Example 91 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class SecurityContextTokenPolicyValidator method validatePolicies.
/**
* Validate policies.
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
List<WSSecurityEngineResult> sctResults = parameters.getResults().getActionResults().get(WSConstants.SCT);
for (AssertionInfo ai : ais) {
SecurityContextToken sctPolicy = (SecurityContextToken) ai.getAssertion();
ai.setAsserted(true);
assertToken(sctPolicy, parameters.getAssertionInfoMap());
if (!isTokenRequired(sctPolicy, parameters.getMessage())) {
continue;
}
if (sctResults == null || sctResults.isEmpty()) {
ai.setNotAsserted("The received token does not match the token inclusion requirement");
continue;
}
}
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 92 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class SignedEncryptedTokenPolicyValidator method validatePolicies.
/**
* Validate policies.
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
// Tokens must be encrypted even if TLS is used unless we have a TransportBinding policy available
if (isTLSInUse(parameters.getMessage())) {
AssertionInfo transportAi = PolicyUtils.getFirstAssertionByLocalname(parameters.getAssertionInfoMap(), SPConstants.TRANSPORT_BINDING);
super.setEnforceEncryptedTokens(transportAi == null);
}
for (AssertionInfo ai : ais) {
SupportingTokens binding = (SupportingTokens) ai.getAssertion();
ai.setAsserted(true);
setSignedParts(binding.getSignedParts());
setEncryptedParts(binding.getEncryptedParts());
setSignedElements(binding.getSignedElements());
setEncryptedElements(binding.getEncryptedElements());
List<AbstractToken> tokens = binding.getTokens();
for (AbstractToken token : tokens) {
if (!isTokenRequired(token, parameters.getMessage())) {
continue;
}
boolean processingFailed = false;
if (token instanceof UsernameToken) {
if (!processUsernameTokens(parameters, false)) {
processingFailed = true;
}
} else if (token instanceof KerberosToken) {
if (!processKerberosTokens(parameters, false)) {
processingFailed = true;
}
} else if (token instanceof X509Token) {
if (!processX509Tokens(parameters, false)) {
processingFailed = true;
}
} else if (token instanceof KeyValueToken) {
if (!processKeyValueTokens(parameters)) {
processingFailed = true;
}
} else if (token instanceof SecurityContextToken || token instanceof SpnegoContextToken) {
if (!processSCTokens(parameters, false)) {
processingFailed = true;
}
} else if (token instanceof SamlToken) {
if (!processSAMLTokens(parameters, false)) {
processingFailed = true;
}
} else if (token instanceof IssuedToken) {
IssuedToken issuedToken = (IssuedToken) token;
if (isSamlTokenRequiredForIssuedToken(issuedToken) && !processSAMLTokens(parameters, false)) {
processingFailed = true;
}
} else {
processingFailed = true;
}
if (processingFailed) {
ai.setNotAsserted("The received token does not match the signed encrypted supporting token requirement");
continue;
}
}
}
}
Also used :
SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
SamlToken(org.apache.wss4j.policy.model.SamlToken)
KerberosToken(org.apache.wss4j.policy.model.KerberosToken)
IssuedToken(org.apache.wss4j.policy.model.IssuedToken)
UsernameToken(org.apache.wss4j.policy.model.UsernameToken)
SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken)
AbstractToken(org.apache.wss4j.policy.model.AbstractToken)
X509Token(org.apache.wss4j.policy.model.X509Token)
SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken)
KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken)
Example 93 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class PluggablePolicyValidatorTest method runInInterceptorAndValidate.
