
} else {
- sig = this.getSignatureBuider(rmd, sigToken);
+ sig = this.getSignatureBuilder(rmd, sigToken);
Element bstElem = sig.getBinarySecurityTokenElement();
if(bstElem != null) {
bstElem = RampartUtil.insertSiblingAfter(rmd, this
@@ -765,7 +765,7 @@ public class AsymmetricBindingBuilder extends BindingBuilder {
WSSecEncrypt encr = new WSSecEncrypt();
- RampartUtil.setKeyIdentifierType(rpd, encr, encrToken);
+ RampartUtil.setKeyIdentifierType(rmd, encr, encrToken);
encr.setWsConfig(rmd.getConfig());
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
index cb8ab37..deba60b 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
@@ -218,7 +218,7 @@ public abstract class BindingBuilder {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
try {
- RampartUtil.setKeyIdentifierType(rpd, encrKey, token);
+ RampartUtil.setKeyIdentifierType(rmd, encrKey, token);
RampartUtil.setEncryptionUser(rmd, encrKey);
encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
@@ -231,13 +231,27 @@ public abstract class BindingBuilder {
}
}
- protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token token)
- throws RampartException {
- return getSignatureBuider(rmd, token, null);
+ //Deprecated after 1.5 release
+ @Deprecated
+ protected WSSecSignature getSignatureBuider(RampartMessageData rmd,
+ Token token) throws RampartException {
+ return getSignatureBuilder(rmd, token, null);
}
-
+
+ //Deprecated after 1.5 release
+ @Deprecated
protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token token,
- String userCertAlias) throws RampartException {
+ String userCertAlias) throws RampartException {
+ return getSignatureBuilder(rmd, token, userCertAlias);
+ }
+
+ protected WSSecSignature getSignatureBuilder(RampartMessageData rmd,
+ Token token)throws RampartException {
+ return getSignatureBuilder(rmd, token, null);
+ }
+
+ protected WSSecSignature getSignatureBuilder(RampartMessageData rmd, Token token,
+ String userCertAlias) throws RampartException {
RampartPolicyData rpd = rmd.getPolicyData();
@@ -247,7 +261,7 @@ public abstract class BindingBuilder {
log.debug("Token inclusion: " + token.getInclusion());
- RampartUtil.setKeyIdentifierType(rpd, sig, token);
+ RampartUtil.setKeyIdentifierType(rmd, sig, token);
String user = null;
@@ -370,7 +384,7 @@ public abstract class BindingBuilder {
//We have to use a cert
//Prepare X509 signature
- WSSecSignature sig = this.getSignatureBuider(rmd, token);
+ WSSecSignature sig = this.getSignatureBuilder(rmd, token);
Element bstElem = sig.getBinarySecurityTokenElement();
if(bstElem != null) {
bstElem = RampartUtil.insertSiblingAfter(rmd,
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
index 6d10dd2..2bbfa6e 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
@@ -256,7 +256,7 @@ public class TransportBindingBuilder extends BindingBuilder {
} else {
try {
- WSSecSignature sig = this.getSignatureBuider(rmd, token);
+ WSSecSignature sig = this.getSignatureBuilder(rmd, token);
sig.appendBSTElementToHeader(rmd.getSecHeader());
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
index 04e7507..3c4cda5 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
@@ -95,4 +95,7 @@ signedElementNotSigned = Element must be signed : {0}
bodyNotSigned = Soap Body must be signed
unexprectedSignature = Unexpected signature
invalidTransport = Expected transport is "https" but incoming transport found : \"{0}\"
-requiredElementsMissing = Required Elements not found in the incoming message : {0}
\ No newline at end of file
+requiredElementsMissing = Required Elements not found in the incoming message : {0}
+repeatingNonceValue = Nonce value : {0}, already seen before for user name : {1}. Possibly this could be a replay attack.
+invalidNonceLifeTime = Invalid value for nonceLifeTime in rampart configuration file.
+invalidIssuerAddress = Invalid value for Issuer
\ No newline at end of file
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
index 0a53077..9525fcf 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
@@ -159,16 +159,30 @@ public class RampartReceiver implements Handler {
msgContext.setProperty(RampartConstants.SEC_FAULT, Boolean.TRUE);
String soapVersionURI = msgContext.getEnvelope().getNamespace().getNamespaceURI();
- QName invalidSecurity = new QName(WSConstants.INVALID_SECURITY.getNamespaceURI(),WSConstants.INVALID_SECURITY.getLocalPart(),"wsse");
+ QName faultCode = null;
+ /*
+ * Get the faultCode from the thrown WSSecurity exception, if there is one
+ */
+ if (e instanceof WSSecurityException)
+ {
+ faultCode = ((WSSecurityException)e).getFaultCode();
+ }
+ /*
+ * Otherwise default to InvalidSecurity
+ */
+ if (faultCode == null)
+ {
+ faultCode = new QName(WSConstants.INVALID_SECURITY.getNamespaceURI(),WSConstants.INVALID_SECURITY.getLocalPart(),"wsse");
+ }
if (soapVersionURI.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI) ) {
- throw new AxisFault(invalidSecurity,e.getMessage(),e);
+ throw new AxisFault(faultCode,e.getMessage(),e);
} else if (soapVersionURI.equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
List subfaultCodes = new ArrayList();
- subfaultCodes.add(invalidSecurity);
+ subfaultCodes.add(faultCode);
throw new AxisFault(Constants.FAULT_SOAP12_SENDER,subfaultCodes,e.getMessage(),e);
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
index 3a9bf0f..a932aa9 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
@@ -257,7 +257,7 @@ public class WSDoAllSender extends WSDoAllHandler {
// of the same handler
repetition++;
msgContext.setProperty(WSSHandlerConstants.CURRENT_REPETITON,
- new Integer(repetition));
+ Integer.valueOf(repetition));
this.invoke(msgContext);
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
index 2f3bb76..d0d061b 100755
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
@@ -127,6 +127,7 @@ public class RampartPolicyBuilder {
private static void processTransportBinding(TransportBinding binding, RampartPolicyData rpd) {
binding(binding, rpd);
rpd.setTransportBinding(true);
+ rpd.setTokenProtection(binding.isTokenProtection());
TransportToken transportToken = binding.getTransportToken();
if ( transportToken != null ) {
rpd.setTransportToken(transportToken.getTransportToken());
@@ -233,6 +234,7 @@ public class RampartPolicyBuilder {
if (sep.isSignedParts()) {
rpd.setSignBody(sep.isBody());
rpd.setSignAttachments(sep.isAttachments());
+ rpd.setSignAllHeaders(sep.isSignAllHeaders());
rpd.setSignBodyOptional(sep.isOptional());
rpd.setSignAttachmentsOptional(sep.isOptional());
while (it.hasNext()) {
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
index b65fd1e..48bc1f2 100755
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
@@ -107,6 +107,8 @@ public class RampartPolicyData {
private boolean encryptAttachmentsOptional;
+ private boolean signAllHeaders;
+
private Vector signedParts = new Vector();
private Vector signedElements = new Vector();
@@ -926,6 +928,14 @@ public class RampartPolicyData {
public MTOMAssertion getMTOMAssertion(){
return mtomAssertion;
}
+
+ public boolean isSignAllHeaders() {
+ return signAllHeaders;
+ }
+
+ public void setSignAllHeaders(boolean signAllHeaders) {
+ this.signAllHeaders = signAllHeaders;
+ }
public boolean isMTOMSerialize(){
if(mtomAssertion == null){
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
index 08c6947..6d226c2 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
@@ -103,6 +103,13 @@ public class RampartConfigBuilder implements AssertionBuilder {
}
childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.DEC_CRYPTO_LN));
+ if (childElement != null) {
+ rampartConfig.setDecCryptoConfig((CryptoConfig) factory
+ .build(childElement.getFirstElement()));
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
RampartConfig.NS, RampartConfig.STS_CRYPTO_LN));
if (childElement != null) {
rampartConfig.setStsCryptoConfig((CryptoConfig) factory
@@ -126,6 +133,18 @@ public class RampartConfigBuilder implements AssertionBuilder {
if (childElement != null) {
rampartConfig.setTimestampMaxSkew(childElement.getText().trim());
}
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.NONCE_LIFE_TIME));
+ if (childElement != null) {
+ rampartConfig.setNonceLifeTime(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.TOKEN_STORE_CLASS_LN));
+ if (childElement != null) {
+ rampartConfig.setTokenStoreClass(childElement.getText().trim());
+ }
childElement = element.getFirstChildWithName(new QName(
RampartConfig.NS, RampartConfig.OPTIMISE_PARTS));
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
index dd6128a..d3d19b9 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
@@ -100,6 +100,7 @@ public class OptimizePartsConfig implements Assertion{
while(ite.hasNext()){
String strPrefix = (String)ite.next();
String strURI = (String) namespaces.get(strPrefix);
+ writer.writeStartElement(RampartConfig.NS, NAMESPACE_LN);
writer.writeAttribute(URI_ATTR , strURI);
writer.writeAttribute(PREFIX_ATTR, strPrefix);
writer.writeEndElement();
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
index 8526108..45228b9 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
@@ -39,6 +39,7 @@ import javax.xml.stream.XMLStreamWriter;
* <ramp:timestampTTL>300</ramp:timestampTTL>
* <ramp:timestampMaxSkew>0</ramp:timestampMaxSkew>
* <ramp:tokenStoreClass>org.apache.rahas.StorageImpl</ramp:tokenStoreClass>
+ * <ramp:nonceLifeTime>org.apache.rahas.StorageImpl</ramp:nonceLifeTime>
*
* <ramp:signatureCrypto>
* <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
@@ -67,6 +68,8 @@ public class RampartConfig implements Assertion {
public static final int DEFAULT_TIMESTAMP_MAX_SKEW = 300;
+ public static final int DEFAULT_NONCE_LIFE_TIME = 60 * 5; // Default life time of a nonce is 5 minutes
+
public final static String NS = "http://ws.apache.org/rampart/policy";
public final static String PREFIX = "rampart";
@@ -102,6 +105,8 @@ public class RampartConfig implements Assertion {
public final static String TS_MAX_SKEW_LN = "timestampMaxSkew";
public final static String TOKEN_STORE_CLASS_LN = "tokenStoreClass";
+
+ public final static String NONCE_LIFE_TIME = "nonceLifeTime";
public final static String OPTIMISE_PARTS = "optimizeParts";
@@ -138,6 +143,8 @@ public class RampartConfig implements Assertion {
private OptimizePartsConfig optimizeParts;
private String tokenStoreClass;
+
+ private String nonceLifeTime = Integer.toString(DEFAULT_NONCE_LIFE_TIME);
private SSLConfig sslConfig;
@@ -165,6 +172,21 @@ public class RampartConfig implements Assertion {
this.tokenStoreClass = tokenStoreClass;
}
+ /**
+ * @return Returns the life time of a nonce in seconds.
+ */
+ public String getNonceLifeTime() {
+ return this.nonceLifeTime;
+ }
+
+ /**
+ * @param nonceLife
+ * The life time of a nonce to set (in seconds).
+ */
+ public void setNonceLifeTime(String nonceLife) {
+ this.nonceLifeTime = nonceLife;
+ }
+
public CryptoConfig getDecCryptoConfig() {
return decCryptoConfig;
}
@@ -327,6 +349,12 @@ public class RampartConfig implements Assertion {
writer.writeCharacters(getTokenStoreClass());
writer.writeEndElement();
}
+
+ if (getNonceLifeTime() != null) {
+ writer.writeStartElement(NS, NONCE_LIFE_TIME);
+ writer.writeCharacters(getNonceLifeTime());
+ writer.writeEndElement();
+ }
if (encrCryptoConfig != null) {
writer.writeStartElement(NS, ENCR_CRYPTO_LN);
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
index 5082f14..8d686d4 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
@@ -163,7 +163,13 @@ public class Axis2Util {
}
}
-
+ /**
+ * Builds a SOAPEnvelope from DOM Document.
+ * @param doc - The dom document that contains a SOAP message
+ * @param useDoom
+ * @return
+ * @throws WSSecurityException
+ */
public static SOAPEnvelope getSOAPEnvelopeFromDOMDocument(Document doc, boolean useDoom)
throws WSSecurityException {
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java
index 92a8f69..4deb569 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java
@@ -149,7 +149,7 @@ public class HandlerParameterDecoder {
}
msgCtx.setProperty(WSSHandlerConstants.SENDER_REPEAT_COUNT,
- new Integer(repetitionCount));
+ Integer.valueOf(repetitionCount));
}
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
index 1ad547a..6ce74fe 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
@@ -438,18 +438,18 @@ public class RampartUtil {
*/
public static String processIssuerAddress(OMElement issuerAddress)
throws RampartException {
- if(issuerAddress != null && issuerAddress.getText() != null &&
- !"".equals(issuerAddress.getText())) {
- return issuerAddress.getText().trim();
- } else {
- if(issuerAddress != null) {
- throw new RampartException("invalidIssuerAddress",
- new String[] { issuerAddress.toString() });
- } else {
- throw new RampartException("invalidIssuerAddress",
- new String[] { "Issuer address null" });
- }
+
+ if(issuerAddress == null){
+ throw new RampartException("invalidIssuerAddress",
+ new String[] { "Issuer address null" });
+ }
+
+ if(issuerAddress.getText() == null || "".equals(issuerAddress.getText())) {
+ throw new RampartException("invalidIssuerAddress",
+ new String[] { issuerAddress.toString() });
}
+
+ return issuerAddress.getText().trim();
}
/**
@@ -881,6 +881,19 @@ public class RampartUtil {
public static Vector getSignedParts(RampartMessageData rmd) {
RampartPolicyData rpd = rmd.getPolicyData();
SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+
+ //"signAllHeaders" indicates that all the headers should be signed.
+ if (rpd.isSignAllHeaders()) {
+ Iterator childHeaders = envelope.getHeader().getChildElements();
+ while (childHeaders.hasNext()) {
+ OMElement hb = (OMElement) childHeaders.next();
+ if (!(hb.getLocalName().equals(WSConstants.WSSE_LN)
+ && hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS))) {
+ rpd.addSignedPart(hb.getNamespace().getNamespaceURI(),hb.getLocalName());
+ }
+ }
+ }
+
return getPartsAndElements(true, envelope, rpd.isSignBody()
&& !rpd.isSignBodyOptional(), rpd.getSignedParts(), rpd
.getSignedElements(), rpd.getDeclaredNamespaces());
@@ -1151,9 +1164,12 @@ public class RampartUtil {
* @return
*/
public static boolean checkRequiredElements(SOAPEnvelope envelope, HashMap decNamespaces, String expression ) {
+
+ // The XPath expression must be evaluated against the SOAP header
+ // http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc161826519
+ SOAPHeader header = envelope.getHeader();
-
- Set namespaces = findAllPrefixNamespaces(envelope, decNamespaces);
+ Set namespaces = findAllPrefixNamespaces(header, decNamespaces);
try {
XPath xp = new AXIOMXPath(expression);
@@ -1165,7 +1181,7 @@ public class RampartUtil {
xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
}
- List selectedNodes = xp.selectNodes(envelope);
+ List selectedNodes = xp.selectNodes(header);
if (selectedNodes.size() == 0 ) {
return false;
@@ -1288,10 +1304,16 @@ public class RampartUtil {
* the WSS11 and WSS10 assertions
*/
- public static void setKeyIdentifierType(RampartPolicyData rpd, WSSecBase secBase,org.apache.ws.secpolicy.model.Token token) {
-
- if (token.getInclusion() == SPConstants.INCLUDE_TOKEN_NEVER) {
-
+ public static void setKeyIdentifierType(RampartMessageData rmd, WSSecBase secBase,org.apache.ws.secpolicy.model.Token token) {
+
+ // Use a reference rather than the binary security token if: the policy never allows the token to be
+ // included; or this is the recipient and the token should only be included in requests; or this is
+ // the initiator and the token should only be included in responses.
