Search in sources :

Example 41 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AbstractStaxBindingHandler method getSignedParts.

/**
 * Identifies the portions of the message to be signed
 */
protected List<SecurePart> getSignedParts() throws SOAPException {
    SignedParts parts = null;
    SignedElements elements = null;
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    AssertionInfo assertionInfo = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_PARTS);
    if (assertionInfo != null) {
        parts = (SignedParts) assertionInfo.getAssertion();
        assertionInfo.setAsserted(true);
    }
    assertionInfo = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_ELEMENTS);
    if (assertionInfo != null) {
        elements = (SignedElements) assertionInfo.getAssertion();
        assertionInfo.setAsserted(true);
    }
    List<SecurePart> signedParts = new ArrayList<>();
    if (parts != null) {
        if (parts.isBody()) {
            QName soapBody = new QName(WSSConstants.NS_SOAP12, "Body");
            SecurePart securePart = new SecurePart(soapBody, Modifier.Element);
            signedParts.add(securePart);
        }
        for (Header head : parts.getHeaders()) {
            String localName = head.getName();
            if (localName == null) {
                localName = "*";
            }
            QName qname = new QName(head.getNamespace(), localName);
            SecurePart securePart = new SecurePart(qname, Modifier.Element);
            securePart.setRequired(false);
            signedParts.add(securePart);
        }
        Attachments attachments = parts.getAttachments();
        if (attachments != null) {
            Modifier modifier = Modifier.Element;
            if (attachments.isContentSignatureTransform()) {
                modifier = Modifier.Content;
            }
            SecurePart securePart = new SecurePart("cid:Attachments", modifier);
            securePart.setRequired(false);
            signedParts.add(securePart);
        }
    }
    if (elements != null && elements.getXPaths() != null) {
        for (XPath xPath : elements.getXPaths()) {
            List<QName> qnames = org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath);
            if (!qnames.isEmpty()) {
                SecurePart securePart = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element);
                signedParts.add(securePart);
            }
        }
    }
    return signedParts;
}
Also used : XPath(org.apache.wss4j.policy.model.XPath) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) QName(javax.xml.namespace.QName) SignedElements(org.apache.wss4j.policy.model.SignedElements) ArrayList(java.util.ArrayList) Attachments(org.apache.wss4j.policy.model.Attachments) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap) SecurePart(org.apache.xml.security.stax.ext.SecurePart) Header(org.apache.wss4j.policy.model.Header) SignedParts(org.apache.wss4j.policy.model.SignedParts) Modifier(org.apache.xml.security.stax.ext.SecurePart.Modifier)

Example 42 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AbstractStaxBindingHandler method getEncryptedParts.

/**
 * Identifies the portions of the message to be encrypted
 */
protected List<SecurePart> getEncryptedParts() throws SOAPException {
    EncryptedParts parts = null;
    EncryptedElements elements = null;
    ContentEncryptedElements celements = null;
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_PARTS);
    if (!ais.isEmpty()) {
        for (AssertionInfo ai : ais) {
            parts = (EncryptedParts) ai.getAssertion();
            ai.setAsserted(true);
        }
    }
    ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS);
    if (!ais.isEmpty()) {
        for (AssertionInfo ai : ais) {
            elements = (EncryptedElements) ai.getAssertion();
            ai.setAsserted(true);
        }
    }
    ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
    if (!ais.isEmpty()) {
        for (AssertionInfo ai : ais) {
            celements = (ContentEncryptedElements) ai.getAssertion();
            ai.setAsserted(true);
        }
    }
    List<SecurePart> encryptedParts = new ArrayList<>();
    if (parts != null) {
        if (parts.isBody()) {
            QName soapBody = new QName(WSSConstants.NS_SOAP12, "Body");
            SecurePart securePart = new SecurePart(soapBody, Modifier.Content);
            encryptedParts.add(securePart);
        }
        for (Header head : parts.getHeaders()) {
            String localName = head.getName();
            if (localName == null) {
                localName = "*";
            }
            QName qname = new QName(head.getNamespace(), localName);
            SecurePart securePart = new SecurePart(qname, Modifier.Element);
            securePart.setRequired(false);
            encryptedParts.add(securePart);
        }
        Attachments attachments = parts.getAttachments();
        if (attachments != null) {
            SecurePart securePart = new SecurePart("cid:Attachments", Modifier.Element);
            if (MessageUtils.getContextualBoolean(message, SecurityConstants.USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM, false)) {
                securePart.setModifier(Modifier.Content);
            }
            securePart.setRequired(false);
            encryptedParts.add(securePart);
        }
    }
    if (elements != null && elements.getXPaths() != null) {
        for (XPath xPath : elements.getXPaths()) {
            List<QName> qnames = org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath);
            if (!qnames.isEmpty()) {
                SecurePart securePart = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element);
                encryptedParts.add(securePart);
            }
        }
    }
    if (celements != null && celements.getXPaths() != null) {
        for (XPath xPath : celements.getXPaths()) {
            List<QName> qnames = org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath);
            if (!qnames.isEmpty()) {
                SecurePart securePart = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Content);
                encryptedParts.add(securePart);
            }
        }
    }
    return encryptedParts;
}
Also used : XPath(org.apache.wss4j.policy.model.XPath) EncryptedParts(org.apache.wss4j.policy.model.EncryptedParts) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) ContentEncryptedElements(org.apache.wss4j.policy.model.ContentEncryptedElements) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) Attachments(org.apache.wss4j.policy.model.Attachments) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap) ContentEncryptedElements(org.apache.wss4j.policy.model.ContentEncryptedElements) EncryptedElements(org.apache.wss4j.policy.model.EncryptedElements) SecurePart(org.apache.xml.security.stax.ext.SecurePart) Header(org.apache.wss4j.policy.model.Header)

Example 43 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class AbstractStaxBindingHandler method handleSupportingTokens.

protected Map<AbstractToken, SecurePart> handleSupportingTokens(Collection<AssertionInfo> tokenAssertions, boolean signed, boolean endorse) throws Exception {
    if (tokenAssertions != null && !tokenAssertions.isEmpty()) {
        Map<AbstractToken, SecurePart> ret = new HashMap<>();
        for (AssertionInfo assertionInfo : tokenAssertions) {
            if (assertionInfo.getAssertion() instanceof SupportingTokens) {
                assertionInfo.setAsserted(true);
                handleSupportingTokens((SupportingTokens) assertionInfo.getAssertion(), signed, endorse, ret);
            }
        }
        return ret;
    }
    return Collections.emptyMap();
}
Also used : SecurePart(org.apache.xml.security.stax.ext.SecurePart) SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) HashMap(java.util.HashMap)

Example 44 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class TransportBindingHandler method handleEndorsingSupportingTokens.

/**
 * Handle the endorsing supporting tokens
 */
private void handleEndorsingSupportingTokens() throws Exception {
    Collection<AssertionInfo> ais;
    ais = getAllAssertionsByLocalname(SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
    if (!ais.isEmpty()) {
        SupportingTokens sgndSuppTokens = null;
        for (AssertionInfo ai : ais) {
            sgndSuppTokens = (SupportingTokens) ai.getAssertion();
            ai.setAsserted(true);
        }
        if (sgndSuppTokens != null) {
            for (AbstractToken token : sgndSuppTokens.getTokens()) {
                handleEndorsingToken(token, sgndSuppTokens);
            }
        }
    }
    ais = getAllAssertionsByLocalname(SPConstants.ENDORSING_SUPPORTING_TOKENS);
    if (!ais.isEmpty()) {
        SupportingTokens endSuppTokens = null;
        for (AssertionInfo ai : ais) {
            endSuppTokens = (SupportingTokens) ai.getAssertion();
            ai.setAsserted(true);
        }
        if (endSuppTokens != null) {
            for (AbstractToken token : endSuppTokens.getTokens()) {
                handleEndorsingToken(token, endSuppTokens);
            }
        }
    }
    ais = getAllAssertionsByLocalname(SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
    if (!ais.isEmpty()) {
        SupportingTokens endSuppTokens = null;
        for (AssertionInfo ai : ais) {
            endSuppTokens = (SupportingTokens) ai.getAssertion();
            ai.setAsserted(true);
        }
        if (endSuppTokens != null) {
            for (AbstractToken token : endSuppTokens.getTokens()) {
                handleEndorsingToken(token, endSuppTokens);
            }
        }
    }
    ais = getAllAssertionsByLocalname(SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
    if (!ais.isEmpty()) {
        SupportingTokens endSuppTokens = null;
        for (AssertionInfo ai : ais) {
            endSuppTokens = (SupportingTokens) ai.getAssertion();
            ai.setAsserted(true);
        }
        if (endSuppTokens != null) {
            for (AbstractToken token : endSuppTokens.getTokens()) {
                handleEndorsingToken(token, endSuppTokens);
            }
        }
    }
}
Also used : SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) AbstractToken(org.apache.wss4j.policy.model.AbstractToken)

Example 45 with AssertionInfo

use of org.apache.cxf.ws.policy.AssertionInfo in project cxf by apache.

the class UsernameTokenInterceptor method addToken.

protected void addToken(SoapMessage message) {
    UsernameToken tok = assertTokens(message);
    Header h = findSecurityHeader(message, true);
    Element el = (Element) h.getObject();
    Document doc = el.getOwnerDocument();
    WSSecUsernameToken utBuilder = addUsernameToken(message, doc, tok);
    if (utBuilder == null) {
        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
        Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
        for (AssertionInfo ai : ais) {
            if (ai.isAsserted()) {
                ai.setAsserted(false);
            }
        }
        return;
    }
    utBuilder.prepare();
    el.appendChild(utBuilder.getUsernameTokenElement());
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) Header(org.apache.cxf.headers.Header) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) Document(org.w3c.dom.Document) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Aggregations

AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)99 AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)45 QName (javax.xml.namespace.QName)21 SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)14 ArrayList (java.util.ArrayList)12 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)12 SamlToken (org.apache.wss4j.policy.model.SamlToken)12 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)10 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)10 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)9 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)9 X509Token (org.apache.wss4j.policy.model.X509Token)9 Element (org.w3c.dom.Element)9 PolicyException (org.apache.cxf.ws.policy.PolicyException)8 KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)8 Header (org.apache.wss4j.policy.model.Header)7 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)6 Message (org.apache.cxf.message.Message)6 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)6 TLSSessionInfo (org.apache.cxf.security.transport.TLSSessionInfo)5