You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2016/01/08 11:45:47 UTC
svn commit: r1723677 -
/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/
Author: coheigea
Date: Fri Jan 8 10:45:47 2016
New Revision: 1723677
URL: http://svn.apache.org/viewvc?rev=1723677&view=rev
Log:
More checkstyle work
Modified:
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ContentEncryptedElementsAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedElementsAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/LayoutAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ProtectionOrderAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignatureProtectionAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java Fri Jan 8 10:45:47 2016
@@ -72,155 +72,156 @@ public class AlgorithmSuiteAssertionStat
AlgorithmSuite algorithmSuite = (AlgorithmSuite) getAssertion();
XMLSecurityConstants.AlgorithmUsage keyUsage = algorithmSuiteSecurityEvent.getAlgorithmUsage();
+ int keyLength = algorithmSuiteSecurityEvent.getKeyLength();
+ String algorithmURI = algorithmSuiteSecurityEvent.getAlgorithmURI();
if (WSSConstants.Sym_Sig.equals(keyUsage)) {
if (algorithmSuite.getSymmetricSignature() != null
- && !algorithmSuite.getSymmetricSignature().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ && !algorithmSuite.getSymmetricSignature().equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("Symmetric signature algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("Symmetric signature algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
if (algorithmSuite.getAlgorithmSuiteType() != null) {
if (!algorithmSuiteSecurityEvent.isDerivedKey()
- && (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > algorithmSuiteSecurityEvent.getKeyLength()
- || algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < algorithmSuiteSecurityEvent.getKeyLength())) {
+ && (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > keyLength
+ || algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < keyLength)) {
setAsserted(false);
- setErrorMessage("Symmetric signature algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
+ setErrorMessage("Symmetric signature algorithm key length " + keyLength + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
} else if (algorithmSuiteSecurityEvent.isDerivedKey()
- && algorithmSuite.getAlgorithmSuiteType().getSignatureDerivedKeyLength() != algorithmSuiteSecurityEvent.getKeyLength()) {
+ && algorithmSuite.getAlgorithmSuiteType().getSignatureDerivedKeyLength() != keyLength) {
setAsserted(false);
- setErrorMessage("Symmetric signature algorithm derived key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
+ setErrorMessage("Symmetric signature algorithm derived key length " + keyLength + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
}
} else if (WSSConstants.Asym_Sig.equals(keyUsage)) {
if (algorithmSuite.getAsymmetricSignature() != null
- && !algorithmSuite.getAsymmetricSignature().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ && !algorithmSuite.getAsymmetricSignature().equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("Asymmetric algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("Asymmetric algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
if (algorithmSuite.getAlgorithmSuiteType() != null
- && (algorithmSuite.getAlgorithmSuiteType().getMinimumAsymmetricKeyLength() > algorithmSuiteSecurityEvent.getKeyLength()
- || algorithmSuite.getAlgorithmSuiteType().getMaximumAsymmetricKeyLength() < algorithmSuiteSecurityEvent.getKeyLength())) {
+ && (algorithmSuite.getAlgorithmSuiteType().getMinimumAsymmetricKeyLength() > keyLength
+ || algorithmSuite.getAlgorithmSuiteType().getMaximumAsymmetricKeyLength() < keyLength)) {
setAsserted(false);
- setErrorMessage("Asymmetric signature algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
+ setErrorMessage("Asymmetric signature algorithm key length " + keyLength + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
} else if (WSSConstants.SigDig.equals(keyUsage)) {
if (algorithmSuite.getAlgorithmSuiteType() != null
- && !algorithmSuite.getAlgorithmSuiteType().getDigest().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ && !algorithmSuite.getAlgorithmSuiteType().getDigest().equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("Digest algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("Digest algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
} else if (WSSConstants.Enc.equals(keyUsage)) {
if (algorithmSuite.getAlgorithmSuiteType() != null
- && !algorithmSuite.getAlgorithmSuiteType().getEncryption().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ && !algorithmSuite.getAlgorithmSuiteType().getEncryption().equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("Encryption algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("Encryption algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
if (algorithmSuite.getAlgorithmSuiteType() != null) {
if (!algorithmSuiteSecurityEvent.isDerivedKey()
- && (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > algorithmSuiteSecurityEvent.getKeyLength()
- || algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < algorithmSuiteSecurityEvent.getKeyLength())) {
+ && (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > keyLength
+ || algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < keyLength)) {
setAsserted(false);
- setErrorMessage("Symmetric encryption algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
