use of org.apache.wss4j.policy.model.X509Token in project cxf by apache.
the class X509TokenPolicyValidator method validatePolicies.
/**
* Validate policies.
*/
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
List<WSSecurityEngineResult> bstResults = parameters.getResults().getActionResults().get(WSConstants.BST);
for (AssertionInfo ai : ais) {
X509Token x509TokenPolicy = (X509Token) ai.getAssertion();
ai.setAsserted(true);
assertToken(x509TokenPolicy, parameters.getAssertionInfoMap());
if (!isTokenRequired(x509TokenPolicy, parameters.getMessage())) {
continue;
}
if ((bstResults == null || bstResults.isEmpty()) && parameters.getSignedResults().isEmpty()) {
ai.setNotAsserted("The received token does not match the token inclusion requirement");
continue;
}
if (!checkTokenType(x509TokenPolicy.getTokenType(), bstResults, parameters.getSignedResults())) {
ai.setNotAsserted("An incorrect X.509 Token Type is detected");
continue;
}
}
}
Aggregations