+ final boolean useReference = token.getInclusion() == SPConstants.INCLUDE_TOKEN_NEVER
+ || !rmd.isInitiator() && token.getInclusion() == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT
+ || rmd.isInitiator() && token.getInclusion() == SPConstants.INCLUDE_TOEKN_ALWAYS_TO_INITIATOR;
+ if (useReference) {
+
boolean tokenTypeSet = false;
if(token instanceof X509Token) {
@@ -1310,6 +1332,7 @@ public class RampartUtil {
}
if (!tokenTypeSet) {
+ final RampartPolicyData rpd = rmd.getPolicyData();
Wss10 wss = rpd.getWss11();
if (wss == null) {
wss = rpd.getWss10();
@@ -1555,7 +1578,26 @@ public class RampartUtil {
if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
return true;
}
-
+
+ supportingTokens = rpd.getEncryptedSupportingTokens();
+ if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ return true;
+ }
+
+ supportingTokens = rpd.getSignedEncryptedSupportingTokens();
+ if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ return true;
+ }
+
+ supportingTokens = rpd.getEndorsingEncryptedSupportingTokens();
+ if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ return true;
+ }
+
+ supportingTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
+ if (supportingTokens != null && supportingTokens.getTokens().size() != 0) {
+ return true;
+ }
}
return false;
@@ -1731,4 +1773,4 @@ public class RampartUtil {
}
-}
\ No newline at end of file
+}
diff --git a/modules/rampart-integration/pom.xml b/modules/rampart-integration/pom.xml
index afeb297..2978090 100644
--- a/modules/rampart-integration/pom.xml
+++ b/modules/rampart-integration/pom.xml
@@ -48,7 +48,7 @@
<artifactItem>
<groupId>org.apache.axis2</groupId>
<artifactId>addressing</artifactId>
- <version>${addressing.mar.version}</version>
+ <version>${axis2.version}</version>
<type>mar</type>
<overWrite>true</overWrite>
<outputDirectory>target/artifacts</outputDirectory>
@@ -119,9 +119,9 @@
<phase>process-test-resources</phase>
<configuration>
<tasks>
- <property name="addressing.mar" value="addressing-${addressing.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-classes/modules/addressing-${addressing.mar.version}.mar"/>
+ <property name="addressing.mar" value="addressing-${axis2.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-classes/modules/addressing-${axis2.version}.mar"/>
<copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
tofile="target/test-classes/modules/rampart-${rampart.mar.version}.mar"/>
@@ -145,8 +145,8 @@
tofile="target/test-resources/rampart_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
<copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
tofile="target/test-resources/rampart_client_repo/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/rampart_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/rampart_client_repo/modules/addressing-${axis2.version}.mar"/>
<mkdir dir="target/test-resources/rampart_service_repo"/>
<mkdir dir="target/test-resources/rampart_service_repo/conf"/>
<mkdir dir="target/test-resources/rampart_service_repo/services"/>
@@ -155,8 +155,8 @@
tofile="target/test-resources/rampart_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
<copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
tofile="target/test-resources/rampart_service_repo/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/rampart_service_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/rampart_service_repo/modules/addressing-${axis2.version}.mar"/>
<!-- Service 1 -->
<copy overwrite="yes"
@@ -332,6 +332,12 @@
tofile="target/temp-ramp/META-INF/services.xml"/>
<jar jarfile="target/test-resources/rampart_service_repo/services/SecureService29.aar"
basedir="target/temp-ramp"/>
+ <!-- Service 30 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-30.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService30.aar"
+ basedir="target/temp-ramp"/>
<!-- Service SC-1 -->
@@ -386,8 +392,8 @@
<mkdir dir="target/test-resources/rahas_client_repo"/>
<mkdir dir="target/test-resources/rahas_client_repo/conf"/>
<mkdir dir="target/test-resources/rahas_client_repo/modules"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/rahas_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/rahas_client_repo/modules/addressing-${axis2.version}.mar"/>
<copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
tofile="target/test-resources/rahas_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
<!-- Rahas Test1: SAML Token test -->
@@ -399,8 +405,8 @@
tofile="target/test-resources/rahas_service_repo_1/modules/rampart-${rampart.mar.version}.mar"/>
<copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
tofile="target/test-resources/rahas_service_repo_1/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/rahas_service_repo_1/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_1/modules/addressing-${axis2.version}.mar"/>
<!-- copy the services.xml and create the aar -->
<copy overwrite="yes"
file="src/test/resources/rahas/s1-services.xml"
@@ -419,8 +425,8 @@
tofile="target/test-resources/rahas_service_repo_3/modules/rampart-${rampart.mar.version}.mar"/>
<copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
tofile="target/test-resources/rahas_service_repo_3/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/rahas_service_repo_3/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_3/modules/addressing-${axis2.version}.mar"/>
<!-- copy the services.xml and create the aar -->
<copy overwrite="yes"
file="src/test/resources/rahas/s3-services.xml"
@@ -435,8 +441,8 @@
<mkdir dir="target/test-resources/default_security_client_repo/modules"/>
<copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
tofile="target/test-resources/default_security_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/default_security_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/default_security_client_repo/modules/addressing-${axis2.version}.mar"/>
<copy file="src/test/resources/conf/axis2.xml"
tofile="target/test-resources/default_security_client_repo/conf/axis2.xml"/>
<!--
@@ -450,8 +456,8 @@
tofile="target/test-resources/rahas_service_repo_5/modules/rampart-${rampart.mar.version}.mar"/>
<copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
tofile="target/test-resources/rahas_service_repo_5/modules/rahas-${rahas.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/rahas_service_repo_5/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_5/modules/addressing-${axis2.version}.mar"/>
<!-- copy the services.xml and create the aar -->
<copy overwrite="yes"
file="src/test/resources/rahas/s5-services.xml"
@@ -698,15 +704,15 @@
tofile="target/test-resources/complete_client_repo/conf/axis2.xml"/>
<copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
tofile="target/test-resources/complete_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/complete_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/complete_client_repo/modules/addressing-${axis2.version}.mar"/>
<!-- Test with addressing and MTOMservice repository-->
<copy file="src/test/resources/security/complete.service.axis2.xml"
tofile="target/test-resources/complete_service_repo/conf/axis2.xml"/>
<copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
tofile="target/test-resources/complete_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
- <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
- tofile="target/test-resources/complete_service_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${axis2.version}.mar"
+ tofile="target/test-resources/complete_service_repo/modules/addressing-${axis2.version}.mar"/>
<copy file="src/test/resources/security/complete.service.xml"
tofile="target/temp-interop/META-INF/services.xml"
overwrite="true"/>
@@ -765,11 +771,6 @@
</dependency>
<dependency>
<groupId>org.apache.axis2</groupId>
- <artifactId>axis2-transport-tcp</artifactId>
- <version>${axis2.transport.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.axis2</groupId>
<artifactId>axis2-transport-local</artifactId>
<version>${axis2.version}</version>
</dependency>
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java
deleted file mode 100644
index 3b70d20..0000000
--- a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- * Copyright 2004,2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.axis2.integration;
-
-import org.apache.axis2.AxisFault;
-import org.apache.axis2.context.ConfigurationContext;
-import org.apache.axis2.context.ConfigurationContextFactory;
-import org.apache.axis2.context.ServiceGroupContext;
-import org.apache.axis2.description.AxisService;
-import org.apache.axis2.description.AxisServiceGroup;
-import org.apache.axis2.engine.ListenerManager;
-import org.apache.axis2.transport.tcp.TCPServer;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import javax.xml.namespace.QName;
-import java.io.File;
-
-public class UtilsTCPServer {
- private static int count = 0;
-
- private static TCPServer receiver;
-
- public static final int TESTING_PORT = 5555;
-
- public static final String FAILURE_MESSAGE = "Intentional Failure";
-
- private static final Log log = LogFactory.getLog(UtilsTCPServer.class);
-
- public static synchronized void deployService(AxisService service)
- throws AxisFault {
-
- receiver.getConfigurationContext().getAxisConfiguration().addService(service);
- ServiceGroupContext serviceGroupContext = new ServiceGroupContext(
- receiver.getConfigurationContext(), (AxisServiceGroup) service.getParent());
- }
-
- public static synchronized void unDeployService(QName service)
- throws AxisFault {
- receiver.getConfigurationContext().getAxisConfiguration().removeService(
- service.getLocalPart());
- }
-
- public static synchronized void start() throws Exception {
- if (count == 0) {
-
- // start tcp server
-
- File file = new File(org.apache.axis2.Constants.TESTING_REPOSITORY);
- System.out.println(file.getAbsoluteFile());
- if (!file.exists()) {
- throw new Exception("Repository directory does not exist");
- }
-
- ConfigurationContext er = ConfigurationContextFactory.createConfigurationContextFromFileSystem(file
- .getAbsolutePath(), file
- .getAbsolutePath() + "/conf/axis2.xml");
- try {
- Thread.sleep(1000);
- } catch (InterruptedException e1) {
- throw new AxisFault("Thread interuptted", e1);
- }
- receiver = new TCPServer(UtilServer.TESTING_PORT, er);
- receiver.start();
-
- }
- count++;
- }
-
- public static synchronized void stop() throws AxisFault {
- try {
- if (count == 1) {
- receiver.stop();
- count = 0;
- System.out.print("Server stopped .....");
- } else {
- count--;
- }
- } catch (AxisFault e) {
- log.error(e.getMessage(), e);
- }
- receiver.getConfigurationContext().terminate();
- }
-
-}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
index d0c4c1e..8b0b84f 100644
--- a/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
+++ b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
@@ -77,7 +77,7 @@ public class RampartTest extends TestCase {
"Unlimited Strength Jurisdiction Policy !!!");
}
- for (int i = 1; i <= 29; i++) { //<-The number of tests we have
+ for (int i = 1; i <= 30; i++) { //<-The number of tests we have
if(!basic256Supported && (i == 3 || i == 4 || i == 5)) {
//Skip the Basic256 tests
continue;
diff --git a/modules/rampart-integration/src/test/resources/conf/axis2.xml b/modules/rampart-integration/src/test/resources/conf/axis2.xml
index b6a2885..99e7671 100755
--- a/modules/rampart-integration/src/test/resources/conf/axis2.xml
+++ b/modules/rampart-integration/src/test/resources/conf/axis2.xml
@@ -138,20 +138,10 @@
<!--<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>-->
<!--</transportReceiver>-->
- <transportReceiver name="tcp"
- class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- <!--If you want to give your own host address for EPR generation-->
- <!--uncommet following paramter , and set as you required.-->
- <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp"
- class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local"
class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http"
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml
index 0366947..64e084f 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml
index 451b415..0bdf5db 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml
index ff9595d..6c78786 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml
index 275cbec..5c3d37d 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml
index 7827334..5bee490 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml
index a539223..cbfb4bf 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml
index 357b1ec..95f2e45 100644
--- a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/1.xml b/modules/rampart-integration/src/test/resources/rampart/policy/1.xml
index 692f0e4..ca2a2eb 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/1.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/1.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/10.xml b/modules/rampart-integration/src/test/resources/rampart/policy/10.xml
index ddd0585..eb976ad 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/10.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/10.xml
@@ -1,4 +1,4 @@
-<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<!--No timestamp test-->
<wsp:ExactlyOne>
<wsp:All>
@@ -24,7 +24,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/13.xml b/modules/rampart-integration/src/test/resources/rampart/policy/13.xml
index 37c6c47..d8d4a2d 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/13.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/13.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/14.xml b/modules/rampart-integration/src/test/resources/rampart/policy/14.xml
index 9a9cc84..53585e4 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/14.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/14.xml
@@ -18,7 +18,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/15.xml b/modules/rampart-integration/src/test/resources/rampart/policy/15.xml
index 617b7f2..50437ee 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/15.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/15.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/17.xml b/modules/rampart-integration/src/test/resources/rampart/policy/17.xml
index ca24bae..7f861b5 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/17.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/17.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/18.xml b/modules/rampart-integration/src/test/resources/rampart/policy/18.xml
index 15ce2bf..119a14d 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/18.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/18.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/19.xml b/modules/rampart-integration/src/test/resources/rampart/policy/19.xml
index de7ce86..6fee9e9 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/19.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/19.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/2.xml b/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
index a3bf1bb..2c62db3 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/20.xml b/modules/rampart-integration/src/test/resources/rampart/policy/20.xml
index 817fcff..45117be 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/20.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/20.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/21.xml b/modules/rampart-integration/src/test/resources/rampart/policy/21.xml
index f952cf7..e4c7e2a 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/21.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/21.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -46,7 +46,7 @@
</sp:SignedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>not-used</ramp:user>
- <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
<ramp:rampartConfigCallbackClass>org.apache.rampart.RampartConfigUpdater</ramp:rampartConfigCallbackClass>
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/22.xml b/modules/rampart-integration/src/test/resources/rampart/policy/22.xml
index 70b4255..c4b3405 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/22.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/22.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/23.xml b/modules/rampart-integration/src/test/resources/rampart/policy/23.xml
index e4f7759..0e7f830 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/23.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/23.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/24.xml b/modules/rampart-integration/src/test/resources/rampart/policy/24.xml
index f0624d0..7fbe3ce 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/24.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/24.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/25.xml b/modules/rampart-integration/src/test/resources/rampart/policy/25.xml
index ca69e05..3a13a38 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/25.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/25.xml
@@ -20,7 +20,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/26.xml b/modules/rampart-integration/src/test/resources/rampart/policy/26.xml
index f42dcb3..d075ccf 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/26.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/26.xml
@@ -24,7 +24,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/27.xml b/modules/rampart-integration/src/test/resources/rampart/policy/27.xml
index 4acdc5e..4671f1c 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/27.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/27.xml
@@ -24,7 +24,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml b/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
index a5fd12b..d403894 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
@@ -28,7 +28,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/3.xml b/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
index 651188d..897b4bc 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml b/modules/rampart-integration/src/test/resources/rampart/policy/30.xml
similarity index 84%
copy from modules/rampart-integration/src/test/resources/rampart/policy/28.xml
copy to modules/rampart-integration/src/test/resources/rampart/policy/30.xml
index a5fd12b..be544e6 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/30.xml
@@ -1,7 +1,8 @@
-<wsp:Policy wsu:Id="SigOnly"
+<wsp:Policy wsu:Id="RAMPART-218"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <!--No timestamp test-->
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
@@ -11,7 +12,7 @@
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
- <sp:WssX509V3Token10/>
+ <sp:WssX509PkiPathV1Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
@@ -21,14 +22,14 @@
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
- <sp:WssX509V3Token10/>
+ <sp:WssX509PkiPathV1Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -36,22 +37,22 @@
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
- <sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
+ <sp:Wss10>
+ <sp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
+ </sp:Policy>
</sp:Wss10>
- <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:SignedParts>
+ <sp:EncryptedElements>
+ <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
+ </sp:EncryptedElements>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>alice</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
@@ -73,4 +74,4 @@
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
-</wsp:Policy>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/4.xml b/modules/rampart-integration/src/test/resources/rampart/policy/4.xml
index 4ad5d3b..1d63cc3 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/4.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/4.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/5.xml b/modules/rampart-integration/src/test/resources/rampart/policy/5.xml
index 368d94e..47778d8 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/5.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/5.xml
@@ -25,7 +25,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml b/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml
index 9739b9b..c9059e0 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml
@@ -68,7 +68,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/sc-3.xml b/modules/rampart-integration/src/test/resources/rampart/policy/sc-3.xml
index 34e4a04..0ce384c 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/sc-3.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/sc-3.xml
@@ -19,7 +19,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -43,7 +43,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-1.xml b/modules/rampart-integration/src/test/resources/rampart/services-1.xml
index 202210e..c46e922 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-1.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-1.xml
@@ -27,7 +27,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-10.xml b/modules/rampart-integration/src/test/resources/rampart/services-10.xml
index c47a7d4..8129d77 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-10.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-10.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-13.xml b/modules/rampart-integration/src/test/resources/rampart/services-13.xml
index 501dffe..711b72f 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-13.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-13.xml
@@ -27,7 +27,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-14.xml b/modules/rampart-integration/src/test/resources/rampart/services-14.xml
index da8cd05..9f2d30c 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-14.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-14.xml
@@ -35,7 +35,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-15.xml b/modules/rampart-integration/src/test/resources/rampart/services-15.xml
index 4b88584..7703394 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-15.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-15.xml
@@ -36,7 +36,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-17.xml b/modules/rampart-integration/src/test/resources/rampart/services-17.xml
index a786dea..886df59 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-17.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-17.xml
@@ -36,7 +36,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-18.xml b/modules/rampart-integration/src/test/resources/rampart/services-18.xml
index 3b5c1a5..beb5a72 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-18.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-18.xml
@@ -36,7 +36,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-19.xml b/modules/rampart-integration/src/test/resources/rampart/services-19.xml
index 39a31cb..2133099 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-19.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-19.xml
@@ -36,7 +36,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-2.xml b/modules/rampart-integration/src/test/resources/rampart/services-2.xml
index d6c6192..0b1f491 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-2.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-2.xml
@@ -44,7 +44,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-20.xml b/modules/rampart-integration/src/test/resources/rampart/services-20.xml
index 4913a3a..8b49810 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-20.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-20.xml
@@ -36,7 +36,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-21.xml b/modules/rampart-integration/src/test/resources/rampart/services-21.xml
index 95eb250..342283f 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-21.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-21.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-22.xml b/modules/rampart-integration/src/test/resources/rampart/services-22.xml
index 85c5589..15c28c5 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-22.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-22.xml
@@ -37,7 +37,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-23.xml b/modules/rampart-integration/src/test/resources/rampart/services-23.xml
index cbe5b3d..35baba2 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-23.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-23.xml
@@ -32,7 +32,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-24.xml b/modules/rampart-integration/src/test/resources/rampart/services-24.xml
index 6f2782c..a218b5d 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-24.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-24.xml
@@ -32,7 +32,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-25.xml b/modules/rampart-integration/src/test/resources/rampart/services-25.xml
index 4ef7556..afdcec1 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-25.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-25.xml
@@ -32,7 +32,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-26.xml b/modules/rampart-integration/src/test/resources/rampart/services-26.xml
index 34dd784..7dfe142 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-26.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-26.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-27.xml b/modules/rampart-integration/src/test/resources/rampart/services-27.xml
index 5224d6e..57eeed6 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-27.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-27.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-28.xml b/modules/rampart-integration/src/test/resources/rampart/services-28.xml
index 8ebd645..0d79cd8 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-28.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-28.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-3.xml b/modules/rampart-integration/src/test/resources/rampart/services-3.xml
index 7fc78a7..daeebce 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-3.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-3.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-25.xml b/modules/rampart-integration/src/test/resources/rampart/services-30.xml
similarity index 71%
copy from modules/rampart-integration/src/test/resources/rampart/services-25.xml
copy to modules/rampart-integration/src/test/resources/rampart/services-30.xml
index 4ef7556..ab9eb3a 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-25.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-30.xml
@@ -1,4 +1,4 @@
-<service name="SecureService25">
+<service name="SecureService30">
<module ref="addressing"/>
<module ref="rampart"/>
@@ -10,44 +10,53 @@
<actionMapping>urn:echo</actionMapping>
</operation>
- <wsp:Policy wsu:Id="SignedEncryptedElementsEncryptBeforeSigning"
+ <wsp:Policy wsu:Id="RAMPART-218"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:ExactlyOne>
<wsp:All>
- <sp:SymmetricBinding>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
- <sp:ProtectionToken>
+ <sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
+ <sp:WssX509PkiPathV1Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
- </sp:ProtectionToken>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509PkiPathV1Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
- <sp:Lax/>
+ <sp:Strict/>
</wsp:Policy>
</sp:Layout>
- <sp:EncryptBeforeSigning/>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
- </sp:SymmetricBinding>
- <sp:SignedElements>
- <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
- </sp:SignedElements>
+ </sp:AsymmetricBinding>
+ <sp:Wss10>
+ <sp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </sp:Policy>
+ </sp:Wss10>
<sp:EncryptedElements>
<sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
</sp:EncryptedElements>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-4.xml b/modules/rampart-integration/src/test/resources/rampart/services-4.xml
index 52a2845..3ed6c8a 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-4.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-4.xml
@@ -40,7 +40,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-5.xml b/modules/rampart-integration/src/test/resources/rampart/services-5.xml
index 0a6602c..e446be2 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-5.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-5.xml
@@ -42,7 +42,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml b/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml
index e3e029c..caad629 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml
@@ -81,7 +81,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-sc-3.xml b/modules/rampart-integration/src/test/resources/rampart/services-sc-3.xml
index 24ea65d..f96e9c8 100644
--- a/modules/rampart-integration/src/test/resources/rampart/services-sc-3.xml
+++ b/modules/rampart-integration/src/test/resources/rampart/services-sc-3.xml
@@ -32,7 +32,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml
index d120cca..61b81d8 100644
--- a/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml
@@ -32,15 +32,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml
index 8cdf406..916bc6f 100644
--- a/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml
index 4c1bcc5..469f5b4 100644
--- a/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml
index 1efb1e7..c8f179a 100644
--- a/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml
index 1bae128..f1673b7 100644
--- a/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml
index 3ef5bc8..0718a15 100644
--- a/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml
index 6021a79..c8b80f7 100644
--- a/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml
index 262036a..d9004cc 100644
--- a/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml
index 950dfdd..a3fe551 100644
--- a/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml
@@ -24,15 +24,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml
index 369de66..8ba9fa2 100644
--- a/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml
@@ -23,15 +23,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
diff --git a/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml
index 6e782d6..174846f 100644
--- a/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml
+++ b/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml
@@ -24,15 +24,10 @@
<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
</transportReceiver> -->
- <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
- <parameter name="port" locked="false">6060</parameter>
- </transportReceiver>
-
<!-- ================================================= -->
<!-- Transport Outs -->
<!-- ================================================= -->
- <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
<transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
<transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
<parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
index 5c302f2..9ee66b2 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
@@ -25,7 +25,7 @@ public abstract class AbstractSecurityAssertion implements Assertion {
private boolean isOptional;
- private boolean normalized = false;
+ private boolean normalized = true;
protected int version;
@@ -50,7 +50,7 @@ public abstract class AbstractSecurityAssertion implements Assertion {
}
public boolean isNormalized() {
- return true;
+ return this.normalized;
}
public PolicyComponent normalize() {
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
index 6daeb76..062ddcc 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
@@ -122,9 +122,9 @@ public class SignedEncryptedElements extends AbstractSecurityAssertion {
Iterator<String> namespaces = declaredNamespaces.keySet().iterator();
while(namespaces.hasNext()) {
- prefix = (String) namespaces.next();
- namespaceURI = (String) declaredNamespaces.get(prefix);
- writer.writeNamespace(prefix,namespaceURI);
+ final String declaredPrefix = namespaces.next();
+ final String declaredNamespaceURI = (String) declaredNamespaces.get(declaredPrefix);
+ writer.writeNamespace(declaredPrefix,declaredNamespaceURI);
}
writer.writeCharacters(xpathExpression);
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
index 671bd3c..fc47d27 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
@@ -37,6 +37,16 @@ public class SignedEncryptedParts extends AbstractSecurityAssertion {
private ArrayList headers = new ArrayList();
private boolean signedParts;
+
+ private boolean signAllHeaders;
+
+ public boolean isSignAllHeaders() {
+ return signAllHeaders;
+ }
+
+ public void setSignAllHeaders(boolean signAllHeaders) {
+ this.signAllHeaders = signAllHeaders;
+ }
public SignedEncryptedParts(boolean signedParts, int version) {
this.signedParts = signedParts;
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
index ea1520b..123be97 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
@@ -37,9 +37,12 @@ public class TransportBinding extends Binding {
private TransportToken transportToken;
private List transportBindings;
+
+ private boolean tokenProtection;
public TransportBinding(int version) {
super(version);
+ this.tokenProtection = false;
}
/**
* @return Returns the transportToken.
