use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class PolicyBasedWSS4JStaxInInterceptor method checkAsymmetricBinding.
private void checkAsymmetricBinding(AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties) throws WSSecurityException {
AssertionInfo ais = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
if (ais == null) {
return;
}
Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
final Crypto signCrypto;
if (e != null && e.equals(s)) {
signCrypto = encrCrypto;
} else {
signCrypto = getSignatureCrypto(s, message, securityProperties);
}
if (signCrypto != null) {
securityProperties.setDecryptionCrypto(signCrypto);
}
if (encrCrypto != null) {
securityProperties.setSignatureVerificationCrypto(encrCrypto);
} else if (signCrypto != null) {
securityProperties.setSignatureVerificationCrypto(signCrypto);
}
}
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class PolicyBasedWSS4JStaxInInterceptor method configureProperties.
@Override
protected void configureProperties(SoapMessage msg, WSSSecurityProperties securityProperties) throws XMLSecurityException {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
checkAsymmetricBinding(aim, msg, securityProperties);
checkSymmetricBinding(aim, msg, securityProperties);
checkTransportBinding(aim, msg, securityProperties);
// Allow for setting non-standard signature algorithms
String asymSignatureAlgorithm = (String) msg.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
String symSignatureAlgorithm = (String) msg.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
if (asymSignatureAlgorithm != null || symSignatureAlgorithm != null) {
Collection<AssertionInfo> algorithmSuites = aim.get(SP12Constants.ALGORITHM_SUITE);
if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
for (AssertionInfo algorithmSuite : algorithmSuites) {
AlgorithmSuite algSuite = (AlgorithmSuite) algorithmSuite.getAssertion();
if (asymSignatureAlgorithm != null) {
algSuite.getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
}
if (symSignatureAlgorithm != null) {
algSuite.getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
}
}
}
}
super.configureProperties(msg, securityProperties);
}
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AbstractTokenInterceptor method policyNotAsserted.
protected void policyNotAsserted(AbstractToken assertion, Exception reason, SoapMessage message) {
if (assertion == null) {
return;
}
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais = aim.get(assertion.getName());
if (ais != null) {
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == assertion) {
ai.setNotAsserted(reason.getMessage());
}
}
}
throw new PolicyException(reason);
}
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AbstractCommonBindingHandler method assertWSSProperties.
protected void assertWSSProperties(String namespace) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> wss10Ais = aim.get(new QName(namespace, SPConstants.WSS10));
if (wss10Ais != null) {
for (AssertionInfo ai : wss10Ais) {
ai.setAsserted(true);
Wss10 wss10 = (Wss10) ai.getAssertion();
assertWSS10Properties(wss10);
}
}
Collection<AssertionInfo> wss11Ais = aim.get(new QName(namespace, SPConstants.WSS11));
if (wss11Ais != null) {
for (AssertionInfo ai : wss11Ais) {
ai.setAsserted(true);
Wss11 wss11 = (Wss11) ai.getAssertion();
assertWSS10Properties(wss11);
if (wss11.isMustSupportRefThumbprint()) {
assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_THUMBPRINT));
}
if (wss11.isMustSupportRefEncryptedKey()) {
assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY));
}
if (wss11.isRequireSignatureConfirmation()) {
assertPolicy(new QName(namespace, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
}
}
}
}
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AbstractCommonBindingHandler method assertTrustProperties.
protected void assertTrustProperties(String namespace) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> trust10Ais = aim.get(new QName(namespace, SPConstants.TRUST_10));
if (trust10Ais != null) {
for (AssertionInfo ai : trust10Ais) {
ai.setAsserted(true);
Trust10 trust10 = (Trust10) ai.getAssertion();
assertTrust10Properties(trust10);
}
}
Collection<AssertionInfo> trust13Ais = aim.get(new QName(namespace, SPConstants.TRUST_13));
if (trust13Ais != null) {
for (AssertionInfo ai : trust13Ais) {
ai.setAsserted(true);
Trust13 trust13 = (Trust13) ai.getAssertion();
assertTrust10Properties(trust13);
if (trust13.isRequireRequestSecurityTokenCollection()) {
assertPolicy(new QName(namespace, SPConstants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION));
}
if (trust13.isRequireAppliesTo()) {
assertPolicy(new QName(namespace, SPConstants.REQUIRE_APPLIES_TO));
}
if (trust13.isScopePolicy15()) {
assertPolicy(new QName(namespace, SPConstants.SCOPE_POLICY_15));
}
if (trust13.isMustSupportInteractiveChallenge()) {
assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_INTERACTIVE_CHALLENGE));
}
}
}
}
Aggregations