Examples with AssertionInfoMap org.apache.cxf.ws.policy.AssertionInfoMap used on opensource projects

Search in sources :

Example 21 with AssertionInfoMap

use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.

the class StaxSymmetricBindingHandler method handleBinding.

public void handleBinding() {
    AssertionInfoMap aim = getMessage().get(AssertionInfoMap.class);
    configureTimestamp(aim);
    assertPolicy(sbinding.getName());
    String asymSignatureAlgorithm = (String) getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
    if (asymSignatureAlgorithm != null && sbinding.getAlgorithmSuite() != null) {
        sbinding.getAlgorithmSuite().getAlgorithmSuiteType().setAsymmetricSignature(asymSignatureAlgorithm);
    }
    String symSignatureAlgorithm = (String) getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
    if (symSignatureAlgorithm != null && sbinding.getAlgorithmSuite() != null) {
        sbinding.getAlgorithmSuite().getAlgorithmSuiteType().setSymmetricSignature(symSignatureAlgorithm);
    }
    // Set up CallbackHandler which wraps the configured Handler
    WSSSecurityProperties properties = getProperties();
    try {
        TokenStoreCallbackHandler callbackHandler = new TokenStoreCallbackHandler(properties.getCallbackHandler(), TokenStoreUtils.getTokenStore(message));
        properties.setCallbackHandler(callbackHandler);
    } catch (TokenStoreException e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        throw new Fault(e);
    }
    if (sbinding.getProtectionOrder() == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
        doEncryptBeforeSign();
        assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_BEFORE_SIGNING));
    } else {
        doSignBeforeEncrypt();
        assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.SIGN_BEFORE_ENCRYPTING));
    }
    if (!isRequestor()) {
        properties.setEncryptSymmetricEncryptionKey(false);
    }
    configureLayout(aim);
    assertAlgorithmSuite(sbinding.getAlgorithmSuite());
    assertWSSProperties(sbinding.getName().getNamespaceURI());
    assertTrustProperties(sbinding.getName().getNamespaceURI());
    assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
    if (sbinding.isProtectTokens()) {
        assertPolicy(new QName(sbinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
    }
}
Also used : WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties) QName(javax.xml.namespace.QName) TokenStoreCallbackHandler(org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler) TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException) Fault(org.apache.cxf.interceptor.Fault) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 22 with AssertionInfoMap

use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.

the class AbstractStaxBindingHandler method getSignedParts.

/**
 * Identifies the portions of the message to be signed
 */
protected List<SecurePart> getSignedParts() throws SOAPException {
    SignedParts parts = null;
    SignedElements elements = null;
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    AssertionInfo assertionInfo = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_PARTS);
    if (assertionInfo != null) {
        parts = (SignedParts) assertionInfo.getAssertion();
        assertionInfo.setAsserted(true);
    }
    assertionInfo = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_ELEMENTS);
    if (assertionInfo != null) {
        elements = (SignedElements) assertionInfo.getAssertion();
        assertionInfo.setAsserted(true);
    }
    List<SecurePart> signedParts = new ArrayList<>();
    if (parts != null) {
        if (parts.isBody()) {
            QName soapBody = new QName(WSSConstants.NS_SOAP12, "Body");
            SecurePart securePart = new SecurePart(soapBody, Modifier.Element);
            signedParts.add(securePart);
        }
        for (Header head : parts.getHeaders()) {
            String localName = head.getName();
            if (localName == null) {
                localName = "*";
            }
            QName qname = new QName(head.getNamespace(), localName);
            SecurePart securePart = new SecurePart(qname, Modifier.Element);
            securePart.setRequired(false);
            signedParts.add(securePart);
        }
        Attachments attachments = parts.getAttachments();
        if (attachments != null) {
            Modifier modifier = Modifier.Element;
            if (attachments.isContentSignatureTransform()) {
                modifier = Modifier.Content;
            }
            SecurePart securePart = new SecurePart("cid:Attachments", modifier);
            securePart.setRequired(false);
            signedParts.add(securePart);
        }
    }
    if (elements != null && elements.getXPaths() != null) {
        for (XPath xPath : elements.getXPaths()) {
            List<QName> qnames = org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath);
            if (!qnames.isEmpty()) {
                SecurePart securePart = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element);
                signedParts.add(securePart);
            }
        }
    }
    return signedParts;
}
Also used : XPath(org.apache.wss4j.policy.model.XPath) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) QName(javax.xml.namespace.QName) SignedElements(org.apache.wss4j.policy.model.SignedElements) ArrayList(java.util.ArrayList) Attachments(org.apache.wss4j.policy.model.Attachments) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap) SecurePart(org.apache.xml.security.stax.ext.SecurePart) Header(org.apache.wss4j.policy.model.Header) SignedParts(org.apache.wss4j.policy.model.SignedParts) Modifier(org.apache.xml.security.stax.ext.SecurePart.Modifier)

