use of org.apache.wss4j.policy.model.Wss11 in project cxf by apache.
the class AbstractBindingBuilder method addSignatureConfirmation.
protected void addSignatureConfirmation(List<WSEncryptionPart> sigParts) {
Wss10 wss10 = getWss10();
if (!(wss10 instanceof Wss11) || !((Wss11) wss10).isRequireSignatureConfirmation()) {
// If we don't require sig confirmation simply go back :-)
return;
}
List<WSHandlerResult> results = CastUtils.cast((List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
/*
* loop over all results gathered by all handlers in the chain. For each
* handler result get the various actions. After that loop we have all
* signature results in the signatureActions list
*/
List<WSSecurityEngineResult> signatureActions = new ArrayList<>();
for (WSHandlerResult wshResult : results) {
if (wshResult.getActionResults().containsKey(WSConstants.SIGN)) {
signatureActions.addAll(wshResult.getActionResults().get(WSConstants.SIGN));
}
if (wshResult.getActionResults().containsKey(WSConstants.UT_SIGN)) {
signatureActions.addAll(wshResult.getActionResults().get(WSConstants.UT_SIGN));
}
}
sigConfList = new ArrayList<>();
// prepare a SignatureConfirmation token
WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation(secHeader);
wsc.setIdAllocator(wssConfig.getIdAllocator());
if (!signatureActions.isEmpty()) {
for (WSSecurityEngineResult wsr : signatureActions) {
byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
wsc.setSignatureValue(sigVal);
wsc.prepare();
addSupportingElement(wsc.getSignatureConfirmationElement());
if (sigParts != null) {
WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
part.setElement(wsc.getSignatureConfirmationElement());
sigParts.add(part);
sigConfList.add(part);
}
}
} else {
// No Sig value
wsc.prepare();
addSupportingElement(wsc.getSignatureConfirmationElement());
if (sigParts != null) {
WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
part.setElement(wsc.getSignatureConfirmationElement());
sigParts.add(part);
sigConfList.add(part);
}
}
assertPolicy(new QName(wss10.getName().getNamespaceURI(), SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
}
use of org.apache.wss4j.policy.model.Wss11 in project cxf by apache.
the class AbstractBindingBuilder method setKeyIdentifierType.
public void setKeyIdentifierType(WSSecBase secBase, AbstractToken token) {
boolean tokenTypeSet = false;
if (token instanceof X509Token) {
X509Token x509Token = (X509Token) token;
if (x509Token.isRequireIssuerSerialReference()) {
secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
tokenTypeSet = true;
} else if (x509Token.isRequireKeyIdentifierReference()) {
secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
tokenTypeSet = true;
} else if (x509Token.isRequireThumbprintReference()) {
secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
tokenTypeSet = true;
}
} else if (token instanceof KeyValueToken) {
secBase.setKeyIdentifierType(WSConstants.KEY_VALUE);
tokenTypeSet = true;
}
assertToken(token);
if (!tokenTypeSet) {
boolean requestor = isRequestor();
if (token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_NEVER || token instanceof X509Token && ((token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT && !requestor) || (token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR && requestor))) {
Wss10 wss = getWss10();
assertPolicy(wss);
if (wss == null || wss.isMustSupportRefKeyIdentifier()) {
secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
} else if (wss.isMustSupportRefIssuerSerial()) {
secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
} else if (wss instanceof Wss11 && ((Wss11) wss).isMustSupportRefThumbprint()) {
secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
} else {
secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
}
} else {
secBase.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
}
}
}
use of org.apache.wss4j.policy.model.Wss11 in project cxf by apache.
the class AbstractStaxBindingHandler method addSignatureConfirmation.
protected void addSignatureConfirmation(List<SecurePart> sigParts) {
Wss10 wss10 = getWss10();
if (!(wss10 instanceof Wss11) || !((Wss11) wss10).isRequireSignatureConfirmation()) {
// If we don't require sig confirmation simply go back :-)
return;
}
// Enable SignatureConfirmation
if (isRequestor()) {
properties.setEnableSignatureConfirmationVerification(true);
} else {
properties.getActions().add(WSSConstants.SIGNATURE_CONFIRMATION);
}
if (sigParts != null) {
SecurePart securePart = new SecurePart(WSSConstants.TAG_WSSE11_SIG_CONF, Modifier.Element);
sigParts.add(securePart);
}
signatureConfirmationAdded = true;
}
use of org.apache.wss4j.policy.model.Wss11 in project cxf by apache.
the class WSS11PolicyValidator method validatePolicies.
/**
* Validate policies.
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
List<WSSecurityEngineResult> scResults = parameters.getResults().getActionResults().get(WSConstants.SC);
for (AssertionInfo ai : ais) {
Wss11 wss11 = (Wss11) ai.getAssertion();
ai.setAsserted(true);
assertToken(wss11, parameters.getAssertionInfoMap());
if (!MessageUtils.isRequestor(parameters.getMessage())) {
continue;
}
if ((wss11.isRequireSignatureConfirmation() && (scResults == null || scResults.isEmpty())) || (!wss11.isRequireSignatureConfirmation() && !(scResults == null || scResults.isEmpty()))) {
ai.setNotAsserted("Signature Confirmation policy validation failed");
continue;
}
}
}
use of org.apache.wss4j.policy.model.Wss11 in project cxf by apache.
the class AbstractCommonBindingHandler method assertWSSProperties.
protected void assertWSSProperties(String namespace) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> wss10Ais = aim.get(new QName(namespace, SPConstants.WSS10));
if (wss10Ais != null) {
for (AssertionInfo ai : wss10Ais) {
ai.setAsserted(true);
Wss10 wss10 = (Wss10) ai.getAssertion();
assertWSS10Properties(wss10);
}
}
Collection<AssertionInfo> wss11Ais = aim.get(new QName(namespace, SPConstants.WSS11));
if (wss11Ais != null) {
for (AssertionInfo ai : wss11Ais) {
ai.setAsserted(true);
Wss11 wss11 = (Wss11) ai.getAssertion();
assertWSS10Properties(wss11);
if (wss11.isMustSupportRefThumbprint()) {
assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_THUMBPRINT));
}
if (wss11.isMustSupportRefEncryptedKey()) {
assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY));
}
if (wss11.isRequireSignatureConfirmation()) {
assertPolicy(new QName(namespace, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
}
}
}
}
Aggregations