Java Code Examples for org.apache.cxf.helpers.domutils#getNextElement()

The following examples show how to use org.apache.cxf.helpers.domutils#getNextElement() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AbstractSTSClient.java    From steady with Apache License 2.0 6 votes vote down vote up
protected String findMEXLocation(Element ref) {
    Element el = DOMUtils.getFirstElement(ref);
    while (el != null) {
        if (el.getLocalName().equals("Address")
            && VersionTransformer.isSupported(el.getNamespaceURI())
            && "MetadataReference".equals(ref.getLocalName())) {
            return DOMUtils.getContent(el);
        } else {
            String ad = findMEXLocation(el);
            if (ad != null) {
                return ad;
            }
        }
        el = DOMUtils.getNextElement(el);
    }
    return null;
}
 
Example 2
Source File: WSS10Builder.java    From steady with Apache License 2.0 6 votes vote down vote up
private void processAlternative(Element element, Wss10 parent, SPConstants consts) {
    Element polEl = PolicyConstants.findPolicyElement(element);
    if (polEl != null) {
        Element child = DOMUtils.getFirstElement(polEl);
        while (child != null) {
            String name = child.getLocalName();
            if (SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER.equals(name)) {
                parent.setMustSupportRefKeyIdentifier(true);
            } else if (SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL.equals(name)) {
                parent.setMustSupportRefIssuerSerial(true);
            } else if (SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI.equals(name)) {
                parent.setMustSupportRefExternalURI(true);
            } else if (SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.equals(name)) {
                parent.setMustSupportRefEmbeddedToken(true);
            } 
            child = DOMUtils.getNextElement(child);
        }
    }
}
 
Example 3
Source File: AbstractSTSClient.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected String findMEXLocation(Element ref) {
    Element el = DOMUtils.getFirstElement(ref);
    while (el != null) {
        if ("Address".equals(el.getLocalName())
            && VersionTransformer.isSupported(el.getNamespaceURI())
            && "MetadataReference".equals(ref.getLocalName())) {
            return DOMUtils.getContent(el);
        }
        String ad = findMEXLocation(el);
        if (ad != null) {
            return ad;
        }
        el = DOMUtils.getNextElement(el);
    }
    return null;
}
 
Example 4
Source File: WSS10Builder.java    From steady with Apache License 2.0 6 votes vote down vote up
private void processAlternative(Element element, Wss10 parent, SPConstants consts) {
    Element polEl = PolicyConstants.findPolicyElement(element);
    if (polEl != null) {
        Element child = DOMUtils.getFirstElement(polEl);
        while (child != null) {
            String name = child.getLocalName();
            if (SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER.equals(name)) {
                parent.setMustSupportRefKeyIdentifier(true);
            } else if (SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL.equals(name)) {
                parent.setMustSupportRefIssuerSerial(true);
            } else if (SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI.equals(name)) {
                parent.setMustSupportRefExternalURI(true);
            } else if (SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.equals(name)) {
                parent.setMustSupportRefEmbeddedToken(true);
            } 
            child = DOMUtils.getNextElement(child);
        }
    }
}
 
Example 5
Source File: SubscriptionReferenceParsingHandler.java    From cxf with Apache License 2.0 6 votes vote down vote up
@Override
public boolean handleMessage(SOAPMessageContext context) {
    // we are interested only in inbound messages here
    if ((Boolean)context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY)) {
        return true;
    }
    try {
        // read headers
        LOG.finer("Examining header elements");
        Element el = DOMUtils.getFirstElement(context.getMessage().getSOAPHeader());
        while (el != null) {
            if (el.getNamespaceURI().equals(namespace)
                && el.getLocalName().equals(elementName)) {
                LOG.log(Level.FINE, "found UUID parameter in header, uuid={0}", el.getTextContent());
                context.put("uuid", el.getTextContent());
            }
            el = DOMUtils.getNextElement(el);
        }
    } catch (SOAPException e) {
        throw new RuntimeException(e);
    }
    return true;
}
 