@@ -55,6 +58,21 @@ public class TransportBinding extends Binding {
public void setTransportToken(TransportToken transportToken) {
this.transportToken = transportToken;
}
+
+ /**
+ * @return Returns the tokenProtection.
+ */
+ public boolean isTokenProtection() {
+ return tokenProtection;
+ }
+
+ /**
+ * @param tokenProtection The tokenProtection to set.
+ */
+ public void setTokenProtection(boolean tokenProtection) {
+ this.tokenProtection = tokenProtection;
+ }
+
public List getConfigurations() {
return transportBindings;
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java
index d9134ee..1301a79 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedElementsBuilder.java
@@ -42,8 +42,8 @@ public class EncryptedElementsBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedElements.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ signedEncryptedElements.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedPartsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedPartsBuilder.java
index 33d5f7c..63b69ff 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedPartsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/EncryptedPartsBuilder.java
@@ -52,8 +52,8 @@ public class EncryptedPartsBuilder implements AssertionBuilder {
OMAttribute isOptional = element
.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedParts.setOptional((new Boolean(isOptional
- .getAttributeValue()).booleanValue()));
+ signedEncryptedParts.setOptional(Boolean.valueOf(isOptional
+ .getAttributeValue()).booleanValue());
}
return signedEncryptedParts;
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java
index e426e64..185c8d1 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedElementsBuilder.java
@@ -43,8 +43,8 @@ public class SignedElementsBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedElements.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ signedEncryptedElements.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedPartsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedPartsBuilder.java
index 36887be..77909c7 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedPartsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SignedPartsBuilder.java
@@ -36,13 +36,19 @@ public class SignedPartsBuilder implements AssertionBuilder {
SignedEncryptedParts signedEncryptedParts = new SignedEncryptedParts(true, SPConstants.SP_V11);
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedParts.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ signedEncryptedParts.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
processElement((OMElement) iterator.next(), signedEncryptedParts);
}
-
+
+ // Presense of <sp:SignedParts/> enforces the requirement for sign body and all the header blocks
+ if(!element.getChildren().hasNext()){
+ signedEncryptedParts.setBody(true);
+ signedEncryptedParts.setSignAllHeaders(true);
+ }
+
return signedEncryptedParts;
}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SupportingTokensBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SupportingTokensBuilder.java
index d75cbec..57e6b88 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SupportingTokensBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/SupportingTokensBuilder.java
@@ -55,8 +55,8 @@ public class SupportingTokensBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- supportingToken.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ supportingToken.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
index 9757343..084941d 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
@@ -47,8 +47,8 @@ public class UsernameTokenBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- usernameToken.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ usernameToken.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
OMElement policyElement = element.getFirstElement();
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
index d40e3d7..11b4b15 100644
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/X509TokenBuilder.java
@@ -63,8 +63,8 @@ public class X509TokenBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- x509Token.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ x509Token.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java
index 388ab84..3c9c8e7 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedElementsBuilder.java
@@ -47,8 +47,8 @@ public class EncryptedElementsBuilder implements AssertionBuilder {
OMAttribute isOptional = element
.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedElements.setOptional((new Boolean(isOptional
- .getAttributeValue()).booleanValue()));
+ signedEncryptedElements.setOptional(Boolean.valueOf(isOptional
+ .getAttributeValue()).booleanValue());
}
return signedEncryptedElements;
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedPartsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedPartsBuilder.java
index ced5446..f2ea9bc 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedPartsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/EncryptedPartsBuilder.java
@@ -52,8 +52,8 @@ public class EncryptedPartsBuilder implements AssertionBuilder {
OMAttribute isOptional = element
.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedParts.setOptional((new Boolean(isOptional
- .getAttributeValue()).booleanValue()));
+ signedEncryptedParts.setOptional(Boolean.valueOf(isOptional
+ .getAttributeValue()).booleanValue());
}
return signedEncryptedParts;
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
index 4ca3fd4..f08d6b0 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedElementsBuilder.java
@@ -44,8 +44,8 @@ public class SignedElementsBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedElements.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ signedEncryptedElements.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedPartsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedPartsBuilder.java
index af95efd..7db0a20 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedPartsBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SignedPartsBuilder.java
@@ -41,9 +41,15 @@ public class SignedPartsBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- signedEncryptedParts.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ signedEncryptedParts.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
+
+ //presense of <sp:SignedParts/> enforces the requirement for sign body and all the header blocks
+ if(!element.getChildren().hasNext()){
+ signedEncryptedParts.setBody(true);
+ signedEncryptedParts.setSignAllHeaders(true);
+ }
return signedEncryptedParts;
}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SupportingTokensBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SupportingTokensBuilder.java
index b243761..b43b917 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SupportingTokensBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/SupportingTokensBuilder.java
@@ -71,8 +71,8 @@ public class SupportingTokensBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- supportingToken.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ supportingToken.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportBindingBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportBindingBuilder.java
index c980616..aa40be7 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportBindingBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/TransportBindingBuilder.java
@@ -77,6 +77,9 @@ public class TransportBindingBuilder implements AssertionBuilder {
} else if (name.equals(SP12Constants.LAYOUT)) {
parent.setLayout((Layout) primitive);
+ } else if (name.equals(SP12Constants.PROTECT_TOKENS)) {
+ parent.setTokenProtection(true);
+
} else if (name.equals(SP12Constants.SIGNED_SUPPORTING_TOKENS)) {
parent.setSignedSupportingToken((SupportingToken) primitive);
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
index f8c1bed..b651a2c 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
@@ -47,8 +47,8 @@ public class UsernameTokenBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- usernameToken.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ usernameToken.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
OMElement policyElement = element.getFirstElement();
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
index ec2ecf4..6f8b293 100755
--- a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/X509TokenBuilder.java
@@ -62,8 +62,8 @@ public class X509TokenBuilder implements AssertionBuilder {
OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
if (isOptional != null) {
- x509Token.setOptional((new Boolean(isOptional.getAttributeValue())
- .booleanValue()));
+ x509Token.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
+ .booleanValue());
}
if (policyElement != null) {
diff --git a/modules/rampart-samples/README.txt b/modules/rampart-samples/README.txt
index ce5e119..136798c 100644
--- a/modules/rampart-samples/README.txt
+++ b/modules/rampart-samples/README.txt
@@ -15,3 +15,7 @@ Please use Apache Ant with the build.xml file available here to copy all jars
and mars to required places.
- Please copy log4j.jar to AXIS2_HOME/lib directory before trying out samples.
+
+ - Please follow the instructions on endorsing the default JAXP implementation
+ available in README.txt of this distribution before invoking
+ Sample 08.(Issuing a SAML 2.0 Token)
diff --git a/modules/rampart-samples/keys/client.jks b/modules/rampart-samples/keys/client.jks
index 3b986ba..19c356d 100644
Binary files a/modules/rampart-samples/keys/client.jks and b/modules/rampart-samples/keys/client.jks differ
diff --git a/modules/rampart-samples/keys/service.jks b/modules/rampart-samples/keys/service.jks
index 71066d1..dec41cb 100644
Binary files a/modules/rampart-samples/keys/service.jks and b/modules/rampart-samples/keys/service.jks differ
diff --git a/modules/rampart-samples/keys/sts.jks b/modules/rampart-samples/keys/sts.jks
index 6327721..89bf663 100644
Binary files a/modules/rampart-samples/keys/sts.jks and b/modules/rampart-samples/keys/sts.jks differ
diff --git a/modules/rampart-samples/policy/build.xml b/modules/rampart-samples/policy/build.xml
index d4e6d35..24cb932 100644
--- a/modules/rampart-samples/policy/build.xml
+++ b/modules/rampart-samples/policy/build.xml
@@ -109,6 +109,17 @@
<create.and.run.client sample.number="07"/>
</target>
+ <!-- Sample Service 08 -->
+ <target name="service.08" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="08"/>
+ </target>
+
+ <!-- Sample Client 08 -->
+ <target name="client.08" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="08"/>
+ </target>
+
+
<target name="clean">
<delete dir="build" />
</target>
diff --git a/modules/rampart-samples/policy/sample-tomcat/policy.xml b/modules/rampart-samples/policy/sample-tomcat/policy.xml
index cd62aaf..8943afd 100644
--- a/modules/rampart-samples/policy/sample-tomcat/policy.xml
+++ b/modules/rampart-samples/policy/sample-tomcat/policy.xml
@@ -11,7 +11,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-samples/policy/sample-tomcat/services.xml b/modules/rampart-samples/policy/sample-tomcat/services.xml
index 8184637..c8be66c 100644
--- a/modules/rampart-samples/policy/sample-tomcat/services.xml
+++ b/modules/rampart-samples/policy/sample-tomcat/services.xml
@@ -37,7 +37,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -55,7 +55,7 @@
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:passwordCallbackClass>org.apache.rampart.tomcat.sample.PWCBHandler</ramp:passwordCallbackClass>
+ <ramp:passwordCallbackClass>org.apache.rampart.tomcat.sample.PWCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
diff --git a/modules/rampart-samples/policy/sample01/policy.xml b/modules/rampart-samples/policy/sample01/policy.xml
index 7e7209d..3381cd9 100644
--- a/modules/rampart-samples/policy/sample01/policy.xml
+++ b/modules/rampart-samples/policy/sample01/policy.xml
@@ -27,7 +27,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-samples/policy/sample01/services.xml b/modules/rampart-samples/policy/sample01/services.xml
index 24dad18..bd4eb39 100644
--- a/modules/rampart-samples/policy/sample01/services.xml
+++ b/modules/rampart-samples/policy/sample01/services.xml
@@ -37,7 +37,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-samples/policy/sample05/policy.xml b/modules/rampart-samples/policy/sample05/policy.xml
index 76c726e..1807e03 100755
--- a/modules/rampart-samples/policy/sample05/policy.xml
+++ b/modules/rampart-samples/policy/sample05/policy.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-samples/policy/sample05/services.xml b/modules/rampart-samples/policy/sample05/services.xml
index dd0f5af..e626e2c 100644
--- a/modules/rampart-samples/policy/sample05/services.xml
+++ b/modules/rampart-samples/policy/sample05/services.xml
@@ -16,11 +16,11 @@
! limitations under the License.
!-->
<!-- services.xml of Sample05 : WS Trust -->
-<serviceGroup>
+<serviceGroup>
<service name="STS">
<module ref="rampart" />
- <module ref="addressing" />
- <module ref="rahas" />
+ <module ref="addressing" />
+ <module ref="rahas" />
<parameter name="saml-issuer-config">
<saml-issuer-config>
<issuerName>SAMPLE_STS</issuerName>
@@ -53,7 +53,7 @@
Valid values are: EncryptedKey & BinarySecret
-->
<proofKeyType>BinarySecret</proofKeyType>
- <trusted-services>
+ <trusted-services>
<service alias="service">*</service>
</trusted-services>
</saml-issuer-config>
@@ -68,7 +68,7 @@
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
- <sp:RequireThumbprintReference/>
+ <sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
@@ -78,7 +78,7 @@
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
- <sp:RequireThumbprintReference/>
+ <sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
@@ -119,113 +119,113 @@
<ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
</ramp:crypto>
- </ramp:signatureCrypto>
-
+ </ramp:signatureCrypto>
+
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
- </wsp:Policy>
+ </wsp:Policy>
+
+</service>
+<service name="sample05">
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample05.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="SgnOnlyAnonymous"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <Address xmlns="http://www.w3.org/2005/08/addressing">https://kirillgdev04/Security_Federation_SecurityTokenService_Indigo/Symmetric.svc/Scenario_1_IssuedTokenOverTransport_UsernameOverTransport</Address>
+ </Issuer>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SignedParts>
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
-</service>
-<service name="sample05">
- <operation name="echo">
- <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
- </operation>
- <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample05.SimpleService</parameter>
-
- <module ref="rampart" />
- <module ref="addressing" />
-
- <wsp:Policy wsu:Id="SgnOnlyAnonymous"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
- xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:SymmetricBinding>
- <wsp:Policy>
- <sp:ProtectionToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:ProtectionToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:SymmetricBinding>
- <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <Address xmlns="http://www.w3.org/2005/08/addressing">https://kirillgdev04/Security_Federation_SecurityTokenService_Indigo/Symmetric.svc/Scenario_1_IssuedTokenOverTransport_UsernameOverTransport</Address>
- </Issuer>
- <sp:RequestSecurityTokenTemplate>
- <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
- <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
- <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
- </sp:RequestSecurityTokenTemplate>
- <wsp:Policy>
- <sp:RequireInternalReference/>
- </wsp:Policy>
- </sp:IssuedToken>
- </wsp:Policy>
- </sp:SupportingTokens>
- <sp:SignedParts>
- <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:Body/>
- </sp:SignedParts>
- <sp:Wss11>
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- <sp:MustSupportRefThumbprint/>
- <sp:MustSupportRefEncryptedKey/>
- <sp:RequireSignatureConfirmation/>
- </wsp:Policy>
- </sp:Wss11>
- <sp:Trust10>
- <wsp:Policy>
- <sp:MustSupportIssuedTokens/>
- <sp:RequireClientEntropy/>
- <sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust10>
- <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:user>service</ramp:user>
- <ramp:encryptionUser>client</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
-
- <ramp:signatureCrypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
- </ramp:crypto>
- </ramp:signatureCrypto>
- </ramp:RampartConfig>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
-
-
-</service>
+</service>
</serviceGroup>
diff --git a/modules/rampart-samples/policy/sample06/policy.xml b/modules/rampart-samples/policy/sample06/policy.xml
index 010098b..24728d8 100755
--- a/modules/rampart-samples/policy/sample06/policy.xml
+++ b/modules/rampart-samples/policy/sample06/policy.xml
@@ -19,7 +19,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -58,9 +58,6 @@
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
- <sp:SignedParts>
- <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
- </sp:SignedParts>
</wsp:Policy>
</sp:SupportingTokens>
<sp:SignedParts>
diff --git a/modules/rampart-samples/policy/sample06/services.xml b/modules/rampart-samples/policy/sample06/services.xml
index 2f8501a..b86f1fb 100755
--- a/modules/rampart-samples/policy/sample06/services.xml
+++ b/modules/rampart-samples/policy/sample06/services.xml
@@ -16,11 +16,11 @@
! limitations under the License.
!-->
<!-- services.xml of Sample 06 : Trust sample with mex -->
-<serviceGroup>
+<serviceGroup>
<service name="STS">
<module ref="rampart" />
- <module ref="addressing" />
- <module ref="rahas" />
+ <module ref="addressing" />
+ <module ref="rahas" />
<parameter name="saml-issuer-config">
<saml-issuer-config>
<issuerName>SAMPLE_STS</issuerName>
@@ -54,7 +54,7 @@
-->
<proofKeyType>BinarySecret</proofKeyType>
<trusted-services>
- <!-- <service alias="sts">http://localhost:8090/axis2/services/sample06/</service> -->
+ <!-- <service alias="sts">http://localhost:8090/axis2/services/sample06/</service> -->
<service alias="sts">*</service>
</trusted-services>
</saml-issuer-config>
@@ -118,136 +118,133 @@
<ramp:property name="org.apache.ws.security.crypto.merlin.file">sts.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
</ramp:crypto>
- </ramp:signatureCrypto>
-
+ </ramp:signatureCrypto>
+
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
- </wsp:Policy>
+ </wsp:Policy>
+
+
+</service>
+<service name="sample06">
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="SgnOnlyAnonymous"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8090/axis2/services/STS</Address>
+ <Metadata xmlns="http://www.w3.org/2005/08/addressing">
+ <mex:Metadata
+ xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
+ <mex:MetadataReference>
+ <Address
+ xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/mex</Address>
+ </mex:MetadataReference>
+ </mex:MetadataSection>
+ </mex:Metadata>
+ </Metadata>
+ </Issuer>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample06.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
+<service name="mex">
+
+ <operation name="get">
+ <actionMapping>http://schemas.xmlsoap.org/ws/2004/09/mex/GetMetadata/Request</actionMapping>
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.MexService</parameter>
+ </service>
-</service>
-<service name="sample06">
- <operation name="echo">
- <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
- </operation>
- <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.SimpleService</parameter>
-
- <module ref="rampart" />
- <module ref="addressing" />
-
- <wsp:Policy wsu:Id="SgnOnlyAnonymous"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
- xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:SymmetricBinding>
- <wsp:Policy>
- <sp:ProtectionToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:ProtectionToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:SymmetricBinding>
- <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8090/axis2/services/STS</Address>
- <Metadata xmlns="http://www.w3.org/2005/08/addressing">
- <mex:Metadata
- xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
- <mex:MetadataReference>
- <Address
- xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/mex</Address>
- </mex:MetadataReference>
- </mex:MetadataSection>
- </mex:Metadata>
- </Metadata>
- </Issuer>
- <sp:RequestSecurityTokenTemplate>
- <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
- <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
- <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
- </sp:RequestSecurityTokenTemplate>
- <wsp:Policy>
- <sp:RequireInternalReference/>
- </wsp:Policy>
- </sp:IssuedToken>
- <sp:SignedParts>
- <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
- </sp:SignedParts>
- </wsp:Policy>
- </sp:SupportingTokens>
- <sp:SignedParts>
- <sp:Body/>
- </sp:SignedParts>
- <sp:Wss11>
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- <sp:MustSupportRefThumbprint/>
- <sp:MustSupportRefEncryptedKey/>
- <sp:RequireSignatureConfirmation/>
- </wsp:Policy>
- </sp:Wss11>
- <sp:Trust10>
- <wsp:Policy>
- <sp:MustSupportIssuedTokens/>
- <sp:RequireClientEntropy/>
- <sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust10>
- <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:user>service</ramp:user>
- <ramp:encryptionUser>client</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample06.PWCBHandler</ramp:passwordCallbackClass>
-
- <ramp:signatureCrypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
- </ramp:crypto>
- </ramp:signatureCrypto>
- </ramp:RampartConfig>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
-
-</service>
-<service name="mex">
-
- <operation name="get">
- <actionMapping>http://schemas.xmlsoap.org/ws/2004/09/mex/GetMetadata/Request</actionMapping>
- <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
- </operation>
- <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.MexService</parameter>
-
- </service>
-
</serviceGroup>
diff --git a/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java b/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java
index 47d2786..2b8a12f 100644
--- a/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java
+++ b/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package org.apache.rampart.samples.policy.sample06;
import java.io.File;
diff --git a/modules/rampart-samples/policy/sample08/README.txt b/modules/rampart-samples/policy/sample08/README.txt
new file mode 100644
index 0000000..e0ea5ce
--- /dev/null
+++ b/modules/rampart-samples/policy/sample08/README.txt
@@ -0,0 +1,8 @@
+WS-Trust - RST - Resquest Security Token Service - Issuing a SAML 2.0 token - issuing a token
+
+When using this sample with the TCPMon to monitor the soap messages, you have to use the
+correct URL in the client code before build the sample 08.
