use of org.apache.wss4j.policy.model.Wss10 in project cxf by apache.
the class AbstractBindingBuilder method addSignatureConfirmation.
protected void addSignatureConfirmation(List<WSEncryptionPart> sigParts) {
Wss10 wss10 = getWss10();
if (!(wss10 instanceof Wss11) || !((Wss11) wss10).isRequireSignatureConfirmation()) {
// If we don't require sig confirmation simply go back :-)
return;
}
List<WSHandlerResult> results = CastUtils.cast((List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
/*
* loop over all results gathered by all handlers in the chain. For each
* handler result get the various actions. After that loop we have all
* signature results in the signatureActions list
*/
List<WSSecurityEngineResult> signatureActions = new ArrayList<>();
for (WSHandlerResult wshResult : results) {
if (wshResult.getActionResults().containsKey(WSConstants.SIGN)) {
signatureActions.addAll(wshResult.getActionResults().get(WSConstants.SIGN));
}
if (wshResult.getActionResults().containsKey(WSConstants.UT_SIGN)) {
signatureActions.addAll(wshResult.getActionResults().get(WSConstants.UT_SIGN));
}
}
sigConfList = new ArrayList<>();
// prepare a SignatureConfirmation token
WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation(secHeader);
wsc.setIdAllocator(wssConfig.getIdAllocator());
if (!signatureActions.isEmpty()) {
for (WSSecurityEngineResult wsr : signatureActions) {
byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
wsc.setSignatureValue(sigVal);
wsc.prepare();
addSupportingElement(wsc.getSignatureConfirmationElement());
if (sigParts != null) {
WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
part.setElement(wsc.getSignatureConfirmationElement());
sigParts.add(part);
sigConfList.add(part);
}
}
} else {
// No Sig value
wsc.prepare();
addSupportingElement(wsc.getSignatureConfirmationElement());
if (sigParts != null) {
WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
part.setElement(wsc.getSignatureConfirmationElement());
sigParts.add(part);
sigConfList.add(part);
}
}
assertPolicy(new QName(wss10.getName().getNamespaceURI(), SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
}
use of org.apache.wss4j.policy.model.Wss10 in project cxf by apache.
the class AbstractBindingBuilder method setKeyIdentifierType.
public void setKeyIdentifierType(WSSecBase secBase, AbstractToken token) {
boolean tokenTypeSet = false;
if (token instanceof X509Token) {
X509Token x509Token = (X509Token) token;
if (x509Token.isRequireIssuerSerialReference()) {
secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
tokenTypeSet = true;
} else if (x509Token.isRequireKeyIdentifierReference()) {
secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
tokenTypeSet = true;
} else if (x509Token.isRequireThumbprintReference()) {
secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
tokenTypeSet = true;
}
} else if (token instanceof KeyValueToken) {
secBase.setKeyIdentifierType(WSConstants.KEY_VALUE);
tokenTypeSet = true;
}
assertToken(token);
if (!tokenTypeSet) {
boolean requestor = isRequestor();
if (token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_NEVER || token instanceof X509Token && ((token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT && !requestor) || (token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR && requestor))) {
Wss10 wss = getWss10();
assertPolicy(wss);
if (wss == null || wss.isMustSupportRefKeyIdentifier()) {
secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
} else if (wss.isMustSupportRefIssuerSerial()) {
secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
} else if (wss instanceof Wss11 && ((Wss11) wss).isMustSupportRefThumbprint()) {
secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
} else {
secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
}
} else {
secBase.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
}
}
}
use of org.apache.wss4j.policy.model.Wss10 in project cxf by apache.
the class AbstractCommonBindingHandler method getWss10.
protected Wss10 getWss10() {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.WSS10);
if (ai == null) {
ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.WSS11);
}
if (ai != null) {
return (Wss10) ai.getAssertion();
}
return null;
}
use of org.apache.wss4j.policy.model.Wss10 in project cxf by apache.
the class AbstractStaxBindingHandler method addSignatureConfirmation.
protected void addSignatureConfirmation(List<SecurePart> sigParts) {
Wss10 wss10 = getWss10();
if (!(wss10 instanceof Wss11) || !((Wss11) wss10).isRequireSignatureConfirmation()) {
// If we don't require sig confirmation simply go back :-)
return;
}
// Enable SignatureConfirmation
if (isRequestor()) {
properties.setEnableSignatureConfirmationVerification(true);
} else {
properties.getActions().add(WSSConstants.SIGNATURE_CONFIRMATION);
}
if (sigParts != null) {
SecurePart securePart = new SecurePart(WSSConstants.TAG_WSSE11_SIG_CONF, Modifier.Element);
sigParts.add(securePart);
}
signatureConfirmationAdded = true;
}
use of org.apache.wss4j.policy.model.Wss10 in project cxf by apache.
the class AbstractCommonBindingHandler method assertWSSProperties.
protected void assertWSSProperties(String namespace) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> wss10Ais = aim.get(new QName(namespace, SPConstants.WSS10));
if (wss10Ais != null) {
for (AssertionInfo ai : wss10Ais) {
ai.setAsserted(true);
Wss10 wss10 = (Wss10) ai.getAssertion();
assertWSS10Properties(wss10);
}
}
Collection<AssertionInfo> wss11Ais = aim.get(new QName(namespace, SPConstants.WSS11));
if (wss11Ais != null) {
for (AssertionInfo ai : wss11Ais) {
ai.setAsserted(true);
Wss11 wss11 = (Wss11) ai.getAssertion();
assertWSS10Properties(wss11);
if (wss11.isMustSupportRefThumbprint()) {
assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_THUMBPRINT));
}
if (wss11.isMustSupportRefEncryptedKey()) {
assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY));
}
if (wss11.isRequireSignatureConfirmation()) {
assertPolicy(new QName(namespace, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
}
}
}
}
Aggregations