Example 6
Source File: DefaultClaimsPolicyValidator.java    From steady with Apache License 2.0 5 votes vote down vote up
/**
 * Validate a particular Claims policy against a received SAML Assertion. 
 * Return true if the policy is valid.
 */
public boolean validatePolicy(
    Element claimsPolicy,
    AssertionWrapper assertion
) {
    if (claimsPolicy == null) {
        return false;
    }
    
    String dialect = claimsPolicy.getAttributeNS(null, "Dialect");
    if (!DEFAULT_CLAIMS_NAMESPACE.equals(dialect)) {
        return false;
    }
    
    Element claimType = DOMUtils.getFirstElement(claimsPolicy);
    while (claimType != null) {
        if ("ClaimType".equals(claimType.getLocalName())) {
            String claimTypeUri = claimType.getAttributeNS(null, "Uri");
            String claimTypeOptional = claimType.getAttributeNS(null, "Optional");
            
            if (("".equals(claimTypeOptional) || !Boolean.parseBoolean(claimTypeOptional))
                && !findClaimInAssertion(assertion, URI.create(claimTypeUri))) {
                return false;
            }
        }
        
        claimType = DOMUtils.getNextElement(claimType);
    }
    
    return true;
}
 
Example 7
Source File: IssuedTokenPolicyValidator.java    From cxf with Apache License 2.0 5 votes vote down vote up
/**
 * Check the issued token template against the received BinarySecurityToken
 */
private boolean checkIssuedTokenTemplate(Element template, BinarySecurity binarySecurityToken) {
    Element child = DOMUtils.getFirstElement(template);
    while (child != null) {
        if ("TokenType".equals(child.getLocalName())) {
            String content = child.getTextContent();
            String valueType = binarySecurityToken.getValueType();
            if (!content.equals(valueType)) {
                return false;
            }
        }
        child = DOMUtils.getNextElement(child);
    }
    return true;
}
 
Example 8
Source File: MessageModeOutInterceptor.java    From cxf with Apache License 2.0 5 votes vote down vote up
private void validateFaultDetail(Element detail, Schema schema, BindingOperationInfo bop) throws Exception {
    if (detail != null) {
        Element el = DOMUtils.getFirstElement(detail);
        while (el != null) {
            QName qn = DOMUtils.getElementQName(el);
            for (BindingFaultInfo bfi : bop.getFaults()) {
                if (bfi.getFaultInfo().getMessagePartByIndex(0).getConcreteName().equals(qn)) {
                    //Found a fault with the correct QName, we can validate it
                    schema.newValidator().validate(new DOMSource(DOMUtils.getDomElement(el)));
                }
            }
            el = DOMUtils.getNextElement(el);
        }
    }
}
 
Example 9
Source File: STSClient.java    From steady with Apache License 2.0 5 votes vote down vote up
private String getTokenTypeFromTemplate() {
    if (template != null && DOMUtils.getFirstElement(template) != null) {
        Element tl = DOMUtils.getFirstElement(template);
        while (tl != null) {
            if ("TokenType".equals(tl.getLocalName())) {
                return DOMUtils.getContent(tl);
            }
            tl = DOMUtils.getNextElement(tl);
        }
    }
    return null;
}
 
Example 10
Source File: DefaultClaimsPolicyValidator.java    From steady with Apache License 2.0 5 votes vote down vote up
/**
 * Validate a particular Claims policy against a received SAML Assertion. 
 * Return true if the policy is valid.
 */
public boolean validatePolicy(
    Element claimsPolicy,
    AssertionWrapper assertion
) {
    if (claimsPolicy == null) {
        return false;
    }
    
    String dialect = claimsPolicy.getAttributeNS(null, "Dialect");
    if (!DEFAULT_CLAIMS_NAMESPACE.equals(dialect)) {
        return false;
    }
    
