use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class StaxActionInInterceptor method handleMessage.
@Override
public void handleMessage(SoapMessage soapMessage) throws Fault {
if (inActions == null || inActions.isEmpty()) {
return;
}
@SuppressWarnings("unchecked") final List<SecurityEvent> incomingSecurityEventList = (List<SecurityEvent>) soapMessage.get(SecurityEvent.class.getName() + ".in");
if (incomingSecurityEventList == null) {
LOG.warning("Security processing failed (actions mismatch)");
WSSecurityException ex = new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR);
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex);
}
// First check for a SOAP Fault with no security header if we are the client
if (MessageUtils.isRequestor(soapMessage) && isEventInResults(WSSecurityEventConstants.NO_SECURITY, incomingSecurityEventList)) {
OperationSecurityEvent securityEvent = (OperationSecurityEvent) findEvent(WSSecurityEventConstants.OPERATION, incomingSecurityEventList);
if (securityEvent != null && soapMessage.getVersion().getFault().equals(securityEvent.getOperation())) {
LOG.warning("Request does not contain Security header, but it's a fault.");
return;
}
}
for (XMLSecurityConstants.Action action : inActions) {
Event requiredEvent = null;
if (WSSConstants.TIMESTAMP.equals(action)) {
requiredEvent = WSSecurityEventConstants.TIMESTAMP;
} else if (WSSConstants.USERNAMETOKEN.equals(action)) {
requiredEvent = WSSecurityEventConstants.USERNAME_TOKEN;
} else if (XMLSecurityConstants.SIGNATURE.equals(action)) {
requiredEvent = WSSecurityEventConstants.SignatureValue;
} else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) || WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) {
requiredEvent = WSSecurityEventConstants.SAML_TOKEN;
}
if (requiredEvent != null && !isEventInResults(requiredEvent, incomingSecurityEventList)) {
LOG.warning("Security processing failed (actions mismatch)");
WSSecurityException ex = new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR);
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex);
}
if (XMLSecurityConstants.ENCRYPT.equals(action)) {
boolean foundEncryptionPart = isEventInResults(WSSecurityEventConstants.ENCRYPTED_PART, incomingSecurityEventList);
if (!foundEncryptionPart) {
foundEncryptionPart = isEventInResults(WSSecurityEventConstants.EncryptedElement, incomingSecurityEventList);
}
if (!foundEncryptionPart) {
LOG.warning("Security processing failed (actions mismatch)");
WSSecurityException ex = new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR);
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex);
}
}
}
}
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class StaxCryptoCoverageChecker method checkEncryptedUsernameToken.
private void checkEncryptedUsernameToken(List<SecurityEvent> results) throws WSSecurityException {
if (!encryptUsernameToken) {
return;
}
boolean isUsernameTokenEncrypted = false;
for (SecurityEvent encryptedEvent : results) {
AbstractSecuredElementSecurityEvent securedEvent = (AbstractSecuredElementSecurityEvent) encryptedEvent;
if (!securedEvent.isEncrypted()) {
continue;
}
List<QName> encryptedPath = securedEvent.getElementPath();
if (isUsernameToken(encryptedPath)) {
isUsernameTokenEncrypted = true;
break;
}
}
if (!isUsernameTokenEncrypted) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("The UsernameToken is not encrypted"));
}
}
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class StaxCryptoCoverageChecker method checkEncryptedBody.
private void checkEncryptedBody(List<SecurityEvent> results) throws WSSecurityException {
if (!encryptBody) {
return;
}
boolean isBodyEncrypted = false;
for (SecurityEvent signedEvent : results) {
AbstractSecuredElementSecurityEvent securedEvent = (AbstractSecuredElementSecurityEvent) signedEvent;
if (!securedEvent.isEncrypted()) {
continue;
}
List<QName> encryptedPath = securedEvent.getElementPath();
if (isBody(encryptedPath)) {
isBodyEncrypted = true;
break;
}
}
if (!isBodyEncrypted) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("The SOAP Body is not encrypted"));
}
}
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class StaxCryptoCoverageChecker method checkSignedUsernameToken.
private void checkSignedUsernameToken(List<SecurityEvent> results) throws WSSecurityException {
if (!signUsernameToken) {
return;
}
boolean isUsernameTokenSigned = false;
for (SecurityEvent signedEvent : results) {
AbstractSecuredElementSecurityEvent securedEvent = (AbstractSecuredElementSecurityEvent) signedEvent;
if (!securedEvent.isSigned()) {
continue;
}
List<QName> signedPath = securedEvent.getElementPath();
if (isUsernameToken(signedPath)) {
isUsernameTokenSigned = true;
break;
}
}
if (!isUsernameTokenSigned) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("The UsernameToken is not signed"));
}
}
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class StaxCryptoCoverageChecker method checkSignedBody.
private void checkSignedBody(List<SecurityEvent> results) throws WSSecurityException {
if (!signBody) {
return;
}
boolean isBodySigned = false;
for (SecurityEvent signedEvent : results) {
AbstractSecuredElementSecurityEvent securedEvent = (AbstractSecuredElementSecurityEvent) signedEvent;
if (!securedEvent.isSigned()) {
continue;
}
List<QName> signedPath = securedEvent.getElementPath();
if (isBody(signedPath)) {
isBodySigned = true;
break;
}
}
if (!isBodySigned) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("The SOAP Body is not signed"));
}
}
Aggregations