Example 6 with SecurityEvent
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class StaxActionInInterceptor method handleMessage.
@Override
public void handleMessage(SoapMessage soapMessage) throws Fault {
if (inActions == null || inActions.isEmpty()) {
return;
}
@SuppressWarnings("unchecked") final List<SecurityEvent> incomingSecurityEventList = (List<SecurityEvent>) soapMessage.get(SecurityEvent.class.getName() + ".in");
if (incomingSecurityEventList == null) {
LOG.warning("Security processing failed (actions mismatch)");
WSSecurityException ex = new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR);
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex);
}
// First check for a SOAP Fault with no security header if we are the client
if (MessageUtils.isRequestor(soapMessage) && isEventInResults(WSSecurityEventConstants.NO_SECURITY, incomingSecurityEventList)) {
OperationSecurityEvent securityEvent = (OperationSecurityEvent) findEvent(WSSecurityEventConstants.OPERATION, incomingSecurityEventList);
if (securityEvent != null && soapMessage.getVersion().getFault().equals(securityEvent.getOperation())) {
LOG.warning("Request does not contain Security header, but it's a fault.");
return;
}
}
for (XMLSecurityConstants.Action action : inActions) {
Event requiredEvent = null;
if (WSSConstants.TIMESTAMP.equals(action)) {
requiredEvent = WSSecurityEventConstants.TIMESTAMP;
} else if (WSSConstants.USERNAMETOKEN.equals(action)) {
requiredEvent = WSSecurityEventConstants.USERNAME_TOKEN;
} else if (XMLSecurityConstants.SIGNATURE.equals(action)) {
requiredEvent = WSSecurityEventConstants.SignatureValue;
} else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) || WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) {
requiredEvent = WSSecurityEventConstants.SAML_TOKEN;
}
if (requiredEvent != null && !isEventInResults(requiredEvent, incomingSecurityEventList)) {
LOG.warning("Security processing failed (actions mismatch)");
WSSecurityException ex = new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR);
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex);
}
if (XMLSecurityConstants.ENCRYPT.equals(action)) {
boolean foundEncryptionPart = isEventInResults(WSSecurityEventConstants.ENCRYPTED_PART, incomingSecurityEventList);
if (!foundEncryptionPart) {
foundEncryptionPart = isEventInResults(WSSecurityEventConstants.EncryptedElement, incomingSecurityEventList);
}
if (!foundEncryptionPart) {
LOG.warning("Security processing failed (actions mismatch)");
WSSecurityException ex = new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR);
throw WSS4JUtils.createSoapFault(soapMessage, soapMessage.getVersion(), ex);
}
}
}
}
Also used :
OperationSecurityEvent(org.apache.wss4j.stax.securityEvent.OperationSecurityEvent)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
XMLSecurityConstants(org.apache.xml.security.stax.ext.XMLSecurityConstants)
OperationSecurityEvent(org.apache.wss4j.stax.securityEvent.OperationSecurityEvent)
Event(org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event)
OperationSecurityEvent(org.apache.wss4j.stax.securityEvent.OperationSecurityEvent)
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
List(java.util.List)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 7 with SecurityEvent
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class StaxCryptoCoverageChecker method checkEncryptedUsernameToken.
private void checkEncryptedUsernameToken(List<SecurityEvent> results) throws WSSecurityException {
if (!encryptUsernameToken) {
return;
}
boolean isUsernameTokenEncrypted = false;
for (SecurityEvent encryptedEvent : results) {
AbstractSecuredElementSecurityEvent securedEvent = (AbstractSecuredElementSecurityEvent) encryptedEvent;
if (!securedEvent.isEncrypted()) {
continue;
}
List<QName> encryptedPath = securedEvent.getElementPath();
if (isUsernameToken(encryptedPath)) {
isUsernameTokenEncrypted = true;
break;
}
}
if (!isUsernameTokenEncrypted) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("The UsernameToken is not encrypted"));
}
}
Also used :
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
AbstractSecuredElementSecurityEvent(org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)
AbstractSecuredElementSecurityEvent(org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)
QName(javax.xml.namespace.QName)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 8 with SecurityEvent
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class StaxCryptoCoverageChecker method checkEncryptedBody.