    Element claimType = DOMUtils.getFirstElement(claimsPolicy);
    while (claimType != null) {
        if ("ClaimType".equals(claimType.getLocalName())) {
            String claimTypeUri = claimType.getAttributeNS(null, "Uri");
            String claimTypeOptional = claimType.getAttributeNS(null, "Optional");
            
            if (("".equals(claimTypeOptional) || !Boolean.parseBoolean(claimTypeOptional))
                && !findClaimInAssertion(assertion, URI.create(claimTypeUri))) {
                return false;
            }
        }
        
        claimType = DOMUtils.getNextElement(claimType);
    }
    
    return true;
}
 
Example 11
Source File: WSS11Builder.java    From steady with Apache License 2.0 5 votes vote down vote up
private void processAlternative(Element element, Wss11 parent, SPConstants consts) {
    Element polEl = PolicyConstants.findPolicyElement(element);
    if (polEl != null) {
        Element child = DOMUtils.getFirstElement(polEl);
        while (child != null) {
            String name = child.getLocalName();

            if (SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER.equals(name)) {
                parent.setMustSupportRefKeyIdentifier(true);
            } else if (SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL.equals(name)) {
                parent.setMustSupportRefIssuerSerial(true);
            } else if (SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI.equals(name)) {
                parent.setMustSupportRefExternalURI(true);
            } else if (SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.equals(name)) {
                parent.setMustSupportRefEmbeddedToken(true);

            } else if (SPConstants.MUST_SUPPORT_REF_THUMBPRINT.equals(name)) {
                parent.setMustSupportRefThumbprint(true);

            } else if (SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY.equals(name)) {
                parent.setMustSupportRefEncryptedKey(true);

            } else if (SPConstants.REQUIRE_SIGNATURE_CONFIRMATION.equals(name)) {
                parent.setRequireSignatureConfirmation(true);
            } 
            child = DOMUtils.getNextElement(child);
        }
    }
}
 
Example 12
Source File: WSS11Builder.java    From steady with Apache License 2.0 5 votes vote down vote up
private void processAlternative(Element element, Wss11 parent, SPConstants consts) {
    Element polEl = PolicyConstants.findPolicyElement(element);
    if (polEl != null) {
        Element child = DOMUtils.getFirstElement(polEl);
        while (child != null) {
            String name = child.getLocalName();

            if (SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER.equals(name)) {
                parent.setMustSupportRefKeyIdentifier(true);
            } else if (SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL.equals(name)) {
                parent.setMustSupportRefIssuerSerial(true);
            } else if (SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI.equals(name)) {
                parent.setMustSupportRefExternalURI(true);
            } else if (SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.equals(name)) {
                parent.setMustSupportRefEmbeddedToken(true);

            } else if (SPConstants.MUST_SUPPORT_REF_THUMBPRINT.equals(name)) {
                parent.setMustSupportRefThumbprint(true);

            } else if (SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY.equals(name)) {
                parent.setMustSupportRefEncryptedKey(true);

            } else if (SPConstants.REQUIRE_SIGNATURE_CONFIRMATION.equals(name)) {
                parent.setRequireSignatureConfirmation(true);
            } 
            child = DOMUtils.getNextElement(child);
        }
    }
}
 
Example 13
Source File: IssuedTokenPolicyValidator.java    From steady with Apache License 2.0 5 votes vote down vote up
/**
 * Check the issued token template against the received BinarySecurityToken
 */
private boolean checkIssuedTokenTemplate(Element template, BinarySecurity binarySecurityToken) {
    Element child = DOMUtils.getFirstElement(template);
    while (child != null) {
        if ("TokenType".equals(child.getLocalName())) {
            String content = child.getTextContent();
            String valueType = binarySecurityToken.getValueType();
            if (!content.equals(valueType)) {
                return false;
            }
        }
        child = DOMUtils.getNextElement(child);
    }
    return true;
}
 
Example 14
Source File: STSClient.java    From steady with Apache License 2.0 5 votes vote down vote up
private String getTokenTypeFromTemplate() {
    if (template != null && DOMUtils.getFirstElement(template) != null) {
        Element tl = DOMUtils.getFirstElement(template);
        while (tl != null) {
            if ("TokenType".equals(tl.getLocalName())) {
                return DOMUtils.getContent(tl);
            }
            tl = DOMUtils.getNextElement(tl);
        }
    }
    return null;
}
 
