Search in sources :

Example 1 with MapNamespaceContext

use of org.apache.cxf.helpers.MapNamespaceContext in project cxf by apache.

the class AbstractEncodedTest method writeRef.

public Element writeRef(Object instance) {
    AegisType type = mapping.getType(instance.getClass());
    assertNotNull("no type found for " + instance.getClass().getName());
    // create the document
    Element element = createElement("urn:Bean", "root", "b");
    MapNamespaceContext namespaces = new MapNamespaceContext();
    // we should not add the out namespace here, as it is not a part of root element
    /*for (Map.Entry<String, String> entry : getNamespaces().entrySet()) {
            namespaces.addNamespace(entry.getKey(), entry.getValue());
        }*/
    ElementWriter rootWriter = getElementWriter(element, namespaces);
    Context context = getContext();
    // get AegisType based on the object instance
    assertNotNull("type is null", type);
    // write the ref
    SoapRefType soapRefType = new SoapRefType(type);
    MessageWriter cwriter = rootWriter.getElementWriter(soapRefType.getSchemaType());
    soapRefType.writeObject(instance, cwriter, context);
    cwriter.close();
    // write the trailing blocks (referenced objects)
    trailingBlocks.writeBlocks(rootWriter, context);
    return element;
}
Also used : MapNamespaceContext(org.apache.cxf.helpers.MapNamespaceContext) Context(org.apache.cxf.aegis.Context) AegisContext(org.apache.cxf.aegis.AegisContext) AegisType(org.apache.cxf.aegis.type.AegisType) Element(org.w3c.dom.Element) MapNamespaceContext(org.apache.cxf.helpers.MapNamespaceContext) MessageWriter(org.apache.cxf.aegis.xml.MessageWriter) ElementWriter(org.apache.cxf.aegis.xml.stax.ElementWriter)

Example 2 with MapNamespaceContext

use of org.apache.cxf.helpers.MapNamespaceContext in project cxf by apache.

the class CryptoCoverageChecker method handleMessage.

/**
 * Checks that the WSS4J results refer to the required signed/encrypted
 * elements as defined by the XPath expressions in {@link #xPaths}.
 *
 * @param message
 *            the SOAP message containing the signature
 *
 * @throws SoapFault
 *             if there is an error evaluating an XPath or an element is not
 *             covered by the required cryptographic operation
 */
public void handleMessage(SoapMessage message) throws Fault {
    if (this.xPaths == null || this.xPaths.isEmpty()) {
    // return
    }
    if (message.getContent(SOAPMessage.class) == null) {
        throw new SoapFault("Error obtaining SOAP document", Fault.FAULT_CODE_CLIENT);
    }
    Element documentElement = null;
    try {
        SOAPMessage saajDoc = message.getContent(SOAPMessage.class);
        SOAPEnvelope envelope = saajDoc.getSOAPPart().getEnvelope();
        if (!checkFaults && envelope.getBody().hasFault()) {
            return;
        }
        documentElement = envelope;
        documentElement = (Element) DOMUtils.getDomElement(documentElement);
    } catch (SOAPException e) {
        throw new SoapFault("Error obtaining SOAP document", Fault.FAULT_CODE_CLIENT);
    }
    final Collection<WSDataRef> signed = new HashSet<>();
    final Collection<WSDataRef> encrypted = new HashSet<>();
    List<WSHandlerResult> results = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
    // Get all encrypted and signed references
    if (results != null) {
        for (WSHandlerResult wshr : results) {
            List<WSSecurityEngineResult> signedResults = wshr.getActionResults().get(WSConstants.SIGN);
            if (signedResults != null) {
                for (WSSecurityEngineResult signedResult : signedResults) {
                    List<WSDataRef> sl = CastUtils.cast((List<?>) signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
                    if (sl != null) {
                        if (sl.size() == 1 && sl.get(0).getName().equals(new QName(WSS4JConstants.SIG_NS, WSS4JConstants.SIG_LN))) {
                            // endorsing the signature so don't include
                            continue;
                        }
                        signed.addAll(sl);
                    }
                }
            }
            List<WSSecurityEngineResult> encryptedResults = wshr.getActionResults().get(WSConstants.ENCR);
            if (encryptedResults != null) {
                for (WSSecurityEngineResult encryptedResult : encryptedResults) {
                    List<WSDataRef> el = CastUtils.cast((List<?>) encryptedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
                    if (el != null) {
                        encrypted.addAll(el);
                    }
                }
            }
        }
    }
    CryptoCoverageUtil.reconcileEncryptedSignedRefs(signed, encrypted);
    // XPathFactory and XPath are not thread-safe so we must recreate them
    // each request.
    final XPathFactory factory = XPathFactory.newInstance();
    final XPath xpath = factory.newXPath();
    if (this.prefixMap != null) {
        xpath.setNamespaceContext(new MapNamespaceContext(this.prefixMap));
    }
    for (XPathExpression xPathExpression : this.xPaths) {
        Collection<WSDataRef> refsToCheck = null;
        switch(xPathExpression.getType()) {
            case SIGNED:
                refsToCheck = signed;
                break;
            case ENCRYPTED:
                refsToCheck = encrypted;
                break;
            default:
                throw new IllegalStateException("Unexpected crypto type: " + xPathExpression.getType());
        }
        try {
            CryptoCoverageUtil.checkCoverage(documentElement, refsToCheck, xpath, Arrays.asList(xPathExpression.getXPath()), xPathExpression.getType(), xPathExpression.getScope());
        } catch (WSSecurityException e) {
            throw new SoapFault("No " + xPathExpression.getType() + " element found matching XPath " + xPathExpression.getXPath(), Fault.FAULT_CODE_CLIENT);
        }
    }
}
Also used : XPath(javax.xml.xpath.XPath) SoapFault(org.apache.cxf.binding.soap.SoapFault) QName(javax.xml.namespace.QName) Element(org.w3c.dom.Element) MapNamespaceContext(org.apache.cxf.helpers.MapNamespaceContext) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SOAPEnvelope(javax.xml.soap.SOAPEnvelope) WSDataRef(org.apache.wss4j.dom.WSDataRef) SOAPMessage(javax.xml.soap.SOAPMessage) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) XPathFactory(javax.xml.xpath.XPathFactory) SOAPException(javax.xml.soap.SOAPException) HashSet(java.util.HashSet)