Example 23 with AssertionInfoMap

use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.

the class AbstractStaxBindingHandler method getEncryptedParts.

/**
 * Identifies the portions of the message to be encrypted
 */
protected List<SecurePart> getEncryptedParts() throws SOAPException {
    EncryptedParts parts = null;
    EncryptedElements elements = null;
    ContentEncryptedElements celements = null;
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_PARTS);
    if (!ais.isEmpty()) {
        for (AssertionInfo ai : ais) {
            parts = (EncryptedParts) ai.getAssertion();
            ai.setAsserted(true);
        }
    }
    ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS);
    if (!ais.isEmpty()) {
        for (AssertionInfo ai : ais) {
            elements = (EncryptedElements) ai.getAssertion();
            ai.setAsserted(true);
        }
    }
    ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
    if (!ais.isEmpty()) {
        for (AssertionInfo ai : ais) {
            celements = (ContentEncryptedElements) ai.getAssertion();
            ai.setAsserted(true);
        }
    }
    List<SecurePart> encryptedParts = new ArrayList<>();
    if (parts != null) {
        if (parts.isBody()) {
            QName soapBody = new QName(WSSConstants.NS_SOAP12, "Body");
            SecurePart securePart = new SecurePart(soapBody, Modifier.Content);
            encryptedParts.add(securePart);
        }
        for (Header head : parts.getHeaders()) {
            String localName = head.getName();
            if (localName == null) {
                localName = "*";
            }
            QName qname = new QName(head.getNamespace(), localName);
            SecurePart securePart = new SecurePart(qname, Modifier.Element);
            securePart.setRequired(false);
            encryptedParts.add(securePart);
        }
        Attachments attachments = parts.getAttachments();
        if (attachments != null) {
            SecurePart securePart = new SecurePart("cid:Attachments", Modifier.Element);
            if (MessageUtils.getContextualBoolean(message, SecurityConstants.USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM, false)) {
                securePart.setModifier(Modifier.Content);
            }
            securePart.setRequired(false);
            encryptedParts.add(securePart);
        }
    }
    if (elements != null && elements.getXPaths() != null) {
        for (XPath xPath : elements.getXPaths()) {
            List<QName> qnames = org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath);
            if (!qnames.isEmpty()) {
                SecurePart securePart = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element);
                encryptedParts.add(securePart);
            }
        }
    }
    if (celements != null && celements.getXPaths() != null) {
        for (XPath xPath : celements.getXPaths()) {
            List<QName> qnames = org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath);
            if (!qnames.isEmpty()) {
                SecurePart securePart = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Content);
                encryptedParts.add(securePart);
            }
        }
    }
    return encryptedParts;
}
Also used : XPath(org.apache.wss4j.policy.model.XPath) EncryptedParts(org.apache.wss4j.policy.model.EncryptedParts) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) ContentEncryptedElements(org.apache.wss4j.policy.model.ContentEncryptedElements) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) Attachments(org.apache.wss4j.policy.model.Attachments) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap) ContentEncryptedElements(org.apache.wss4j.policy.model.ContentEncryptedElements) EncryptedElements(org.apache.wss4j.policy.model.EncryptedElements) SecurePart(org.apache.xml.security.stax.ext.SecurePart) Header(org.apache.wss4j.policy.model.Header)