+
+You have to endorse the default JAXP implementation of your JDK before invoking this sample.
+Please follow the instructions available in the README.txt of this distribution to endorse
+the default JAXP implementation.
diff --git a/modules/documentation/src/site/resources/samples/policy/sample05.xml b/modules/rampart-samples/policy/sample08/policy.xml
similarity index 93%
copy from modules/documentation/src/site/resources/samples/policy/sample05.xml
copy to modules/rampart-samples/policy/sample08/policy.xml
index d16bca6..f1a09da 100644
--- a/modules/documentation/src/site/resources/samples/policy/sample05.xml
+++ b/modules/rampart-samples/policy/sample08/policy.xml
@@ -38,7 +38,7 @@
<Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/STS</Address>
</Issuer>
<sp:RequestSecurityTokenTemplate>
- <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
<t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
<t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
</sp:RequestSecurityTokenTemplate>
@@ -46,12 +46,10 @@
<sp:RequireInternalReference/>
</wsp:Policy>
</sp:IssuedToken>
- <sp:SignedParts>
- <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
- </sp:SignedParts>
</wsp:Policy>
</sp:SupportingTokens>
<sp:SignedParts>
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Body/>
</sp:SignedParts>
<sp:Wss11>
@@ -72,4 +70,4 @@
</sp:Trust10>
</wsp:All>
</wsp:ExactlyOne>
-</wsp:Policy>
\ No newline at end of file
+</wsp:Policy>
diff --git a/modules/rampart-samples/policy/sample05/services.xml b/modules/rampart-samples/policy/sample08/services.xml
similarity index 52%
copy from modules/rampart-samples/policy/sample05/services.xml
copy to modules/rampart-samples/policy/sample08/services.xml
index dd0f5af..68a93a1 100644
--- a/modules/rampart-samples/policy/sample05/services.xml
+++ b/modules/rampart-samples/policy/sample08/services.xml
@@ -1,218 +1,116 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- !
- ! Copyright 2006 The Apache Software Foundation.
- !
- ! Licensed under the Apache License, Version 2.0 (the "License");
- ! you may not use this file except in compliance with the License.
- ! You may obtain a copy of the License at
- !
- ! http://www.apache.org/licenses/LICENSE-2.0
- !
- ! Unless required by applicable law or agreed to in writing, software
- ! distributed under the License is distributed on an "AS IS" BASIS,
- ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ! See the License for the specific language governing permissions and
- ! limitations under the License.
- !-->
-<!-- services.xml of Sample05 : WS Trust -->
-<serviceGroup>
-<service name="STS">
- <module ref="rampart" />
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml for STS of Sample06 : WS Trust -->
+
+<service name="STS">
+ <module ref="rampart" />
<module ref="addressing" />
<module ref="rahas" />
- <parameter name="saml-issuer-config">
- <saml-issuer-config>
- <issuerName>SAMPLE_STS</issuerName>
- <issuerKeyAlias>service</issuerKeyAlias>
- <issuerKeyPassword>apache</issuerKeyPassword>
- <cryptoProperties>
- <crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
- <property name="org.apache.ws.security.crypto.merlin.file">service.jks</property>
- <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>
- </crypto>
- </cryptoProperties>
- <timeToLive>300000</timeToLive>
- <keySize>256</keySize>
- <addRequestedAttachedRef />
- <addRequestedUnattachedRef />
-
- <!--
- Key computation mechanism
- 1 - Use Request Entropy
- 2 - Provide Entropy
- 3 - Use Own Key
- -->
- <keyComputation>2</keyComputation>
-
- <!--
- proofKeyType element is valid only if the keyComputation is set to 3
- i.e. Use Own Key
-
- Valid values are: EncryptedKey & BinarySecret
- -->
- <proofKeyType>BinarySecret</proofKeyType>
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>SAMPLE_STS</issuerName>
+ <issuerKeyAlias>service</issuerKeyAlias>
+ <issuerKeyPassword>apache</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">service.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
<trusted-services>
- <service alias="service">*</service>
- </trusted-services>
- </saml-issuer-config>
- </parameter>
-
- <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:TripleDesRsa15/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Strict/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
- </sp:Wss10>
- <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:SignedParts>
-
- <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:user>service</ramp:user>
- <ramp:encryptionUser>client</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
-
- <ramp:signatureCrypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
- </ramp:crypto>
- </ramp:signatureCrypto>
+ <service alias="service">*</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
-
- </ramp:RampartConfig>
-
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
-
-</service>
-<service name="sample05">
- <operation name="echo">
- <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
- </operation>
- <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample05.SimpleService</parameter>
-
- <module ref="rampart" />
- <module ref="addressing" />
-
- <wsp:Policy wsu:Id="SgnOnlyAnonymous"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
- xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:SymmetricBinding>
- <wsp:Policy>
- <sp:ProtectionToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:ProtectionToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:SymmetricBinding>
- <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
- <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <Address xmlns="http://www.w3.org/2005/08/addressing">https://kirillgdev04/Security_Federation_SecurityTokenService_Indigo/Symmetric.svc/Scenario_1_IssuedTokenOverTransport_UsernameOverTransport</Address>
- </Issuer>
- <sp:RequestSecurityTokenTemplate>
- <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
- <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
- <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
- </sp:RequestSecurityTokenTemplate>
+ <sp:InitiatorToken>
<wsp:Policy>
- <sp:RequireInternalReference/>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
</wsp:Policy>
- </sp:IssuedToken>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
- </sp:SupportingTokens>
- <sp:SignedParts>
- <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:Body/>
- </sp:SignedParts>
- <sp:Wss11>
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- <sp:MustSupportRefThumbprint/>
- <sp:MustSupportRefEncryptedKey/>
- <sp:RequireSignatureConfirmation/>
- </wsp:Policy>
- </sp:Wss11>
- <sp:Trust10>
- <wsp:Policy>
- <sp:MustSupportIssuedTokens/>
- <sp:RequireClientEntropy/>
- <sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust10>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>service</ramp:user>
<ramp:encryptionUser>client</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample08.PWCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
@@ -221,11 +119,9 @@
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
- </ramp:RampartConfig>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
-
-
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
</service>
-</serviceGroup>
+
diff --git a/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/Client.java b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/Client.java
new file mode 100644
index 0000000..79822c2
--- /dev/null
+++ b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/Client.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample08;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.client.STSClient;
+import org.apache.rampart.RampartMessageData;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ STSClient stsClient = new STSClient(ctx);
+
+ stsClient.setRstTemplate(getRSTTemplate());
+ String action = TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ stsClient.setAction(action);
+
+ Token responseToken = stsClient.requestSecurityToken(loadPolicy("sample08/policy.xml"), "http://localhost:8080/axis2/services/STS", loadPolicy("sample08/sts_policy.xml"), null);
+
+ System.out.println("\n############################# Requested SAML 2.0 Token ###################################\n");
+ System.out.println(responseToken.getToken().toString());
+ System.out.println("\n##########################################################################################\n");
+
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getSAMLToken(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ return elem;
+ }
+
+
+ private static OMElement getRSTTemplate() throws Exception {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMElement elem = fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_20);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/PWCBHandler.java b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/PWCBHandler.java
new file mode 100644
index 0000000..dd71409
--- /dev/null
+++ b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample08;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/SimpleService.java b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/SimpleService.java
new file mode 100644
index 0000000..57cdcc7
--- /dev/null
+++ b/modules/rampart-samples/policy/sample08/src/org/apache/rampart/samples/policy/sample08/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample08;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/2.xml b/modules/rampart-samples/policy/sample08/sts_policy.xml
similarity index 65%
copy from modules/rampart-integration/src/test/resources/rampart/policy/2.xml
copy to modules/rampart-samples/policy/sample08/sts_policy.xml
index a3bf1bb..39d3974 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
+++ b/modules/rampart-samples/policy/sample08/sts_policy.xml
@@ -1,69 +1,83 @@
-<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Strict/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
- </sp:Wss10>
- <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:SignedParts>
- <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:user>alice</ramp:user>
- <ramp:encryptionUser>bob</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
-
- <ramp:signatureCrypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
- </ramp:crypto>
- </ramp:signatureCrypto>
- <ramp:encryptionCypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
- </ramp:crypto>
- </ramp:encryptionCypto>
- </ramp:RampartConfig>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample08.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java b/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java
index e824232..39494e5 100644
--- a/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java
+++ b/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java
@@ -16,11 +16,19 @@
package org.apache.rahas;
-import junit.framework.TestCase;
+import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import junit.framework.TestCase;
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
import java.util.Date;
public class SimpleTokenStoreTest extends TestCase {
@@ -30,8 +38,7 @@ public class SimpleTokenStoreTest extends TestCase {
try {
store.add(getTestToken("id-1"));
} catch (TrustException e) {
- fail("Adding a new token to an empty store should not fail, " +
- "message : " + e.getMessage());
+ fail("Adding a new token to an empty store should not fail, " + "message : " + e.getMessage());
}
Token token = null;
try {
@@ -40,8 +47,7 @@ public class SimpleTokenStoreTest extends TestCase {
fail("Adding an existing token must throw an exception");
} catch (TrustException e) {
assertEquals("Incorrect exception message",
- TrustException.getMessage("tokenAlreadyExists",
- new String[]{token.getId()}), e.getMessage());
+ TrustException.getMessage("tokenAlreadyExists", new String[]{token.getId()}), e.getMessage());
}
}
@@ -76,9 +82,8 @@ public class SimpleTokenStoreTest extends TestCase {
store.update(token1);
fail("An exception must be thrown at this point : noTokenToUpdate");
} catch (TrustException e) {
- assertEquals("Incorrect exception message", TrustException
- .getMessage("noTokenToUpdate", new String[]{token1
- .getId()}), e.getMessage());
+ assertEquals("Incorrect exception message",
+ TrustException.getMessage("noTokenToUpdate", new String[]{token1.getId()}), e.getMessage());
}
try {
store.add(token1);
@@ -133,11 +138,13 @@ public class SimpleTokenStoreTest extends TestCase {
}
}
- private Token getTestToken(String tokenId) throws TrustException {
+ private Token getTestToken(String tokenId)
+ throws TrustException {
return getTestToken(tokenId, new Date());
}
- private Token getTestToken(String tokenId, Date expiry) throws TrustException {
+ private Token getTestToken(String tokenId, Date expiry)
+ throws TrustException {
OMFactory factory = DOOMAbstractFactory.getOMFactory();
OMElement tokenEle = factory.createOMElement("testToken", "", "");
Token token = new Token(tokenId, tokenEle, new Date(), expiry);
@@ -147,4 +154,48 @@ public class SimpleTokenStoreTest extends TestCase {
token.setSecret("Top secret!".getBytes());
return token;
}
+
+ public void testSerialize()
+ throws Exception {
+ String fileName = "test.ser";
+
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns1 = factory.createOMNamespace("bar", "x");
+ OMElement elt11 = factory.createOMElement("foo1", ns1);
+
+ Token t = new Token("#1232122", elt11, new Date(), new Date());
+
+ SimpleTokenStore store = new SimpleTokenStore();
+ store.add(t);
+
+ FileOutputStream fos = null;
+ ObjectOutputStream out = null;
+
+ try {
+ fos = new FileOutputStream(fileName);
+ out = new ObjectOutputStream(fos);
+ out.writeObject(store);
+ } finally {
+ out.close();
+ }
+
+ SimpleTokenStore store2 = null;
+ FileInputStream fis = null;
+ ObjectInputStream in = null;
+ try {
+ fis = new FileInputStream(fileName);
+ in = new ObjectInputStream(fis);
+ store2 = (SimpleTokenStore)in.readObject();
+ in.close();
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ } catch (ClassNotFoundException ex) {
+ ex.printStackTrace();
+ }
+
+ assertEquals(store.getToken("#1232122").getId(), store2.getToken("#1232122").getId());
+ assertEquals(store.getToken("#1232122").getCreated(), store2.getToken("#1232122").getCreated());
+
+ }
+
}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java b/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
index 0bc5d94..ba416da 100644
--- a/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
@@ -19,6 +19,8 @@ package org.apache.rampart;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
@@ -63,8 +65,28 @@ public class MessageBuilderTestBase extends TestCase {
* @throws AxisFault
*/
protected MessageContext getMsgCtx() throws Exception {
+ return initMsgCtxFromMessage("test-resources/policy/soapmessage.xml");
+ }
+
+ /**
+ * Return a message context initialized with a SOAP 1.2 message.
+ *
+ * @throws XMLStreamException
+ * @throws FactoryConfigurationError
+ * @throws AxisFault
+ */
+ protected MessageContext getMsgCtx12() throws Exception {
+ return initMsgCtxFromMessage("test-resources/policy/soapmessage.xml");
+ }
+
+ /**
+ * @throws XMLStreamException
+ * @throws FactoryConfigurationError
+ * @throws AxisFault
+ */
+ private MessageContext initMsgCtxFromMessage(String messageResource) throws Exception {
MessageContext ctx = new MessageContext();
-
+
AxisConfiguration axisConfiguration = new AxisConfiguration();
AxisService axisService = new AxisService("TestService");
axisConfiguration.addService(axisService);
@@ -88,7 +110,7 @@ public class MessageBuilderTestBase extends TestCase {
XMLStreamReader reader =
XMLInputFactory.newInstance().
- createXMLStreamReader(new FileInputStream("test-resources/policy/soapmessage.xml"));
+ createXMLStreamReader(new FileInputStream(messageResource));
ctx.setEnvelope(new StAXSOAPModelBuilder(reader, null).getSOAPEnvelope());
return ctx;
}
@@ -121,4 +143,15 @@ public class MessageBuilderTestBase extends TestCase {
}
}
+ public String getContentTypeForEnvelope(SOAPEnvelope env) {
+ String contentType = SOAP11Constants.SOAP_11_CONTENT_TYPE; //default
+ if (SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI.equals(env.getNamespace().getNamespaceURI())) {
+ contentType = SOAP11Constants.SOAP_11_CONTENT_TYPE;
+ }
+ else if (SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI.equals(env.getNamespace().getNamespaceURI())) {
+ contentType = SOAP12Constants.SOAP_12_CONTENT_TYPE;
+ }
+ return contentType;
+ }
+
}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/NonceCacheTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/NonceCacheTest.java
new file mode 100644
index 0000000..3722b7f
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/NonceCacheTest.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import junit.framework.TestCase;
+
+/**
+ * Created by IntelliJ IDEA.
+ * User: aj
+ * Date: Apr 30, 2010
+ * Time: 4:15:20 PM
+ * To change this template use File | Settings | File Templates.
+ */
+public class NonceCacheTest extends TestCase {
+
+ public NonceCacheTest(String name) {
+ super(name);
+ }
+
+ public void testAddToCache() throws Exception {
+
+ UniqueMessageAttributeCache cache = new NonceCache();
+
+ cache.addToCache("j8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ cache.addToCache("j8EqKYJ/CxOdfN8CySMm0g==", "apache");
+ cache.addToCache("j8EqKYJ/CxOhfN8CySMm0g==", "apache");
+ }
+
+ public void testValueExistsInCache() throws Exception{
+
+ UniqueMessageAttributeCache cache = new NonceCache();
+
+ cache.addToCache("j8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ cache.addToCache("j8EqKYJ/CxOdfN8CySMm0g==", "apache");
+ cache.addToCache("j8EqKYJ/CxOhfN8CySMm0g==", "apache");
+
+ boolean returnValue1 = cache.valueExistsInCache("j8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ assertTrue("nonce - j8EqKYJ/CxOZfN8CySMm0g== and apache must exists in the cache", returnValue1);
+
+ boolean returnValue2 = cache.valueExistsInCache("p8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ assertFalse("nonce - p8EqKYJ/CxOZfN8CySMm0g== and apache should not be in the cache", returnValue2);
+ }
+
+ public void testValueExpiration() throws Exception{
+
+ UniqueMessageAttributeCache cache = new NonceCache();
+
+ cache.addToCache("j8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ cache.addToCache("j8EqKYJ/CxOdfN8CySMm0p==", "apache");
+ cache.addToCache("q8EqKYJ/CxOhfN8CySMm0g==", "apache");
+
+ cache.setMaximumLifeTimeOfAnAttribute(1);
+
+ boolean returnValue1 = cache.valueExistsInCache("j8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ assertTrue("nonce - j8EqKYJ/CxOZfN8CySMm0g== and apache must exists in the cache", returnValue1);
+
+ Thread.sleep(2 * 1000);
+
+ returnValue1 = cache.valueExistsInCache("j8EqKYJ/CxOZfN8CySMm0g==", "apache");
+ assertFalse("nonce - j8EqKYJ/CxOZfN8CySMm0g== and apache must not exists in the cache", returnValue1);
+
+ }
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
similarity index 54%
copy from modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
copy to modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
index 4f42405..5d5a8ed 100644
--- a/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
@@ -1,61 +1,60 @@
-/*
- * Copyright 2004,2005 The Apache Software Foundation.