+ setErrorMessage("Symmetric encryption algorithm key length " + keyLength + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
} else if (algorithmSuiteSecurityEvent.isDerivedKey()
- && algorithmSuite.getAlgorithmSuiteType().getEncryptionDerivedKeyLength() != algorithmSuiteSecurityEvent.getKeyLength()) {
+ && algorithmSuite.getAlgorithmSuiteType().getEncryptionDerivedKeyLength() != keyLength) {
setAsserted(false);
- setErrorMessage("Symmetric encryption algorithm derived key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
+ setErrorMessage("Symmetric encryption algorithm derived key length " + keyLength + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
}
} else if (WSSConstants.Sym_Key_Wrap.equals(keyUsage)) {
if (algorithmSuite.getAlgorithmSuiteType() != null
- && !algorithmSuite.getAlgorithmSuiteType().getSymmetricKeyWrap().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ && !algorithmSuite.getAlgorithmSuiteType().getSymmetricKeyWrap().equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("Symmetric key wrap algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("Symmetric key wrap algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
if (algorithmSuite.getAlgorithmSuiteType() != null
- && (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > algorithmSuiteSecurityEvent.getKeyLength()
- || algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < algorithmSuiteSecurityEvent.getKeyLength())) {
+ && (algorithmSuite.getAlgorithmSuiteType().getMinimumSymmetricKeyLength() > keyLength
+ || algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() < keyLength)) {
setAsserted(false);
- setErrorMessage("Symmetric key wrap algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
+ setErrorMessage("Symmetric key wrap algorithm key length " + keyLength + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
} else if (WSSConstants.Asym_Key_Wrap.equals(keyUsage)) {
if (algorithmSuite.getAlgorithmSuiteType() != null
- && !algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ && !algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap().equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("Asymmetric key wrap algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("Asymmetric key wrap algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
if (algorithmSuite.getAlgorithmSuiteType() != null
- && (algorithmSuite.getAlgorithmSuiteType().getMinimumAsymmetricKeyLength() > algorithmSuiteSecurityEvent.getKeyLength()
- || algorithmSuite.getAlgorithmSuiteType().getMaximumAsymmetricKeyLength() < algorithmSuiteSecurityEvent.getKeyLength())) {
+ && (algorithmSuite.getAlgorithmSuiteType().getMinimumAsymmetricKeyLength() > keyLength
+ || algorithmSuite.getAlgorithmSuiteType().getMaximumAsymmetricKeyLength() < keyLength)) {
setAsserted(false);
- setErrorMessage("Asymmetric key wrap algorithm key length " + algorithmSuiteSecurityEvent.getKeyLength() + " does not meet policy");
+ setErrorMessage("Asymmetric key wrap algorithm key length " + keyLength + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
} else if (WSSConstants.Comp_Key.equals(keyUsage)) {
if (algorithmSuite.getComputedKey() != null
- && !algorithmSuite.getComputedKey().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ && !algorithmSuite.getComputedKey().equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("Computed key algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("Computed key algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
} else if (WSSConstants.Enc_KD.equals(keyUsage)) {
if (algorithmSuite.getAlgorithmSuiteType() != null
- && !algorithmSuite.getAlgorithmSuiteType().getEncryptionKeyDerivation().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ && !algorithmSuite.getAlgorithmSuiteType().getEncryptionKeyDerivation().equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("Encryption key derivation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("Encryption key derivation algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
} else if (WSSConstants.Sig_KD.equals(keyUsage)) {
if (algorithmSuite.getAlgorithmSuiteType() != null
- && !algorithmSuite.getAlgorithmSuiteType().getSignatureKeyDerivation().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ && !algorithmSuite.getAlgorithmSuiteType().getSignatureKeyDerivation().equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("Signature key derivation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("Signature key derivation algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
} else if (WSSConstants.SigC14n.equals(keyUsage)) {
if (algorithmSuite.getC14n() != null
- && !algorithmSuite.getC14n().getValue().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ && !algorithmSuite.getC14n().getValue().equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("C14N algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("C14N algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
} else if (WSSConstants.SigTransform.equals(keyUsage)) {
if (algorithmSuite.getC14n() != null
- && !algorithmSuite.getC14n().getValue().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())
- && !WSSConstants.NS_C14N_EXCL.equals(algorithmSuiteSecurityEvent.getAlgorithmURI())
- && !WSSConstants.SOAPMESSAGE_NS10_STRTransform.equals(algorithmSuiteSecurityEvent.getAlgorithmURI())
- && !WSSConstants.SWA_ATTACHMENT_CONTENT_SIG_TRANS.equals(algorithmSuiteSecurityEvent.getAlgorithmURI())
- && !WSSConstants.SWA_ATTACHMENT_COMPLETE_SIG_TRANS.equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ && !algorithmSuite.getC14n().getValue().equals(algorithmURI)
+ && !WSSConstants.NS_C14N_EXCL.equals(algorithmURI)
+ && !WSSConstants.SOAPMESSAGE_NS10_STRTransform.equals(algorithmURI)
+ && !WSSConstants.SWA_ATTACHMENT_CONTENT_SIG_TRANS.equals(algorithmURI)
+ && !WSSConstants.SWA_ATTACHMENT_COMPLETE_SIG_TRANS.equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("Transform C14N algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("Transform C14N algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
} else if (WSSConstants.Soap_Norm.equals(keyUsage)) {
if (algorithmSuite.getSoapNormType() != null
- && !algorithmSuite.getSoapNormType().getValue().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ && !algorithmSuite.getSoapNormType().getValue().equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("Soap normalization algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("Soap normalization algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
} else if (WSSConstants.STR_Trans.equals(keyUsage)) {
if (algorithmSuite.getStrType() != null
- && !algorithmSuite.getStrType().getValue().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ && !algorithmSuite.getStrType().getValue().equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("STR transformation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("STR transformation algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
- } else if (WSSConstants.XPath.equals(keyUsage) &&
- algorithmSuite.getXPathType() != null &&
- !algorithmSuite.getXPathType().getValue().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ } else if (WSSConstants.XPath.equals(keyUsage) && algorithmSuite.getXPathType() != null
+ && !algorithmSuite.getXPathType().getValue().equals(algorithmURI)) {
setAsserted(false);
- setErrorMessage("XPath algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ setErrorMessage("XPath algorithm " + algorithmURI + " does not meet policy");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ContentEncryptedElementsAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ContentEncryptedElementsAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ContentEncryptedElementsAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ContentEncryptedElementsAssertionState.java Fri Jan 8 10:45:47 2016
@@ -91,7 +91,8 @@ public class ContentEncryptedElementsAss
} else {
//an element must be encrypted but isn't
setAsserted(false);
- setErrorMessage("Content of element " + WSSUtils.pathAsString(contentEncryptedElementSecurityEvent.getElementPath()) + " must be encrypted");
+ setErrorMessage("Content of element " + WSSUtils.pathAsString(contentEncryptedElementSecurityEvent.getElementPath())
+ + " must be encrypted");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
return false;
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedElementsAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedElementsAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedElementsAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/EncryptedElementsAssertionState.java Fri Jan 8 10:45:47 2016
@@ -93,7 +93,8 @@ public class EncryptedElementsAssertionS
} else {
//an element must be encrypted but isn't
setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(encryptedElementSecurityEvent.getElementPath()) + " must be encrypted");
+ setErrorMessage("Element " + WSSUtils.pathAsString(encryptedElementSecurityEvent.getElementPath())
+ + " must be encrypted");
policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
return false;
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java Fri Jan 8 10:45:47 2016
@@ -69,7 +69,8 @@ public class HttpsTokenAssertionState ex
HttpsToken httpsToken = (HttpsToken) abstractToken;
if (httpsToken.getIssuerName() != null && !httpsToken.getIssuerName().equals(httpsTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + httpsToken.getIssuerName() + ") didn't match with the one in the HttpsToken (" + httpsTokenSecurityEvent.getIssuerName() + ")");
+ setErrorMessage("IssuerName in Policy (" + httpsToken.getIssuerName() + ") didn't match with the one in the HttpsToken ("
+ + httpsTokenSecurityEvent.getIssuerName() + ")");
getPolicyAsserter().unassertPolicy(getAssertion(), getErrorMessage());
return false;
}
@@ -78,8 +79,10 @@ public class HttpsTokenAssertionState ex
switch (httpsToken.getAuthenticationType()) {
case HttpBasicAuthentication:
- if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication) {
- setErrorMessage("Policy enforces HttpBasicAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
+ if (httpsTokenSecurityEvent.getAuthenticationType()
+ != HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication) {
+ setErrorMessage("Policy enforces HttpBasicAuthentication but we got "
+ + httpsTokenSecurityEvent.getAuthenticationType());
getPolicyAsserter().unassertPolicy(new QName(namespace, SPConstants.HTTP_BASIC_AUTHENTICATION),
getErrorMessage());
return false;
@@ -87,8 +90,10 @@ public class HttpsTokenAssertionState ex
getPolicyAsserter().assertPolicy(new QName(namespace, SPConstants.HTTP_BASIC_AUTHENTICATION));
break;
case HttpDigestAuthentication:
- if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpDigestAuthentication) {
- setErrorMessage("Policy enforces HttpDigestAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
+ if (httpsTokenSecurityEvent.getAuthenticationType()
+ != HttpsTokenSecurityEvent.AuthenticationType.HttpDigestAuthentication) {
+ setErrorMessage("Policy enforces HttpDigestAuthentication but we got "
+ + httpsTokenSecurityEvent.getAuthenticationType());
getPolicyAsserter().unassertPolicy(new QName(namespace, SPConstants.HTTP_DIGEST_AUTHENTICATION),
getErrorMessage());
return false;
@@ -96,8 +101,10 @@ public class HttpsTokenAssertionState ex
getPolicyAsserter().assertPolicy(new QName(namespace, SPConstants.HTTP_DIGEST_AUTHENTICATION));
break;
case RequireClientCertificate:
- if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication) {
- setErrorMessage("Policy enforces HttpClientCertificateAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
+ if (httpsTokenSecurityEvent.getAuthenticationType()
+ != HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication) {
+ setErrorMessage("Policy enforces HttpClientCertificateAuthentication but we got "
+ + httpsTokenSecurityEvent.getAuthenticationType());
getPolicyAsserter().unassertPolicy(new QName(namespace, SPConstants.REQUIRE_CLIENT_CERTIFICATE),
getErrorMessage());
return false;
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/IssuedTokenAssertionState.java Fri Jan 8 10:45:47 2016
@@ -80,10 +80,10 @@ public class IssuedTokenAssertionState e
IssuedTokenSecurityEvent<? extends SecurityToken> issuedTokenSecurityEvent
= (IssuedTokenSecurityEvent<? extends SecurityToken>) tokenSecurityEvent;
try {
- if (issuedToken.getIssuerName() != null &&
- !issuedToken.getIssuerName().equals(issuedTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + issuedToken.getIssuerName() +
- ") didn't match with the one in the IssuedToken (" + issuedTokenSecurityEvent.getIssuerName() + ")");
+ if (issuedToken.getIssuerName() != null
+ && !issuedToken.getIssuerName().equals(issuedTokenSecurityEvent.getIssuerName())) {
+ setErrorMessage("IssuerName in Policy (" + issuedToken.getIssuerName()
+ + ") didn't match with the one in the IssuedToken (" + issuedTokenSecurityEvent.getIssuerName() + ")");
getPolicyAsserter().unassertPolicy(getAssertion(), getErrorMessage());
return false;
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KerberosTokenAssertionState.java Fri Jan 8 10:45:47 2016
@@ -74,9 +74,10 @@ public class KerberosTokenAssertionState
KerberosTokenSecurityEvent kerberosTokenSecurityEvent = (KerberosTokenSecurityEvent) tokenSecurityEvent;
KerberosServiceSecurityToken kerberosServiceSecurityToken = kerberosTokenSecurityEvent.getSecurityToken();
- if (kerberosToken.getIssuerName() != null &&
- !kerberosToken.getIssuerName().equals(kerberosTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + kerberosToken.getIssuerName() + ") didn't match with the one in the IssuedToken (" + kerberosTokenSecurityEvent.getIssuerName() + ")");
+ if (kerberosToken.getIssuerName() != null
+ && !kerberosToken.getIssuerName().equals(kerberosTokenSecurityEvent.getIssuerName())) {
+ setErrorMessage("IssuerName in Policy (" + kerberosToken.getIssuerName() + ") didn't match with the one in the IssuedToken ("
+ + kerberosTokenSecurityEvent.getIssuerName() + ")");
getPolicyAsserter().unassertPolicy(getAssertion(), getErrorMessage());
return false;
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/KeyValueTokenAssertionState.java Fri Jan 8 10:45:47 2016
@@ -72,8 +72,8 @@ public class KeyValueTokenAssertionState
String namespace = getAssertion().getName().getNamespaceURI();
if (keyValueToken.isRsaKeyValue()) {
if (!(keyValueTokenSecurityEvent.getSecurityToken() instanceof RsaKeyValueSecurityToken)) {
- setErrorMessage("Policy enforces that a RsaKeyValue must be present in the KeyValueToken but we got a " +
- keyValueTokenSecurityEvent.getSecurityToken().getClass().getSimpleName());
+ setErrorMessage("Policy enforces that a RsaKeyValue must be present in the KeyValueToken but we got a "
+ + keyValueTokenSecurityEvent.getSecurityToken().getClass().getSimpleName());
getPolicyAsserter().unassertPolicy(new QName(namespace, SPConstants.RSA_KEY_VALUE),
getErrorMessage());
return false;
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/LayoutAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/LayoutAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/LayoutAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/LayoutAssertionState.java Fri Jan 8 10:45:47 2016
@@ -65,18 +65,18 @@ public class LayoutAssertionState extend
//todo?
break;
case LaxTsFirst:
- if (occuredEvents.isEmpty() &&
- !WSSecurityEventConstants.Timestamp.equals(securityEvent.getSecurityEventType())) {
+ if (occuredEvents.isEmpty()
+ && !WSSecurityEventConstants.Timestamp.equals(securityEvent.getSecurityEventType())) {
setAsserted(false);
- setErrorMessage("Policy enforces " + layout.getLayoutType() + " but " +
- securityEvent.getSecurityEventType() + " occured first");
+ setErrorMessage("Policy enforces " + layout.getLayoutType() + " but "
+ + securityEvent.getSecurityEventType() + " occured first");
}
break;
case LaxTsLast:
if (occuredEvents.contains(WSSecurityEventConstants.Timestamp)) {
setAsserted(false);
- setErrorMessage("Policy enforces " + layout.getLayoutType() + " but " +
- securityEvent.getSecurityEventType() + " occured last");
+ setErrorMessage("Policy enforces " + layout.getLayoutType() + " but "
+ + securityEvent.getSecurityEventType() + " occured last");
}
break;
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java Fri Jan 8 10:45:47 2016
@@ -76,7 +76,8 @@ public class OnlySignEntireHeadersAndBod
AbstractSecuredElementSecurityEvent abstractSecuredElementSecurityEvent = (AbstractSecuredElementSecurityEvent) securityEvent;
if (abstractSecuredElementSecurityEvent.isSigned() && !abstractSecuredElementSecurityEvent.isAttachment()) {
List<QName> elementPath = abstractSecuredElementSecurityEvent.getElementPath();
- if (elementPath.size() == 4 && WSSUtils.isInSecurityHeader(abstractSecuredElementSecurityEvent.getXmlSecEvent(), elementPath, roleOrActor)) {
+ if (elementPath.size() == 4 && WSSUtils.isInSecurityHeader(abstractSecuredElementSecurityEvent.getXmlSecEvent(),
+ elementPath, roleOrActor)) {
setAsserted(true);
policyAsserter.assertPolicy(new QName(namespace, SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
return true;
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ProtectionOrderAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ProtectionOrderAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ProtectionOrderAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/ProtectionOrderAssertionState.java Fri Jan 8 10:45:47 2016
@@ -58,15 +58,14 @@ public class ProtectionOrderAssertionSta
if (asserted) {
String namespace = getAssertion().getName().getNamespaceURI();
- AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder = ((AbstractSymmetricAsymmetricBinding) getAssertion()).getProtectionOrder();
+ AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder =
+ ((AbstractSymmetricAsymmetricBinding) getAssertion()).getProtectionOrder();
switch (protectionOrder) {
- case SignBeforeEncrypting: {
+ case SignBeforeEncrypting:
policyAsserter.assertPolicy(new QName(namespace, SPConstants.SIGN_BEFORE_ENCRYPTING));
break;
- }
- case EncryptBeforeSigning: {
+ case EncryptBeforeSigning:
policyAsserter.assertPolicy(new QName(namespace, SPConstants.ENCRYPT_BEFORE_SIGNING));
- }
break;
}
}
@@ -85,7 +84,8 @@ public class ProtectionOrderAssertionSta
@Override
public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
- AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder = ((AbstractSymmetricAsymmetricBinding) getAssertion()).getProtectionOrder();
+ AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder =
+ ((AbstractSymmetricAsymmetricBinding) getAssertion()).getProtectionOrder();
SecurityEventConstants.Event event = securityEvent.getSecurityEventType();
if (WSSecurityEventConstants.SignedElement.equals(event)) {
SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
@@ -116,7 +116,8 @@ public class ProtectionOrderAssertionSta
List<XMLSecurityConstants.ContentType> contentTypes = encryptedPartSecurityEvent.getProtectionOrder();
testProtectionOrder(protectionOrder, contentTypes, encryptedPartSecurityEvent.getElementPath());
} else if (WSSecurityEventConstants.ContentEncrypted.equals(event)) {
- ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = (ContentEncryptedElementSecurityEvent) securityEvent;
+ ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent =
+ (ContentEncryptedElementSecurityEvent) securityEvent;
if (!contentEncryptedElementSecurityEvent.isEncrypted()) {
return true;
}
@@ -126,36 +127,37 @@ public class ProtectionOrderAssertionSta
return isAsserted();
}
- private void testProtectionOrder(AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder, List<XMLSecurityConstants.ContentType> contentTypes, List<QName> elementPath) {
+ private void testProtectionOrder(AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder,
+ List<XMLSecurityConstants.ContentType> contentTypes, List<QName> elementPath) {
String namespace = getAssertion().getName().getNamespaceURI();
switch (protectionOrder) {
- case SignBeforeEncrypting: {
+ case SignBeforeEncrypting:
int lastSignature = contentTypes.lastIndexOf(XMLSecurityConstants.ContentType.SIGNATURE);
int firstEncryption = contentTypes.indexOf(XMLSecurityConstants.ContentType.ENCRYPTION);
if (firstEncryption >= 0 && firstEncryption < lastSignature) {
setAsserted(false);
- setErrorMessage("Policy enforces " + protectionOrder + " but the " + WSSUtils.pathAsString(elementPath) + " was encrypted and then signed");
+ setErrorMessage("Policy enforces " + protectionOrder + " but the " + WSSUtils.pathAsString(elementPath)
+ + " was encrypted and then signed");
policyAsserter.unassertPolicy(new QName(namespace, SPConstants.SIGN_BEFORE_ENCRYPTING),
getErrorMessage());
} else {
policyAsserter.assertPolicy(new QName(namespace, SPConstants.SIGN_BEFORE_ENCRYPTING));
}
break;
- }
- case EncryptBeforeSigning: {
+ case EncryptBeforeSigning:
int lastEncryption = contentTypes.lastIndexOf(XMLSecurityConstants.ContentType.ENCRYPTION);
int firstSignature = contentTypes.indexOf(XMLSecurityConstants.ContentType.SIGNATURE);
if (firstSignature >= 0 && firstSignature < lastEncryption) {
setAsserted(false);
- setErrorMessage("Policy enforces " + protectionOrder + " but the " + WSSUtils.pathAsString(elementPath) + " was signed and then encrypted");
+ setErrorMessage("Policy enforces " + protectionOrder + " but the " + WSSUtils.pathAsString(elementPath)
+ + " was signed and then encrypted");
policyAsserter.unassertPolicy(new QName(namespace, SPConstants.ENCRYPT_BEFORE_SIGNING),
getErrorMessage());
} else {
policyAsserter.assertPolicy(new QName(namespace, SPConstants.ENCRYPT_BEFORE_SIGNING));
}
break;
- }
}
}
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/RelTokenAssertionState.java Fri Jan 8 10:45:47 2016
@@ -58,7 +58,8 @@ public class RelTokenAssertionState exte
RelToken relToken = (RelToken) abstractToken;
if (relToken.getIssuerName() != null && !relToken.getIssuerName().equals(relTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + relToken.getIssuerName() + ") didn't match with the one in the RelToken (" + relTokenSecurityEvent.getIssuerName() + ")");
+ setErrorMessage("IssuerName in Policy (" + relToken.getIssuerName() + ") didn't match with the one in the RelToken ("
+ + relTokenSecurityEvent.getIssuerName() + ")");
getPolicyAsserter().unassertPolicy(getAssertion(), getErrorMessage());
return false;
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SamlTokenAssertionState.java Fri Jan 8 10:45:47 2016
@@ -35,6 +35,7 @@ import org.apache.wss4j.stax.securityEve
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.SecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenConstants.KeyIdentifier;
/**
* WSP1.3, 5.4.8 SamlToken Assertion
@@ -75,15 +76,18 @@ public class SamlTokenAssertionState ext
SamlToken samlToken = (SamlToken) abstractToken;
if (samlToken.getIssuerName() != null && !samlToken.getIssuerName().equals(samlTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + samlToken.getIssuerName() + ") didn't match with the one in the SamlToken (" + samlTokenSecurityEvent.getIssuerName() + ")");
+ setErrorMessage("IssuerName in Policy (" + samlToken.getIssuerName() + ") didn't match with the one in the SamlToken ("
+ + samlTokenSecurityEvent.getIssuerName() + ")");
getPolicyAsserter().unassertPolicy(getAssertion(), getErrorMessage());
return false;
}
String namespace = getAssertion().getName().getNamespaceURI();
if (samlToken.isRequireKeyIdentifierReference()) {
- if (!WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier.equals(samlTokenSecurityEvent.getSecurityToken().getKeyIdentifier())) {
- setErrorMessage("Policy enforces KeyIdentifierReference but we got " + samlTokenSecurityEvent.getSecurityToken().getTokenType());
+ KeyIdentifier keyIdentifier = samlTokenSecurityEvent.getSecurityToken().getKeyIdentifier();
+ if (!WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier.equals(keyIdentifier)) {
+ setErrorMessage("Policy enforces KeyIdentifierReference but we got "
+ + samlTokenSecurityEvent.getSecurityToken().getTokenType());
getPolicyAsserter().unassertPolicy(new QName(namespace, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE),
getErrorMessage());
return false;
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SecurityContextTokenAssertionState.java Fri Jan 8 10:45:47 2016
@@ -73,8 +73,10 @@ public class SecurityContextTokenAsserti
SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = (SecurityContextTokenSecurityEvent) tokenSecurityEvent;
SecurityContextToken securityContextToken = (SecurityContextToken) abstractToken;
- if (securityContextToken.getIssuerName() != null && !securityContextToken.getIssuerName().equals(securityContextTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + securityContextToken.getIssuerName() + ") didn't match with the one in the SecurityContextToken (" + securityContextTokenSecurityEvent.getIssuerName() + ")");
+ if (securityContextToken.getIssuerName() != null
+ && !securityContextToken.getIssuerName().equals(securityContextTokenSecurityEvent.getIssuerName())) {
+ setErrorMessage("IssuerName in Policy (" + securityContextToken.getIssuerName()
+ + ") didn't match with the one in the SecurityContextToken (" + securityContextTokenSecurityEvent.getIssuerName() + ")");
getPolicyAsserter().unassertPolicy(getAssertion(), getErrorMessage());
return false;
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignatureProtectionAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignatureProtectionAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignatureProtectionAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SignatureProtectionAssertionState.java Fri Jan 8 10:45:47 2016
@@ -212,7 +212,8 @@ public class SignatureProtectionAssertio
return true;
} else {
setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(encryptedElementSecurityEvent.getElementPath()) + " must not be encrypted");
+ setErrorMessage("Element " + WSSUtils.pathAsString(encryptedElementSecurityEvent.getElementPath())
+ + " must not be encrypted");
policyAsserter.unassertPolicy(new QName(namespace, SPConstants.ENCRYPT_SIGNATURE),
getErrorMessage());
return false;
@@ -220,7 +221,8 @@ public class SignatureProtectionAssertio
} else {
if (abstractSymmetricAsymmetricBinding.isEncryptSignature()) {
setAsserted(false);
- setErrorMessage("Element " + WSSUtils.pathAsString(encryptedElementSecurityEvent.getElementPath()) + " must be encrypted");
+ setErrorMessage("Element " + WSSUtils.pathAsString(encryptedElementSecurityEvent.getElementPath())
+ + " must be encrypted");
policyAsserter.unassertPolicy(new QName(namespace, SPConstants.ENCRYPT_SIGNATURE),
getErrorMessage());
return false;
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/SpnegoContextTokenAssertionState.java Fri Jan 8 10:45:47 2016
@@ -62,7 +62,9 @@ public class SpnegoContextTokenAssertion
SecurityContextTokenSecurityEvent spnegoContextTokenSecurityEvent = (SecurityContextTokenSecurityEvent) tokenSecurityEvent;
if (spnegoContextToken.getIssuerName() != null
&& !spnegoContextToken.getIssuerName().equals(spnegoContextTokenSecurityEvent.getIssuerName())) {
- setErrorMessage("IssuerName in Policy (" + spnegoContextToken.getIssuerName() + ") didn't match with the one in the IssuedToken (" + spnegoContextTokenSecurityEvent.getIssuerName() + ")");
+ setErrorMessage("IssuerName in Policy (" + spnegoContextToken.getIssuerName()
+ + ") didn't match with the one in the IssuedToken ("
+ + spnegoContextTokenSecurityEvent.getIssuerName() + ")");
getPolicyAsserter().unassertPolicy(getAssertion(), getErrorMessage());
return false;
}
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java Fri Jan 8 10:45:47 2016
@@ -101,8 +101,7 @@ public abstract class TokenAssertionStat
&& !(parentAssertion instanceof TransportToken)) {
ignoreToken++;
continue loop;
- }
- else if (!initiator && !(parentAssertion instanceof InitiatorToken)
+ } else if (!initiator && !(parentAssertion instanceof InitiatorToken)
&& !(parentAssertion instanceof InitiatorSignatureToken)
&& !(parentAssertion instanceof SignatureToken)
&& !(parentAssertion instanceof ProtectionToken)
@@ -111,7 +110,7 @@ public abstract class TokenAssertionStat
continue loop;
}
} else if (WSSecurityTokenConstants.TokenUsage_Signature.equals(tokenUsage)) {
- throw new WSSPolicyException("Illegal token usage!");
+ throw new WSSPolicyException("Illegal token usage!");
} else if (WSSecurityTokenConstants.TokenUsage_MainEncryption.equals(tokenUsage)) {
if (initiator && !(parentAssertion instanceof InitiatorToken)
&& !(parentAssertion instanceof InitiatorEncryptionToken)
@@ -120,8 +119,7 @@ public abstract class TokenAssertionStat
&& !(parentAssertion instanceof TransportToken)) {
ignoreToken++;
continue loop;
- }
- else if (!initiator && !(parentAssertion instanceof RecipientToken)
+ } else if (!initiator && !(parentAssertion instanceof RecipientToken)
&& !(parentAssertion instanceof RecipientEncryptionToken)
&& !(parentAssertion instanceof EncryptionToken)
&& !(parentAssertion instanceof ProtectionToken)
@@ -130,16 +128,16 @@ public abstract class TokenAssertionStat
continue loop;
}
} else if (WSSecurityTokenConstants.TokenUsage_Encryption.equals(tokenUsage)) {
- throw new WSSPolicyException("Illegal token usage!");
- } else if (WSSecurityTokenConstants.TokenUsage_SupportingTokens.equals(tokenUsage) ||
- WSSecurityTokenConstants.TokenUsage_SignedSupportingTokens.equals(tokenUsage) ||
- WSSecurityTokenConstants.TokenUsage_EndorsingSupportingTokens.equals(tokenUsage) ||
- WSSecurityTokenConstants.TokenUsage_SignedEndorsingSupportingTokens.equals(tokenUsage) ||
- WSSecurityTokenConstants.TokenUsage_SignedEncryptedSupportingTokens.equals(tokenUsage) ||
- WSSecurityTokenConstants.TokenUsage_EncryptedSupportingTokens.equals(tokenUsage) ||
- WSSecurityTokenConstants.TokenUsage_EndorsingEncryptedSupportingTokens.equals(tokenUsage) ||
- WSSecurityTokenConstants.TokenUsage_SignedEndorsingEncryptedSupportingTokens.equals(tokenUsage)
- ) {
+ throw new WSSPolicyException("Illegal token usage!");
+ } else if (WSSecurityTokenConstants.TokenUsage_SupportingTokens.equals(tokenUsage)
+ || WSSecurityTokenConstants.TokenUsage_SignedSupportingTokens.equals(tokenUsage)
+ || WSSecurityTokenConstants.TokenUsage_EndorsingSupportingTokens.equals(tokenUsage)
+ || WSSecurityTokenConstants.TokenUsage_SignedEndorsingSupportingTokens.equals(tokenUsage)
+ || WSSecurityTokenConstants.TokenUsage_SignedEncryptedSupportingTokens.equals(tokenUsage)
+ || WSSecurityTokenConstants.TokenUsage_EncryptedSupportingTokens.equals(tokenUsage)
+ || WSSecurityTokenConstants.TokenUsage_EndorsingEncryptedSupportingTokens.equals(tokenUsage)
+ || WSSecurityTokenConstants.TokenUsage_SignedEndorsingEncryptedSupportingTokens.equals(tokenUsage)
+ ) {
if (parentAssertion instanceof TransportToken) {
continue loop;
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenProtectionAssertionState.java Fri Jan 8 10:45:47 2016
@@ -115,13 +115,15 @@ public class TokenProtectionAssertionSta
boolean signsItsSignatureToken = signsItsSignatureToken(securityToken);
if (protectTokens && !signsItsSignatureToken) {
setAsserted(false);
- setErrorMessage("Token " + WSSUtils.pathAsString(((InboundSecurityToken)securityToken).getElementPath()) + " must be signed by its signature.");
+ setErrorMessage("Token " + WSSUtils.pathAsString(((InboundSecurityToken)securityToken).getElementPath())
+ + " must be signed by its signature.");
policyAsserter.unassertPolicy(new QName(namespace, SPConstants.PROTECT_TOKENS),
getErrorMessage());
return false;
} else if (!protectTokens && signsItsSignatureToken) {
setAsserted(false);
- setErrorMessage("Token " + WSSUtils.pathAsString(((InboundSecurityToken)securityToken).getElementPath()) + " must not be signed by its signature.");
+ setErrorMessage("Token " + WSSUtils.pathAsString(((InboundSecurityToken)securityToken).getElementPath())
+ + " must not be signed by its signature.");
policyAsserter.unassertPolicy(new QName(namespace, SPConstants.PROTECT_TOKENS),
getErrorMessage());
return false;
@@ -131,7 +133,8 @@ public class TokenProtectionAssertionSta
if (isEndorsingToken(securityToken) && !signsMainSignature(securityToken)) {
//[WSP1.3_8.9b]
setAsserted(false);
- setErrorMessage("Token " + WSSUtils.pathAsString(((InboundSecurityToken)securityToken).getElementPath()) + " must sign the main signature.");
+ setErrorMessage("Token " + WSSUtils.pathAsString(((InboundSecurityToken)securityToken).getElementPath())
+ + " must sign the main signature.");
policyAsserter.unassertPolicy(new QName(namespace, SPConstants.PROTECT_TOKENS),
getErrorMessage());
return false;
@@ -217,7 +220,8 @@ public class TokenProtectionAssertionSta
private boolean signsItsSignatureToken(SecurityToken securityToken) throws XMLSecurityException {
for (int i = 0; i < signedElementEvents.size(); i++) {
SignedElementSecurityEvent signedElementSecurityEvent = signedElementEvents.get(i);
- if (WSSUtils.pathMatches(signedElementSecurityEvent.getElementPath(), ((InboundSecurityToken)securityToken).getElementPath(), false, false)) {
+ if (WSSUtils.pathMatches(signedElementSecurityEvent.getElementPath(),
+ ((InboundSecurityToken)securityToken).getElementPath(), false, false)) {
SecurityToken signingSecurityToken = signedElementSecurityEvent.getSecurityToken();
signingSecurityToken = getEffectiveSignatureToken(signingSecurityToken);
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/UsernameTokenAssertionState.java Fri Jan 8 10:45:47 2016
@@ -87,7 +87,8 @@ public class UsernameTokenAssertionState
if (usernameToken.getPasswordType() != null) {
switch (usernameToken.getPasswordType()) {
case NoPassword:
- if (usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE) {
+ if (usernameTokenSecurityEvent.getUsernameTokenPasswordType()
+ != WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE) {
setErrorMessage("UsernameToken contains a password but the policy prohibits it");
getPolicyAsserter().unassertPolicy(new QName(namespace, SPConstants.NO_PASSWORD),
getErrorMessage());
@@ -96,7 +97,8 @@ public class UsernameTokenAssertionState
getPolicyAsserter().assertPolicy(new QName(namespace, SPConstants.NO_PASSWORD));
break;
case HashPassword:
- if (usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST) {
+ if (usernameTokenSecurityEvent.getUsernameTokenPasswordType()
+ != WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST) {
setErrorMessage("UsernameToken does not contain a hashed password");
getPolicyAsserter().unassertPolicy(new QName(namespace, SPConstants.HASH_PASSWORD),
getErrorMessage());
@@ -117,7 +119,8 @@ public class UsernameTokenAssertionState
return false;
}
if (usernameToken.isCreated()) {
- if (usernameSecurityToken.getCreatedTime() == null || usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT) {
+ if (usernameSecurityToken.getCreatedTime() == null
+ || usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT) {
setErrorMessage("UsernameToken does not contain a created timestamp or password is not plain text");
getPolicyAsserter().unassertPolicy(SP13Constants.CREATED, getErrorMessage());
return false;
@@ -127,7 +130,8 @@ public class UsernameTokenAssertionState
}
if (usernameToken.isNonce()) {
- if (usernameSecurityToken.getNonce() == null || usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT) {
+ if (usernameSecurityToken.getNonce() == null
+ || usernameTokenSecurityEvent.getUsernameTokenPasswordType() != WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT) {
setErrorMessage("UsernameToken does not contain a nonce or password is not plain text");
getPolicyAsserter().unassertPolicy(SP13Constants.NONCE, getErrorMessage());
return false;
Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java?rev=1723677&r1=1723676&r2=1723677&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java (original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/X509TokenAssertionState.java Fri Jan 8 10:45:47 2016
@@ -95,8 +95,8 @@ public class X509TokenAssertionState ext
if (x509Token.getIssuerName() != null) {
final String certificateIssuerName = x509Certificate.getIssuerX500Principal().getName();
if (!x509Token.getIssuerName().equals(certificateIssuerName)) {
- setErrorMessage("IssuerName in Policy (" + x509Token.getIssuerName() +
- ") didn't match with the one in the certificate (" + certificateIssuerName + ")");
+ setErrorMessage("IssuerName in Policy (" + x509Token.getIssuerName()
+ + ") didn't match with the one in the certificate (" + certificateIssuerName + ")");
getPolicyAsserter().unassertPolicy(getAssertion(), getErrorMessage());
return false;
}
@@ -148,10 +148,10 @@ public class X509TokenAssertionState ext
switch (x509Token.getTokenType()) {
case WssX509V3Token10:
case WssX509V3Token11:
- if (!WSSecurityTokenConstants.X509V3Token.equals(securityToken.getTokenType()) ||
- x509Certificate.getVersion() != 3) {
- setErrorMessage("X509Certificate Version " + x509Certificate.getVersion() +
- " mismatch; Policy enforces " + x509Token.getTokenType());
+ if (!WSSecurityTokenConstants.X509V3Token.equals(securityToken.getTokenType())
+ || x509Certificate.getVersion() != 3) {
+ setErrorMessage("X509Certificate Version " + x509Certificate.getVersion()
+ + " mismatch; Policy enforces " + x509Token.getTokenType());
getPolicyAsserter().unassertPolicy(new QName(namespace, x509Token.getTokenType().name()),
getErrorMessage());
return false;
@@ -160,10 +160,10 @@ public class X509TokenAssertionState ext
break;
case WssX509V1Token10:
case WssX509V1Token11:
- if (!WSSecurityTokenConstants.X509V1Token.equals(securityToken.getTokenType()) ||
- x509Certificate.getVersion() != 1) {
- setErrorMessage("X509Certificate Version " + x509Certificate.getVersion() +
- " mismatch; Policy enforces " + x509Token.getTokenType());
+ if (!WSSecurityTokenConstants.X509V1Token.equals(securityToken.getTokenType())
+ || x509Certificate.getVersion() != 1) {
+ setErrorMessage("X509Certificate Version " + x509Certificate.getVersion()
+ + " mismatch; Policy enforces " + x509Token.getTokenType());
getPolicyAsserter().unassertPolicy(new QName(namespace, SPConstants.WSS_X509_V1_TOKEN11),
getErrorMessage());
return false;
@@ -173,8 +173,8 @@ public class X509TokenAssertionState ext
case WssX509PkiPathV1Token10:
case WssX509PkiPathV1Token11:
if (!WSSecurityTokenConstants.X509PkiPathV1Token.equals(securityToken.getTokenType())) {
- setErrorMessage("Policy enforces " + x509Token.getTokenType() +
- " but we got " + securityToken.getTokenType());
+ setErrorMessage("Policy enforces " + x509Token.getTokenType()
+ + " but we got " + securityToken.getTokenType());
getPolicyAsserter().unassertPolicy(new QName(namespace, x509Token.getTokenType().name()),
getErrorMessage());
return false;