Example 3 with MapNamespaceContext

use of org.apache.cxf.helpers.MapNamespaceContext in project cxf by apache.

the class CryptoCoverageUtil method checkCoverage.

/**
 * Checks that the references provided refer to the required
 * signed/encrypted elements as defined by the XPath expressions in {@code
 * xPaths}.
 *
 * @param soapEnvelope
 *            the SOAP Envelope element
 * @param refs
 *            the refs to the data extracted from the signature/encryption
 * @param namespaces
 *            the prefix to namespace mapping, may be {@code null}
 * @param xPaths
 *            the collection of XPath expressions
 * @param type
 *            the type of cryptographic coverage to check for
 * @param scope
 *            the scope of the cryptographic coverage to check for, defaults
 *            to element
 *
 * @throws WSSecurityException
 *             if there is an error evaluating an XPath or an element is not
 *             covered by the signature/encryption.
 */
public static void checkCoverage(Element soapEnvelope, final Collection<WSDataRef> refs, Map<String, String> namespaces, Collection<String> xPaths, CoverageType type, CoverageScope scope) throws WSSecurityException {
    // XPathFactory and XPath are not thread-safe so we must recreate them
    // each request.
    final XPathFactory factory = XPathFactory.newInstance();
    final XPath xpath = factory.newXPath();
    if (namespaces != null) {
        xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
    }
    checkCoverage(soapEnvelope, refs, xpath, xPaths, type, scope);
}
Also used : XPath(javax.xml.xpath.XPath) XPathFactory(javax.xml.xpath.XPathFactory) MapNamespaceContext(org.apache.cxf.helpers.MapNamespaceContext)

Example 4 with MapNamespaceContext

use of org.apache.cxf.helpers.MapNamespaceContext in project cxf by apache.