Example 15
Source File: AbstractSupportingTokenPolicyValidator.java    From cxf with Apache License 2.0 5 votes vote down vote up
protected static boolean isSamlTokenRequiredForIssuedToken(IssuedToken issuedToken) {
    Element template = issuedToken.getRequestSecurityTokenTemplate();
    if (template != null) {
        Element child = DOMUtils.getFirstElement(template);
        while (child != null) {
            if ("TokenType".equals(child.getLocalName())) {
                String content = child.getTextContent();
                return WSS4JConstants.WSS_SAML_TOKEN_TYPE.equals(content)
                    || WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(content);
            }
            child = DOMUtils.getNextElement(child);
        }
    }
    return false;
}
 
Example 16
Source File: STSClient.java    From steady with Apache License 2.0 4 votes vote down vote up
protected List<SecurityToken> validateSecurityToken(SecurityToken tok, String tokentype) 
    throws Exception {
    STSResponse response = validate(tok, tokentype);
    
    Element el = getDocumentElement(response.getResponse());
    if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
        el = DOMUtils.getFirstElement(el);
    }
    if (!"RequestSecurityTokenResponse".equals(el.getLocalName())) {
        throw new Fault("Unexpected element " + el.getLocalName(), LOG);
    }
    el = DOMUtils.getFirstElement(el);
    String reason = null;
    boolean valid = false;
    List<SecurityToken> tokens = new LinkedList<SecurityToken>();
    while (el != null) {
        if ("Status".equals(el.getLocalName())) {
            Element e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Code");
            String s = DOMUtils.getContent(e2);
            valid = s.endsWith("/status/valid");
            
            e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Reason");
            if (e2 != null) {
                reason = DOMUtils.getContent(e2);
            }
        } else if ("RequestedSecurityToken".equals(el.getLocalName())) {
            Element requestedSecurityTokenElement = DOMUtils.getFirstElement(el);
            String id = findID(null, null, requestedSecurityTokenElement);
            if (StringUtils.isEmpty(id)) {
                throw new TrustException("NO_ID", LOG);
            }
            SecurityToken requestedSecurityToken = new SecurityToken(id);
            requestedSecurityToken.setToken(requestedSecurityTokenElement);
            tokens.add(requestedSecurityToken);
        }
        el = DOMUtils.getNextElement(el);
    }
    if (!valid) {
        throw new TrustException(LOG, "VALIDATION_FAILED", reason);
    }
    if (tokens.isEmpty()) {
        tokens.add(tok);
    }
    return tokens;
}
 
Example 17
Source File: TransportBindingBuilder.java    From steady with Apache License 2.0 4 votes vote down vote up
private void processAlternative(Element element, 
                                TransportBinding parent,
                                SPConstants consts,
                                AssertionBuilderFactory factory) {
    Element polEl = DOMUtils.getFirstElement(element);
    boolean foundTransportToken = false;
    boolean foundAlgorithmSuite = false;
    while (polEl != null) {
        if (Constants.isPolicyElement(new QName(polEl.getNamespaceURI(),
                                                   polEl.getLocalName()))) {
            Element child = DOMUtils.getFirstElement(polEl);
            while (child != null) {
                String name = child.getLocalName();
                if (name.equals(SPConstants.ALGO_SUITE)) {
                    foundAlgorithmSuite = true;
                    parent.setAlgorithmSuite((AlgorithmSuite)new AlgorithmSuiteBuilder(bus)
                        .build(child, factory));
                } else if (name.equals(SPConstants.TRANSPORT_TOKEN)) {
                    foundTransportToken = true;
                    parent.setTransportToken((TransportToken)new TransportTokenBuilder(builder)
                                                    .build(child, factory));
                } else if (name.equals(SPConstants.INCLUDE_TIMESTAMP)) {
                    parent.setIncludeTimestamp(true);
                } else if (name.equals(SPConstants.LAYOUT)) {
                    parent.setLayout((Layout)new LayoutBuilder().build(child, factory));
                } else if (name.equals(SPConstants.SIGNED_SUPPORTING_TOKENS)
                    || name.equals(SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS)) {
                    
                    if (consts.getVersion() == SPConstants.Version.SP_V11) {
                        parent.setSignedSupportingToken((SupportingToken)
                                                        new SupportingTokensBuilder(builder)
                                                        .build(child, factory));
                    } else {
                        parent.setSignedSupportingToken((SupportingToken)
                                                        new SupportingTokens12Builder(builder)
                                                            .build(child, factory));
                    }
                }
                child = DOMUtils.getNextElement(child);
            }
        }
        polEl = DOMUtils.getNextElement(polEl);
    }
    