- *
+/*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.rampart;
-import java.io.ByteArrayInputStream;
-import java.util.Vector;
-
-import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.builder.SOAPBuilder;
import org.apache.axis2.context.MessageContext;
-import org.apache.axis2.engine.AxisEngine;
import org.apache.neethi.Policy;
-import org.apache.rampart.util.Axis2Util;
-public class RampartEngineTest extends MessageBuilderTestBase {
+import java.io.ByteArrayInputStream;
+
+public class PolicyAssertionsTest extends MessageBuilderTestBase {
- public RampartEngineTest(String name) {
+ public PolicyAssertionsTest(String name) {
super(name);
}
- public void testEmptySOAPMessage() throws Exception {
+ public void testRequiredElementsValid() throws Exception {
- try {
- MessageContext ctx = getMsgCtx();
+ MessageContext ctx = getMsgCtx();
- String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
- Policy policy = this.loadPolicy(policyXml);
+ String policyXml = "test-resources/policy/rampart-asymm-required-elements.xml";
+ Policy policy = loadPolicy(policyXml);
- ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ // Building the SOAP envelope from the OMElement
+ SOAPBuilder soapBuilder = new SOAPBuilder();
+ SOAPEnvelope env = ctx.getEnvelope();
+ ByteArrayInputStream inStream = new ByteArrayInputStream(env.toString().getBytes());
+ env = (SOAPEnvelope) soapBuilder.processDocument(inStream, "text/xml", ctx);
+ ctx.setEnvelope(env);
+
+ RampartEngine engine = new RampartEngine();
+ engine.process(ctx);
- RampartEngine engine = new RampartEngine();
- engine.process(ctx);
- } catch (RampartException e) {
- assertEquals("Expected rampart to complain about missing security header",
- "Missing wsse:Security header in request", e.getMessage());
- }
}
- public void testValidSOAPMessage() throws Exception {
+ public void testRequiredElementsInvalid() throws Exception {
MessageContext ctx = getMsgCtx();
- String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
+ String policyXml = "test-resources/policy/rampart-asymm-required-elements-2.xml";
Policy policy = loadPolicy(policyXml);
ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
@@ -71,7 +70,14 @@ public class RampartEngineTest extends MessageBuilderTestBase {
ctx.setEnvelope(env);
RampartEngine engine = new RampartEngine();
- engine.process(ctx);
+
+ try {
+ engine.process(ctx);
+ fail(" This should have thrown RampartException: " +
+ "Required Elements not found in the incoming message : wsrm:Sequence");
+ } catch (RampartException expected) {
+ // Ignore intentionally as the test is supposed to throw an exception
+ }
}
}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
index 4f42405..f3ed510 100644
--- a/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
@@ -18,14 +18,23 @@ package org.apache.rampart;
import java.io.ByteArrayInputStream;
import java.util.Vector;
+import java.util.ArrayList;
+import java.security.cert.X509Certificate;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.builder.SOAPBuilder;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.engine.AxisEngine;
+import org.apache.axis2.namespace.Constants;
import org.apache.neethi.Policy;
import org.apache.rampart.util.Axis2Util;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import javax.xml.namespace.QName;
public class RampartEngineTest extends MessageBuilderTestBase {
@@ -45,9 +54,10 @@ public class RampartEngineTest extends MessageBuilderTestBase {
RampartEngine engine = new RampartEngine();
engine.process(ctx);
- } catch (RampartException e) {
+ }
+ catch (RampartException e) {
assertEquals("Expected rampart to complain about missing security header",
- "Missing wsse:Security header in request", e.getMessage());
+ "Missing wsse:Security header in request", e.getMessage());
}
}
@@ -64,14 +74,74 @@ public class RampartEngineTest extends MessageBuilderTestBase {
builder.build(ctx);
// Building the SOAP envelope from the OMElement
+ buildSOAPEnvelope(ctx);
+
+ RampartEngine engine = new RampartEngine();
+ Vector results = engine.process(ctx);
+
+ /*
+ The principle purpose of the test case is to verify that the above processes
+ without throwing an exception. However, perform a minimal amount of validation on the
+ results.
+ */
+ assertNotNull("RampartEngine returned null result", results);
+ //verify cert was stored
+ X509Certificate usedCert = null;
+ for (int i = 0; i < results.size(); i++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(i);
+ Integer action = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (action.intValue() == WSConstants.SIGN) {
+ //the result is for the signature, which contains the used certificate
+ usedCert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ break;
+ }
+ }
+ assertNotNull("Result of processing did not include a certificate", usedCert);
+ }
+
+ public void testValidSOAP12Message() throws Exception {
+
+ MessageContext ctx = getMsgCtx12();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
+ Policy policy = loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ // Building the SOAP envelope from the OMElement
+ buildSOAPEnvelope(ctx);
+
+ RampartEngine engine = new RampartEngine();
+ Vector results = engine.process(ctx);
+
+ /*
+ The principle purpose of the test case is to verify that the above processes
+ without throwing an exception. However, perform a minimal amount of validation on the
+ results.
+ */
+ assertNotNull("RampartEngine returned null result", results);
+ //verify cert was stored
+ X509Certificate usedCert = null;
+ for (int i = 0; i < results.size(); i++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(i);
+ Integer action = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (action.intValue() == WSConstants.SIGN) {
+ //the result is for the signature, which contains the used certificate
+ usedCert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ break;
+ }
+ }
+ assertNotNull("Result of processing did not include a certificate", usedCert);
+ }
+
+ private void buildSOAPEnvelope(MessageContext ctx) throws Exception {
SOAPBuilder soapBuilder = new SOAPBuilder();
SOAPEnvelope env = ctx.getEnvelope();
ByteArrayInputStream inStream = new ByteArrayInputStream(env.toString().getBytes());
- env = (SOAPEnvelope) soapBuilder.processDocument(inStream, "text/xml", ctx);
+ env = (SOAPEnvelope) soapBuilder.processDocument(inStream, getContentTypeForEnvelope(env), ctx);
ctx.setEnvelope(env);
-
- RampartEngine engine = new RampartEngine();
- engine.process(ctx);
-
}
}
diff --git a/modules/rampart-tests/test-resources/policy-asymm-binding.xml b/modules/rampart-tests/test-resources/policy-asymm-binding.xml
index aae3ea5..b73a944 100644
--- a/modules/rampart-tests/test-resources/policy-asymm-binding.xml
+++ b/modules/rampart-tests/test-resources/policy-asymm-binding.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy-symm-binding.xml b/modules/rampart-tests/test-resources/policy-symm-binding.xml
index de8bd5b..36ce0e0 100644
--- a/modules/rampart-tests/test-resources/policy-symm-binding.xml
+++ b/modules/rampart-tests/test-resources/policy-symm-binding.xml
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy-transport-binding.xml b/modules/rampart-tests/test-resources/policy-transport-binding.xml
index a74b444..c2bb0f6 100644
--- a/modules/rampart-tests/test-resources/policy-transport-binding.xml
+++ b/modules/rampart-tests/test-resources/policy-transport-binding.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml
index 3930028..11eea3c 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml
index b2102da..f7c7384 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml
@@ -24,7 +24,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml
index 8d648b2..abb0712 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml
@@ -25,7 +25,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
index 55cbb13..50c796e 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
@@ -25,7 +25,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml
index fd66030..f5f74e5 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-required-elements-2.xml
similarity index 58%
copy from modules/rampart-integration/src/test/resources/rampart/policy/28.xml
copy to modules/rampart-tests/test-resources/policy/rampart-asymm-required-elements-2.xml
index a5fd12b..ea8b0a7 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-required-elements-2.xml
@@ -1,34 +1,25 @@
-<wsp:Policy wsu:Id="SigOnly"
+<wsp:Policy wsu:Id="policy2"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <!--No timestamp test-->
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl">
<wsp:ExactlyOne>
<wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token
- sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
+ <sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
+ <sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
- </sp:RecipientToken>
+ </sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -36,26 +27,43 @@
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
+ <sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
- </sp:Wss10>
+ </sp:Wss11>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
</sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:RequiredElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath xmlns:wsrm="http://docs.oasis-open.org/ws-rx/wsrm/200702">wsrm:Sequence</sp:XPath>
+ </sp:RequiredElements>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>alice</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
</ramp:property>
@@ -64,7 +72,7 @@
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
</ramp:property>
@@ -73,4 +81,4 @@
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
-</wsp:Policy>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-required-elements.xml
similarity index 58%
copy from modules/rampart-integration/src/test/resources/rampart/policy/28.xml
copy to modules/rampart-tests/test-resources/policy/rampart-asymm-required-elements.xml
index a5fd12b..ee8d017 100644
--- a/modules/rampart-integration/src/test/resources/rampart/policy/28.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-required-elements.xml
@@ -1,34 +1,25 @@
-<wsp:Policy wsu:Id="SigOnly"
+<wsp:Policy wsu:Id="policy2"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
- <!--No timestamp test-->
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl">
<wsp:ExactlyOne>
<wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token
- sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
+ <sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
+ <sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
- </sp:RecipientToken>
+ </sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -36,26 +27,43 @@
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
+ <sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
- </sp:Wss10>
+ </sp:Wss11>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
</sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:RequiredElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">wsa:To</sp:XPath>
+ </sp:RequiredElements>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>alice</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
</ramp:property>
@@ -64,7 +72,7 @@
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
</ramp:property>
@@ -73,4 +81,4 @@
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
-</wsp:Policy>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml
index e5fd9f7..c877e10 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml
@@ -15,7 +15,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml
index 20300e7..8605d4e 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml
index 92d2fd4..50593c3 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml
index 3433513..19bd768 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml
@@ -15,7 +15,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml
index bb3564b..a24e038 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml
index f84ada7..23b6a66 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml
index a9c407b..f3888cc 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml b/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml
index 0ba03af..3a01731 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java b/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java
index aab11b6..c20abbb 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java
@@ -16,6 +16,9 @@
package org.apache.rahas;
+import java.io.IOException;
+import java.io.ObjectInput;
+import java.io.ObjectOutput;
import java.util.Date;
import org.apache.axiom.om.OMElement;
@@ -35,6 +38,10 @@ public class EncryptedKeyToken extends Token {
* SHA1 value of the encrypted key
*/
private String sha;
+
+ public EncryptedKeyToken(){
+ super();
+ }
public EncryptedKeyToken (String id,Date created, Date expires) {
super(id,created,expires);
@@ -59,4 +66,20 @@ public class EncryptedKeyToken extends Token {
return sha;
}
+ public void writeExternal(ObjectOutput out)
+ throws IOException {
+
+ super.writeExternal(out);
+ out.writeObject(this.sha);
+ }
+
+ public void readExternal(ObjectInput in)
+ throws ClassNotFoundException, IOException {
+
+ super.readExternal(in);
+ this.sha = (String)in.readObject();
+
+ }
+
+
}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
index 2457621..894a0da 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
@@ -334,6 +334,8 @@ public class RahasData {
SecurityTokenReference str = new SecurityTokenReference((Element)elem);
if (str.containsReference()) {
tokenId = str.getReference().getURI();
+ } else if(str.containsKeyIdentifier()){
+ tokenId = str.getKeyIdentifierValue();
}
} catch (WSSecurityException e) {
throw new TrustException("errorExtractingTokenId",e);
@@ -358,6 +360,13 @@ public class RahasData {
SecurityTokenReference str = new SecurityTokenReference((Element)elem);
if (str.containsReference()) {
tokenId = str.getReference().getURI();
+ } else if(str.containsKeyIdentifier()){
+ tokenId = str.getKeyIdentifierValue();
+ }
+ if(tokenId == null){
+ if(str.containsKeyIdentifier()){
+ tokenId = str.getKeyIdentifierValue();
+ }
}
} catch (WSSecurityException e) {
throw new TrustException("errorExtractingTokenId",e);
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java b/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java
index f56bcdc..7293bd5 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java
@@ -21,6 +21,8 @@ import org.apache.ws.security.WSConstants;
import org.apache.ws.security.message.token.Reference;
import javax.xml.namespace.QName;
+
+import java.io.Serializable;
import java.util.*;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
@@ -29,7 +31,7 @@ import java.util.concurrent.locks.ReentrantReadWriteLock;
/**
* In-memory implementation of the token storage
*/
-public class SimpleTokenStore implements TokenStorage {
+public class SimpleTokenStore implements TokenStorage, Serializable {
protected Map tokens = new Hashtable();
@@ -185,8 +187,7 @@ public class SimpleTokenStore implements TokenStorage {
} finally {
readLock.unlock();
- }
-
+ }
return token;
}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java b/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
index 019c3e2..8907d35 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
@@ -18,164 +18,169 @@ package org.apache.rahas;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMException;
+import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import javax.xml.namespace.QName;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import java.io.ByteArrayInputStream;
+import java.io.Externalizable;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.ObjectInput;
+import java.io.ObjectOutput;
+import java.io.Reader;
+import java.io.StringReader;
+import java.io.UnsupportedEncodingException;
import java.text.DateFormat;
import java.text.ParseException;
import java.util.Date;
import java.util.Properties;
/**
- * This represents a security token which can have either one of 4 states.
- * <ul>
- * <li>ISSUED</li>
- * <li>EXPIRED</li>
- * <li>CACELLED</li>
- * <li>RENEWED</li>
- * </ul>
- * Also this holds the <code>OMElement</code>s representing the token in its
+ * This represents a security token which can have either one of 4 states. <ul> <li>ISSUED</li> <li>EXPIRED</li>
+ * <li>CACELLED</li> <li>RENEWED</li> </ul> Also this holds the <code>OMElement</code>s representing the token in its
* present state and the previous state.
- *
- * These tokens are stored using the storage mechanism provided via the
- * <code>TokenStorage</code> interface.
+ * <p/>
+ * These tokens are stored using the storage mechanism provided via the <code>TokenStorage</code> interface.
+ *
* @see org.apache.rahas.TokenStorage
*/
-public class Token {
-
+public class Token implements Externalizable {
+
+ private static Log log = LogFactory.getLog(Token.class);
+
public final static int ISSUED = 1;
+
public final static int EXPIRED = 2;
+
public final static int CANCELLED = 3;
+
public final static int RENEWED = 4;
-
+
/**
* Token identifier
*/
private String id;
-
+
/**
* Current state of the token
*/
private int state = -1;
-
+
/**
* The actual token in its current state
*/
private OMElement token;
-
+
/**
* The token in its previous state
*/
private OMElement previousToken;
-
+
/**
- * The RequestedAttachedReference element
- * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows
- * an extensibility mechanism for wsse:SecurityTokenReference and
- * wsse:Reference. Hence we cannot limit to the
- * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and
- * the ValueType values.
+ * The RequestedAttachedReference element NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows an
+ * extensibility mechanism for wsse:SecurityTokenReference and wsse:Reference. Hence we cannot limit to the
+ * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and the ValueType values.
*/
private OMElement attachedReference;
-
+
/**
- * The RequestedUnattachedReference element
- * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows
- * an extensibility mechanism for wsse:SecurityTokenRefence and
- * wsse:Reference. Hence we cannot limit to the
- * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and
- * the ValueType values.
+ * The RequestedUnattachedReference element NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows an
+ * extensibility mechanism for wsse:SecurityTokenRefence and wsse:Reference. Hence we cannot limit to the
+ * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and the ValueType values.
*/
private OMElement unattachedReference;
-
+
/**
* A bag to hold any other properties
*/
- private Properties properties;
+ private Properties properties;
/**
* A flag to assist the TokenStorage
*/
private boolean changed;
-
+
/**
* The secret associated with the Token
*/
private byte[] secret;
-
+
/**
* Created time
*/
private Date created;
-
+
/**
* Expiration time
*/
private Date expires;
-
+
/**
* Issuer end point address
*/
private String issuerAddress;
-
+
private String encrKeySha1Value;
-
+
+ public Token() {
+ }
+
public Token(String id, Date created, Date expires) {
- this.id = id;
- this.created = created;
- this.expires = expires;
+ this.id = id;
+ this.created = created;
+ this.expires = expires;
}
-
- public Token(String id,
- OMElement tokenElem,
- Date created,
- Date expires) throws TrustException {
+
+ public Token(String id, OMElement tokenElem, Date created, Date expires)
+ throws TrustException {
this.id = id;
- StAXOMBuilder stAXOMBuilder = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
- tokenElem.getXMLStreamReader());
+ StAXOMBuilder stAXOMBuilder =
+ new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), tokenElem.getXMLStreamReader());
stAXOMBuilder.setNamespaceURIInterning(true);
this.token = stAXOMBuilder.getDocumentElement();
this.created = created;
this.expires = expires;
}
- public Token(String id,
- OMElement tokenElem,
- OMElement lifetimeElem) throws TrustException {
+ public Token(String id, OMElement tokenElem, OMElement lifetimeElem)
+ throws TrustException {
this.id = id;
- StAXOMBuilder stAXOMBuilder = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
- tokenElem.getXMLStreamReader());
+ StAXOMBuilder stAXOMBuilder =
+ new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), tokenElem.getXMLStreamReader());
stAXOMBuilder.setNamespaceURIInterning(true);
this.token = stAXOMBuilder.getDocumentElement();
this.processLifeTime(lifetimeElem);
}
-
+
/**
* @param lifetimeElem
- * @throws TrustException
+ * @throws TrustException
*/
- private void processLifeTime(OMElement lifetimeElem) throws TrustException {
+ private void processLifeTime(OMElement lifetimeElem)
+ throws TrustException {
try {
DateFormat zulu = new XmlSchemaDateFormat();
OMElement createdElem =
- lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
- WSConstants.CREATED_LN));
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS, WSConstants.CREATED_LN));
this.created = zulu.parse(createdElem.getText());
-
+
OMElement expiresElem =
- lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
- WSConstants.EXPIRES_LN));
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS, WSConstants.EXPIRES_LN));
this.expires = zulu.parse(expiresElem.getText());
} catch (OMException e) {
- throw new TrustException("lifeTimeProcessingError",
- new String[]{lifetimeElem.toString()}, e);
+ throw new TrustException("lifeTimeProcessingError", new String[]{lifetimeElem.toString()}, e);
} catch (ParseException e) {
- throw new TrustException("lifeTimeProcessingError",
- new String[]{lifetimeElem.toString()}, e);
+ throw new TrustException("lifeTimeProcessingError", new String[]{lifetimeElem.toString()}, e);
}
}
@@ -192,7 +197,7 @@ public class Token {
public void setChanged(boolean chnaged) {
this.changed = chnaged;
}
-
+
/**
* @return Returns the properties.
*/
@@ -253,8 +258,8 @@ public class Token {
* @param presivousToken The presivousToken to set.
*/
public void setPreviousToken(OMElement presivousToken) {
- this.previousToken = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
- presivousToken.getXMLStreamReader()).getDocumentElement();
+ this.previousToken = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), presivousToken.getXMLStreamReader())
+ .getDocumentElement();
}
/**
@@ -282,9 +287,9 @@ public class Token {
* @param attachedReference The attachedReference to set.
*/
public void setAttachedReference(OMElement attachedReference) {
- if(attachedReference != null) {
- this.attachedReference = new StAXOMBuilder(DOOMAbstractFactory
- .getOMFactory(), attachedReference.getXMLStreamReader())
+ if (attachedReference != null) {
+ this.attachedReference =
+ new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), attachedReference.getXMLStreamReader())
.getDocumentElement();
}
}
@@ -300,9 +305,9 @@ public class Token {
* @param unattachedReference The unattachedReference to set.
*/
public void setUnattachedReference(OMElement unattachedReference) {
- if(unattachedReference != null) {
- this.unattachedReference = new StAXOMBuilder(DOOMAbstractFactory
- .getOMFactory(), unattachedReference.getXMLStreamReader())
+ if (unattachedReference != null) {
+ this.unattachedReference =
+ new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), unattachedReference.getXMLStreamReader())
.getDocumentElement();
}
}
@@ -335,4 +340,150 @@ public class Token {
public void setIssuerAddress(String issuerAddress) {
this.issuerAddress = issuerAddress;
}
+
+ /**
+ * Implementing serialize logic according to our own protocol. We had to follow this, because
+ * OMElement class is not serializable. Making OMElement serializable will have an huge impact
+ * on other components. Therefore implementing serialization logic according to a manual
+ * protocol.
+ * @param out Stream which writes serialized bytes.
+ * @throws IOException If unable to serialize particular member.
