use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AbstractTokenInterceptor method policyNotAsserted.
protected void policyNotAsserted(AbstractToken assertion, String reason, SoapMessage message) {
if (assertion == null) {
return;
}
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais = aim.get(assertion.getName());
if (ais != null) {
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == assertion) {
ai.setNotAsserted(reason);
}
}
}
if (!assertion.isOptional()) {
throw new PolicyException(new Message(reason, LOG));
}
}
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AbstractTokenInterceptor method assertTokens.
protected AbstractToken assertTokens(SoapMessage message, String localname, boolean signed) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, localname);
AbstractToken tok = null;
for (AssertionInfo ai : ais) {
tok = (AbstractToken) ai.getAssertion();
ai.setAsserted(true);
}
PolicyUtils.assertPolicy(aim, SPConstants.SUPPORTING_TOKENS);
if (signed || isTLSInUse(message)) {
PolicyUtils.assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
}
return tok;
}
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AlgorithmSuiteTranslater method translateAlgorithmSuites.
public void translateAlgorithmSuites(AssertionInfoMap aim, RequestData data) throws WSSecurityException {
if (aim == null) {
return;
}
List<org.apache.wss4j.policy.model.AlgorithmSuite> algorithmSuites = getAlgorithmSuites(getBindings(aim));
if (!algorithmSuites.isEmpty()) {
// Translate into WSS4J's AlgorithmSuite class
AlgorithmSuite algorithmSuite = translateAlgorithmSuites(algorithmSuites);
data.setAlgorithmSuite(algorithmSuite);
}
// Now look for an AlgorithmSuite for a SAML Assertion
Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SAML_TOKEN);
if (!ais.isEmpty()) {
List<org.apache.wss4j.policy.model.AlgorithmSuite> samlAlgorithmSuites = new ArrayList<>();
for (AssertionInfo ai : ais) {
SamlToken samlToken = (SamlToken) ai.getAssertion();
AbstractSecurityAssertion parentAssertion = samlToken.getParentAssertion();
if (parentAssertion instanceof SupportingTokens && ((SupportingTokens) parentAssertion).getAlgorithmSuite() != null) {
samlAlgorithmSuites.add(((SupportingTokens) parentAssertion).getAlgorithmSuite());
}
}
if (!samlAlgorithmSuites.isEmpty()) {
data.setSamlAlgorithmSuite(translateAlgorithmSuites(samlAlgorithmSuites));
}
}
}
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AlgorithmSuiteTranslater method getBindings.
/**
* Get all of the WS-SecurityPolicy Bindings that are in operation
*/
private List<AbstractBinding> getBindings(AssertionInfoMap aim) {
List<AbstractBinding> bindings = new ArrayList<>();
Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
bindings.add((AbstractBinding) ai.getAssertion());
}
}
ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
bindings.add((AbstractBinding) ai.getAssertion());
}
}
ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
bindings.add((AbstractBinding) ai.getAssertion());
}
}
return bindings;
}
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class PolicyBasedWSS4JInInterceptor method checkAsymmetricBinding.
private String checkAsymmetricBinding(AssertionInfoMap aim, String action, SoapMessage message, RequestData data) throws WSSecurityException {
AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
if (ai == null) {
return action;
}
action = addToAction(action, "Signature", true);
action = addToAction(action, "Encrypt", true);
Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, data);
final Crypto signCrypto;
if (e != null && e.equals(s)) {
signCrypto = encrCrypto;
} else {
signCrypto = getSignatureCrypto(s, message, data);
}
final String signCryptoRefId = signCrypto != null ? "RefId-" + signCrypto.hashCode() : null;
if (signCrypto != null) {
message.put(ConfigurationConstants.DEC_PROP_REF_ID, signCryptoRefId);
message.put(signCryptoRefId, signCrypto);
}
if (encrCrypto != null) {
final String encCryptoRefId = "RefId-" + encrCrypto.hashCode();
message.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, encCryptoRefId);
message.put(encCryptoRefId, encrCrypto);
} else if (signCrypto != null) {
message.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, signCryptoRefId);
message.put(signCryptoRefId, signCrypto);
}
return action;
}
Aggregations