Example 76 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class PolicyBasedWSS4JStaxInInterceptor method checkAsymmetricBinding.
private void checkAsymmetricBinding(AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties) throws WSSecurityException {
AssertionInfo ais = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
if (ais == null) {
return;
}
Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
final Crypto signCrypto;
if (e != null && e.equals(s)) {
signCrypto = encrCrypto;
} else {
signCrypto = getSignatureCrypto(s, message, securityProperties);
}
if (signCrypto != null) {
securityProperties.setDecryptionCrypto(signCrypto);
}
if (encrCrypto != null) {
securityProperties.setSignatureVerificationCrypto(encrCrypto);
} else if (signCrypto != null) {
securityProperties.setSignatureVerificationCrypto(signCrypto);
}
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
Crypto(org.apache.wss4j.common.crypto.Crypto)
Example 77 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class PolicyBasedWSS4JStaxInInterceptor method configureProperties.
@Override
protected void configureProperties(SoapMessage msg, WSSSecurityProperties securityProperties) throws XMLSecurityException {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
checkAsymmetricBinding(aim, msg, securityProperties);
checkSymmetricBinding(aim, msg, securityProperties);
checkTransportBinding(aim, msg, securityProperties);
// Allow for setting non-standard signature algorithms
String asymSignatureAlgorithm = (String) msg.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
String symSignatureAlgorithm = (String) msg.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
if (asymSignatureAlgorithm != null || symSignatureAlgorithm != null) {
Collection<AssertionInfo> algorithmSuites = aim.get(SP12Constants.ALGORITHM_SUITE);
if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
for (AssertionInfo algorithmSuite : algorithmSuites) {
AlgorithmSuite algSuite = (AlgorithmSuite) algorithmSuite.getAssertion();
if (asymSignatureAlgorithm != null) {
algSuite.getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
}
if (symSignatureAlgorithm != null) {
algSuite.getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
}
}
}
}
super.configureProperties(msg, securityProperties);
}
Also used :
AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 78 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AbstractTokenInterceptor method policyNotAsserted.
protected void policyNotAsserted(AbstractToken assertion, Exception reason, SoapMessage message) {
if (assertion == null) {
return;
}
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais = aim.get(assertion.getName());
if (ais != null) {
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == assertion) {
ai.setNotAsserted(reason.getMessage());
}
}
}
throw new PolicyException(reason);
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
PolicyException(org.apache.cxf.ws.policy.PolicyException)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 79 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AbstractCommonBindingHandler method assertWSSProperties.
protected void assertWSSProperties(String namespace) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> wss10Ais = aim.get(new QName(namespace, SPConstants.WSS10));
if (wss10Ais != null) {
for (AssertionInfo ai : wss10Ais) {
ai.setAsserted(true);
Wss10 wss10 = (Wss10) ai.getAssertion();
assertWSS10Properties(wss10);
}
}
Collection<AssertionInfo> wss11Ais = aim.get(new QName(namespace, SPConstants.WSS11));
if (wss11Ais != null) {
for (AssertionInfo ai : wss11Ais) {
ai.setAsserted(true);
Wss11 wss11 = (Wss11) ai.getAssertion();
assertWSS10Properties(wss11);
if (wss11.isMustSupportRefThumbprint()) {
assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_THUMBPRINT));
}
if (wss11.isMustSupportRefEncryptedKey()) {
assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY));
}
if (wss11.isRequireSignatureConfirmation()) {
assertPolicy(new QName(namespace, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
}
}
}
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
QName(javax.xml.namespace.QName)
Wss11(org.apache.wss4j.policy.model.Wss11)
Wss10(org.apache.wss4j.policy.model.Wss10)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 80 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AbstractCommonBindingHandler method assertTrustProperties.
protected void assertTrustProperties(String namespace) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> trust10Ais = aim.get(new QName(namespace, SPConstants.TRUST_10));
if (trust10Ais != null) {
for (AssertionInfo ai : trust10Ais) {
ai.setAsserted(true);
Trust10 trust10 = (Trust10) ai.getAssertion();
assertTrust10Properties(trust10);
}
}
Collection<AssertionInfo> trust13Ais = aim.get(new QName(namespace, SPConstants.TRUST_13));
if (trust13Ais != null) {
for (AssertionInfo ai : trust13Ais) {
ai.setAsserted(true);
Trust13 trust13 = (Trust13) ai.getAssertion();
assertTrust10Properties(trust13);
if (trust13.isRequireRequestSecurityTokenCollection()) {
assertPolicy(new QName(namespace, SPConstants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION));
}
if (trust13.isRequireAppliesTo()) {
assertPolicy(new QName(namespace, SPConstants.REQUIRE_APPLIES_TO));
}
if (trust13.isScopePolicy15()) {
assertPolicy(new QName(namespace, SPConstants.SCOPE_POLICY_15));
}
if (trust13.isMustSupportInteractiveChallenge()) {
assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_INTERACTIVE_CHALLENGE));
}
}
}
}
Also used :
Trust13(org.apache.wss4j.policy.model.Trust13)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
QName(javax.xml.namespace.QName)
Trust10(org.apache.wss4j.policy.model.Trust10)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Aggregations
AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)99
AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)45
QName (javax.xml.namespace.QName)21
SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)14
ArrayList (java.util.ArrayList)12
AbstractToken (org.apache.wss4j.policy.model.AbstractToken)12
SamlToken (org.apache.wss4j.policy.model.SamlToken)12
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)10
UsernameToken (org.apache.wss4j.policy.model.UsernameToken)10
KerberosToken (org.apache.wss4j.policy.model.KerberosToken)9
SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)9
X509Token (org.apache.wss4j.policy.model.X509Token)9
Element (org.w3c.dom.Element)9
PolicyException (org.apache.cxf.ws.policy.PolicyException)8
KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)8
Header (org.apache.wss4j.policy.model.Header)7
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)6
Message (org.apache.cxf.message.Message)6
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)6
TLSSessionInfo (org.apache.cxf.security.transport.TLSSessionInfo)5
