Search in sources :

Example 1 with SecurityPolicyValidator

use of org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator in project cxf by apache.

the class PolicyBasedWSS4JInInterceptor method doResults.

@Override
protected void doResults(SoapMessage msg, String actor, Element soapHeader, Element soapBody, WSHandlerResult results, boolean utWithCallbacks) throws SOAPException, XMLStreamException, WSSecurityException {
    // 
    // Pre-fetch various results
    // 
    List<WSSecurityEngineResult> signedResults = new ArrayList<>();
    if (results.getActionResults().containsKey(WSConstants.SIGN)) {
        signedResults.addAll(results.getActionResults().get(WSConstants.SIGN));
    }
    if (results.getActionResults().containsKey(WSConstants.UT_SIGN)) {
        signedResults.addAll(results.getActionResults().get(WSConstants.UT_SIGN));
    }
    if (results.getActionResults().containsKey(WSConstants.ST_SIGNED)) {
        signedResults.addAll(results.getActionResults().get(WSConstants.ST_SIGNED));
    }
    Collection<WSDataRef> signed = new HashSet<>();
    for (WSSecurityEngineResult result : signedResults) {
        List<WSDataRef> sl = CastUtils.cast((List<?>) result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        if (sl != null) {
            for (WSDataRef r : sl) {
                signed.add(r);
            }
        }
    }
    List<WSSecurityEngineResult> encryptResults = results.getActionResults().get(WSConstants.ENCR);
    Collection<WSDataRef> encrypted = new HashSet<>();
    if (encryptResults != null) {
        for (WSSecurityEngineResult result : encryptResults) {
            List<WSDataRef> sl = CastUtils.cast((List<?>) result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
            if (sl != null) {
                for (WSDataRef r : sl) {
                    encrypted.add(r);
                }
            }
        }
    }
    CryptoCoverageUtil.reconcileEncryptedSignedRefs(signed, encrypted);
    // 
    // Check policies
    // 
    PolicyValidatorParameters parameters = new PolicyValidatorParameters();
    AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
    parameters.setAssertionInfoMap(aim);
    parameters.setMessage(msg);
    parameters.setSoapBody(soapBody);
    parameters.setSoapHeader(soapHeader);
    parameters.setResults(results);
    parameters.setSignedResults(signedResults);
    parameters.setEncryptedResults(encryptResults);
    parameters.setUtWithCallbacks(utWithCallbacks);
    parameters.setSigned(signed);
    parameters.setEncrypted(encrypted);
    List<WSSecurityEngineResult> utResults = new ArrayList<>();
    if (results.getActionResults().containsKey(WSConstants.UT)) {
        utResults.addAll(results.getActionResults().get(WSConstants.UT));
    }
    if (results.getActionResults().containsKey(WSConstants.UT_NOPASSWORD)) {
        utResults.addAll(results.getActionResults().get(WSConstants.UT_NOPASSWORD));
    }
    parameters.setUsernameTokenResults(utResults);
    List<WSSecurityEngineResult> samlResults = new ArrayList<>();
    if (results.getActionResults().containsKey(WSConstants.ST_SIGNED)) {
        samlResults.addAll(results.getActionResults().get(WSConstants.ST_SIGNED));
    }
    if (results.getActionResults().containsKey(WSConstants.ST_UNSIGNED)) {
        samlResults.addAll(results.getActionResults().get(WSConstants.ST_UNSIGNED));
    }
    parameters.setSamlResults(samlResults);
    // Store the timestamp element
    WSSecurityEngineResult tsResult = null;
    if (results.getActionResults().containsKey(WSConstants.TS)) {
        tsResult = results.getActionResults().get(WSConstants.TS).get(0);
    }
    Element timestamp = null;
    if (tsResult != null) {
        Timestamp ts = (Timestamp) tsResult.get(WSSecurityEngineResult.TAG_TIMESTAMP);
        timestamp = ts.getElement();
    }
    parameters.setTimestampElement(timestamp);
    // Validate security policies
    Map<QName, SecurityPolicyValidator> validators = ValidatorUtils.getSecurityPolicyValidators(msg);
    for (Map.Entry<QName, Collection<AssertionInfo>> entry : aim.entrySet()) {
        // Check to see if we have a security policy + if we can validate it
        if (validators.containsKey(entry.getKey())) {
            validators.get(entry.getKey()).validatePolicies(parameters, entry.getValue());
        }
    }
    super.doResults(msg, actor, soapHeader, soapBody, results, utWithCallbacks);
}
Also used : QName(javax.xml.namespace.QName) Element(org.w3c.dom.Element) SecurityPolicyValidator(org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator) ArrayList(java.util.ArrayList) WSDataRef(org.apache.wss4j.dom.WSDataRef) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) Timestamp(org.apache.wss4j.dom.message.token.Timestamp) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap) Collection(java.util.Collection) PolicyValidatorParameters(org.apache.cxf.ws.security.wss4j.policyvalidators.PolicyValidatorParameters) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap) Map(java.util.Map) HashSet(java.util.HashSet)

Aggregations

ArrayList (java.util.ArrayList)1 Collection (java.util.Collection)1 HashSet (java.util.HashSet)1 Map (java.util.Map)1 QName (javax.xml.namespace.QName)1 AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)1 PolicyValidatorParameters (org.apache.cxf.ws.security.wss4j.policyvalidators.PolicyValidatorParameters)1 SecurityPolicyValidator (org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator)1 WSDataRef (org.apache.wss4j.dom.WSDataRef)1 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)1 Timestamp (org.apache.wss4j.dom.message.token.Timestamp)1 Element (org.w3c.dom.Element)1