Search in sources :

Example 36 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class IssuedTokenPolicyValidator method validateBinarySecurityToken.

private boolean validateBinarySecurityToken(PolicyValidatorParameters parameters, BinarySecurity binarySecurity, Collection<AssertionInfo> ais) {
    boolean asserted = true;
    for (AssertionInfo ai : ais) {
        IssuedToken issuedToken = (IssuedToken) ai.getAssertion();
        ai.setAsserted(true);
        asserted = true;
        assertToken(issuedToken, parameters.getAssertionInfoMap());
        if (!isTokenRequired(issuedToken, parameters.getMessage())) {
            continue;
        }
        if (binarySecurity == null) {
            asserted = false;
            ai.setNotAsserted("The received token does not match the token inclusion requirement");
            continue;
        }
        Element template = issuedToken.getRequestSecurityTokenTemplate();
        if (template != null && !checkIssuedTokenTemplate(template, binarySecurity)) {
            asserted = false;
            ai.setNotAsserted("Error in validating the IssuedToken policy");
            continue;
        }
    }
    return asserted;
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) Element(org.w3c.dom.Element)

Example 37 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AbstractRMInterceptor method assertReliability.

/**
 * Asserts all RMAssertion assertions for the current message, regardless their attributes
 * (if there is more than one we have ensured that they are all supported by considering
 * e.g. the minimum acknowledgment interval).
 * @param message the current message
 */
void assertReliability(Message message) {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    Collection<AssertionInfo> ais = RMPolicyUtilities.collectRMAssertions(aim);
    for (AssertionInfo ai : ais) {
        ai.setAsserted(true);
    }
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 38 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AsymmetricBindingHandler method assertUnusedTokens.

private void assertUnusedTokens(AbstractTokenWrapper wrapper) {
    if (wrapper == null) {
        return;
    }
    Collection<AssertionInfo> ais = aim.getAssertionInfo(wrapper.getName());
    if (ais != null) {
        for (AssertionInfo ai : ais) {
            if (ai.getAssertion() == wrapper) {
                ai.setAsserted(true);
            }
        }
    }
    ais = aim.getAssertionInfo(wrapper.getToken().getName());
    if (ais != null) {
        for (AssertionInfo ai : ais) {
            if (ai.getAssertion() == wrapper.getToken()) {
                ai.setAsserted(true);
            }
        }
    }
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)

Example 39 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AbstractBindingBuilder method handleLayout.

protected WSSecTimestamp handleLayout(WSSecTimestamp timestamp) {
    if (binding.getLayout() != null) {
        AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.LAYOUT);
        if (binding.getLayout().getLayoutType() == LayoutType.LaxTsLast) {
            if (timestamp == null) {
                ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_LAST + " requires a timestamp");
            } else {
                ai.setAsserted(true);
                assertPolicy(new QName(binding.getLayout().getName().getNamespaceURI(), SPConstants.LAYOUT_LAX_TIMESTAMP_LAST));
                Element el = timestamp.getElement();
                secHeader.getSecurityHeaderElement().appendChild(el);
                if (bottomUpElement == null) {
                    bottomUpElement = el;
                }
            }
        } else if (binding.getLayout().getLayoutType() == LayoutType.LaxTsFirst) {
            if (timestamp == null) {
                ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST + " requires a timestamp");
            } else {
                addTopDownElement(timestampEl.getElement());
                ai.setAsserted(true);
                assertPolicy(new QName(binding.getLayout().getName().getNamespaceURI(), SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST));
            }
        } else if (timestampEl != null) {
            if (ai != null) {
                ai.setAsserted(true);
            }
            addTopDownElement(timestampEl.getElement());
        } else if (ai != null) {
            ai.setAsserted(true);
        }
        assertPolicy(new QName(binding.getLayout().getName().getNamespaceURI(), SPConstants.LAYOUT_LAX));
        assertPolicy(new QName(binding.getLayout().getName().getNamespaceURI(), SPConstants.LAYOUT_STRICT));
    } else if (timestampEl != null) {
        addTopDownElement(timestampEl.getElement());
    }
    return timestamp;
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) QName(javax.xml.namespace.QName) Element(org.w3c.dom.Element)

Example 40 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AbstractBindingBuilder method getSignedParts.

public List<WSEncryptionPart> getSignedParts(SupportingTokens supportingToken) throws SOAPException {
    boolean isSignBody = false;
    SignedParts parts = null;
    SignedElements elements = null;
    if (supportingToken != null && supportingToken.isEndorsing()) {
        parts = supportingToken.getSignedParts();
        elements = supportingToken.getSignedElements();
        // Store them so that the main Signature doesn't sign them
        if (parts != null) {
            suppTokenParts.add(parts);
            this.assertPolicy(parts.getName());
        }
        if (elements != null) {
            suppTokenParts.add(elements);
            this.assertPolicy(elements.getName());
        }
    } else {
        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.SIGNED_PARTS);
        if (!ais.isEmpty()) {
            for (AssertionInfo ai : ais) {
                SignedParts signedParts = (SignedParts) ai.getAssertion();
                ai.setAsserted(true);
                if (!suppTokenParts.contains(signedParts)) {
                    parts = signedParts;
                }
            }
        }
        ais = getAllAssertionsByLocalname(SPConstants.SIGNED_ELEMENTS);
        if (!ais.isEmpty()) {
            for (AssertionInfo ai : ais) {
                SignedElements signedElements = (SignedElements) ai.getAssertion();
                ai.setAsserted(true);
                if (!suppTokenParts.contains(signedElements)) {
                    elements = signedElements;
                }
            }
        }
    }
    if (parts == null && elements == null) {
        return new ArrayList<>();
    }
    List<WSEncryptionPart> signedParts = new ArrayList<>();
    if (parts != null) {
        isSignBody = parts.isBody();
        for (Header head : parts.getHeaders()) {
            WSEncryptionPart wep = new WSEncryptionPart(head.getName(), head.getNamespace(), "Header");
            signedParts.add(wep);
        }
        Attachments attachments = parts.getAttachments();
        if (attachments != null) {
            String modifier = "Element";
            if (attachments.isContentSignatureTransform()) {
                modifier = "Content";
            }
            WSEncryptionPart wep = new WSEncryptionPart("cid:Attachments", modifier);
            signedParts.add(wep);
        }
    }
    return getPartsAndElements(true, isSignBody, signedParts, elements == null ? null : elements.getXPaths(), null);
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) SOAPHeader(javax.xml.soap.SOAPHeader) Header(org.apache.wss4j.policy.model.Header) WSSecHeader(org.apache.wss4j.dom.message.WSSecHeader) SignedElements(org.apache.wss4j.policy.model.SignedElements) ArrayList(java.util.ArrayList) SignedParts(org.apache.wss4j.policy.model.SignedParts) Attachments(org.apache.wss4j.policy.model.Attachments)

Aggregations

AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)99 AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)45 QName (javax.xml.namespace.QName)21 SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)14 ArrayList (java.util.ArrayList)12 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)12 SamlToken (org.apache.wss4j.policy.model.SamlToken)12 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)10 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)10 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)9 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)9 X509Token (org.apache.wss4j.policy.model.X509Token)9 Element (org.w3c.dom.Element)9 PolicyException (org.apache.cxf.ws.policy.PolicyException)8 KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)8 Header (org.apache.wss4j.policy.model.Header)7 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)6 Message (org.apache.cxf.message.Message)6 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)6 TLSSessionInfo (org.apache.cxf.security.transport.TLSSessionInfo)5