Example 1 with Header
use of org.apache.wss4j.policy.model.Header in project cxf by apache.
the class AbstractBindingBuilder method getSignedParts.
public List<WSEncryptionPart> getSignedParts(SupportingTokens supportingToken) throws SOAPException {
boolean isSignBody = false;
SignedParts parts = null;
SignedElements elements = null;
if (supportingToken != null && supportingToken.isEndorsing()) {
parts = supportingToken.getSignedParts();
elements = supportingToken.getSignedElements();
// Store them so that the main Signature doesn't sign them
if (parts != null) {
suppTokenParts.add(parts);
this.assertPolicy(parts.getName());
}
if (elements != null) {
suppTokenParts.add(elements);
this.assertPolicy(elements.getName());
}
} else {
Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.SIGNED_PARTS);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
SignedParts signedParts = (SignedParts) ai.getAssertion();
ai.setAsserted(true);
if (!suppTokenParts.contains(signedParts)) {
parts = signedParts;
}
}
}
ais = getAllAssertionsByLocalname(SPConstants.SIGNED_ELEMENTS);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
SignedElements signedElements = (SignedElements) ai.getAssertion();
ai.setAsserted(true);
if (!suppTokenParts.contains(signedElements)) {
elements = signedElements;
}
}
}
}
if (parts == null && elements == null) {
return new ArrayList<>();
}
List<WSEncryptionPart> signedParts = new ArrayList<>();
if (parts != null) {
isSignBody = parts.isBody();
for (Header head : parts.getHeaders()) {
WSEncryptionPart wep = new WSEncryptionPart(head.getName(), head.getNamespace(), "Header");
signedParts.add(wep);
}
Attachments attachments = parts.getAttachments();
if (attachments != null) {
String modifier = "Element";
if (attachments.isContentSignatureTransform()) {
modifier = "Content";
}
WSEncryptionPart wep = new WSEncryptionPart("cid:Attachments", modifier);
signedParts.add(wep);
}
}
return getPartsAndElements(true, isSignBody, signedParts, elements == null ? null : elements.getXPaths(), null);
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart)
SOAPHeader(javax.xml.soap.SOAPHeader)
Header(org.apache.wss4j.policy.model.Header)
WSSecHeader(org.apache.wss4j.dom.message.WSSecHeader)
SignedElements(org.apache.wss4j.policy.model.SignedElements)
ArrayList(java.util.ArrayList)
SignedParts(org.apache.wss4j.policy.model.SignedParts)
Attachments(org.apache.wss4j.policy.model.Attachments)
Example 2 with Header
use of org.apache.wss4j.policy.model.Header in project cxf by apache.
the class AbstractStaxBindingHandler method getSignedParts.
/**
* Identifies the portions of the message to be signed
*/
protected List<SecurePart> getSignedParts() throws SOAPException {
SignedParts parts = null;
SignedElements elements = null;
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
AssertionInfo assertionInfo = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_PARTS);
if (assertionInfo != null) {
parts = (SignedParts) assertionInfo.getAssertion();
assertionInfo.setAsserted(true);
}
assertionInfo = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_ELEMENTS);
if (assertionInfo != null) {
elements = (SignedElements) assertionInfo.getAssertion();
assertionInfo.setAsserted(true);
}
List<SecurePart> signedParts = new ArrayList<>();
if (parts != null) {
if (parts.isBody()) {
QName soapBody = new QName(WSSConstants.NS_SOAP12, "Body");
SecurePart securePart = new SecurePart(soapBody, Modifier.Element);
signedParts.add(securePart);
}
for (Header head : parts.getHeaders()) {
String localName = head.getName();
if (localName == null) {
localName = "*";
}
QName qname = new QName(head.getNamespace(), localName);
SecurePart securePart = new SecurePart(qname, Modifier.Element);
securePart.setRequired(false);
signedParts.add(securePart);
}
Attachments attachments = parts.getAttachments();
if (attachments != null) {
Modifier modifier = Modifier.Element;
if (attachments.isContentSignatureTransform()) {
modifier = Modifier.Content;
}
SecurePart securePart = new SecurePart("cid:Attachments", modifier);
securePart.setRequired(false);
signedParts.add(securePart);
}
}
if (elements != null && elements.getXPaths() != null) {
for (XPath xPath : elements.getXPaths()) {
List<QName> qnames = org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath);
if (!qnames.isEmpty()) {
SecurePart securePart = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element);
signedParts.add(securePart);
}
}
}
return signedParts;
}
Also used :
XPath(org.apache.wss4j.policy.model.XPath)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
QName(javax.xml.namespace.QName)
SignedElements(org.apache.wss4j.policy.model.SignedElements)
ArrayList(java.util.ArrayList)
Attachments(org.apache.wss4j.policy.model.Attachments)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
Header(org.apache.wss4j.policy.model.Header)
SignedParts(org.apache.wss4j.policy.model.SignedParts)
Modifier(org.apache.xml.security.stax.ext.SecurePart.Modifier)
Example 3 with Header
use of org.apache.wss4j.policy.model.Header in project cxf by apache.
the class AbstractStaxBindingHandler method getEncryptedParts.
/**
* Identifies the portions of the message to be encrypted
*/
protected List<SecurePart> getEncryptedParts() throws SOAPException {
EncryptedParts parts = null;
EncryptedElements elements = null;
ContentEncryptedElements celements = null;
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_PARTS);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
parts = (EncryptedParts) ai.getAssertion();
ai.setAsserted(true);
}
}
ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
elements = (EncryptedElements) ai.getAssertion();
ai.setAsserted(true);
}
}
ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
celements = (ContentEncryptedElements) ai.getAssertion();
ai.setAsserted(true);
}
}
List<SecurePart> encryptedParts = new ArrayList<>();
if (parts != null) {
if (parts.isBody()) {
QName soapBody = new QName(WSSConstants.NS_SOAP12, "Body");
SecurePart securePart = new SecurePart(soapBody, Modifier.Content);
encryptedParts.add(securePart);
}
for (Header head : parts.getHeaders()) {
String localName = head.getName();
if (localName == null) {
localName = "*";
}
QName qname = new QName(head.getNamespace(), localName);
SecurePart securePart = new SecurePart(qname, Modifier.Element);
securePart.setRequired(false);
encryptedParts.add(securePart);
}
Attachments attachments = parts.getAttachments();
if (attachments != null) {
SecurePart securePart = new SecurePart("cid:Attachments", Modifier.Element);
if (MessageUtils.getContextualBoolean(message, SecurityConstants.USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM, false)) {
securePart.setModifier(Modifier.Content);
}
securePart.setRequired(false);
encryptedParts.add(securePart);
}
}
if (elements != null && elements.getXPaths() != null) {
for (XPath xPath : elements.getXPaths()) {
List<QName> qnames = org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath);
if (!qnames.isEmpty()) {
SecurePart securePart = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element);
encryptedParts.add(securePart);
}
}
}
if (celements != null && celements.getXPaths() != null) {
for (XPath xPath : celements.getXPaths()) {
List<QName> qnames = org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath);
if (!qnames.isEmpty()) {
SecurePart securePart = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Content);
encryptedParts.add(securePart);
}
}
}
return encryptedParts;
}
Also used :
XPath(org.apache.wss4j.policy.model.XPath)
EncryptedParts(org.apache.wss4j.policy.model.EncryptedParts)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
ContentEncryptedElements(org.apache.wss4j.policy.model.ContentEncryptedElements)
QName(javax.xml.namespace.QName)
ArrayList(java.util.ArrayList)
Attachments(org.apache.wss4j.policy.model.Attachments)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
ContentEncryptedElements(org.apache.wss4j.policy.model.ContentEncryptedElements)
EncryptedElements(org.apache.wss4j.policy.model.EncryptedElements)
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
Header(org.apache.wss4j.policy.model.Header)
Example 4 with Header
use of org.apache.wss4j.policy.model.Header in project cxf by apache.
the class RequiredPartsPolicyValidator method validatePolicies.
/**
* Validate policies.
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
Element header = parameters.getSoapHeader();
for (AssertionInfo ai : ais) {
RequiredParts rp = (RequiredParts) ai.getAssertion();
ai.setAsserted(true);
for (Header h : rp.getHeaders()) {
QName qName = new QName(h.getNamespace(), h.getName());
if (header == null || DOMUtils.getFirstChildWithName(header, qName) == null) {
ai.setNotAsserted("No header element of name " + qName + " found.");
}
}
}
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
Header(org.apache.wss4j.policy.model.Header)
QName(javax.xml.namespace.QName)
Element(org.w3c.dom.Element)
RequiredParts(org.apache.wss4j.policy.model.RequiredParts)
Example 5 with Header
use of org.apache.wss4j.policy.model.Header in project cxf by apache.
the class SecuredPartsPolicyValidator method validatePolicies.
/**
* Validate policies.
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
//
if (isTransportBinding(parameters.getAssertionInfoMap(), parameters.getMessage())) {
return;
}
Message msg = parameters.getMessage();
Element soapBody = parameters.getSoapBody();
Element header = parameters.getSoapHeader();
soapBody = (Element) DOMUtils.getDomElement(soapBody);
header = (Element) DOMUtils.getDomElement(header);
Collection<WSDataRef> dataRefs = parameters.getEncrypted();
if (coverageType == CoverageType.SIGNED) {
dataRefs = parameters.getSigned();
}
for (AssertionInfo ai : ais) {
if (ai.isAsserted()) {
// they are a child of a SupportingToken
continue;
}
AbstractSecuredParts p = (AbstractSecuredParts) ai.getAssertion();
ai.setAsserted(true);
if (p.isBody()) {
try {
if (coverageType == CoverageType.SIGNED) {
CryptoCoverageUtil.checkBodyCoverage(soapBody, dataRefs, CoverageType.SIGNED, CoverageScope.ELEMENT);
} else {
CryptoCoverageUtil.checkBodyCoverage(soapBody, dataRefs, CoverageType.ENCRYPTED, CoverageScope.CONTENT);
}
} catch (WSSecurityException e) {
ai.setNotAsserted("Soap Body is not " + coverageType);
continue;
}
}
for (Header h : p.getHeaders()) {
try {
CryptoCoverageUtil.checkHeaderCoverage(header, dataRefs, h.getNamespace(), h.getName(), coverageType, CoverageScope.ELEMENT);
} catch (WSSecurityException e) {
ai.setNotAsserted(h.getNamespace() + ":" + h.getName() + " not + " + coverageType);
}
}
Attachments attachments = p.getAttachments();
if (attachments != null) {
try {
CoverageScope scope = CoverageScope.ELEMENT;
if (attachments.isContentSignatureTransform()) {
scope = CoverageScope.CONTENT;
}
CryptoCoverageUtil.checkAttachmentsCoverage(msg.getAttachments(), dataRefs, coverageType, scope);
} catch (WSSecurityException e) {
ai.setNotAsserted("An attachment was not signed/encrypted");
}
}
}
}
Also used :
CoverageScope(org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
Message(org.apache.cxf.message.Message)
Header(org.apache.wss4j.policy.model.Header)
AbstractSecuredParts(org.apache.wss4j.policy.model.AbstractSecuredParts)
Element(org.w3c.dom.Element)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSDataRef(org.apache.wss4j.dom.WSDataRef)
Attachments(org.apache.wss4j.policy.model.Attachments)
Aggregations
Header (org.apache.wss4j.policy.model.Header)12
ArrayList (java.util.ArrayList)8
AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)7
QName (javax.xml.namespace.QName)5
Attachments (org.apache.wss4j.policy.model.Attachments)5
SignedParts (org.apache.wss4j.policy.model.SignedParts)5
Element (org.w3c.dom.Element)5
WSEncryptionPart (org.apache.wss4j.common.WSEncryptionPart)3
WSSecHeader (org.apache.wss4j.dom.message.WSSecHeader)3
XPath (org.apache.wss4j.policy.model.XPath)3
SecurePart (org.apache.xml.security.stax.ext.SecurePart)3
SOAPHeader (javax.xml.soap.SOAPHeader)2
AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)2
All (org.apache.neethi.All)2
ExactlyOne (org.apache.neethi.ExactlyOne)2
Policy (org.apache.neethi.Policy)2
ContentEncryptedElements (org.apache.wss4j.policy.model.ContentEncryptedElements)2
EncryptedElements (org.apache.wss4j.policy.model.EncryptedElements)2
EncryptedParts (org.apache.wss4j.policy.model.EncryptedParts)2
ProtectionToken (org.apache.wss4j.policy.model.ProtectionToken)2