+ */
+ public void writeExternal(ObjectOutput out)
+ throws IOException {
+
+ out.writeObject(this.id);
+
+ out.writeInt(this.state);
+
+ String stringElement = convertOMElementToString(this.token);
+ out.writeObject(stringElement);
+
+ stringElement = convertOMElementToString(this.previousToken);
+ out.writeObject(stringElement);
+
+ stringElement = convertOMElementToString(this.attachedReference);
+ out.writeObject(stringElement);
+
+ stringElement = convertOMElementToString(this.unattachedReference);
+ out.writeObject(stringElement);
+
+ out.writeObject(this.properties);
+
+ out.writeBoolean(this.changed);
+
+ int secretLength = 0;
+ if (null != this.secret) {
+ secretLength = this.secret.length;
+ }
+
+ // First write the length of secret
+ out.writeInt(secretLength);
+ if (0 != secretLength) {
+ out.write(this.secret);
+ }
+
+ out.writeObject(this.created);
+
+ out.writeObject(this.expires);
+
+ out.writeObject(this.issuerAddress);
+
+ out.writeObject(this.encrKeySha1Value);
+ }
+
+ /**
+ * Implementing de-serialization logic in accordance with the serialization logic.
+ * @param in Stream which used to read data.
+ * @throws IOException If unable to de-serialize particular data member.
+ * @throws ClassNotFoundException
+ */
+ public void readExternal(ObjectInput in)
+ throws IOException, ClassNotFoundException {
+
+ this.id = (String)in.readObject();
+
+ this.state = in.readInt();
+
+ String stringElement = (String)in.readObject();
+ this.token = convertStringToOMElement(stringElement);
+
+ stringElement = (String)in.readObject();
+ this.previousToken = convertStringToOMElement(stringElement);
+
+ stringElement = (String)in.readObject();
+ this.attachedReference = convertStringToOMElement(stringElement);
+
+ stringElement = (String)in.readObject();
+ this.unattachedReference = convertStringToOMElement(stringElement);
+
+ this.properties = (Properties)in.readObject();
+
+ this.changed = in.readBoolean();
+
+ // Read the length of the secret
+ int secretLength = in.readInt();
+
+ if (0 != secretLength) {
+ byte[] buffer = new byte[secretLength];
+ if (secretLength != in.read(buffer)) {
+ throw new IllegalStateException("Bytes read from the secret key is not equal to serialized length");
+ }
+ this.secret = buffer;
+ }else{
+ this.secret = null;
+ }
+
+ this.created = (Date)in.readObject();
+
+ this.expires = (Date)in.readObject();
+
+ this.issuerAddress = (String)in.readObject();
+
+ this.encrKeySha1Value = (String)in.readObject();
+ }
+
+ private String convertOMElementToString(OMElement element)
+ throws IOException {
+ String serializedToken = "";
+
+ if (null == element) {
+ return serializedToken;
+ }
+
+ try {
+ serializedToken = element.toStringWithConsume();
+ } catch (XMLStreamException e) {
+ throw new IOException("Could not serialize token OM element");
+ }
+
+ return serializedToken;
+ }
+
+ private OMElement convertStringToOMElement(String stringElement)
+ throws IOException {
+
+ if (null == stringElement || stringElement.trim().equals("")) {
+ return null;
+ }
+
+ try {
+ Reader in = new StringReader(stringElement);
+ XMLStreamReader parser = XMLInputFactory.newInstance().createXMLStreamReader(in);
+ StAXOMBuilder builder = new StAXOMBuilder(parser);
+ OMElement documentElement = builder.getDocumentElement();
+
+ XMLStreamReader llomReader = documentElement.getXMLStreamReader();
+ OMFactory doomFactory = DOOMAbstractFactory.getOMFactory();
+ StAXOMBuilder doomBuilder = new StAXOMBuilder(doomFactory, llomReader);
+ return doomBuilder.getDocumentElement();
+
+ } catch (XMLStreamException e) {
+ log.error("Cannot convert de-serialized string to OMElement. Could not create XML stream.", e);
+ // IOException only has a constructor supporting exception chaining starting with Java 1.6
+ IOException ex = new IOException("Cannot convert de-serialized string to OMElement. Could not create XML stream.");
+ ex.initCause(e);
+ throw ex;
+ }
+ }
}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
index 0817868..01ad8ad 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
@@ -17,10 +17,9 @@
package org.apache.rahas.client;
import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Vector;
+import java.util.*;
+import java.text.DateFormat;
+import java.text.ParseException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -29,6 +28,7 @@ import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.OMException;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
import org.apache.axiom.om.util.Base64;
@@ -66,6 +66,7 @@ import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.w3c.dom.Element;
public class STSClient {
@@ -142,10 +143,14 @@ public class STSClient {
//Process the STS and service policy policy
this.processPolicy(issuerPolicy, servicePolicy);
- OMElement response = client.sendReceive(rstQn,
- createIssueRequest(requestType, appliesTo));
-
- return processIssueResponse(version, response, issuerAddress);
+ try {
+ OMElement response = client.sendReceive(rstQn,
+ createIssueRequest(requestType, appliesTo));
+
+ return processIssueResponse(version, response, issuerAddress);
+ } finally {
+ client.cleanupTransport();
+ }
} catch (AxisFault e) {
log.error("errorInObtainingToken", e);
throw new TrustException("errorInObtainingToken", new String[]{issuerAddress},e);
@@ -243,7 +248,120 @@ public class STSClient {
}
}
-
+
+ /**
+ * Renews the token referenced by the token id, updates the token store
+ * @param tokenId
+ * @param issuerAddress
+ * @param issuerPolicy
+ * @param store
+ * @return status
+ * @throws TrustException
+ */
+ public boolean renewToken(String tokenId,
+ String issuerAddress,
+ Policy issuerPolicy, TokenStorage store) throws TrustException {
+
+ try {
+ QName rstQn = new QName("requestSecurityToken");
+
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+
+ client.getServiceContext().setProperty(RAMPART_POLICY, issuerPolicy);
+ client.getOptions().setSoapVersionURI(this.soapVersion);
+ if (this.addressingNs != null) {
+ client.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.addressingNs);
+ }
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ this.processPolicy(issuerPolicy, null);
+
+ String tokenType = RahasConstants.TOK_TYPE_SAML_10;
+
+ OMElement response = client.sendReceive(rstQn,
+ createRenewRequest(tokenType, tokenId));
+ store.update(processRenewResponse(version, response, store, tokenId));
+
+ return true;
+
+ } catch (AxisFault e) {
+ log.error("errorInRenewingToken", e);
+ throw new TrustException("errorInRenewingToken", new String[]{issuerAddress}, e);
+ }
+
+ }
+
+ /**
+ * Processes the response and update the token store
+ * @param version
+ * @param elem
+ * @param store
+ * @param id
+ * @return
+ * @throws TrustException
+ */
+ private Token processRenewResponse(int version, OMElement elem, TokenStorage store, String id) throws TrustException {
+ OMElement rstr = elem;
+ if (version == RahasConstants.VERSION_05_12) {
+ //The WS-SX result will be an RSTRC
+ rstr = elem.getFirstElement();
+ }
+ //get the corresponding WS-Trust NS
+ String ns = TrustUtil.getWSTNamespace(version);
+
+ //Get the RequestedAttachedReference
+ OMElement reqSecToken = rstr.getFirstChildWithName(new QName(
+ ns, RahasConstants.IssuanceBindingLocalNames.REQUESTED_SECURITY_TOKEN));
+
+ if (reqSecToken == null) {
+ throw new TrustException("reqestedSecTokMissing");
+ }
+
+ //Extract the life-time element
+ OMElement lifeTimeEle = rstr.getFirstChildWithName(new QName(
+ ns, RahasConstants.IssuanceBindingLocalNames.LIFETIME));
+
+ if (lifeTimeEle == null) {
+ throw new TrustException("lifeTimeElemMissing");
+ }
+
+ //update the existing token
+ OMElement tokenElem = reqSecToken.getFirstElement();
+ Token token = store.getToken(id);
+ token.setPreviousToken(token.getToken());
+ token.setToken(tokenElem);
+ token.setState(Token.RENEWED);
+ token.setExpires(extractExpiryDate(lifeTimeEle));
+
+ return token;
+ }
+
+ /**
+ * extracts the expiry date from the Lifetime element of the RSTR
+ * @param lifetimeElem
+ * @return
+ * @throws TrustException
+ */
+ private Date extractExpiryDate(OMElement lifetimeElem) throws TrustException {
+ try {
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ OMElement expiresElem =
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
+ WSConstants.EXPIRES_LN));
+ Date expires = zulu.parse(expiresElem.getText());
+ return expires;
+ } catch (OMException e) {
+ throw new TrustException("lifeTimeProcessingError",
+ new String[]{lifetimeElem.toString()}, e);
+ } catch (ParseException e) {
+ throw new TrustException("lifeTimeProcessingError",
+ new String[]{lifetimeElem.toString()}, e);
+ }
+ }
+
+
private ServiceClient getServiceClient(QName rstQn,
String issuerAddress) throws AxisFault {
AxisService axisService =
@@ -429,6 +547,11 @@ public class STSClient {
} else {
//Return wsu:Id of the token element
id = token.getAttributeValue(new QName(WSConstants.WSU_NS, "Id"));
+ if ( id == null )
+ {
+ // If we are dealing with a SAML Assetion, look for AssertionID.
+ id = token.getAttributeValue(new QName( "AssertionID"));
+ }
}
return id;
}
@@ -794,7 +917,7 @@ public class STSClient {
this.rstTemplate = rstTemplate;
}
- private class CBHandler implements CallbackHandler {
+ private static class CBHandler implements CallbackHandler {
private String passwd;
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties b/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
index b092afa..b69ed71 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
@@ -85,4 +85,6 @@ tokenNotFound = Token with ID \"{0}\" cannot be found
configurationIsNull = Configuration is null
errorInCancelingToken = Error occurred while trying to cancel token
-errorExtractingTokenId = Error occurred while extracting token id from the Security Token Reference
\ No newline at end of file
+errorExtractingTokenId = Error occurred while extracting token id from the Security Token Reference
+lifeTimeElemMissing = Lifetime element is missing in the RSTR
+lifeTimeElemMissing = Lifetime element is missing in the RSTR
\ No newline at end of file
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
index c39f47a..e6f7b2c 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
@@ -16,72 +16,72 @@
package org.apache.rahas.impl;
-import org.apache.rahas.*;
-import org.apache.rahas.TrustException;
-import org.apache.rahas.impl.util.SignKeyHolder;
-import org.apache.rahas.impl.util.SAMLAttributeCallback;
-import org.apache.rahas.impl.util.SAMLCallbackHandler;
-import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
-import org.apache.axiom.om.util.UUIDGenerator;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axiom.om.util.UUIDGenerator;
+import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.Parameter;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.*;
+import org.apache.rahas.impl.util.SAMLAttributeCallback;
+import org.apache.rahas.impl.util.SAMLCallbackHandler;
+import org.apache.rahas.impl.util.SignKeyHolder;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecEncryptedKey;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.XmlSchemaDateFormat;
-import org.apache.xml.security.utils.EncryptionConstants;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.signature.XMLSignature;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.opensaml.*;
+import org.apache.xml.security.utils.EncryptionConstants;
+import org.joda.time.DateTime;
import org.opensaml.Configuration;
-import org.opensaml.saml1.core.NameIdentifier;
-import org.opensaml.xml.*;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.*;
-import org.opensaml.xml.io.*;
-import org.opensaml.common.SAMLVersion;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.SAMLException;
import org.opensaml.common.SAMLObjectBuilder;
-import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml1.core.NameIdentifier;
+import org.opensaml.saml2.core.*;
import org.opensaml.saml2.core.impl.AssertionBuilder;
+import org.opensaml.saml2.core.impl.ConditionsBuilder;
import org.opensaml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml2.core.impl.NameIDBuilder;
-import org.opensaml.saml2.core.impl.SubjectBuilder;
-import org.opensaml.saml2.core.*;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.joda.time.DateTime;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilder;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.io.*;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+import org.opensaml.xml.signature.*;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Text;
import org.w3c.dom.Node;
+import org.w3c.dom.Text;
+import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSOutput;
import org.w3c.dom.ls.LSSerializer;
-import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.DocumentBuilder;
-import java.util.Date;
-import java.util.List;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.security.cert.X509Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.PrivateKey;
-import java.text.DateFormat;
-import java.io.InputStream;
+import javax.xml.parsers.DocumentBuilderFactory;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
+import java.security.PrivateKey;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.text.DateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
public class SAML2TokenIssuer implements TokenIssuer {
@@ -97,8 +97,24 @@ public class SAML2TokenIssuer implements TokenIssuer {
private boolean isSymmetricKeyBasedHoK = false;
- private Log log = LogFactory.getLog(SAML2TokenIssuer.class);
+ private static Log log = LogFactory.getLog(SAML2TokenIssuer.class);
+ static {
+ try {
+ // Set the "javax.xml.parsers.DocumentBuilderFactory" system property
+ // to the endorsed JAXP impl.
+ System.setProperty("javax.xml.parsers.DocumentBuilderFactory",
+ "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
+ DefaultBootstrap.bootstrap();
+ } catch (ConfigurationException e) {
+ log.error("SAML2TokenIssuerBootstrapError", e);
+ throw new RuntimeException(e);
+ } finally {
+ // Unset the DOM impl to default
+ DocumentBuilderFactoryImpl.setDOOMRequired(false);
+ }
+ }
+
public SOAPEnvelope issue(RahasData data) throws TrustException {
MessageContext inMsgCtx = data.getInMessageContext();
@@ -158,14 +174,6 @@ public class SAML2TokenIssuer implements TokenIssuer {
keySize = (keySize == -1) ? config.keySize : keySize;
- // Set the "javax.xml.parsers.DocumentBuilderFactory" sys. property to the endorsed JAMP impl.
- String property = System.getProperty("javax.xml.parsers.DocumentBuilderFactory");
- System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
-
-
- //start building SAML 2.0 token
- DefaultBootstrap.bootstrap();
-
//Build the assertion
AssertionBuilder assertionBuilder = new AssertionBuilder();
Assertion assertion = assertionBuilder.buildObject();
@@ -191,6 +199,11 @@ public class SAML2TokenIssuer implements TokenIssuer {
Date creationTime = creationDate.toDate();
Date expirationTime = expirationDate.toDate();
+ Conditions conditions = new ConditionsBuilder().buildObject();
+ conditions.setNotBefore(creationDate);
+ conditions.setNotOnOrAfter(expirationDate);
+ assertion.setConditions(conditions);
+
// Create the subject
Subject subject = createSubject(config, doc, crypto, creationDate, expirationDate, data);
@@ -443,10 +456,9 @@ public class SAML2TokenIssuer implements TokenIssuer {
x509CertElem.appendChild(base64CertText);
Element x509DataElem = doc.createElementNS(WSConstants.SIG_NS,
"ds:X509Data");
- x509DataElem.appendChild(x509CertElem);
-
-
+
if (x509DataElem != null) {
+ x509DataElem.appendChild(x509CertElem);
keyInfoElem = doc.createElementNS(WSConstants.SIG_NS, "ds:KeyInfo");
((OMElement) x509DataElem).declareNamespace(
WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
@@ -596,7 +608,7 @@ public class SAML2TokenIssuer implements TokenIssuer {
* @return
* @throws TrustException
*/
- public SignKeyHolder createSignKeyHolder(SAMLTokenIssuerConfig config, Crypto crypto) throws TrustException {
+ private SignKeyHolder createSignKeyHolder(SAMLTokenIssuerConfig config, Crypto crypto) throws TrustException {
SignKeyHolder signKeyHolder = new SignKeyHolder();
@@ -634,28 +646,52 @@ public class SAML2TokenIssuer implements TokenIssuer {
* @return
* @throws SAMLException
*/
- public AttributeStatement createAttributeStatement(RahasData data, SAMLTokenIssuerConfig config) throws SAMLException {
+ private AttributeStatement createAttributeStatement(RahasData data, SAMLTokenIssuerConfig config) throws SAMLException, TrustException {
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
SAMLObjectBuilder<AttributeStatement> attrStmtBuilder =
(SAMLObjectBuilder<AttributeStatement>) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
+ SAMLObjectBuilder<Attribute> attrBuilder =
+ (SAMLObjectBuilder<Attribute>) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
+
AttributeStatement attrstmt = attrStmtBuilder.buildObject();
Attribute[] attributes = null;
//Call the attribute callback handlers to get any attributes if exists
- if (config.getCallbackHander() != null) {
+ if (config.getCallbackHandler() != null) {
SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
- SAMLCallbackHandler handler = config.getCallbackHander();
+ SAMLCallbackHandler handler = config.getCallbackHandler();
handler.handle(cb);
attributes = cb.getSAML2Attributes();
}
+ else if (config.getCallbackHandlerName() != null
+ && config.getCallbackHandlerName().trim().length() > 0) {
+ SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
+ SAMLCallbackHandler handler = null;
+ MessageContext msgContext = data.getInMessageContext();
+ ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
+ Class cbClass = null;
+ try {
+ cbClass = Loader.loadClass(classLoader, config.getCallbackHandlerName());
+ } catch (ClassNotFoundException e) {
+ throw new TrustException("cannotLoadPWCBClass", new String[]{config
+ .getCallbackHandlerName()}, e);
+ }
+ try {
+ handler = (SAMLCallbackHandler) cbClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new TrustException("cannotCreatePWCBInstance", new String[]{config
+ .getCallbackHandlerName()}, e);
+ }
+ handler.handle(cb);
+ attributes = cb.getSAML2Attributes();
+ // else add the attribute with a default value
+ }
//else add the attribute with a default value
else {
- SAMLObjectBuilder<Attribute> attrBuilder =
- (SAMLObjectBuilder<Attribute>) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
Attribute attribute = attrBuilder.buildObject();
attribute.setName("Name");
attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
@@ -685,7 +721,7 @@ public class SAML2TokenIssuer implements TokenIssuer {
* @param data
* @return
*/
- public AuthnStatement createAuthnStatement(RahasData data) {
+ private AuthnStatement createAuthnStatement(RahasData data) {
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
MessageContext inMsgCtx = data.getInMessageContext();
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
index df94336..d5aef05 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
@@ -254,10 +254,10 @@ public class SAMLTokenIssuer implements TokenIssuer {
// In the case where the principal is a UT
if (principal instanceof WSUsernameTokenPrincipal) {
SAMLNameIdentifier nameId = null;
- if(config.getCallbackHander() != null){
+ if(config.getCallbackHandler() != null){
SAMLNameIdentifierCallback cb = new SAMLNameIdentifierCallback(data);
cb.setUserId(principal.getName());
- SAMLCallbackHandler callbackHandler = config.getCallbackHander();
+ SAMLCallbackHandler callbackHandler = config.getCallbackHandler();
callbackHandler.handle(cb);
nameId = cb.getNameId();
}else{
@@ -338,7 +338,7 @@ public class SAMLTokenIssuer implements TokenIssuer {
String subjectNameId = data.getPrincipal().getName();
SAMLNameIdentifier nameId = new SAMLNameIdentifier(
- subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
+ subjectNameId, null, SAMLNameIdentifier.FORMAT_X509);
// Create the ds:KeyValue element with the ds:X509Data
X509Certificate clientCert = data.getClientCert();
@@ -432,9 +432,9 @@ public class SAMLTokenIssuer implements TokenIssuer {
SAMLAttribute[] attrs = null;
- if(config.getCallbackHander() != null){
+ if(config.getCallbackHandler() != null){
SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
- SAMLCallbackHandler handler = config.getCallbackHander();
+ SAMLCallbackHandler handler = config.getCallbackHandler();
handler.handle(cb);
attrs = cb.getAttributes();
} else if (config.getCallbackHandlerName() != null
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
index c899fa7..7182a03 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
@@ -98,7 +98,7 @@ public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
protected String issuerName;
protected Map trustedServices = new HashMap();
protected String trustStorePropFile;
- protected SAMLCallbackHandler callbackHander;
+ protected SAMLCallbackHandler callbackHandler;
protected String callbackHandlerName;
/**
@@ -258,7 +258,7 @@ public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
try {
String value = attrElemet.getText();
Class handlerClass = Class.forName(value);
- this.callbackHander = (SAMLCallbackHandler)handlerClass.newInstance();
+ this.callbackHandler = (SAMLCallbackHandler)handlerClass.newInstance();
} catch (ClassNotFoundException e) {
log.debug("Error loading class" , e);
throw new TrustException("Error loading class" , e);
@@ -300,6 +300,9 @@ public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
OMElement callbackHandlerName = fac.createOMElement(ATTR_CALLBACK_HANDLER_NAME, configElem);
callbackHandlerName.setText(this.callbackHandlerName);
+ OMElement timeToLive = fac.createOMElement(TTL, configElem);
+ timeToLive.setText(String.valueOf(this.ttl));
+
configElem.addChild(this.cryptoPropertiesElement);
OMElement keySizeElem = fac.createOMElement(KEY_SIZE, configElem);
@@ -405,12 +408,22 @@ public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
return trustedServices;
}
+ @Deprecated
public SAMLCallbackHandler getCallbackHander() {
- return callbackHander;
+ return callbackHandler;
+ }
+
+ @Deprecated
+ public void setCallbackHander(SAMLCallbackHandler callbackHandler) {
+ this.callbackHandler = callbackHandler;
+ }
+
+ public SAMLCallbackHandler getCallbackHandler() {
+ return callbackHandler;
}
- public void setCallbackHander(SAMLCallbackHandler callbackHander) {
- this.callbackHander = callbackHander;
+ public void setCallbackHandler(SAMLCallbackHandler callbackHandler) {
+ this.callbackHandler = callbackHandler;
}
public String getCallbackHandlerName() {
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
index d9d93da..3e46669 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAML2Utils.java
@@ -55,6 +55,8 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.X509Certificate;
+import java.util.Iterator;
+import java.util.List;
public class SAML2Utils {
@@ -194,14 +196,24 @@ public class SAML2Utils {
}
// Get the subject confirmation data, KeyInfoConfirmationDataType extends SubjectConfirmationData.
