Search in sources :

Example 46 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AbstractTokenInterceptor method policyNotAsserted.

protected void policyNotAsserted(AbstractToken assertion, String reason, SoapMessage message) {
    if (assertion == null) {
        return;
    }
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    Collection<AssertionInfo> ais = aim.get(assertion.getName());
    if (ais != null) {
        for (AssertionInfo ai : ais) {
            if (ai.getAssertion() == assertion) {
                ai.setNotAsserted(reason);
            }
        }
    }
    if (!assertion.isOptional()) {
        throw new PolicyException(new Message(reason, LOG));
    }
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) Message(org.apache.cxf.common.i18n.Message) SoapMessage(org.apache.cxf.binding.soap.SoapMessage) PolicyException(org.apache.cxf.ws.policy.PolicyException) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 47 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AbstractTokenInterceptor method assertTokens.

protected AbstractToken assertTokens(SoapMessage message, String localname, boolean signed) {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, localname);
    AbstractToken tok = null;
    for (AssertionInfo ai : ais) {
        tok = (AbstractToken) ai.getAssertion();
        ai.setAsserted(true);
    }
    PolicyUtils.assertPolicy(aim, SPConstants.SUPPORTING_TOKENS);
    if (signed || isTLSInUse(message)) {
        PolicyUtils.assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
    }
    return tok;
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 48 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AlgorithmSuiteTranslater method translateAlgorithmSuites.

public void translateAlgorithmSuites(AssertionInfoMap aim, RequestData data) throws WSSecurityException {
    if (aim == null) {
        return;
    }
    List<org.apache.wss4j.policy.model.AlgorithmSuite> algorithmSuites = getAlgorithmSuites(getBindings(aim));
    if (!algorithmSuites.isEmpty()) {
        // Translate into WSS4J's AlgorithmSuite class
        AlgorithmSuite algorithmSuite = translateAlgorithmSuites(algorithmSuites);
        data.setAlgorithmSuite(algorithmSuite);
    }
    // Now look for an AlgorithmSuite for a SAML Assertion
    Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SAML_TOKEN);
    if (!ais.isEmpty()) {
        List<org.apache.wss4j.policy.model.AlgorithmSuite> samlAlgorithmSuites = new ArrayList<>();
        for (AssertionInfo ai : ais) {
            SamlToken samlToken = (SamlToken) ai.getAssertion();
            AbstractSecurityAssertion parentAssertion = samlToken.getParentAssertion();
            if (parentAssertion instanceof SupportingTokens && ((SupportingTokens) parentAssertion).getAlgorithmSuite() != null) {
                samlAlgorithmSuites.add(((SupportingTokens) parentAssertion).getAlgorithmSuite());
            }
        }
        if (!samlAlgorithmSuites.isEmpty()) {
            data.setSamlAlgorithmSuite(translateAlgorithmSuites(samlAlgorithmSuites));
        }
    }
}
Also used : SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AlgorithmSuite(org.apache.wss4j.common.crypto.AlgorithmSuite) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) SamlToken(org.apache.wss4j.policy.model.SamlToken) ArrayList(java.util.ArrayList) AbstractSecurityAssertion(org.apache.wss4j.policy.model.AbstractSecurityAssertion)

Example 49 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AlgorithmSuiteTranslater method getBindings.

/**
 * Get all of the WS-SecurityPolicy Bindings that are in operation
 */
private List<AbstractBinding> getBindings(AssertionInfoMap aim) {
    List<AbstractBinding> bindings = new ArrayList<>();
    Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
    if (!ais.isEmpty()) {
        for (AssertionInfo ai : ais) {
            bindings.add((AbstractBinding) ai.getAssertion());
        }
    }
    ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
    if (!ais.isEmpty()) {
        for (AssertionInfo ai : ais) {
            bindings.add((AbstractBinding) ai.getAssertion());
        }
    }
    ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
    if (!ais.isEmpty()) {
        for (AssertionInfo ai : ais) {
            bindings.add((AbstractBinding) ai.getAssertion());
        }
    }
    return bindings;
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) ArrayList(java.util.ArrayList) AbstractBinding(org.apache.wss4j.policy.model.AbstractBinding)

Example 50 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class PolicyBasedWSS4JInInterceptor method checkAsymmetricBinding.

private String checkAsymmetricBinding(AssertionInfoMap aim, String action, SoapMessage message, RequestData data) throws WSSecurityException {
    AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
    if (ai == null) {
        return action;
    }
    action = addToAction(action, "Signature", true);
    action = addToAction(action, "Encrypt", true);
    Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
    if (s == null) {
        s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
    }
    Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
    if (e == null) {
        e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
    }
    Crypto encrCrypto = getEncryptionCrypto(e, message, data);
    final Crypto signCrypto;
    if (e != null && e.equals(s)) {
        signCrypto = encrCrypto;
    } else {
        signCrypto = getSignatureCrypto(s, message, data);
    }
    final String signCryptoRefId = signCrypto != null ? "RefId-" + signCrypto.hashCode() : null;
    if (signCrypto != null) {
        message.put(ConfigurationConstants.DEC_PROP_REF_ID, signCryptoRefId);
        message.put(signCryptoRefId, signCrypto);
    }
    if (encrCrypto != null) {
        final String encCryptoRefId = "RefId-" + encrCrypto.hashCode();
        message.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, encCryptoRefId);
        message.put(encCryptoRefId, encrCrypto);
    } else if (signCrypto != null) {
        message.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, signCryptoRefId);
        message.put(signCryptoRefId, signCrypto);
    }
    return action;
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) Crypto(org.apache.wss4j.common.crypto.Crypto)

Aggregations

AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)99 AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)45 QName (javax.xml.namespace.QName)21 SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)14 ArrayList (java.util.ArrayList)12 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)12 SamlToken (org.apache.wss4j.policy.model.SamlToken)12 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)10 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)10 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)9 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)9 X509Token (org.apache.wss4j.policy.model.X509Token)9 Element (org.w3c.dom.Element)9 PolicyException (org.apache.cxf.ws.policy.PolicyException)8 KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)8 Header (org.apache.wss4j.policy.model.Header)7 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)6 Message (org.apache.cxf.message.Message)6 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)6 TLSSessionInfo (org.apache.cxf.security.transport.TLSSessionInfo)5