    if (!foundTransportToken && consts != SP11Constants.INSTANCE) {
        throw new IllegalArgumentException(
            "sp:TransportBinding/wsp:Policy/sp:TransportToken must have a value"
        );
    }
    if (!foundAlgorithmSuite && consts != SP11Constants.INSTANCE) {
        throw new IllegalArgumentException(
            "sp:TransportBinding/wsp:Policy/sp:AlgorithmSuite must have a value"
        );
    }
    
}
 
Example 18
Source File: IssuedTokenBuilder.java    From steady with Apache License 2.0 4 votes vote down vote up
public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {
    
    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;


    IssuedToken issuedToken = new IssuedToken(consts);
    issuedToken.setOptional(PolicyConstants.isOptional(element));
    issuedToken.setIgnorable(PolicyConstants.isIgnorable(element));

    String includeAttr = DOMUtils.getAttribute(element, consts.getIncludeToken());
    if (includeAttr != null) {
        issuedToken.setInclusion(consts.getInclusionFromAttributeValue(includeAttr));
    }
    
    Element child = DOMUtils.getFirstElement(element);
    boolean foundPolicy = false;
    boolean foundRST = false;
    while (child != null) {
        String ln = child.getLocalName();
        if (SPConstants.ISSUER.equals(ln)) {
            try {
                EndpointReferenceType epr = VersionTransformer.parseEndpointReference(child);
                issuedToken.setIssuerEpr(epr);
            } catch (JAXBException e) {
                throw new IllegalArgumentException(e);
            }
        } else if (SPConstants.REQUEST_SECURITY_TOKEN_TEMPLATE.equals(ln)) {
            foundRST = true;
            issuedToken.setRstTemplate(child);
        } else if (org.apache.neethi.Constants.ELEM_POLICY.equals(ln)) {
            foundPolicy = true;
            Policy policy = builder.getPolicy(child);
            policy = policy.normalize(builder.getPolicyRegistry(), false);

            for (Iterator<List<Assertion>> iterator = policy.getAlternatives(); iterator.hasNext();) {
                processAlternative(iterator.next(), issuedToken);
                break; // since there should be only one alternative ..
            }                
        } else if (SPConstants.ISSUER_NAME.equals(ln)) {
            String issuerName = child.getNodeValue();
            issuedToken.setIssuerName(issuerName);
        }
        
        child = DOMUtils.getNextElement(child);
    }
    
    if (!foundPolicy && consts != SP11Constants.INSTANCE) {
        throw new IllegalArgumentException(
            "sp:IssuedToken/wsp:Policy must have a value"
        );
    }
    if (!foundRST) {
        throw new IllegalArgumentException(
            "sp:IssuedToken/sp:RequestSecurityTokenTemplate must have a value"
        );
    }
    
    return issuedToken;
}
 
Example 19
Source File: SecureConversationTokenBuilder.java    From steady with Apache License 2.0 4 votes vote down vote up
public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {

    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;
    
    
    SecureConversationToken conversationToken = new SecureConversationToken(consts);
    conversationToken.setOptional(PolicyConstants.isOptional(element));
    conversationToken.setIgnorable(PolicyConstants.isIgnorable(element));

    String attribute = DOMUtils.getAttribute(element, consts.getIncludeToken());
    if (attribute != null) {
        conversationToken.setInclusion(consts.getInclusionFromAttributeValue(attribute.trim()));
    }
    