- KeyInfoConfirmationDataType scData = (KeyInfoConfirmationDataType) subjectConf.getSubjectConfirmationData();
+ SubjectConfirmationData scData = subjectConf.getSubjectConfirmationData();
+
if (scData == null) {
throw new WSSecurityException(WSSecurityException.FAILURE,
"invalidSAML2Token", new Object[]{"for Signature (no Subject Confirmation Data)"});
}
// Get the SAML specific XML representation of the keyInfo object
- XMLObject KIElem = scData.getKeyInfos() != null ? (XMLObject) scData.getKeyInfos().get(0) : null;
+ XMLObject KIElem = null;
+ List<XMLObject> scDataElements = scData.getOrderedChildren();
+ Iterator<XMLObject> iterator = scDataElements.iterator();
+ while (iterator.hasNext()) {
+ XMLObject xmlObj = iterator.next();
+ if (xmlObj instanceof org.opensaml.xml.signature.KeyInfo) {
+ KIElem = xmlObj;
+ break;
+ }
+ }
Element keyInfoElement;
@@ -259,8 +271,8 @@ public class SAML2Utils {
}
- // If an authn stmt is presentm then it has a public key.
- else if (authnStmt != null) {
+ // If an authn stmt is present then it has a public key.
+ if (authnStmt != null) {
X509Certificate[] certs = null;
try {
@@ -286,10 +298,6 @@ public class SAML2Utils {
new Object[]{"cannot get certificate (key holder)"}, e3);
}
- } else {
- throw new WSSecurityException(WSSecurityException.FAILURE,
- "invalidSAMLsecurity",
- new Object[]{"cannot get certificate or key "});
}
diff --git a/pom.xml b/pom.xml
index b4682f3..9ebbe78 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,6 +3,11 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache</groupId>
+ <artifactId>apache</artifactId>
+ <version>7</version>
+ </parent>
<groupId>org.apache.rampart</groupId>
<artifactId>rampart-project</artifactId>
<packaging>pom</packaging>
@@ -31,10 +36,10 @@
<mailingLists>
<mailingList>
<name>Rampart Developers</name>
- <subscribe>rampart-dev-subscribe@ws.apache.org</subscribe>
- <unsubscribe>rampart-dev-unsubscribe@ws.apache.org</unsubscribe>
- <post>rampart-dev@ws.apache.org</post>
- <archive>http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/</archive>
+ <subscribe>java-dev-subscribe@axis.apache.org</subscribe>
+ <unsubscribe>java-dev-unsubscribe@axis.apache.org</unsubscribe>
+ <post>java-dev@axis.apache.org</post>
+ <archive>http://mail-archives.apache.org/mod_mbox/axis-java-dev/</archive>
<otherArchives>
<otherArchive>http://markmail.org/search/list:org.apache.ws.rampart-dev</otherArchive>
</otherArchives>
@@ -65,61 +70,42 @@
<developer>
<name>Davanum Srinivas</name>
<id>dims</id>
- <email>dims AT wso2.com</email>
- <organization>WSO2</organization>
+ <email>dims AT apache.org</email>
+ <organization>IBM</organization>
</developer>
<developer>
<name>Nandana Mihindukulasooriya</name>
<id>nandana</id>
- <email>nandana AT wso2.com</email>
- <organization>WSO2</organization>
+ <email>nandana AT apache.org</email>
+ <organization></organization>
</developer>
</developers>
<scm>
<connection>
- scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java
+ scm:svn:https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk
</connection>
<developerConnection>
- scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java
+ scm:svn:https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk
</developerConnection>
- <url>https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</url>
+ <url>https://svn.apache.org/repos/asf/axis/axis2/java/rampart/trunk</url>
</scm>
<repositories>
-
- <repository>
- <releases>
- <enabled>false</enabled>
- <updatePolicy>always</updatePolicy>
- <checksumPolicy>warn</checksumPolicy>
- </releases>
+
+ <repository>
+ <id>wso2-maven2-repository</id>
+ <name>WSO2 Maven2 Repository</name>
+ <url>http://dist.wso2.org/maven2</url>
<snapshots>
- <enabled>true</enabled>
- <updatePolicy>never</updatePolicy>
- <checksumPolicy>fail</checksumPolicy>
+ <enabled>false</enabled>
</snapshots>
- <id>apache-snapshots</id>
- <name>Apache Maven2 SNAPSHOTS</name>
- <url>http://people.apache.org/repo/m2-snapshot-repository</url>
- <layout>default</layout>
- </repository>
-
- <repository>
<releases>
<enabled>true</enabled>
- <updatePolicy>always</updatePolicy>
- <checksumPolicy>warn</checksumPolicy>
- </releases>
- <snapshots>
- <enabled>true</enabled>
<updatePolicy>never</updatePolicy>
- <checksumPolicy>warn</checksumPolicy>
- </snapshots>
- <id>apache-ws-zones2</id>
- <name>Apache ws.zones - 2</name>
- <url>http://ws.zones.apache.org/repository2</url>
+ <checksumPolicy>fail</checksumPolicy>
+ </releases>
</repository>
<repository>
@@ -194,7 +180,7 @@
<dependencies>
- <!-- Axis2 Dependencies -->
+ <!-- Axis2 and Axiom Dependencies -->
<dependency>
<groupId>org.apache.axis2</groupId>
<artifactId>axis2-kernel</artifactId>
@@ -216,15 +202,34 @@
<groupId>org.apache.axis2</groupId>
<artifactId>addressing</artifactId>
<type>mar</type>
- <version>${addressing.mar.version}</version>
+ <version>${axis2.version}</version>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-dom</artifactId>
+ </dependency>
<!-- Other Rampart Dependencies -->
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>${wss4j.version}</version>
+ <exclusions>
+ <!-- We exclude xalan:xalan as a transitive dependency, but include
+ org.apache.xalan:xalan as a direct dependency. This avoids
+ conflicts with the dependencies of org.opensaml:opensaml
+ (which uses org.apache.xalan:xalan). -->
+ <exclusion>
+ <artifactId>xalan</artifactId>
+ <groupId>xalan</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>2.7.1</version>
</dependency>
<dependency>
<groupId>org.apache.santuario</groupId>
@@ -234,18 +239,23 @@
<dependency>
<groupId>opensaml</groupId>
<artifactId>opensaml</artifactId>
- <version>1.1</version>
+ <version>1.1.406</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ <version>2.2.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-jdk14</artifactId>
+ <version>1.5.2</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-lang</groupId>
+ <artifactId>commons-lang</artifactId>
+ <version>2.3</version>
</dependency>
- <dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml</artifactId>
- <version>2.2.3</version>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-jdk14</artifactId>
- <version>1.5.2</version>
- </dependency>
<dependency>
<groupId>log4j</groupId>
@@ -290,6 +300,27 @@
</dependencies>
+ <dependencyManagement>
+ <dependencies>
+ <!-- Since Rampart depends on DOOM, but axiom-dom is not a transitive
+ dependency, we need to manage the Axiom version. -->
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-api</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-impl</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-dom</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
<profiles>
<profile>
@@ -333,34 +364,6 @@
<module>modules/distribution</module>
</modules>
</profile>
-
- <profile>
- <id>axiom-managed</id>
- <activation>
- <property>
- <name>axiom.version</name>
- </property>
- </activation>
- <dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>org.apache.ws.commons.axiom</groupId>
- <artifactId>axiom-api</artifactId>
- <version>${axiom.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.ws.commons.axiom</groupId>
- <artifactId>axiom-impl</artifactId>
- <version>${axiom.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.ws.commons.axiom</groupId>
- <artifactId>axiom-dom</artifactId>
- <version>${axiom.version}</version>
- </dependency>
- </dependencies>
- </dependencyManagement>
- </profile>
</profiles>
<modules>
@@ -379,11 +382,10 @@
<rampart.mar.version>SNAPSHOT</rampart.mar.version>
<rahas.mar.version>SNAPSHOT</rahas.mar.version>
- <axis2.version>SNAPSHOT</axis2.version>
- <axis2.transport.version>1.0-SNAPSHOT</axis2.transport.version>
- <addressing.mar.version>1.5</addressing.mar.version>
+ <axis2.version>1.5.3</axis2.version>
+ <axiom.version>1.2.10</axiom.version>
- <wss4j.version>1.5.8</wss4j.version>
+ <wss4j.version>1.5.10</wss4j.version>
<xmlsec.version>1.4.2</xmlsec.version>
<opensaml.version>1.1</opensaml.version>
diff --git a/release-docs/ChangeLog.txt b/release-docs/ChangeLog.txt
index 5d25017..d099558 100644
--- a/release-docs/ChangeLog.txt
+++ b/release-docs/ChangeLog.txt
@@ -1,8 +1,73 @@
This file contains a listing of all Jira issues that have been closed
for a given release.
-Release 1.5
-===========
+Release 1.5.1 - 23 Dec 2010
+===========================
+
+** Bug
+ * [RAMPART-316] - commons-lang jar is not available with Axis2 which breaks Sample-08
+ * [RAMPART-315] - Sample-06 is not working in the current trunk
+ * [RAMPART-181] - OptimizePartsConfig does not open namespace tag when serializing the assertion
+ * [RAMPART-186] - Password call back not copied over when the call back is set via a parameter to the axis Service (Secure conversation)
+ * [RAMPART-174] - Rampart module says true to all assertions when canSupportAssertion is called
+ * [RAMPART-202] - RampartEngine throws ClassCastException retrieving SOAPHeaderBlocks
+ * [RAMPART-212] - WSSecurityException: Error in converting SOAP Envelope to Document
+ * [RAMPART-314] - Rampart distribution does not contain OpenSAML 1.1 jars
+ * [RAMPART-198] - Rampart 1.4 assumes WSS10 or WSS11 to be present in the policy
+ * [RAMPART-273] - multiple rampart samples doesn't work
+ * [RAMPART-254] - Public getter/setter setCallbackHander/getCallbackHander mis-spelled [ hander --> handler] in SAMLTokenIssuerConfig
+ * [RAMPART-259] - SAML2TokenIssuer calls DefaultBootstrap.bootstrap() per every request and attribute call back handler not being called
+ * [RAMPART-277] - Rampart ignores token inclusion settings when using the asymmetric security binding
+ * [RAMPART-267] - div class="xleft" does not work
+ * [RAMPART-224] - Error in Rampart configuration schema
+ * [RAMPART-283] - sp:ProtectTokens Assertion Ignored w/ Transport Security Binding
+ * [RAMPART-288] - Supporting Tokens Not Encrypted When Protection Order is Sign Before Encrypting
+ * [RAMPART-300] - Rampart automaticaly tries to load an "Encryption user" if the security policy defines the use of a UsernameToken with a AsymmetricBinding
+ * [RAMPART-225] - SupportingToken UsernameToken is always encrypted
+ * [RAMPART-303] - Incorrect XML Passed to Digest Algorithm when XML Elements Belong to Empty Namespace
+ * [RAMPART-309] - Incorrect XML Passed to Digest Algorithm
+ * [RAMPART-116] - Policy Sample 04 on application scope fails with "Error in key derivation"
+ * [RAMPART-253] - TTL doesn't serialized in to saml-issuer-config from SAMLTokenIssuerConfig
+ * [RAMPART-270] - NPE in RampartMessageData
+ * [RAMPART-274] - renewing a sts token doesn't work
+ * [RAMPART-180] - Wrong NameIdentifier format
+ * [RAMPART-276] - SignedEncryptedElements can incorrectly set the namespace of child xpaths during serialization
+ * [RAMPART-293] - NPE in RampartMessageData prevents fault being returned to service consumer
+ * [RAMPART-308] - All security exceptions reported as wsse:InvalidSecurity
+ * [RAMPART-290] - NullPointerException in RampartEngine.isSecurityFault if the incoming fault message contains an invalid fault code element
+ * [RAMPART-311] - Error AxisFault: A required message part [body] is not signed.
+ * [RAMPART-239] - Axis2: Rampart module should not check the order of WS-Security header tags
+ * [RAMPART-119] - Invalid behavior when empty <sp:SignedParts/> element present in the policy
+ * [RAMPART-310] - Property 'invalidIssuerAddress' missing from error.properties
+ * [RAMPART-154] - org.apache.rahas.client.STSClient.org.apache.rahas.processIssueResponse fails if SamlAssertion is issued.
+ * [RAMPART-130] - MTOM with WS-Security
+ * [RAMPART-97 ] - interop(WSE3.0 + Rampart1.3) Signature varification failed,When request with Non-English Character
+ * [RAMPART-210] - samples/basic/sample11 does not exist in distro rampart-dist-1.4-bin.zip
+ * [RAMPART-22 ] - Exception handling in UsernameTokenProcessor.handleUsernameToken
+ * [RAMPART-111] - Rampart won't send certificate serial + issuer. Only either BinaryToken or Identity, but not always as it should
+ * [RAMPART-187] - Secure conversation clients do not work when the bootstrap policy requires Username Token
+ * [RAMPART-195] - Maven metadata are invalid in official repo preventing the use of rampart in offline mode
+ * [RAMPART-280] - renewToken() does not provide a mechanism to update the token in the token-store
+ * [RAMPART-6 ] - RAMPART : Incoming policy validation of KeyWrap Algorithm.
+ * [RAMPART-7 ] - RAMPART : Incoming policy validation of Bulk Encryption Algorithms.
+ * [RAMPART-266] - Rampart module fails validating signing certificate when security provider is Bouncy Castle
+ * [RAMPART-271] - Build failure in the rampart trunk
+ * [RAMPART-279] - NPE thrown when WS-Trust renew binding implementation
+ * [RAMPART-285] - Interoporability issues in SAML 2.0 implementation
+ * [RAMPART-306] - Rampart Configuration page of the web site should be updated with Crypto Caching configurations
+ * [RAMPART-307] - Spelling error in org.apache.rampart.builder.BindingBuilder - Method getSignatureBuider should be getSignatureBuilder
+ * [RAMPART-206] - RampartUtil.getToken() not setting parent properties on the STS service call resulting in HTTP 401 error
+
+** Improvement
+ * [RAMPART-313] - Improvements to the site axis.apache.org/axis2/java/rampart/
+ * [RAMPART-121] - Handling of KeyStores
+ * [RAMPART-25 ] - Abilty to dynamically set Encryption certificate on client
+ * [RAMPART-258] - A sample is required to demonstrate the SAML 2.0 Token issuing capability in Rampart
+ * [RAMPART-291] - Possible improvements to SAML2TokenIssuer
+ * [RAMPART-265] - Incorrect version references in Rampart 1.4
+
+Release 1.5 01 Feb 2010
+=======================
** Bug
* [RAMPART-189] - WS-Security rampart uses wrong token in service response
diff --git a/release-docs/NOTICE.txt b/release-docs/NOTICE.txt
index 77d3370..323c4b2 100644
--- a/release-docs/NOTICE.txt
+++ b/release-docs/NOTICE.txt
@@ -1,12 +1,9 @@
- =========================================================================
- == NOTICE file corresponding to the section 4 d of ==
- == the Apache License, Version 2.0, ==
- == in this case for the Apache Axis2 distribution. ==
- =========================================================================
+Apache Rampart
+Copyright 2010 The Apache Software Foundation
- This product includes software developed by
- The Apache Software Foundation (http://www.apache.org/).
+This product includes software developed by
+The Apache Software Foundation (http://www.apache.org/).
- Please read the different LICENSE files present in the lib directory of
- this distribution.
+Please read the different LICENSE files present in the lib directory of
+this distribution.
diff --git a/release-docs/README.txt b/release-docs/README.txt
index 36efbe0..20671f2 100644
--- a/release-docs/README.txt
+++ b/release-docs/README.txt
@@ -1,43 +1,43 @@
======================================================
-Apache Rampart-1.4 build (April 03, 2008)
+Apache Rampart-1.5.1 build (Dec 23, 2010)
-http://ws.apache.org/axis2/modules/rampart/
+http://axis.apache.org/axis2/java/rampart
------------------------------------------------------
-___________________
-Contents
-===================
+_______________________________
+Contents of Binary Distribution
+===============================
lib - This directory contains all the libraries required by rampart
in addition to the libraries available in the axis2 standard binary
release.
-rampart-1.4.mar - WS-Security and WS-SecureConversation support for Axis2
-rahas-1.4.mar - STS module - to be used to add STS operations to a service
+rampart-1.5.1.mar - WS-Security and WS-SecureConversation support for Axis2
+rahas-1.5.1.mar - STS module - to be used to add STS operations to a service
samples - This contains samples on using Apache Rampart and configuring
different components to carryout different WS-Sec* operations.
README.txt - This file
-build.xml - Setup file to copy all jars to required places
-
-____________
-Installation
-============
-
-Using Ant
----------
-Run ant script on extracted binary distribution and it will copy the required files to Axis2. You have to set the AXIS2_HOME system variable to point to your Axis2 binary distribution.