private void checkEncryptedBody(List<SecurityEvent> results) throws WSSecurityException {
if (!encryptBody) {
return;
}
boolean isBodyEncrypted = false;
for (SecurityEvent signedEvent : results) {
AbstractSecuredElementSecurityEvent securedEvent = (AbstractSecuredElementSecurityEvent) signedEvent;
if (!securedEvent.isEncrypted()) {
continue;
}
List<QName> encryptedPath = securedEvent.getElementPath();
if (isBody(encryptedPath)) {
isBodyEncrypted = true;
break;
}
}
if (!isBodyEncrypted) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("The SOAP Body is not encrypted"));
}
}
Also used :
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
AbstractSecuredElementSecurityEvent(org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)
AbstractSecuredElementSecurityEvent(org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)
QName(javax.xml.namespace.QName)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 9 with SecurityEvent
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class StaxCryptoCoverageChecker method checkSignedUsernameToken.
private void checkSignedUsernameToken(List<SecurityEvent> results) throws WSSecurityException {
if (!signUsernameToken) {
return;
}
boolean isUsernameTokenSigned = false;
for (SecurityEvent signedEvent : results) {
AbstractSecuredElementSecurityEvent securedEvent = (AbstractSecuredElementSecurityEvent) signedEvent;
if (!securedEvent.isSigned()) {
continue;
}
List<QName> signedPath = securedEvent.getElementPath();
if (isUsernameToken(signedPath)) {
isUsernameTokenSigned = true;
break;
}
}
if (!isUsernameTokenSigned) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("The UsernameToken is not signed"));
}
}
Also used :
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
AbstractSecuredElementSecurityEvent(org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)
AbstractSecuredElementSecurityEvent(org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)
QName(javax.xml.namespace.QName)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 10 with SecurityEvent
use of org.apache.xml.security.stax.securityEvent.SecurityEvent in project cxf by apache.
the class StaxCryptoCoverageChecker method checkSignedBody.
private void checkSignedBody(List<SecurityEvent> results) throws WSSecurityException {
if (!signBody) {
return;
}
boolean isBodySigned = false;
for (SecurityEvent signedEvent : results) {
AbstractSecuredElementSecurityEvent securedEvent = (AbstractSecuredElementSecurityEvent) signedEvent;
if (!securedEvent.isSigned()) {
continue;
}
List<QName> signedPath = securedEvent.getElementPath();
if (isBody(signedPath)) {
isBodySigned = true;
break;
}
}
if (!isBodySigned) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("The SOAP Body is not signed"));
}
}
Also used :
SecurityEvent(org.apache.xml.security.stax.securityEvent.SecurityEvent)
AbstractSecuredElementSecurityEvent(org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)
AbstractSecuredElementSecurityEvent(org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)
QName(javax.xml.namespace.QName)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Aggregations
SecurityEvent (org.apache.xml.security.stax.securityEvent.SecurityEvent)18
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)11
AbstractSecuredElementSecurityEvent (org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent)8
List (java.util.List)7
QName (javax.xml.namespace.QName)7
LinkedList (java.util.LinkedList)5
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)5
SecurityEventListener (org.apache.xml.security.stax.securityEvent.SecurityEventListener)5
TokenSecurityEvent (org.apache.xml.security.stax.securityEvent.TokenSecurityEvent)4
ArrayList (java.util.ArrayList)3
XMLStreamException (javax.xml.stream.XMLStreamException)3
X509Certificate (java.security.cert.X509Certificate)2
SecurityContext (org.apache.cxf.security.SecurityContext)2
WSSPolicyException (org.apache.wss4j.common.WSSPolicyException)2
Crypto (org.apache.wss4j.common.crypto.Crypto)2
WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)2
WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)2
Event (org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event)2
OutputStream (java.io.OutputStream)1
Principal (java.security.Principal)1
