Examples with Wss11 org.apache.wss4j.policy.model.Wss11 used on opensource projects

Example 1 with Wss11

use of org.apache.wss4j.policy.model.Wss11 in project cxf by apache.

the class AbstractBindingBuilder method addSignatureConfirmation.

protected void addSignatureConfirmation(List<WSEncryptionPart> sigParts) {
    Wss10 wss10 = getWss10();
    if (!(wss10 instanceof Wss11) || !((Wss11) wss10).isRequireSignatureConfirmation()) {
        // If we don't require sig confirmation simply go back :-)
        return;
    }
    List<WSHandlerResult> results = CastUtils.cast((List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
    /*
         * loop over all results gathered by all handlers in the chain. For each
         * handler result get the various actions. After that loop we have all
         * signature results in the signatureActions list
         */
    List<WSSecurityEngineResult> signatureActions = new ArrayList<>();
    for (WSHandlerResult wshResult : results) {
        if (wshResult.getActionResults().containsKey(WSConstants.SIGN)) {
            signatureActions.addAll(wshResult.getActionResults().get(WSConstants.SIGN));
        }
        if (wshResult.getActionResults().containsKey(WSConstants.UT_SIGN)) {
            signatureActions.addAll(wshResult.getActionResults().get(WSConstants.UT_SIGN));
        }
    }
    sigConfList = new ArrayList<>();
    // prepare a SignatureConfirmation token
    WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation(secHeader);
    wsc.setIdAllocator(wssConfig.getIdAllocator());
    if (!signatureActions.isEmpty()) {
        for (WSSecurityEngineResult wsr : signatureActions) {
            byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
            wsc.setSignatureValue(sigVal);
            wsc.prepare();
            addSupportingElement(wsc.getSignatureConfirmationElement());
            if (sigParts != null) {
                WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
                part.setElement(wsc.getSignatureConfirmationElement());
                sigParts.add(part);
                sigConfList.add(part);
            }
        }
    } else {
        // No Sig value
        wsc.prepare();
        addSupportingElement(wsc.getSignatureConfirmationElement());
        if (sigParts != null) {
            WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
            part.setElement(wsc.getSignatureConfirmationElement());
            sigParts.add(part);
            sigConfList.add(part);
        }
    }
    assertPolicy(new QName(wss10.getName().getNamespaceURI(), SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
}

Example 2 with Wss11

use of org.apache.wss4j.policy.model.Wss11 in project cxf by apache.

the class AbstractBindingBuilder method setKeyIdentifierType.

public void setKeyIdentifierType(WSSecBase secBase, AbstractToken token) {
    boolean tokenTypeSet = false;
    if (token instanceof X509Token) {
        X509Token x509Token = (X509Token) token;
        if (x509Token.isRequireIssuerSerialReference()) {
            secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
            tokenTypeSet = true;
        } else if (x509Token.isRequireKeyIdentifierReference()) {
            secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
            tokenTypeSet = true;
        } else if (x509Token.isRequireThumbprintReference()) {
            secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
            tokenTypeSet = true;
        }
    } else if (token instanceof KeyValueToken) {
        secBase.setKeyIdentifierType(WSConstants.KEY_VALUE);
        tokenTypeSet = true;
    }
    assertToken(token);
    if (!tokenTypeSet) {
        boolean requestor = isRequestor();
        if (token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_NEVER || token instanceof X509Token && ((token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT && !requestor) || (token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR && requestor))) {
            Wss10 wss = getWss10();
            assertPolicy(wss);
            if (wss == null || wss.isMustSupportRefKeyIdentifier()) {
                secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
            } else if (wss.isMustSupportRefIssuerSerial()) {
                secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
            } else if (wss instanceof Wss11 && ((Wss11) wss).isMustSupportRefThumbprint()) {
                secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
            } else {
                secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
            }
        } else {
            secBase.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
        }
    }
}

Example 3 with Wss11

use of org.apache.wss4j.policy.model.Wss11 in project cxf by apache.

the class AbstractStaxBindingHandler method addSignatureConfirmation.

protected void addSignatureConfirmation(List<SecurePart> sigParts) {
    Wss10 wss10 = getWss10();
    if (!(wss10 instanceof Wss11) || !((Wss11) wss10).isRequireSignatureConfirmation()) {
        // If we don't require sig confirmation simply go back :-)
        return;
    }
    // Enable SignatureConfirmation
    if (isRequestor()) {
        properties.setEnableSignatureConfirmationVerification(true);
    } else {
        properties.getActions().add(WSSConstants.SIGNATURE_CONFIRMATION);
    }
    if (sigParts != null) {
        SecurePart securePart = new SecurePart(WSSConstants.TAG_WSSE11_SIG_CONF, Modifier.Element);
        sigParts.add(securePart);
    }
    signatureConfirmationAdded = true;
}

Example 4 with Wss11

use of org.apache.wss4j.policy.model.Wss11 in project cxf by apache.

the class WSS11PolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    List<WSSecurityEngineResult> scResults = parameters.getResults().getActionResults().get(WSConstants.SC);
    for (AssertionInfo ai : ais) {
        Wss11 wss11 = (Wss11) ai.getAssertion();
        ai.setAsserted(true);
        assertToken(wss11, parameters.getAssertionInfoMap());
        if (!MessageUtils.isRequestor(parameters.getMessage())) {
            continue;
        }
        if ((wss11.isRequireSignatureConfirmation() && (scResults == null || scResults.isEmpty())) || (!wss11.isRequireSignatureConfirmation() && !(scResults == null || scResults.isEmpty()))) {
            ai.setNotAsserted("Signature Confirmation policy validation failed");
            continue;
        }
    }
}

Example 5 with Wss11

use of org.apache.wss4j.policy.model.Wss11 in project cxf by apache.

the class AbstractCommonBindingHandler method assertWSSProperties.

protected void assertWSSProperties(String namespace) {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    Collection<AssertionInfo> wss10Ais = aim.get(new QName(namespace, SPConstants.WSS10));
    if (wss10Ais != null) {
        for (AssertionInfo ai : wss10Ais) {
            ai.setAsserted(true);
            Wss10 wss10 = (Wss10) ai.getAssertion();
            assertWSS10Properties(wss10);
        }
    }
    Collection<AssertionInfo> wss11Ais = aim.get(new QName(namespace, SPConstants.WSS11));
    if (wss11Ais != null) {
        for (AssertionInfo ai : wss11Ais) {
            ai.setAsserted(true);
            Wss11 wss11 = (Wss11) ai.getAssertion();
            assertWSS10Properties(wss11);
            if (wss11.isMustSupportRefThumbprint()) {
                assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_THUMBPRINT));
            }
            if (wss11.isMustSupportRefEncryptedKey()) {
                assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY));
            }
            if (wss11.isRequireSignatureConfirmation()) {
                assertPolicy(new QName(namespace, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
            }
        }
    }
}