Example 31 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class SymmetricBindingPolicyValidator method validatePolicies.
/**
* Validate policies.
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
boolean hasDerivedKeys = parameters.getResults().getActionResults().containsKey(WSConstants.DKT);
for (AssertionInfo ai : ais) {
SymmetricBinding binding = (SymmetricBinding) ai.getAssertion();
ai.setAsserted(true);
// Check the protection order
if (!checkProtectionOrder(binding, parameters.getAssertionInfoMap(), ai, parameters.getResults().getResults())) {
continue;
}
// Check various properties of the binding
if (!checkProperties(binding, ai, parameters.getAssertionInfoMap(), parameters.getResults(), parameters.getSignedResults(), parameters.getMessage())) {
continue;
}
// Check various tokens of the binding
if (!checkTokens(binding, ai, parameters.getAssertionInfoMap(), hasDerivedKeys, parameters.getSignedResults(), parameters.getEncryptedResults())) {
continue;
}
}
}
Also used :
SymmetricBinding(org.apache.wss4j.policy.model.SymmetricBinding)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
Example 32 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class UsernameTokenPolicyValidator method validatePolicies.
/**
* Validate policies. W
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
for (AssertionInfo ai : ais) {
org.apache.wss4j.policy.model.UsernameToken usernameTokenPolicy = (org.apache.wss4j.policy.model.UsernameToken) ai.getAssertion();
ai.setAsserted(true);
assertToken(usernameTokenPolicy, parameters.getAssertionInfoMap());
if (!isTokenRequired(usernameTokenPolicy, parameters.getMessage())) {
continue;
}
if (parameters.getUsernameTokenResults().isEmpty()) {
ai.setNotAsserted("The received token does not match the token inclusion requirement");
continue;
}
if (!checkTokens(usernameTokenPolicy, ai, parameters.getUsernameTokenResults())) {
continue;
}
}
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
Example 33 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class WSS11PolicyValidator method validatePolicies.
/**
* Validate policies.
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
List<WSSecurityEngineResult> scResults = parameters.getResults().getActionResults().get(WSConstants.SC);
for (AssertionInfo ai : ais) {
Wss11 wss11 = (Wss11) ai.getAssertion();
ai.setAsserted(true);
assertToken(wss11, parameters.getAssertionInfoMap());
if (!MessageUtils.isRequestor(parameters.getMessage())) {
continue;
}
if ((wss11.isRequireSignatureConfirmation() && (scResults == null || scResults.isEmpty())) || (!wss11.isRequireSignatureConfirmation() && !(scResults == null || scResults.isEmpty()))) {
ai.setNotAsserted("Signature Confirmation policy validation failed");
continue;
}
}
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
Wss11(org.apache.wss4j.policy.model.Wss11)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 34 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AlgorithmSuitePolicyValidator method validatePolicies.
/**
* Validate policies.
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
for (AssertionInfo ai : ais) {
AlgorithmSuite algorithmSuite = (AlgorithmSuite) ai.getAssertion();
ai.setAsserted(true);
boolean valid = validatePolicy(ai, algorithmSuite, parameters.getResults().getResults());
if (valid) {
String namespace = algorithmSuite.getAlgorithmSuiteType().getNamespace();
String name = algorithmSuite.getAlgorithmSuiteType().getName();
Collection<AssertionInfo> algSuiteAis = parameters.getAssertionInfoMap().get(new QName(namespace, name));
if (algSuiteAis != null) {
for (AssertionInfo algSuiteAi : algSuiteAis) {
algSuiteAi.setAsserted(true);
}
}
PolicyUtils.assertPolicy(parameters.getAssertionInfoMap(), new QName(algorithmSuite.getName().getNamespaceURI(), algorithmSuite.getC14n().name()));
} else if (ai.isAsserted()) {
ai.setNotAsserted("Error in validating AlgorithmSuite policy");
}
}
}
Also used :
AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
QName(javax.xml.namespace.QName)
Example 35 with AssertionInfo
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class IssuedTokenPolicyValidator method validateSAMLToken.
private boolean validateSAMLToken(PolicyValidatorParameters parameters, SamlAssertionWrapper samlAssertion, Collection<AssertionInfo> ais) {
boolean asserted = true;
for (AssertionInfo ai : ais) {
IssuedToken issuedToken = (IssuedToken) ai.getAssertion();
ai.setAsserted(true);
assertToken(issuedToken, parameters.getAssertionInfoMap());
if (!isTokenRequired(issuedToken, parameters.getMessage())) {
continue;
}
if (samlAssertion == null) {
asserted = false;
ai.setNotAsserted("The received token does not match the token inclusion requirement");
continue;
}
Element template = issuedToken.getRequestSecurityTokenTemplate();
if (template != null && !checkIssuedTokenTemplate(template, samlAssertion)) {
asserted = false;
ai.setNotAsserted("Error in validating the IssuedToken policy");
continue;
}
Element claims = issuedToken.getClaims();
if (claims != null) {
String dialect = claims.getAttributeNS(null, "Dialect");
if (claimsValidator.getDialect().equals(dialect) && !claimsValidator.validatePolicy(claims, samlAssertion)) {
asserted = false;
ai.setNotAsserted("Error in validating the Claims policy");
continue;
}
}
TLSSessionInfo tlsInfo = parameters.getMessage().get(TLSSessionInfo.class);
Certificate[] tlsCerts = null;
if (tlsInfo != null) {
tlsCerts = tlsInfo.getPeerCertificates();
}
if (!checkHolderOfKey(samlAssertion, parameters.getSignedResults(), tlsCerts)) {
asserted = false;
ai.setNotAsserted("Assertion fails holder-of-key requirements");
continue;
}
}
return asserted;
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
IssuedToken(org.apache.wss4j.policy.model.IssuedToken)
Element(org.w3c.dom.Element)
TLSSessionInfo(org.apache.cxf.security.transport.TLSSessionInfo)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)99
AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)45
QName (javax.xml.namespace.QName)21
SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)14
ArrayList (java.util.ArrayList)12
AbstractToken (org.apache.wss4j.policy.model.AbstractToken)12
SamlToken (org.apache.wss4j.policy.model.SamlToken)12
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)10
UsernameToken (org.apache.wss4j.policy.model.UsernameToken)10
KerberosToken (org.apache.wss4j.policy.model.KerberosToken)9
SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)9
X509Token (org.apache.wss4j.policy.model.X509Token)9
Element (org.w3c.dom.Element)9
PolicyException (org.apache.cxf.ws.policy.PolicyException)8
KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)8
Header (org.apache.wss4j.policy.model.Header)7
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)6
Message (org.apache.cxf.message.Message)6
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)6
TLSSessionInfo (org.apache.cxf.security.transport.TLSSessionInfo)5