-
-Manual Installation
--------------------
-You can copy the required libraries and module files manually. You need copy all the libraries in the lib directory of Rampart binary distribution to Axis2 lib directory and all the module files to in the modules directory of Rampart binary distribution to Axis2 modules directory.
-
-Axis2 lib directory – AXIS2_HOME/lib (Standard binary distribution ) or axis2/WEB-INF/lib (WAR)
+build.xml - Setup file to copy all jars to required places
+____________
+Installation
+============
+
+Using Ant
+---------
+Run ant script on extracted binary distribution and it will copy the required files to Axis2. You have to set the AXIS2_HOME system variable to point to your Axis2 binary distribution.
+
+Manual Installation
+-------------------
+You can copy the required libraries and module files manually. You need copy all the libraries in the lib directory of Rampart binary distribution to Axis2 lib directory and all the module files to in the modules directory of Rampart binary distribution to Axis2 modules directory.
+
+Axis2 lib directory – AXIS2_HOME/lib (Standard binary distribution ) or axis2/WEB-INF/lib (WAR)
+
+Axis2 modules directory – AXIS2_HOME/repository/modules (Standard binary distribution ) or axis2/WEB-INF/modules (WAR)
-Axis2 modules directory – AXIS2_HOME/repository/modules (Standard binary distribution ) or axis2/WEB-INF/modules (WAR)
IMPORTANT:
Before you build rampart from source distribution, you need provision for
@@ -120,7 +120,7 @@ Any problem with this release can be reported to Rampart mailing list
or in the JIRA issue tracker.
Mailing list subscription:
- rampart-dev-subscribe@ws.apache.org
+ java-dev-subscribe@axis.apache.org
Jira:
http://issues.apache.org/jira/browse/RAMPART
diff --git a/release-docs/release-notes.html b/release-docs/release-notes.html
index f368304..ea5f07d 100644
--- a/release-docs/release-notes.html
+++ b/release-docs/release-notes.html
@@ -12,30 +12,30 @@
<body>
<h1>Apache Rampart Release Notes</h1>
-<p>This is the 1.2 release of Apache Rampart.</p>
+<p>This is the 1.5.1 release of Apache Rampart.</p>
-<p>Apache Rampart 1.2 is a toolkit that provides implementations of the WS-Sec*
-specifications for Apache Axis 1.2, based on Apache WSS4J 1.5.2 and
-the Apache AXIOM-DOOM 1.2.4 implementation.</p>
+<p>Apache Rampart 1.5.1 is a toolkit that provides implementations of the WS-Sec*
+specifications for Apache Axis2 1.5.1, based on Apache WSS4J 1.5.10 and
+the Apache AXIOM-DOOM 1.2.10 implementation.</p>
<b>What is in this release</b>
<p>There are two main Apache Axis2 modules provided with this release.</p>
<ul>
-<li>rampart-1.2.mar</li>
+<li>rampart-1.5.1.mar</li>
This provides support for WS-Security and WS-SecureConversation features.
-<li>rahas-1.2.mar</li>
+<li>rahas-1.5.1.mar</li>
This module provides the necessary components to enable SecurityTokenService
functionality on a service.
</ul>
-<p>Apache Rampart 1.2 uses a configuration model based on WS-Policy
+<p>Apache Rampart 1.5.1 uses a configuration model based on WS-Policy
and WS-Security Policy and it is important to note that Apache Rampart 1.0 style
configuration is also available even though being marked as deprecated.
</p>
-<p>Apache Rampart 1.2 can be successfully used with the next Apache Sandesha2
-release targeted towards Apache Axis2 1.2 to configure
+<p>Apache Rampart 1.5.1 can be successfully used with the next Apache Sandesha2 1.4
+release targeted towards Apache Axis2 1.5.4 to configure
WS-SecureConversation + WS-ReliableMessaging scenarios.</p>
<p>
The rampart module was successfully tested for interoperability with other
@@ -48,7 +48,9 @@ WS-Security implementations.</p>
<li>WS - Secure Conversation - February 2005</li>
<li>WS - Security Policy - 1.1 - July 2005</li>
<li>WS - Trust - February 2005</li>
-<li>WS - Trust - WS-SX spec - EXPERIMENTAL </li>
+<li>WS - Trust - WS-SX specification</li>
+<li>SAML Specification - 1.1 </li>
+<li>SAML Specification - 2.0 </li>
</ul>
@@ -58,17 +60,7 @@ WS-Security implementations.</p>
<p></p>
-<p>Apache Rampart team</p>
-
-<p></p>
-
-<p></p>
-
-<p></p>
-
-<p></p>
-
-<p></p>
+<p>Apache Rampart Team</p>
<p></p>
</body>
[axis-axis2-java-rampart] 10/10: Make the patch compile.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-289
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit ad4f59f45a8d0f88f046e7854dd93291e38965d3
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Mon Jan 30 18:00:58 2017 +0000
Make the patch compile.
---
.../src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index b821854..f31591e 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -433,7 +433,7 @@ public class PolicyBasedResultsValidator implements ExtendedPolicyValidatorCallb
* @param data
* @param results
*/
- protected void validateProtectionOrder(ValidatorData data, List<WSSecurityEngineResult> results), Vector encryptedParts)
+ protected void validateProtectionOrder(ValidatorData data, List<WSSecurityEngineResult> results, List<WSEncryptionPart> encryptedParts)
throws RampartException {
String protectionOrder = data.getRampartMessageData().getPolicyData().getProtectionOrder();
@@ -600,7 +600,7 @@ public class PolicyBasedResultsValidator implements ExtendedPolicyValidatorCallb
// ignore place holders for encrypted supporting
// tokens
- if (encPart.getId() != null && encPart.getId().equals("EncryptedSupportingToken")) {
+ if (encryptedPart.getId() != null && encryptedPart.getId().equals("EncryptedSupportingToken")) {
continue;
}
[axis-axis2-java-rampart] 05/10: Rename variable to match the code
on the trunk.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-289
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 019082001a321d444648c739c8f16cf97062e31b
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Mon Jan 30 17:19:23 2017 +0000
Rename variable to match the code on the trunk.
---
.../main/java/org/apache/rampart/PolicyBasedResultsValidator.java | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index 3f69f8e..9684b3c 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -693,15 +693,15 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
if (wsep.getType() == WSConstants.PART_TYPE_BODY) {
- QName body;
+ QName bodyQName;
if (WSConstants.URI_SOAP11_ENV.equals(envelope.getNamespaceURI())) {
- body = new SOAP11Constants().getBodyQName();
+ bodyQName = new SOAP11Constants().getBodyQName();
} else {
- body = new SOAP12Constants().getBodyQName();
+ bodyQName = new SOAP12Constants().getBodyQName();
}
- if (!actuallySigned.contains(body) && !rmd.getPolicyData().isSignBodyOptional()) {
+ if (!actuallySigned.contains(bodyQName) && !rmd.getPolicyData().isSignBodyOptional()) {
// soap body is not signed
throw new RampartException("bodyNotSigned");
}
[axis-axis2-java-rampart] 03/10: RAMPART-289: Apply patch provided
by Todd Wolff.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-289
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit f2febb5a5c26cd59cf68df8351b241d89ea1b39a
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Sun Jan 29 21:00:00 2017 +0000
RAMPART-289: Apply patch provided by Todd Wolff.
---
.../rampart/PolicyBasedResultsValidator.java | 157 ++++++++++++++++++---
1 file changed, 139 insertions(+), 18 deletions(-)
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index 4d5aa35..a0d24c5 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -31,6 +31,7 @@ import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
import org.jaxen.XPath;
import org.jaxen.JaxenException;
@@ -116,7 +117,23 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
new WSEncryptionPart("SignedEndorsingSupportingTokens"));
}
}
-
+ //Add an indicator for Encrypted Supporting Tokens
+ SupportingToken encryptedSupportingToken = rpd.getEncryptedSupportingTokens();
+ if(encryptedSupportingToken != null) {
+ encryptedParts.add(new WSEncryptionPart("EncryptedSupportingToken"));
+ }
+ encryptedSupportingToken = rpd.getSignedEncryptedSupportingTokens();
+ if(encryptedSupportingToken != null) {
+ encryptedParts.add(new WSEncryptionPart("EncryptedSupportingToken"));
+ }
+ encryptedSupportingToken = rpd.getSignedEndorsingEncryptedSupportingTokens();
+ if(encryptedSupportingToken != null) {
+ encryptedParts.add(new WSEncryptionPart("EncryptedSupportingToken"));
+ }
+ encryptedSupportingToken = rpd.getEndorsingEncryptedSupportingTokens();
+ if(encryptedSupportingToken != null) {
+ encryptedParts.add(new WSEncryptionPart("EncryptedSupportingToken"));
+ }
Vector supportingToks = rpd.getSupportingTokensList();
for (int i = 0; i < supportingToks.size(); i++) {
SupportingToken supportingToken = (SupportingToken) supportingToks.get(i);
@@ -127,12 +144,61 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
signatureParts.addAll(RampartUtil.getSupportingSignedParts(rmd, policyData));
}
}
+ SupportingToken supportingToken = rpd.getEncryptedSupportingTokens();
+ if (supportingToken != null) {
+ SupportingPolicyData policyData = new SupportingPolicyData();
+ policyData.build(supportingToken);
+ encryptedParts.addAll(RampartUtil.getSupportingEncryptedParts(rmd, policyData));
+ signatureParts.addAll(RampartUtil.getSupportingSignedParts(rmd, policyData));
+ }
+ supportingToken = rpd.getSignedSupportingTokens();
+ if (supportingToken != null) {
+ SupportingPolicyData policyData = new SupportingPolicyData();
+ policyData.build(supportingToken);
+ encryptedParts.addAll(RampartUtil.getSupportingEncryptedParts(rmd, policyData));
+ signatureParts.addAll(RampartUtil.getSupportingSignedParts(rmd, policyData));
+ }
+ supportingToken = rpd.getSignedEndorsingSupportingTokens();
+ if (supportingToken != null) {
+ SupportingPolicyData policyData = new SupportingPolicyData();
+ policyData.build(supportingToken);
+ encryptedParts.addAll(RampartUtil.getSupportingEncryptedParts(rmd, policyData));
+ signatureParts.addAll(RampartUtil.getSupportingSignedParts(rmd, policyData));
+ }
+ supportingToken = rpd.getSignedEncryptedSupportingTokens();
+ if (supportingToken != null) {
+ SupportingPolicyData policyData = new SupportingPolicyData();
+ policyData.build(supportingToken);
+ encryptedParts.addAll(RampartUtil.getSupportingEncryptedParts(rmd, policyData));
+ signatureParts.addAll(RampartUtil.getSupportingSignedParts(rmd, policyData));
+ }
+ supportingToken = rpd.getSignedEndorsingEncryptedSupportingTokens();
+ if (supportingToken != null) {
+ SupportingPolicyData policyData = new SupportingPolicyData();
+ policyData.build(supportingToken);
+ encryptedParts.addAll(RampartUtil.getSupportingEncryptedParts(rmd, policyData));
+ signatureParts.addAll(RampartUtil.getSupportingSignedParts(rmd, policyData));
+ }
+ supportingToken = rpd.getEndorsingEncryptedSupportingTokens();
+ if (supportingToken != null) {
+ SupportingPolicyData policyData = new SupportingPolicyData();
+ policyData.build(supportingToken);
+ encryptedParts.addAll(RampartUtil.getSupportingEncryptedParts(rmd, policyData));
+ signatureParts.addAll(RampartUtil.getSupportingSignedParts(rmd, policyData));
+ }
+ supportingToken = rpd.getEndorsingSupportingTokens();
+ if (supportingToken != null) {
+ SupportingPolicyData policyData = new SupportingPolicyData();
+ policyData.build(supportingToken);
+ encryptedParts.addAll(RampartUtil.getSupportingEncryptedParts(rmd, policyData));
+ signatureParts.addAll(RampartUtil.getSupportingSignedParts(rmd, policyData));
+ }
}
validateEncrSig(data,encryptedParts, signatureParts, results);
if(!rpd.isTransportBinding()) {
- validateProtectionOrder(data, results);
+ validateProtectionOrder(data, results, encryptedParts);
}
validateEncryptedParts(data, encryptedParts, results);
@@ -217,10 +283,14 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
SupportingToken sgndSupTokens = rpd.getSignedSupportingTokens();
SupportingToken sgndEndorSupTokens = rpd.getSignedEndorsingSupportingTokens();
+ SupportingToken sgndEncryptedSupTokens = rpd.getSignedEncryptedSupportingTokens();
+ SupportingToken sgndEndorsingEncryptedSupTokens = rpd.getSignedEndorsingEncryptedSupportingTokens();
if(sig && signatureParts.size() == 0
&& (sgndSupTokens == null || sgndSupTokens.getTokens().size() == 0)
- && (sgndEndorSupTokens == null || sgndEndorSupTokens.getTokens().size() == 0)) {
+ && (sgndEndorSupTokens == null || sgndEndorSupTokens.getTokens().size() == 0)
+ && (sgndEncryptedSupTokens == null || sgndEncryptedSupTokens.getTokens().size() == 0)
+ && (sgndEndorsingEncryptedSupTokens == null || sgndEndorsingEncryptedSupTokens.getTokens().size() == 0)) {
//Unexpected signature
throw new RampartException("unexprectedSignature");
@@ -321,7 +391,7 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
* @param data
* @param results
*/
- protected void validateProtectionOrder(ValidatorData data, Vector results)
+ protected void validateProtectionOrder(ValidatorData data, Vector results, Vector encryptedParts)
throws RampartException {
String protectionOrder = data.getRampartMessageData().getPolicyData().getProtectionOrder();
@@ -374,8 +444,34 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
for (Iterator iter = sigEncrActions.iterator(); iter.hasNext();) {
Integer act = (Integer) iter.next();
if(act.intValue() == WSConstants.SIGN && ! encrFound ) {
- // We found SIGN and ENCR has not been found - break and fail
- break;
+ boolean messageEncryptionsFound = false;
+ boolean encryptedSupportingTokensFound = false;
+ Iterator iter2 = encryptedParts.iterator();
+ while (iter2.hasNext()) {
+ WSEncryptionPart wp = (WSEncryptionPart)iter2.next();
+ String id = wp.getId();
+ if (id != null && id.equals("EncryptedSupportingToken")) {
+ encryptedSupportingTokensFound = true;
+ } else if (id != null && id.equals("EndorsingSupportingTokens")){
+ continue;
+ } else if (id != null && id.equals("SignedEndorsingSupportingTokens")){
+ continue;
+ } else {
+ messageEncryptionsFound = true;
+ }
+ }
+ if (!messageEncryptionsFound && encryptedSupportingTokensFound) {
+ // no message parts encrypted. the encryption action
+ // was related to a supporting token
+ done=true;
+ } else if (!messageEncryptionsFound && data.getRampartMessageData().getPolicyData().isSignatureProtection()) {
+ // no message parts encrypted. the encryption action
+ // was related to encrypting the message signature
+ done=true;
+ } else {
+ // We found SIGN and ENCR has not been found - break and fail
+ break;
+ }
}
if(act.intValue() == WSConstants.ENCR) {
encrFound = true;
@@ -467,6 +563,12 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
WSEncryptionPart encPart = (WSEncryptionPart)encryptedParts.get(i);
+ // ignore place holders for encrypted supporting
+ // tokens
+ if (encPart.getId() != null && encPart.getId().equals("EncryptedSupportingToken")) {
+ continue;
+ }
+
//This is the encrypted Body and we already checked encrypted body
if (encPart.getType() == WSConstants.PART_TYPE_BODY) {
continue;
@@ -555,16 +657,34 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
Vector actuallySigned = new Vector();
if (actionResults != null) {
for (int j = 0; j < actionResults.length; j++) {
+
WSSecurityEngineResult actionResult = actionResults[j];
- Set signedIDs = (Set) actionResult
- .get(WSSecurityEngineResult.TAG_SIGNED_ELEMENT_IDS);
- for (Iterator i = signedIDs.iterator(); i.hasNext();) {
- String e = (String) i.next();
-
- Element element = WSSecurityUtil.findElementById(envelope, e,
- WSConstants.WSU_NS);
- actuallySigned.add(element);
+ List wsDataRefs = (List)actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+
+ // if header was encrypted before it was signed, protected
+ // element is 'EncryptedHeader.' the actual element is
+ // first child element
+
+ for (Iterator k = wsDataRefs.iterator(); k.hasNext();) {
+ WSDataRef wsDataRef = (WSDataRef)k.next();
+ Element protectedElement = wsDataRef.getProtectedElement();
+ if (protectedElement.getLocalName().equals("EncryptedHeader")) {
+ NodeList nodeList = protectedElement.getChildNodes();
+ for (int x = 0; x < nodeList.getLength(); x++) {
+ if (nodeList.item(x).getNodeType() == Node.ELEMENT_NODE) {
+ String ns = ((Element)nodeList.item(x)).getNamespaceURI();
+ String ln = ((Element)nodeList.item(x)).getLocalName();
+ actuallySigned.add(new QName(ns,ln));
+ break;
+ }
+ }
+ } else {
+ String ns = protectedElement.getNamespaceURI();
+ String ln = protectedElement.getLocalName();
+ actuallySigned.add(new QName(ns,ln));
+ }
}
+
}
}
@@ -573,12 +693,12 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
if (wsep.getType() == WSConstants.PART_TYPE_BODY) {
- Element body;
+ QName body;
if (WSConstants.URI_SOAP11_ENV.equals(envelope.getNamespaceURI())) {
- body = WSSecurityUtil.findBodyElement(rmd.getDocument(), new SOAP11Constants());
+ body = new SOAP11Constants().getBodyQName();
} else {
- body = WSSecurityUtil.findBodyElement(rmd.getDocument(), new SOAP12Constants());
+ body = new SOAP12Constants().getBodyQName();
}
if (!actuallySigned.contains(body) && !rmd.getPolicyData().isSignBodyOptional()) {
@@ -591,6 +711,7 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
Element element = (Element) WSSecurityUtil.findElement(
envelope, wsep.getName(), wsep.getNamespace() );
+
if( element == null ) {
// The signedpart header or element we are checking is not present in
// soap envelope - this is allowed
@@ -598,7 +719,7 @@ public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandl
}
// header or the element present in soap envelope - verify that it is part of signature
- if( actuallySigned.contains( element) ) {
+ if( actuallySigned.contains( new QName(element.getNamespaceURI(), element.getLocalName())) ) {
continue;
}
[axis-axis2-java-rampart] 06/10: Merge r1052172 from the trunk.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-289
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 82fe90d5e5c7c176a0c2be2786630842d7fce9d8
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Mon Jan 30 17:21:48 2017 +0000
Merge r1052172 from the trunk.
---
.../rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
index 8d686d4..0db238a 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
@@ -205,7 +205,9 @@ public class Axis2Util {
OMNamespace ns = (OMNamespace) nsIter.next();
header.declareNamespace(ns);
}
- Iterator children = element.getChildElements();
+ // retrieve all child nodes (including any text nodes)
+ // and re-attach to header block
+ Iterator children = element.getChildren();
while (children.hasNext()) {
OMNode child = (OMNode)children.next();
child.detach();