    Element elem = DOMUtils.getFirstElement(element);
    boolean foundPolicy = false;
    while (elem != null) {
        QName qn = DOMUtils.getElementQName(elem);
        if (Constants.isPolicyElement(qn)) {
            foundPolicy = true;
            if (DOMUtils.getFirstChildWithName(elem, 
                                               consts.getNamespace(),
                                               SPConstants.REQUIRE_DERIVED_KEYS) != null) {
                conversationToken.setDerivedKeys(true);
            } else if (DOMUtils.getFirstChildWithName(elem, 
                                                      SP12Constants
                                                          .REQUIRE_IMPLIED_DERIVED_KEYS) 
                                                      != null) {
                conversationToken.setImpliedDerivedKeys(true);
            } else if (DOMUtils.getFirstChildWithName(elem, 
                                                      SP12Constants
                                                          .REQUIRE_EXPLICIT_DERIVED_KEYS)
                                                          != null) {
                conversationToken.setExplicitDerivedKeys(true);
            }


            if (DOMUtils.getFirstChildWithName(elem,
                                               consts.getNamespace(),
                                               SPConstants.REQUIRE_EXTERNAL_URI_REFERENCE) != null) {
                conversationToken.setRequireExternalUriRef(true);
            }

            if (DOMUtils.getFirstChildWithName(elem, 
                                               consts.getNamespace(),
                                               SPConstants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
                conversationToken.setSc10SecurityContextToken(true);
            }
            
            if (DOMUtils.getFirstChildWithName(elem, 
                    consts.getNamespace(),
                    SPConstants.SC13_SECURITY_CONTEXT_TOKEN) != null) {
                conversationToken.setSc13SecurityContextToken(true);
            }

            Element bootstrapPolicyElement = DOMUtils.getFirstChildWithName(elem, 
                                                                            consts.getNamespace(),
                                                                            SPConstants.BOOTSTRAP_POLICY);
            if (bootstrapPolicyElement != null) {
                Policy policy = builder.getPolicy(DOMUtils.getFirstElement(bootstrapPolicyElement));
                conversationToken.setBootstrapPolicy(policy);
            }

        } else if (consts.getNamespace().equals(qn.getNamespaceURI())
            && SPConstants.ISSUER.equals(qn.getLocalPart())) {
            conversationToken.setIssuerEpr(DOMUtils.getFirstElement(elem));                
        }
        elem = DOMUtils.getNextElement(elem);
    }
    
    if (!foundPolicy && consts != SP11Constants.INSTANCE) {
        throw new IllegalArgumentException(
            "sp:SecureConversationToken/wsp:Policy must have a value"
        );
    }
    
    return conversationToken;
}
 
Example 20
Source File: AbstractSTSClient.java    From steady with Apache License 2.0 4 votes vote down vote up
/**
 * Make an "Renew" invocation and return the response as a STSResponse Object
 */
public STSResponse renew(SecurityToken tok) throws Exception {
    createClient();
    BindingOperationInfo boi = findOperation("/RST/Renew");

    client.getRequestContext().putAll(ctx);
    if (isSecureConv) {
        client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/SCT/Renew");
    } else {
        client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/Renew");
    }

    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", namespace);
    writer.writeNamespace("wst", namespace);
    if (context != null) {
        writer.writeAttribute(null, "Context", context);
    }
    
    String sptt = null;
    if (template != null && DOMUtils.getFirstElement(template) != null) {
        if (this.useSecondaryParameters()) {
            writer.writeStartElement("wst", "SecondaryParameters", namespace);
        }
        
        Element tl = DOMUtils.getFirstElement(template);
        while (tl != null) {
            StaxUtils.copy(tl, writer);
            if ("TokenType".equals(tl.getLocalName())) {
                sptt = DOMUtils.getContent(tl);
            }
            tl = DOMUtils.getNextElement(tl);
        }
        
        if (this.useSecondaryParameters()) {
            writer.writeEndElement();
        }
    }
    
    if (isSpnego) {
        tokenType = STSUtils.getTokenTypeSCT(namespace);
    }

    addRequestType("/Renew", writer);
    if (enableAppliesTo) {
        addAppliesTo(writer, tok.getIssuerAddress());
    }
    
    if (sptt == null) {
        addTokenType(writer);
    }
    if (isSecureConv || enableLifetime) {
        addLifetime(writer);
    }

    writer.writeStartElement("wst", "RenewTarget", namespace);
    client.getRequestContext().put(SecurityConstants.TOKEN, tok);
    StaxUtils.copy(tok.getToken(), writer);
    writer.writeEndElement();
    
    writer.writeEndElement();

    Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));

    return new STSResponse((DOMSource)obj[0], null);
}