use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class IssuedTokenPolicyValidator method validateBinarySecurityToken.
private boolean validateBinarySecurityToken(PolicyValidatorParameters parameters, BinarySecurity binarySecurity, Collection<AssertionInfo> ais) {
boolean asserted = true;
for (AssertionInfo ai : ais) {
IssuedToken issuedToken = (IssuedToken) ai.getAssertion();
ai.setAsserted(true);
asserted = true;
assertToken(issuedToken, parameters.getAssertionInfoMap());
if (!isTokenRequired(issuedToken, parameters.getMessage())) {
continue;
}
if (binarySecurity == null) {
asserted = false;
ai.setNotAsserted("The received token does not match the token inclusion requirement");
continue;
}
Element template = issuedToken.getRequestSecurityTokenTemplate();
if (template != null && !checkIssuedTokenTemplate(template, binarySecurity)) {
asserted = false;
ai.setNotAsserted("Error in validating the IssuedToken policy");
continue;
}
}
return asserted;
}
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AbstractRMInterceptor method assertReliability.
/**
* Asserts all RMAssertion assertions for the current message, regardless their attributes
* (if there is more than one we have ensured that they are all supported by considering
* e.g. the minimum acknowledgment interval).
* @param message the current message
*/
void assertReliability(Message message) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais = RMPolicyUtilities.collectRMAssertions(aim);
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
}
}
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AsymmetricBindingHandler method assertUnusedTokens.
private void assertUnusedTokens(AbstractTokenWrapper wrapper) {
if (wrapper == null) {
return;
}
Collection<AssertionInfo> ais = aim.getAssertionInfo(wrapper.getName());
if (ais != null) {
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == wrapper) {
ai.setAsserted(true);
}
}
}
ais = aim.getAssertionInfo(wrapper.getToken().getName());
if (ais != null) {
for (AssertionInfo ai : ais) {
if (ai.getAssertion() == wrapper.getToken()) {
ai.setAsserted(true);
}
}
}
}
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AbstractBindingBuilder method handleLayout.
protected WSSecTimestamp handleLayout(WSSecTimestamp timestamp) {
if (binding.getLayout() != null) {
AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.LAYOUT);
if (binding.getLayout().getLayoutType() == LayoutType.LaxTsLast) {
if (timestamp == null) {
ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_LAST + " requires a timestamp");
} else {
ai.setAsserted(true);
assertPolicy(new QName(binding.getLayout().getName().getNamespaceURI(), SPConstants.LAYOUT_LAX_TIMESTAMP_LAST));
Element el = timestamp.getElement();
secHeader.getSecurityHeaderElement().appendChild(el);
if (bottomUpElement == null) {
bottomUpElement = el;
}
}
} else if (binding.getLayout().getLayoutType() == LayoutType.LaxTsFirst) {
if (timestamp == null) {
ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST + " requires a timestamp");
} else {
addTopDownElement(timestampEl.getElement());
ai.setAsserted(true);
assertPolicy(new QName(binding.getLayout().getName().getNamespaceURI(), SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST));
}
} else if (timestampEl != null) {
if (ai != null) {
ai.setAsserted(true);
}
addTopDownElement(timestampEl.getElement());
} else if (ai != null) {
ai.setAsserted(true);
}
assertPolicy(new QName(binding.getLayout().getName().getNamespaceURI(), SPConstants.LAYOUT_LAX));
assertPolicy(new QName(binding.getLayout().getName().getNamespaceURI(), SPConstants.LAYOUT_STRICT));
} else if (timestampEl != null) {
addTopDownElement(timestampEl.getElement());
}
return timestamp;
}
use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.
the class AbstractBindingBuilder method getSignedParts.
public List<WSEncryptionPart> getSignedParts(SupportingTokens supportingToken) throws SOAPException {
boolean isSignBody = false;
SignedParts parts = null;
SignedElements elements = null;
if (supportingToken != null && supportingToken.isEndorsing()) {
parts = supportingToken.getSignedParts();
elements = supportingToken.getSignedElements();
// Store them so that the main Signature doesn't sign them
if (parts != null) {
suppTokenParts.add(parts);
this.assertPolicy(parts.getName());
}
if (elements != null) {
suppTokenParts.add(elements);
this.assertPolicy(elements.getName());
}
} else {
Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.SIGNED_PARTS);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
SignedParts signedParts = (SignedParts) ai.getAssertion();
ai.setAsserted(true);
if (!suppTokenParts.contains(signedParts)) {
parts = signedParts;
}
}
}
ais = getAllAssertionsByLocalname(SPConstants.SIGNED_ELEMENTS);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
SignedElements signedElements = (SignedElements) ai.getAssertion();
ai.setAsserted(true);
if (!suppTokenParts.contains(signedElements)) {
elements = signedElements;
}
}
}
}
if (parts == null && elements == null) {
return new ArrayList<>();
}
List<WSEncryptionPart> signedParts = new ArrayList<>();
if (parts != null) {
isSignBody = parts.isBody();
for (Header head : parts.getHeaders()) {
WSEncryptionPart wep = new WSEncryptionPart(head.getName(), head.getNamespace(), "Header");
signedParts.add(wep);
}
Attachments attachments = parts.getAttachments();
if (attachments != null) {
String modifier = "Element";
if (attachments.isContentSignatureTransform()) {
modifier = "Content";
}
WSEncryptionPart wep = new WSEncryptionPart("cid:Attachments", modifier);
signedParts.add(wep);
}
}
return getPartsAndElements(true, isSignBody, signedParts, elements == null ? null : elements.getXPaths(), null);
}
Aggregations