Examples with AssertionInfo org.apache.cxf.ws.policy.AssertionInfo used on opensource projects

Search in sources :

Example 71 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class SamlTokenInterceptor method addToken.

protected void addToken(SoapMessage message) {
    WSSConfig.init();
    SamlToken tok = (SamlToken) assertTokens(message);
    Header h = findSecurityHeader(message, true);
    try {
        SamlAssertionWrapper wrapper = addSamlToken(tok, message);
        if (wrapper == null) {
            AssertionInfoMap aim = message.get(AssertionInfoMap.class);
            Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SAML_TOKEN);
            for (AssertionInfo ai : ais) {
                if (ai.isAsserted()) {
                    ai.setAsserted(false);
                }
            }
            return;
        }
        Element el = (Element) h.getObject();
        el = (Element) DOMUtils.getDomElement(el);
        el.appendChild(wrapper.toDOM(el.getOwnerDocument()));
    } catch (WSSecurityException ex) {
        policyNotAsserted(tok, ex.getMessage(), message);
    }
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) SamlToken(org.apache.wss4j.policy.model.SamlToken) Header(org.apache.cxf.headers.Header) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 72 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class PolicyBasedWSS4JInInterceptor method computeAction.

@Override
protected void computeAction(SoapMessage message, RequestData data) throws WSSecurityException {
    String action = getString(ConfigurationConstants.ACTION, message);
    if (action == null) {
        action = "";
    }
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    if (aim != null) {
        // things that DO impact setup
        handleWSS11(aim, message);
        action = checkAsymmetricBinding(aim, action, message, data);
        action = checkSymmetricBinding(aim, action, message, data);
        Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
        if ("".equals(action) || (ais != null && !ais.isEmpty())) {
            action = checkDefaultBinding(action, message, data);
        }
        // Allow for setting non-standard asymmetric signature algorithms
        String asymSignatureAlgorithm = (String) message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
        String symSignatureAlgorithm = (String) message.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
        if (asymSignatureAlgorithm != null || symSignatureAlgorithm != null) {
            Collection<AssertionInfo> algorithmSuites = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ALGORITHM_SUITE);
            if (!algorithmSuites.isEmpty()) {
                for (AssertionInfo algorithmSuite : algorithmSuites) {
                    AlgorithmSuite algSuite = (AlgorithmSuite) algorithmSuite.getAssertion();
                    if (asymSignatureAlgorithm != null) {
                        algSuite.getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
                    }
                    if (symSignatureAlgorithm != null) {
                        algSuite.getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
                    }
                }
            }
        }
        checkUsernameToken(aim, message);
        // stuff we can default to asserted and un-assert if a condition isn't met
        PolicyUtils.assertPolicy(aim, SPConstants.KEY_VALUE_TOKEN);
        PolicyUtils.assertPolicy(aim, SPConstants.RSA_KEY_VALUE);
        // WSS10
        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.WSS10);
        if (!ais.isEmpty()) {
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }
            PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER);
            PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL);
            PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI);
            PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN);
        }
        // Trust 1.0
        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRUST_10);
        boolean trust10Asserted = false;
        if (!ais.isEmpty()) {
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }
            PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE);
            PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE);
            PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_ENTROPY);
            PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_SERVER_ENTROPY);
            PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_ISSUED_TOKENS);
            trust10Asserted = true;
        }
        // Trust 1.3
        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRUST_13);
        if (!ais.isEmpty()) {
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }
            PolicyUtils.assertPolicy(aim, SP12Constants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION);
            PolicyUtils.assertPolicy(aim, SP12Constants.REQUIRE_APPLIES_TO);
            PolicyUtils.assertPolicy(aim, SP13Constants.SCOPE_POLICY_15);
            PolicyUtils.assertPolicy(aim, SP13Constants.MUST_SUPPORT_INTERACTIVE_CHALLENGE);
            if (!trust10Asserted) {
                PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE);
                PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE);
                PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_ENTROPY);
                PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_SERVER_ENTROPY);
                PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_ISSUED_TOKENS);
            }
        }
        message.put(ConfigurationConstants.ACTION, action.trim());
    }
}
Also used : AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 73 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class PolicyBasedWSS4JInInterceptor method checkSymmetricBinding.

