Examples with AssertionInfo org.apache.cxf.ws.policy.AssertionInfo used on opensource projects

Example 11 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class PolicyBasedWSS4JInInterceptor method checkAsymmetricBinding.

private String checkAsymmetricBinding(AssertionInfoMap aim, String action, SoapMessage message, RequestData data) throws WSSecurityException {
    AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
    if (ai == null) {
        return action;
    }
    action = addToAction(action, "Signature", true);
    action = addToAction(action, "Encrypt", true);
    Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
    if (s == null) {
        s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
    }
    Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
    if (e == null) {
        e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
    }
    Crypto encrCrypto = getEncryptionCrypto(e, message, data);
    final Crypto signCrypto;
    if (e != null && e.equals(s)) {
        signCrypto = encrCrypto;
    } else {
        signCrypto = getSignatureCrypto(s, message, data);
    }
    final String signCryptoRefId = signCrypto != null ? "RefId-" + signCrypto.hashCode() : null;
    if (signCrypto != null) {
        message.put(ConfigurationConstants.DEC_PROP_REF_ID, signCryptoRefId);
        message.put(signCryptoRefId, signCrypto);
    }
    if (encrCrypto != null) {
        final String encCryptoRefId = "RefId-" + encrCrypto.hashCode();
        message.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, encCryptoRefId);
        message.put(encCryptoRefId, encrCrypto);
    } else if (signCrypto != null) {
        message.put(ConfigurationConstants.SIG_VER_PROP_REF_ID, signCryptoRefId);
        message.put(signCryptoRefId, signCrypto);
    }
    return action;
}

Example 12 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class SecureConversationInInterceptor method handleMessage.

public void handleMessage(SoapMessage message) throws Fault {
    final AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim != null) {
        final Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SECURE_CONVERSATION_TOKEN);
        if (ais.isEmpty()) {
            return;
        }
        if (isRequestor(message)) {
            // client side should be checked on the way out
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }
            assertPolicies(aim);
            Object s = message.getContextualProperty(SecurityConstants.STS_TOKEN_DO_CANCEL);
            if (s != null && (Boolean.TRUE.equals(s) || "true".equalsIgnoreCase(s.toString()))) {
                message.getInterceptorChain().add(SecureConversationCancelInterceptor.INSTANCE);
            }
            return;
        }
        String s = (String) message.get(SoapBindingConstants.SOAP_ACTION);
        if (s == null) {
            s = SoapActionInInterceptor.getSoapAction(message);
        }
        if (s != null) {
            handleMessageForAction(message, s, aim, ais);
        } else {
            // could not get an action, we have to delay until after the WS-A headers are read and
            // processed
            AbstractPhaseInterceptor<SoapMessage> post = new AbstractPhaseInterceptor<SoapMessage>(Phase.PRE_PROTOCOL) {

                public void handleMessage(SoapMessage message) throws Fault {
                    String s = (String) message.get(SoapBindingConstants.SOAP_ACTION);
                    if (s == null) {
                        s = SoapActionInInterceptor.getSoapAction(message);
                    }
                    handleMessageForAction(message, s, aim, ais);
                }
            };
            post.addAfter(MAPCodec.class.getName());
            post.addBefore(PolicyBasedWSS4JInInterceptor.class.getName());
            // need to drop to DOM version so we can setup the sec/conv stuff in advance
            message.put(SecurityConstants.ENABLE_STREAMING_SECURITY, Boolean.FALSE);
            message.getInterceptorChain().add(post);
        }
    }
}

Example 13 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class SpnegoContextTokenInInterceptor method handleMessage.

public void handleMessage(SoapMessage message) throws Fault {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim != null) {
        Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SPNEGO_CONTEXT_TOKEN);
        if (ais.isEmpty()) {
            return;
        }
        if (isRequestor(message)) {
            // client side should be checked on the way out
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }
            return;
        }
        String s = (String) message.get(SoapBindingConstants.SOAP_ACTION);
        if (s == null) {
            s = SoapActionInInterceptor.getSoapAction(message);
        }
        AddressingProperties inProps = (AddressingProperties) message.getContextualProperty(JAXWSAConstants.ADDRESSING_PROPERTIES_INBOUND);
        if (inProps != null && s == null) {
            // MS/WCF doesn't put a soap action out for this, must check the headers
            s = inProps.getAction().getValue();
        }
        if (s != null && s.contains("/RST/Issue") && (s.startsWith(STSUtils.WST_NS_05_02) || s.startsWith(STSUtils.WST_NS_05_12))) {
            Policy p = new Policy();
            ExactlyOne ea = new ExactlyOne();
            p.addPolicyComponent(ea);
            All all = new All();
            Assertion ass = NegotiationUtils.getAddressingPolicy(aim, false);
            all.addPolicyComponent(ass);
            ea.addPolicyComponent(all);
            // setup endpoint and forward to it.
            unmapSecurityProps(message);
            String ns = STSUtils.WST_NS_05_12;
            if (s.startsWith(STSUtils.WST_NS_05_02)) {
                ns = STSUtils.WST_NS_05_02;
            }
            NegotiationUtils.recalcEffectivePolicy(message, ns, p, new SpnegoSTSInvoker(), false);
        } else {
            message.getInterceptorChain().add(SpnegoContextTokenFinderInterceptor.INSTANCE);
        }
    }
}

Example 14 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class SecureConversationOutInterceptor method handleMessage.

public void handleMessage(SoapMessage message) throws Fault {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim != null) {
        Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SECURE_CONVERSATION_TOKEN);
        if (ais.isEmpty()) {
            return;
        }
        if (isRequestor(message)) {
            SecureConversationToken itok = (SecureConversationToken) ais.iterator().next().getAssertion();
            try {
                SecurityToken tok = (SecurityToken) message.getContextualProperty(SecurityConstants.TOKEN);
                if (tok == null) {
                    String tokId = (String) message.getContextualProperty(SecurityConstants.TOKEN_ID);
                    if (tokId != null) {
                        tok = TokenStoreUtils.getTokenStore(message).getToken(tokId);
                    }
                }
                if (tok == null) {
                    tok = issueToken(message, aim, itok);
                } else {
                    tok = renewToken(message, aim, tok, itok);
                }
                if (tok != null) {
                    for (AssertionInfo ai : ais) {
                        ai.setAsserted(true);
                    }
                    message.getExchange().getEndpoint().put(SecurityConstants.TOKEN, tok);
                    message.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID, tok.getId());
                    message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getId());
                    message.getExchange().put(SecurityConstants.TOKEN, tok);
                    TokenStoreUtils.getTokenStore(message).add(tok);
                }
                PolicyUtils.assertPolicy(aim, SPConstants.BOOTSTRAP_POLICY);
            } catch (TokenStoreException ex) {
                throw new Fault(ex);
            }
        } else {
            // server side should be checked on the way in
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }
            PolicyUtils.assertPolicy(aim, SPConstants.BOOTSTRAP_POLICY);
        }
    }
}

Example 15 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class SecurityVerificationOutInterceptor method getSecuredPart.

private AssertionInfo getSecuredPart(AssertionInfoMap aim) {
    AssertionInfo assertion = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_PARTS);
    if (assertion != null) {
        return assertion;
    }
    assertion = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_ELEMENTS);
    if (assertion != null) {
        return assertion;
    }
    assertion = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ENCRYPTED_PARTS);
    if (assertion != null) {
        return assertion;
    }
    assertion = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS);
    if (assertion != null) {
        return assertion;
    }
    assertion = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
    if (assertion != null) {
        return assertion;
    }
    return null;
}