Search in sources :

Example 76 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class PolicyBasedWSS4JStaxInInterceptor method checkAsymmetricBinding.

private void checkAsymmetricBinding(AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties) throws WSSecurityException {
    AssertionInfo ais = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
    if (ais == null) {
        return;
    }
    Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
    if (s == null) {
        s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
    }
    Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
    if (e == null) {
        e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
    }
    Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
    final Crypto signCrypto;
    if (e != null && e.equals(s)) {
        signCrypto = encrCrypto;
    } else {
        signCrypto = getSignatureCrypto(s, message, securityProperties);
    }
    if (signCrypto != null) {
        securityProperties.setDecryptionCrypto(signCrypto);
    }
    if (encrCrypto != null) {
        securityProperties.setSignatureVerificationCrypto(encrCrypto);
    } else if (signCrypto != null) {
        securityProperties.setSignatureVerificationCrypto(signCrypto);
    }
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) Crypto(org.apache.wss4j.common.crypto.Crypto)

Example 77 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class PolicyBasedWSS4JStaxInInterceptor method configureProperties.

@Override
protected void configureProperties(SoapMessage msg, WSSSecurityProperties securityProperties) throws XMLSecurityException {
    AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
    checkAsymmetricBinding(aim, msg, securityProperties);
    checkSymmetricBinding(aim, msg, securityProperties);
    checkTransportBinding(aim, msg, securityProperties);
    // Allow for setting non-standard signature algorithms
    String asymSignatureAlgorithm = (String) msg.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
    String symSignatureAlgorithm = (String) msg.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
    if (asymSignatureAlgorithm != null || symSignatureAlgorithm != null) {
        Collection<AssertionInfo> algorithmSuites = aim.get(SP12Constants.ALGORITHM_SUITE);
        if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
            for (AssertionInfo algorithmSuite : algorithmSuites) {
                AlgorithmSuite algSuite = (AlgorithmSuite) algorithmSuite.getAssertion();
                if (asymSignatureAlgorithm != null) {
                    algSuite.getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
                }
                if (symSignatureAlgorithm != null) {
                    algSuite.getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
                }
            }
        }
    }
    super.configureProperties(msg, securityProperties);
}
Also used : AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 78 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AbstractTokenInterceptor method policyNotAsserted.

protected void policyNotAsserted(AbstractToken assertion, Exception reason, SoapMessage message) {
    if (assertion == null) {
        return;
    }
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    Collection<AssertionInfo> ais = aim.get(assertion.getName());
    if (ais != null) {
        for (AssertionInfo ai : ais) {
            if (ai.getAssertion() == assertion) {
                ai.setNotAsserted(reason.getMessage());
            }
        }
    }
    throw new PolicyException(reason);
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) PolicyException(org.apache.cxf.ws.policy.PolicyException) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 79 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AbstractCommonBindingHandler method assertWSSProperties.

protected void assertWSSProperties(String namespace) {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    Collection<AssertionInfo> wss10Ais = aim.get(new QName(namespace, SPConstants.WSS10));
    if (wss10Ais != null) {
        for (AssertionInfo ai : wss10Ais) {
            ai.setAsserted(true);
            Wss10 wss10 = (Wss10) ai.getAssertion();
            assertWSS10Properties(wss10);
        }
    }
    Collection<AssertionInfo> wss11Ais = aim.get(new QName(namespace, SPConstants.WSS11));
    if (wss11Ais != null) {
        for (AssertionInfo ai : wss11Ais) {
            ai.setAsserted(true);
            Wss11 wss11 = (Wss11) ai.getAssertion();
            assertWSS10Properties(wss11);
            if (wss11.isMustSupportRefThumbprint()) {
                assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_THUMBPRINT));
            }
            if (wss11.isMustSupportRefEncryptedKey()) {
                assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY));
            }
            if (wss11.isRequireSignatureConfirmation()) {
                assertPolicy(new QName(namespace, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
            }
        }
    }
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) QName(javax.xml.namespace.QName) Wss11(org.apache.wss4j.policy.model.Wss11) Wss10(org.apache.wss4j.policy.model.Wss10) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 80 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AbstractCommonBindingHandler method assertTrustProperties.

protected void assertTrustProperties(String namespace) {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    Collection<AssertionInfo> trust10Ais = aim.get(new QName(namespace, SPConstants.TRUST_10));
    if (trust10Ais != null) {
        for (AssertionInfo ai : trust10Ais) {
            ai.setAsserted(true);
            Trust10 trust10 = (Trust10) ai.getAssertion();
            assertTrust10Properties(trust10);
        }
    }
    Collection<AssertionInfo> trust13Ais = aim.get(new QName(namespace, SPConstants.TRUST_13));
    if (trust13Ais != null) {
        for (AssertionInfo ai : trust13Ais) {
            ai.setAsserted(true);
            Trust13 trust13 = (Trust13) ai.getAssertion();
            assertTrust10Properties(trust13);
            if (trust13.isRequireRequestSecurityTokenCollection()) {
                assertPolicy(new QName(namespace, SPConstants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION));
            }
            if (trust13.isRequireAppliesTo()) {
                assertPolicy(new QName(namespace, SPConstants.REQUIRE_APPLIES_TO));
            }
            if (trust13.isScopePolicy15()) {
                assertPolicy(new QName(namespace, SPConstants.SCOPE_POLICY_15));
            }
            if (trust13.isMustSupportInteractiveChallenge()) {
                assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_INTERACTIVE_CHALLENGE));
            }
        }
    }
}
Also used : Trust13(org.apache.wss4j.policy.model.Trust13) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) QName(javax.xml.namespace.QName) Trust10(org.apache.wss4j.policy.model.Trust10) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Aggregations

AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)99 AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)45 QName (javax.xml.namespace.QName)21 SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)14 ArrayList (java.util.ArrayList)12 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)12 SamlToken (org.apache.wss4j.policy.model.SamlToken)12 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)10 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)10 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)9 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)9 X509Token (org.apache.wss4j.policy.model.X509Token)9 Element (org.w3c.dom.Element)9 PolicyException (org.apache.cxf.ws.policy.PolicyException)8 KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)8 Header (org.apache.wss4j.policy.model.Header)7 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)6 Message (org.apache.cxf.message.Message)6 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)6 TLSSessionInfo (org.apache.cxf.security.transport.TLSSessionInfo)5