the class RequiredElementsPolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    for (AssertionInfo ai : ais) {
        RequiredElements rp = (RequiredElements) ai.getAssertion();
        ai.setAsserted(true);
        if (rp != null && rp.getXPaths() != null && !rp.getXPaths().isEmpty()) {
            XPathFactory factory = XPathFactory.newInstance();
            for (org.apache.wss4j.policy.model.XPath xPath : rp.getXPaths()) {
                Map<String, String> namespaces = xPath.getPrefixNamespaceMap();
                String expression = xPath.getXPath();
                XPath xpath = factory.newXPath();
                if (namespaces != null) {
                    xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
                }
                NodeList list;
                Element header = parameters.getSoapHeader();
                header = (Element) DOMUtils.getDomElement(header);
                try {
                    list = (NodeList) xpath.evaluate(expression, header, XPathConstants.NODESET);
                    if (list.getLength() == 0) {
                        ai.setNotAsserted("No header element matching XPath " + expression + " found.");
                    }
                } catch (XPathExpressionException e) {
                    ai.setNotAsserted("Invalid XPath expression " + expression + " " + e.getMessage());
                }
            }
        }
    }
}
Also used : RequiredElements(org.apache.wss4j.policy.model.RequiredElements) XPath(javax.xml.xpath.XPath) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) XPathExpressionException(javax.xml.xpath.XPathExpressionException) NodeList(org.w3c.dom.NodeList) Element(org.w3c.dom.Element) MapNamespaceContext(org.apache.cxf.helpers.MapNamespaceContext) XPathFactory(javax.xml.xpath.XPathFactory)

Example 5 with MapNamespaceContext

use of org.apache.cxf.helpers.MapNamespaceContext in project cxf by apache.

the class SecuredElementsPolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    // XPathFactory and XPath are not thread-safe so we must recreate them
    // each request.
    final XPathFactory factory = XPathFactory.newInstance();
    final XPath xpath = factory.newXPath();
    Element soapEnvelope = parameters.getSoapHeader().getOwnerDocument().getDocumentElement();
    Collection<WSDataRef> dataRefs = parameters.getEncrypted();
    if (coverageType == CoverageType.SIGNED) {
        dataRefs = parameters.getSigned();
    }
    for (AssertionInfo ai : ais) {
        RequiredElements elements = (RequiredElements) ai.getAssertion();
        ai.setAsserted(true);
        if (elements != null && elements.getXPaths() != null && !elements.getXPaths().isEmpty()) {
            List<String> expressions = new ArrayList<>();
            MapNamespaceContext namespaceContext = new MapNamespaceContext();
            for (org.apache.wss4j.policy.model.XPath xPath : elements.getXPaths()) {
                expressions.add(xPath.getXPath());
                Map<String, String> namespaceMap = xPath.getPrefixNamespaceMap();
                if (namespaceMap != null) {
                    namespaceContext.addNamespaces(namespaceMap);
                }
            }
            xpath.setNamespaceContext(namespaceContext);
            try {
                CryptoCoverageUtil.checkCoverage(soapEnvelope, dataRefs, xpath, expressions, coverageType, coverageScope);
            } catch (WSSecurityException e) {
                ai.setNotAsserted("No " + coverageType + " element found matching one of the XPaths " + Arrays.toString(expressions.toArray()));
            }
        }
    }
}
Also used : XPath(javax.xml.xpath.XPath) RequiredElements(org.apache.wss4j.policy.model.RequiredElements) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) MapNamespaceContext(org.apache.cxf.helpers.MapNamespaceContext) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) WSDataRef(org.apache.wss4j.dom.WSDataRef) XPathFactory(javax.xml.xpath.XPathFactory)

Aggregations

MapNamespaceContext (org.apache.cxf.helpers.MapNamespaceContext)8 Element (org.w3c.dom.Element)7 XPath (javax.xml.xpath.XPath)6 XPathFactory (javax.xml.xpath.XPathFactory)6 ArrayList (java.util.ArrayList)2 SOAPMessage (javax.xml.soap.SOAPMessage)2 XPathExpressionException (javax.xml.xpath.XPathExpressionException)2 ElementWriter (org.apache.cxf.aegis.xml.stax.ElementWriter)2 AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)2 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2 WSDataRef (org.apache.wss4j.dom.WSDataRef)2 RequiredElements (org.apache.wss4j.policy.model.RequiredElements)2 NodeList (org.w3c.dom.NodeList)2 HashSet (java.util.HashSet)1 QName (javax.xml.namespace.QName)1 SOAPEnvelope (javax.xml.soap.SOAPEnvelope)1 SOAPException (javax.xml.soap.SOAPException)1 AegisContext (org.apache.cxf.aegis.AegisContext)1 Context (org.apache.cxf.aegis.Context)1 AegisType (org.apache.cxf.aegis.type.AegisType)1