private void runInInterceptorAndValidate(String document, String policyDocument, List<QName> assertedInAssertions, List<QName> notAssertedInAssertions, List<CoverageType> types, Map<QName, SecurityPolicyValidator> validators) throws Exception {
final Policy policy = this.policyBuilder.getPolicy(this.readDocument(policyDocument).getDocumentElement());
final Document doc = this.readDocument(document);
final AssertionInfoMap aim = new AssertionInfoMap(policy);
this.runInInterceptorAndValidateWss(doc, aim, types, validators);
try {
aim.checkEffectivePolicy(policy);
} catch (PolicyException e) {
// Expected but not relevant
} finally {
if (assertedInAssertions != null) {
for (QName assertionType : assertedInAssertions) {
Collection<AssertionInfo> ais = aim.get(assertionType);
assertNotNull(ais);
for (AssertionInfo ai : ais) {
checkAssertion(aim, assertionType, ai, true);
}
}
}
if (notAssertedInAssertions != null) {
for (QName assertionType : notAssertedInAssertions) {
Collection<AssertionInfo> ais = aim.get(assertionType);
assertNotNull(ais);
for (AssertionInfo ai : ais) {
checkAssertion(aim, assertionType, ai, false);
}
}
}
}
}
Also used :
Policy(org.apache.neethi.Policy)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
PolicyException(org.apache.cxf.ws.policy.PolicyException)
QName(javax.xml.namespace.QName)
Document(org.w3c.dom.Document)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 94 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AbstractPolicySecurityTest method runInInterceptorAndValidate.
protected void runInInterceptorAndValidate(Document document, Policy policy, List<QName> assertedInAssertions, List<QName> notAssertedInAssertions, List<CoverageType> types) throws Exception {
final AssertionInfoMap aim = new AssertionInfoMap(policy);
this.runInInterceptorAndValidateWss(document, aim, types);
try {
aim.checkEffectivePolicy(policy);
} catch (PolicyException e) {
// Expected but not relevant
} finally {
if (assertedInAssertions != null) {
for (QName assertionType : assertedInAssertions) {
Collection<AssertionInfo> ais = aim.get(assertionType);
assertNotNull(ais);
for (AssertionInfo ai : ais) {
checkAssertion(aim, assertionType, ai, true);
}
}
}
if (notAssertedInAssertions != null) {
for (QName assertionType : notAssertedInAssertions) {
Collection<AssertionInfo> ais = aim.get(assertionType);
assertNotNull(ais);
for (AssertionInfo ai : ais) {
checkAssertion(aim, assertionType, ai, false);
}
}
}
}
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
PolicyException(org.apache.cxf.ws.policy.PolicyException)
QName(javax.xml.namespace.QName)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 95 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class CustomPolicyAlgorithmsTest method testSHA256AsymSigAlgorithm.
@Test
public void testSHA256AsymSigAlgorithm() throws Exception {
final String rsaSha2SigMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
String policyName = "signed_elements_policy.xml";
Policy policy = policyBuilder.getPolicy(this.getResourceAsStream(policyName));
AssertionInfoMap aim = new AssertionInfoMap(policy);
AssertionInfo assertInfo = aim.get(SP12Constants.ASYMMETRIC_BINDING).iterator().next();
AsymmetricBinding binding = (AsymmetricBinding) assertInfo.getAssertion();
// set Signature Algorithm to RSA SHA-256
binding.getAlgorithmSuite().getAlgorithmSuiteType().setAsymmetricSignature(rsaSha2SigMethod);
String sigMethod = binding.getAlgorithmSuite().getAlgorithmSuiteType().getAsymmetricSignature();
assertNotNull(sigMethod);
assertEquals(rsaSha2SigMethod, sigMethod);
}
Also used :
Policy(org.apache.neethi.Policy)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
AsymmetricBinding(org.apache.wss4j.policy.model.AsymmetricBinding)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Test(org.junit.Test)
Aggregations
AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)99
AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)45
QName (javax.xml.namespace.QName)21
SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)14
ArrayList (java.util.ArrayList)12
AbstractToken (org.apache.wss4j.policy.model.AbstractToken)12
SamlToken (org.apache.wss4j.policy.model.SamlToken)12
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)10
UsernameToken (org.apache.wss4j.policy.model.UsernameToken)10
KerberosToken (org.apache.wss4j.policy.model.KerberosToken)9
SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)9
X509Token (org.apache.wss4j.policy.model.X509Token)9
Element (org.w3c.dom.Element)9
PolicyException (org.apache.cxf.ws.policy.PolicyException)8
KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)8
Header (org.apache.wss4j.policy.model.Header)7
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)6
Message (org.apache.cxf.message.Message)6
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)6
TLSSessionInfo (org.apache.cxf.security.transport.TLSSessionInfo)5
