private UsernameToken assertTokens(
SoapMessage message, UsernameTokenPrincipal princ, boolean signed) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
UsernameToken tok = null;
for (AssertionInfo ai : ais) {
tok = (UsernameToken) ai.getAssertion();
ai.setAsserted(true);
if ((tok.getPasswordType() == UsernameToken.PasswordType.HashPassword)
&& (princ == null || !princ.isPasswordDigest())) {
ai.setNotAsserted("Password hashing policy not enforced");
} else {
assertPolicy(aim, SPConstants.HASH_PASSWORD);
}
if ((tok.getPasswordType() != UsernameToken.PasswordType.NoPassword)
&& isNonEndorsingSupportingToken(tok)
&& (princ == null || princ.getPassword() == null)) {
ai.setNotAsserted("Username Token No Password supplied");
} else {
assertPolicy(aim, SPConstants.NO_PASSWORD);
}
if (tok.isCreated() && princ.getCreatedTime() == null) {
ai.setNotAsserted("No Created Time");
} else {
assertPolicy(aim, SP13Constants.CREATED);
}
if (tok.isNonce() && princ.getNonce() == null) {
ai.setNotAsserted("No Nonce");
} else {
assertPolicy(aim, SP13Constants.NONCE);
}
}
assertPolicy(aim, SPConstants.USERNAME_TOKEN10);
assertPolicy(aim, SPConstants.USERNAME_TOKEN11);
assertPolicy(aim, SPConstants.SUPPORTING_TOKENS);
if (signed || isTLSInUse(message)) {
assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
}
return tok;
}
