Search in sources :

Example 1 with CoverageScope

use of org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope in project cxf by apache.

the class SecuredPartsPolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    // 
    if (isTransportBinding(parameters.getAssertionInfoMap(), parameters.getMessage())) {
        return;
    }
    Message msg = parameters.getMessage();
    Element soapBody = parameters.getSoapBody();
    Element header = parameters.getSoapHeader();
    soapBody = (Element) DOMUtils.getDomElement(soapBody);
    header = (Element) DOMUtils.getDomElement(header);
    Collection<WSDataRef> dataRefs = parameters.getEncrypted();
    if (coverageType == CoverageType.SIGNED) {
        dataRefs = parameters.getSigned();
    }
    for (AssertionInfo ai : ais) {
        if (ai.isAsserted()) {
            // they are a child of a SupportingToken
            continue;
        }
        AbstractSecuredParts p = (AbstractSecuredParts) ai.getAssertion();
        ai.setAsserted(true);
        if (p.isBody()) {
            try {
                if (coverageType == CoverageType.SIGNED) {
                    CryptoCoverageUtil.checkBodyCoverage(soapBody, dataRefs, CoverageType.SIGNED, CoverageScope.ELEMENT);
                } else {
                    CryptoCoverageUtil.checkBodyCoverage(soapBody, dataRefs, CoverageType.ENCRYPTED, CoverageScope.CONTENT);
                }
            } catch (WSSecurityException e) {
                ai.setNotAsserted("Soap Body is not " + coverageType);
                continue;
            }
        }
        for (Header h : p.getHeaders()) {
            try {
                CryptoCoverageUtil.checkHeaderCoverage(header, dataRefs, h.getNamespace(), h.getName(), coverageType, CoverageScope.ELEMENT);
            } catch (WSSecurityException e) {
                ai.setNotAsserted(h.getNamespace() + ":" + h.getName() + " not + " + coverageType);
            }
        }
        Attachments attachments = p.getAttachments();
        if (attachments != null) {
            try {
                CoverageScope scope = CoverageScope.ELEMENT;
                if (attachments.isContentSignatureTransform()) {
                    scope = CoverageScope.CONTENT;
                }
                CryptoCoverageUtil.checkAttachmentsCoverage(msg.getAttachments(), dataRefs, coverageType, scope);
            } catch (WSSecurityException e) {
                ai.setNotAsserted("An attachment was not signed/encrypted");
            }
        }
    }
}
Also used : CoverageScope(org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) Message(org.apache.cxf.message.Message) Header(org.apache.wss4j.policy.model.Header) AbstractSecuredParts(org.apache.wss4j.policy.model.AbstractSecuredParts) Element(org.w3c.dom.Element) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) WSDataRef(org.apache.wss4j.dom.WSDataRef) Attachments(org.apache.wss4j.policy.model.Attachments)

Aggregations

Message (org.apache.cxf.message.Message)1 AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)1 CoverageScope (org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1 WSDataRef (org.apache.wss4j.dom.WSDataRef)1 AbstractSecuredParts (org.apache.wss4j.policy.model.AbstractSecuredParts)1 Attachments (org.apache.wss4j.policy.model.Attachments)1 Header (org.apache.wss4j.policy.model.Header)1 Element (org.w3c.dom.Element)1