Example 24 with AssertionInfoMap

use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.

the class UsernameTokenInterceptor method addToken.

protected void addToken(SoapMessage message) {
    UsernameToken tok = assertTokens(message);
    Header h = findSecurityHeader(message, true);
    Element el = (Element) h.getObject();
    Document doc = el.getOwnerDocument();
    WSSecUsernameToken utBuilder = addUsernameToken(message, doc, tok);
    if (utBuilder == null) {
        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
        Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
        for (AssertionInfo ai : ais) {
            if (ai.isAsserted()) {
                ai.setAsserted(false);
            }
        }
        return;
    }
    utBuilder.prepare();
    el.appendChild(utBuilder.getUsernameTokenElement());
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) Header(org.apache.cxf.headers.Header) Element(org.w3c.dom.Element) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) Document(org.w3c.dom.Document) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 25 with AssertionInfoMap

use of org.apache.cxf.ws.policy.AssertionInfoMap in project cxf by apache.

the class UsernameTokenInterceptor method assertTokens.

private UsernameToken assertTokens(SoapMessage message, UsernameTokenPrincipal princ, boolean signed) {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
    UsernameToken tok = null;
    for (AssertionInfo ai : ais) {
        tok = (UsernameToken) ai.getAssertion();
        ai.setAsserted(true);
        if ((tok.getPasswordType() == UsernameToken.PasswordType.HashPassword) && (princ == null || !princ.isPasswordDigest())) {
            ai.setNotAsserted("Password hashing policy not enforced");
        } else {
            PolicyUtils.assertPolicy(aim, SPConstants.HASH_PASSWORD);
        }
        if ((tok.getPasswordType() != UsernameToken.PasswordType.NoPassword) && isNonEndorsingSupportingToken(tok) && (princ == null || princ.getPassword() == null)) {
            ai.setNotAsserted("Username Token No Password supplied");
        } else {
            PolicyUtils.assertPolicy(aim, SPConstants.NO_PASSWORD);
        }
        if (tok.isCreated() && (princ == null || princ.getCreatedTime() == null)) {
            ai.setNotAsserted("No Created Time");
        } else {
            PolicyUtils.assertPolicy(aim, SP13Constants.CREATED);
        }
        if (tok.isNonce() && princ.getNonce() == null) {
            ai.setNotAsserted("No Nonce");
        } else {
            PolicyUtils.assertPolicy(aim, SP13Constants.NONCE);
        }
    }
    PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN10);
    PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN11);
    PolicyUtils.assertPolicy(aim, SPConstants.SUPPORTING_TOKENS);
    if (signed || isTLSInUse(message)) {
        PolicyUtils.assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
    }
    return tok;
}
Also used : AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Aggregations

AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)65 AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)44 QName (javax.xml.namespace.QName)15 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)12 Message (org.apache.cxf.message.Message)10 ArrayList (java.util.ArrayList)9 PolicyException (org.apache.cxf.ws.policy.PolicyException)7 Fault (org.apache.cxf.interceptor.Fault)6 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)6 Element (org.w3c.dom.Element)6 Exchange (org.apache.cxf.message.Exchange)5 TokenStoreException (org.apache.cxf.ws.security.tokenstore.TokenStoreException)5 Policy (org.apache.neethi.Policy)5 Message (org.apache.cxf.common.i18n.Message)4 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)4 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)4 SOAPException (javax.xml.soap.SOAPException)3 Header (org.apache.cxf.headers.Header)3 PolicyAssertion (org.apache.cxf.ws.policy.PolicyAssertion)3 WSSecUsernameToken (org.apache.wss4j.dom.message.WSSecUsernameToken)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial