Example 6 with Header
use of org.apache.wss4j.policy.model.Header in project cxf by apache.
the class WSSCUnitTest method createSymmetricBindingPolicy.
// mock up a SymmetricBinding policy to talk to the STS
private Policy createSymmetricBindingPolicy() {
// Add Addressing policy
Policy p = new Policy();
ExactlyOne ea = new ExactlyOne();
p.addPolicyComponent(ea);
All all = new All();
all.addPolicyComponent(new PrimitiveAssertion(MetadataConstants.USING_ADDRESSING_2006_QNAME, false));
ea.addPolicyComponent(all);
// X509 Token
final X509Token x509Token = new X509Token(SPConstants.SPVersion.SP12, SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER, null, null, null, new Policy());
Policy x509Policy = new Policy();
ExactlyOne x509PolicyEa = new ExactlyOne();
x509Policy.addPolicyComponent(x509PolicyEa);
All x509PolicyAll = new All();
x509PolicyAll.addPolicyComponent(x509Token);
x509PolicyEa.addPolicyComponent(x509PolicyAll);
// AlgorithmSuite
Policy algSuitePolicy = new Policy();
ExactlyOne algSuitePolicyEa = new ExactlyOne();
algSuitePolicy.addPolicyComponent(algSuitePolicyEa);
All algSuitePolicyAll = new All();
algSuitePolicyAll.addAssertion(new PrimitiveAssertion(new QName(SP12Constants.SP_NS, SPConstants.ALGO_SUITE_BASIC128)));
algSuitePolicyEa.addPolicyComponent(algSuitePolicyAll);
AlgorithmSuite algorithmSuite = new AlgorithmSuite(SPConstants.SPVersion.SP12, algSuitePolicy);
// Symmetric Binding
Policy bindingPolicy = new Policy();
ExactlyOne bindingPolicyEa = new ExactlyOne();
bindingPolicy.addPolicyComponent(bindingPolicyEa);
All bindingPolicyAll = new All();
bindingPolicyAll.addPolicyComponent(new ProtectionToken(SPConstants.SPVersion.SP12, x509Policy));
bindingPolicyAll.addPolicyComponent(algorithmSuite);
bindingPolicyAll.addAssertion(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
bindingPolicyAll.addAssertion(new PrimitiveAssertion(SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
bindingPolicyEa.addPolicyComponent(bindingPolicyAll);
DefaultSymmetricBinding binding = new DefaultSymmetricBinding(SPConstants.SPVersion.SP12, bindingPolicy);
binding.setOnlySignEntireHeadersAndBody(true);
binding.setProtectTokens(false);
all.addPolicyComponent(binding);
List<Header> headers = new ArrayList<>();
SignedParts signedParts = new SignedParts(SPConstants.SPVersion.SP12, true, null, headers, false);
all.addPolicyComponent(signedParts);
return p;
}
Also used :
Policy(org.apache.neethi.Policy)
All(org.apache.neethi.All)
PrimitiveAssertion(org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion)
QName(javax.xml.namespace.QName)
ArrayList(java.util.ArrayList)
DefaultSymmetricBinding(org.apache.cxf.ws.security.trust.DefaultSymmetricBinding)
ExactlyOne(org.apache.neethi.ExactlyOne)
AlgorithmSuite(org.apache.wss4j.policy.model.AlgorithmSuite)
X509Token(org.apache.wss4j.policy.model.X509Token)
Header(org.apache.wss4j.policy.model.Header)
SignedParts(org.apache.wss4j.policy.model.SignedParts)
ProtectionToken(org.apache.wss4j.policy.model.ProtectionToken)
Example 7 with Header
use of org.apache.wss4j.policy.model.Header in project cxf by apache.
the class SecureConversationInInterceptor method getSignedParts.
private SignedParts getSignedParts(AssertionInfoMap aim, String addNs) {
AssertionInfo signedPartsAi = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_PARTS);
SignedParts signedParts = null;
if (signedPartsAi != null) {
signedParts = (SignedParts) signedPartsAi.getAssertion();
}
if (signedParts == null) {
List<Header> headers = new ArrayList<>();
if (addNs != null) {
headers.add(new Header("To", addNs));
headers.add(new Header("From", addNs));
headers.add(new Header("FaultTo", addNs));
headers.add(new Header("ReplyTo", addNs));
headers.add(new Header("Action", addNs));
headers.add(new Header("MessageID", addNs));
headers.add(new Header("RelatesTo", addNs));
}
signedParts = new SignedParts(SPConstants.SPVersion.SP12, true, null, headers, false);
}
return signedParts;
}
Also used :
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
Header(org.apache.wss4j.policy.model.Header)
ArrayList(java.util.ArrayList)
SignedParts(org.apache.wss4j.policy.model.SignedParts)
Example 8 with Header
use of org.apache.wss4j.policy.model.Header in project cxf by apache.
the class AbstractBindingBuilder method getEncryptedParts.
public List<WSEncryptionPart> getEncryptedParts() throws SOAPException {
EncryptedParts parts = null;
EncryptedElements elements = null;
ContentEncryptedElements celements = null;
Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.ENCRYPTED_PARTS);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
parts = (EncryptedParts) ai.getAssertion();
ai.setAsserted(true);
}
}
ais = getAllAssertionsByLocalname(SPConstants.ENCRYPTED_ELEMENTS);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
elements = (EncryptedElements) ai.getAssertion();
ai.setAsserted(true);
}
}
ais = getAllAssertionsByLocalname(SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
if (!ais.isEmpty()) {
for (AssertionInfo ai : ais) {
celements = (ContentEncryptedElements) ai.getAssertion();
ai.setAsserted(true);
}
}
if (parts == null && elements == null && celements == null) {
return new ArrayList<>();
}
List<WSEncryptionPart> securedParts = new ArrayList<>();
boolean isBody = false;
if (parts != null) {
isBody = parts.isBody();
for (Header head : parts.getHeaders()) {
WSEncryptionPart wep = new WSEncryptionPart(head.getName(), head.getNamespace(), "Header");
securedParts.add(wep);
}
Attachments attachments = parts.getAttachments();
if (attachments != null) {
String encModifier = "Element";
if (MessageUtils.getContextualBoolean(message, SecurityConstants.USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM, false)) {
encModifier = "Content";
}
WSEncryptionPart wep = new WSEncryptionPart("cid:Attachments", encModifier);
securedParts.add(wep);
}
}
// the encrypted list to prevent duplication / errors in encryption.
return getPartsAndElements(false, isBody, securedParts, elements == null ? null : elements.getXPaths(), celements == null ? null : celements.getXPaths());
}
Also used :
ContentEncryptedElements(org.apache.wss4j.policy.model.ContentEncryptedElements)
EncryptedElements(org.apache.wss4j.policy.model.EncryptedElements)
EncryptedParts(org.apache.wss4j.policy.model.EncryptedParts)
AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo)
WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart)
SOAPHeader(javax.xml.soap.SOAPHeader)
Header(org.apache.wss4j.policy.model.Header)
WSSecHeader(org.apache.wss4j.dom.message.WSSecHeader)
ContentEncryptedElements(org.apache.wss4j.policy.model.ContentEncryptedElements)
ArrayList(java.util.ArrayList)
Attachments(org.apache.wss4j.policy.model.Attachments)
Example 9 with Header
use of org.apache.wss4j.policy.model.Header in project cxf by apache.
the class AbstractSTSClient method cancel.
/**
* Make an "Cancel" invocation and return the response as a STSResponse Object
*/
protected STSResponse cancel(SecurityToken token) throws Exception {
createClient();
client.getRequestContext().clear();
client.getRequestContext().putAll(ctx);
client.getRequestContext().put(SecurityConstants.TOKEN, token);
BindingOperationInfo boi = findOperation("/RST/Cancel");
boolean attachTokenDirectly = true;
if (boi == null) {
attachTokenDirectly = false;
boi = findOperation("/RST/Issue");
Policy cancelPolicy = new Policy();
ExactlyOne one = new ExactlyOne();
cancelPolicy.addPolicyComponent(one);
All all = new All();
one.addPolicyComponent(all);
all.addAssertion(getAddressingAssertion());
final SecureConversationToken secureConversationToken = new SecureConversationToken(SPConstants.SPVersion.SP12, SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT, null, null, null, null);
secureConversationToken.setOptional(true);
class InternalProtectionToken extends ProtectionToken {
InternalProtectionToken(SPVersion version, Policy nestedPolicy) {
super(version, nestedPolicy);
super.setToken(secureConversationToken);
}
}
DefaultSymmetricBinding binding = new DefaultSymmetricBinding(SPConstants.SPVersion.SP12, new Policy());
all.addAssertion(binding);
all.addAssertion(getAddressingAssertion());
binding.setProtectionToken(new InternalProtectionToken(SPConstants.SPVersion.SP12, new Policy()));
binding.setIncludeTimestamp(true);
binding.setOnlySignEntireHeadersAndBody(true);
binding.setProtectTokens(false);
String addrNamespace = addressingNamespace;
if (addrNamespace == null) {
addrNamespace = "http://www.w3.org/2005/08/addressing";
}
List<Header> headers = new ArrayList<>();
headers.add(new Header("To", addrNamespace));
headers.add(new Header("From", addrNamespace));
headers.add(new Header("FaultTo", addrNamespace));
headers.add(new Header("ReplyTo", addrNamespace));
headers.add(new Header("Action", addrNamespace));
headers.add(new Header("MessageID", addrNamespace));
headers.add(new Header("RelatesTo", addrNamespace));
SignedParts parts = new SignedParts(SPConstants.SPVersion.SP12, true, null, headers, false);
parts.setOptional(true);
all.addPolicyComponent(parts);
client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, cancelPolicy);
}
if (isSecureConv) {
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/SCT/Cancel");
} else {
client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/Cancel");
}
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", namespace);
writer.writeNamespace("wst", namespace);
writer.writeStartElement("wst", "RequestType", namespace);
writer.writeCharacters(namespace + "/Cancel");
writer.writeEndElement();
writer.writeStartElement("wst", "CancelTarget", namespace);
Element el = null;
if (attachTokenDirectly) {
el = token.getToken();
} else {
el = token.getUnattachedReference();
if (el == null) {
el = token.getAttachedReference();
}
}
StaxUtils.copy(el, writer);
writer.writeEndElement();
writer.writeEndElement();
Object[] obj = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
return new STSResponse((DOMSource) obj[0], null);
}
Also used :
Policy(org.apache.neethi.Policy)
EffectivePolicy(org.apache.cxf.ws.policy.EffectivePolicy)
All(org.apache.neethi.All)
SPVersion(org.apache.wss4j.policy.SPConstants.SPVersion)
W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter)
BindingOperationInfo(org.apache.cxf.service.model.BindingOperationInfo)
DOMSource(javax.xml.transform.dom.DOMSource)
ExtensibilityElement(javax.wsdl.extensions.ExtensibilityElement)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
ModCountCopyOnWriteArrayList(org.apache.cxf.common.util.ModCountCopyOnWriteArrayList)
ExactlyOne(org.apache.neethi.ExactlyOne)
SecureConversationToken(org.apache.wss4j.policy.model.SecureConversationToken)
Header(org.apache.wss4j.policy.model.Header)
SignedParts(org.apache.wss4j.policy.model.SignedParts)
ProtectionToken(org.apache.wss4j.policy.model.ProtectionToken)
Example 10 with Header
use of org.apache.wss4j.policy.model.Header in project cxf by apache.
the class StaxTransportBindingHandler method signPartsAndElements.
/**
* Identifies the portions of the message to be signed/encrypted.
*/
private void signPartsAndElements(SignedParts signedParts, SignedElements signedElements) throws SOAPException {
WSSSecurityProperties properties = getProperties();
List<SecurePart> signatureParts = properties.getSignatureSecureParts();
// Add timestamp
if (timestampAdded) {
SecurePart part = new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
signatureParts.add(part);
}
// Add SignedParts
if (signedParts != null) {
if (signedParts.isBody()) {
SecurePart part = new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"), Modifier.Element);
signatureParts.add(part);
}
for (Header head : signedParts.getHeaders()) {
SecurePart part = new SecurePart(new QName(head.getNamespace(), head.getName()), Modifier.Element);
part.setRequired(false);
signatureParts.add(part);
}
}
// Handle SignedElements
if (signedElements != null && signedElements.getXPaths() != null) {
for (XPath xPath : signedElements.getXPaths()) {
List<QName> qnames = org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath);
if (!qnames.isEmpty()) {
SecurePart part = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element);
signatureParts.add(part);
}
}
}
}
Also used :
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
XPath(org.apache.wss4j.policy.model.XPath)
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
Header(org.apache.wss4j.policy.model.Header)
QName(javax.xml.namespace.QName)
Aggregations
Header (org.apache.wss4j.policy.model.Header)12
ArrayList (java.util.ArrayList)8
AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)7
QName (javax.xml.namespace.QName)5
Attachments (org.apache.wss4j.policy.model.Attachments)5
SignedParts (org.apache.wss4j.policy.model.SignedParts)5
Element (org.w3c.dom.Element)5
WSEncryptionPart (org.apache.wss4j.common.WSEncryptionPart)3
WSSecHeader (org.apache.wss4j.dom.message.WSSecHeader)3
XPath (org.apache.wss4j.policy.model.XPath)3
SecurePart (org.apache.xml.security.stax.ext.SecurePart)3
SOAPHeader (javax.xml.soap.SOAPHeader)2
AssertionInfoMap (org.apache.cxf.ws.policy.AssertionInfoMap)2
All (org.apache.neethi.All)2
ExactlyOne (org.apache.neethi.ExactlyOne)2
Policy (org.apache.neethi.Policy)2
ContentEncryptedElements (org.apache.wss4j.policy.model.ContentEncryptedElements)2
EncryptedElements (org.apache.wss4j.policy.model.EncryptedElements)2
EncryptedParts (org.apache.wss4j.policy.model.EncryptedParts)2
ProtectionToken (org.apache.wss4j.policy.model.ProtectionToken)2