private String checkSymmetricBinding(AssertionInfoMap aim, String action, SoapMessage message, RequestData data) throws WSSecurityException {
    AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
    if (ai == null) {
        return action;
    }
    action = addToAction(action, "Signature", true);
    action = addToAction(action, "Encrypt", true);
    Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
    if (s == null) {
        s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
    }
    Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
    if (e == null) {
        e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
    }
    Crypto encrCrypto = getEncryptionCrypto(e, message, data);
    final Crypto signCrypto;
    if (e != null && e.equals(s)) {
        signCrypto = encrCrypto;
    } else {
        signCrypto = getSignatureCrypto(s, message, data);
    }
    if (isRequestor(message)) {
        Crypto crypto = encrCrypto;
        if (crypto == null) {
            crypto = signCrypto;
        }
        if (crypto != null) {
            final String refId = "RefId-" + crypto.hashCode();
            message.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, refId);
            message.put(refId, crypto);
        }
        crypto = signCrypto;
        if (crypto == null) {
            crypto = encrCrypto;
        }
        if (crypto != null) {
            final String refId = "RefId-" + crypto.hashCode();
            message.put(ConfigurationConstants.DEC_PROP_REF_ID, refId);
            message.put(refId, crypto);
        }
    } else {
        Crypto crypto = signCrypto;
        if (crypto == null) {
            crypto = encrCrypto;
        }
        if (crypto != null) {
            final String refId = "RefId-" + crypto.hashCode();
            message.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, refId);
            message.put(refId, crypto);
        }
        crypto = encrCrypto;
        if (crypto == null) {
            crypto = signCrypto;
        }
        if (crypto != null) {
            final String refId = "RefId-" + crypto.hashCode();
            message.put(ConfigurationConstants.DEC_PROP_REF_ID, refId);
            message.put(refId, crypto);
        }
    }
    return action;
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) Crypto(org.apache.wss4j.common.crypto.Crypto)

Example 74 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class PolicyBasedWSS4JInInterceptor method handleWSS11.

private void handleWSS11(AssertionInfoMap aim, SoapMessage message) {
    if (isRequestor(message)) {
        message.put(ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION, "false");
        Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.WSS11);
        if (!ais.isEmpty()) {
            for (AssertionInfo ai : ais) {
                Wss11 wss11 = (Wss11) ai.getAssertion();
                if (wss11.isRequireSignatureConfirmation()) {
                    message.put(ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
                    break;
                }
            }
        }
    }
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) Wss11(org.apache.wss4j.policy.model.Wss11)

Example 75 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class PolicyBasedWSS4JStaxInInterceptor method checkSymmetricBinding.

private void checkSymmetricBinding(AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties) throws WSSecurityException {
    AssertionInfo ais = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
    if (ais == null) {
        return;
    }
    Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
    if (s == null) {
        s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
    }
    Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
    if (e == null) {
        e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
    }
    Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
    final Crypto signCrypto;
    if (e != null && e.equals(s)) {
        signCrypto = encrCrypto;
    } else {
        signCrypto = getSignatureCrypto(s, message, securityProperties);
    }
    if (isRequestor(message)) {
        Crypto crypto = encrCrypto;
        if (crypto == null) {
            crypto = signCrypto;
        }
        if (crypto != null) {
            securityProperties.setSignatureCrypto(crypto);
        }
        crypto = signCrypto;
        if (crypto == null) {
            crypto = encrCrypto;
        }
        if (crypto != null) {
            securityProperties.setDecryptionCrypto(crypto);
        }
    } else {
        Crypto crypto = signCrypto;
        if (crypto == null) {
            crypto = encrCrypto;
        }
        if (crypto != null) {
            securityProperties.setSignatureVerificationCrypto(crypto);
        }
        crypto = encrCrypto;
        if (crypto == null) {
            crypto = signCrypto;
        }
        if (crypto != null) {
            securityProperties.setDecryptionCrypto(crypto);
        }
    }
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) Crypto(org.apache.wss4j.common.crypto.Crypto)

Aggregations

AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)99 AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)45 QName (javax.xml.namespace.QName)21 SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)14 ArrayList (java.util.ArrayList)12 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)12 SamlToken (org.apache.wss4j.policy.model.SamlToken)12 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)10 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)10 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)9 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)9 X509Token (org.apache.wss4j.policy.model.X509Token)9 Element (org.w3c.dom.Element)9 PolicyException (org.apache.cxf.ws.policy.PolicyException)8 KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)8 Header (org.apache.wss4j.policy.model.Header)7 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)6 Message (org.apache.cxf.message.Message)6 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)6 TLSSessionInfo (org.apache.cxf.security.transport.TLSSessionInfo)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial