use of org.apache.cxf.helpers.MapNamespaceContext in project cxf by apache.
the class AbstractEncodedTest method writeRef.
public Element writeRef(Object instance) {
AegisType type = mapping.getType(instance.getClass());
assertNotNull("no type found for " + instance.getClass().getName());
// create the document
Element element = createElement("urn:Bean", "root", "b");
MapNamespaceContext namespaces = new MapNamespaceContext();
// we should not add the out namespace here, as it is not a part of root element
/*for (Map.Entry<String, String> entry : getNamespaces().entrySet()) {
namespaces.addNamespace(entry.getKey(), entry.getValue());
}*/
ElementWriter rootWriter = getElementWriter(element, namespaces);
Context context = getContext();
// get AegisType based on the object instance
assertNotNull("type is null", type);
// write the ref
SoapRefType soapRefType = new SoapRefType(type);
MessageWriter cwriter = rootWriter.getElementWriter(soapRefType.getSchemaType());
soapRefType.writeObject(instance, cwriter, context);
cwriter.close();
// write the trailing blocks (referenced objects)
trailingBlocks.writeBlocks(rootWriter, context);
return element;
}
use of org.apache.cxf.helpers.MapNamespaceContext in project cxf by apache.
the class CryptoCoverageChecker method handleMessage.
/**
* Checks that the WSS4J results refer to the required signed/encrypted
* elements as defined by the XPath expressions in {@link #xPaths}.
*
* @param message
* the SOAP message containing the signature
*
* @throws SoapFault
* if there is an error evaluating an XPath or an element is not
* covered by the required cryptographic operation
*/
public void handleMessage(SoapMessage message) throws Fault {
if (this.xPaths == null || this.xPaths.isEmpty()) {
// return
}
if (message.getContent(SOAPMessage.class) == null) {
throw new SoapFault("Error obtaining SOAP document", Fault.FAULT_CODE_CLIENT);
}
Element documentElement = null;
try {
SOAPMessage saajDoc = message.getContent(SOAPMessage.class);
SOAPEnvelope envelope = saajDoc.getSOAPPart().getEnvelope();
if (!checkFaults && envelope.getBody().hasFault()) {
return;
}
documentElement = envelope;
documentElement = (Element) DOMUtils.getDomElement(documentElement);
} catch (SOAPException e) {
throw new SoapFault("Error obtaining SOAP document", Fault.FAULT_CODE_CLIENT);
}
final Collection<WSDataRef> signed = new HashSet<>();
final Collection<WSDataRef> encrypted = new HashSet<>();
List<WSHandlerResult> results = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
// Get all encrypted and signed references
if (results != null) {
for (WSHandlerResult wshr : results) {
List<WSSecurityEngineResult> signedResults = wshr.getActionResults().get(WSConstants.SIGN);
if (signedResults != null) {
for (WSSecurityEngineResult signedResult : signedResults) {
List<WSDataRef> sl = CastUtils.cast((List<?>) signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
if (sl != null) {
if (sl.size() == 1 && sl.get(0).getName().equals(new QName(WSS4JConstants.SIG_NS, WSS4JConstants.SIG_LN))) {
// endorsing the signature so don't include
continue;
}
signed.addAll(sl);
}
}
}
List<WSSecurityEngineResult> encryptedResults = wshr.getActionResults().get(WSConstants.ENCR);
if (encryptedResults != null) {
for (WSSecurityEngineResult encryptedResult : encryptedResults) {
List<WSDataRef> el = CastUtils.cast((List<?>) encryptedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
if (el != null) {
encrypted.addAll(el);
}
}
}
}
}
CryptoCoverageUtil.reconcileEncryptedSignedRefs(signed, encrypted);
// XPathFactory and XPath are not thread-safe so we must recreate them
// each request.
final XPathFactory factory = XPathFactory.newInstance();
final XPath xpath = factory.newXPath();
if (this.prefixMap != null) {
xpath.setNamespaceContext(new MapNamespaceContext(this.prefixMap));
}
for (XPathExpression xPathExpression : this.xPaths) {
Collection<WSDataRef> refsToCheck = null;
switch(xPathExpression.getType()) {
case SIGNED:
refsToCheck = signed;
break;
case ENCRYPTED:
refsToCheck = encrypted;
break;
default:
throw new IllegalStateException("Unexpected crypto type: " + xPathExpression.getType());
}
try {
CryptoCoverageUtil.checkCoverage(documentElement, refsToCheck, xpath, Arrays.asList(xPathExpression.getXPath()), xPathExpression.getType(), xPathExpression.getScope());
} catch (WSSecurityException e) {
throw new SoapFault("No " + xPathExpression.getType() + " element found matching XPath " + xPathExpression.getXPath(), Fault.FAULT_CODE_CLIENT);
}
}
}
use of org.apache.cxf.helpers.MapNamespaceContext in project cxf by apache.
the class CryptoCoverageUtil method checkCoverage.
/**
* Checks that the references provided refer to the required
* signed/encrypted elements as defined by the XPath expressions in {@code
* xPaths}.
*
* @param soapEnvelope
* the SOAP Envelope element
* @param refs
* the refs to the data extracted from the signature/encryption
* @param namespaces
* the prefix to namespace mapping, may be {@code null}
* @param xPaths
* the collection of XPath expressions
* @param type
* the type of cryptographic coverage to check for
* @param scope
* the scope of the cryptographic coverage to check for, defaults
* to element
*
* @throws WSSecurityException
* if there is an error evaluating an XPath or an element is not
* covered by the signature/encryption.
*/
public static void checkCoverage(Element soapEnvelope, final Collection<WSDataRef> refs, Map<String, String> namespaces, Collection<String> xPaths, CoverageType type, CoverageScope scope) throws WSSecurityException {
// XPathFactory and XPath are not thread-safe so we must recreate them
// each request.
final XPathFactory factory = XPathFactory.newInstance();
final XPath xpath = factory.newXPath();
if (namespaces != null) {
xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
}
checkCoverage(soapEnvelope, refs, xpath, xPaths, type, scope);
}
use of org.apache.cxf.helpers.MapNamespaceContext in project cxf by apache.
the class RequiredElementsPolicyValidator method validatePolicies.
/**
* Validate policies.
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
for (AssertionInfo ai : ais) {
RequiredElements rp = (RequiredElements) ai.getAssertion();
ai.setAsserted(true);
if (rp != null && rp.getXPaths() != null && !rp.getXPaths().isEmpty()) {
XPathFactory factory = XPathFactory.newInstance();
for (org.apache.wss4j.policy.model.XPath xPath : rp.getXPaths()) {
Map<String, String> namespaces = xPath.getPrefixNamespaceMap();
String expression = xPath.getXPath();
XPath xpath = factory.newXPath();
if (namespaces != null) {
xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
}
NodeList list;
Element header = parameters.getSoapHeader();
header = (Element) DOMUtils.getDomElement(header);
try {
list = (NodeList) xpath.evaluate(expression, header, XPathConstants.NODESET);
if (list.getLength() == 0) {
ai.setNotAsserted("No header element matching XPath " + expression + " found.");
}
} catch (XPathExpressionException e) {
ai.setNotAsserted("Invalid XPath expression " + expression + " " + e.getMessage());
}
}
}
}
}
use of org.apache.cxf.helpers.MapNamespaceContext in project cxf by apache.
the class SecuredElementsPolicyValidator method validatePolicies.
/**
* Validate policies.
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
// XPathFactory and XPath are not thread-safe so we must recreate them
// each request.
final XPathFactory factory = XPathFactory.newInstance();
final XPath xpath = factory.newXPath();
Element soapEnvelope = parameters.getSoapHeader().getOwnerDocument().getDocumentElement();
Collection<WSDataRef> dataRefs = parameters.getEncrypted();
if (coverageType == CoverageType.SIGNED) {
dataRefs = parameters.getSigned();
}
for (AssertionInfo ai : ais) {
RequiredElements elements = (RequiredElements) ai.getAssertion();
ai.setAsserted(true);
if (elements != null && elements.getXPaths() != null && !elements.getXPaths().isEmpty()) {
List<String> expressions = new ArrayList<>();
MapNamespaceContext namespaceContext = new MapNamespaceContext();
for (org.apache.wss4j.policy.model.XPath xPath : elements.getXPaths()) {
expressions.add(xPath.getXPath());
Map<String, String> namespaceMap = xPath.getPrefixNamespaceMap();
if (namespaceMap != null) {
namespaceContext.addNamespaces(namespaceMap);
}
}
xpath.setNamespaceContext(namespaceContext);
try {
CryptoCoverageUtil.checkCoverage(soapEnvelope, dataRefs, xpath, expressions, coverageType, coverageScope);
} catch (WSSecurityException e) {
ai.setNotAsserted("No " + coverageType + " element found matching one of the XPaths " + Arrays.toString(expressions.toArray()));
}
}
}
}
Aggregations