You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2011/09/18 15:51:36 UTC
svn commit: r1172285 [3/48] - in /webservices/wss4j/branches/swssf: ./
cxf-integration/ cxf-integration/src/ cxf-integration/src/main/
cxf-integration/src/main/java/ cxf-integration/src/main/java/org/
cxf-integration/src/main/java/org/swssf/ cxf-integr...
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,452 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.llom.factory.OMXMLBuilderFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.swssf.ext.Constants;
+import org.swssf.impl.util.ConcreteLSInput;
+import org.swssf.policy.secpolicy.WSSPolicyException;
+import org.swssf.policy.secpolicybuilder.*;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.ls.LSInput;
+import org.w3c.dom.ls.LSResourceResolver;
+import org.xml.sax.SAXException;
+
+import javax.wsdl.*;
+import javax.wsdl.extensions.ExtensibilityElement;
+import javax.wsdl.extensions.UnknownExtensibilityElement;
+import javax.wsdl.extensions.soap.SOAPOperation;
+import javax.wsdl.extensions.soap12.SOAP12Operation;
+import javax.wsdl.factory.WSDLFactory;
+import javax.wsdl.xml.WSDLReader;
+import javax.xml.XMLConstants;
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.transform.*;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+import javax.xml.validation.Validator;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.util.*;
+
+/**
+ * PolicyEnforcerFactory builds a map of all the possible effective Policies
+ * and caches them for reuse
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class PolicyEnforcerFactory {
+
+ protected static final transient Log log = LogFactory.getLog(PolicyEnforcerFactory.class);
+ private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
+
+ private static Schema schemas;
+ private Definition wsdlDefinition;
+ private List<OperationPolicy> operationPolicies;
+ private Map<Element, Policy> elementPolicyCache;
+
+ static {
+ addAssertionBuilder(new AlgorithmSuiteBuilder());
+ addAssertionBuilder(new AsymmetricBindingBuilder());
+ addAssertionBuilder(new ContentEncryptedElementsBuilder());
+ addAssertionBuilder(new EncryptedElementsBuilder());
+ addAssertionBuilder(new EncryptedPartsBuilder());
+ addAssertionBuilder(new HttpsTokenBuilder());
+ addAssertionBuilder(new InitiatorTokenBuilder());
+ addAssertionBuilder(new IssuedTokenBuilder());
+ addAssertionBuilder(new LayoutBuilder());
+ addAssertionBuilder(new ProtectionTokenBuilder());
+ addAssertionBuilder(new RecipientTokenBuilder());
+ addAssertionBuilder(new RequiredElementsBuilder());
+ addAssertionBuilder(new RequiredPartsBuilder());
+ addAssertionBuilder(new SecureConversationTokenBuilder());
+ addAssertionBuilder(new SignedElementsBuilder());
+ addAssertionBuilder(new SignedPartsBuilder());
+ addAssertionBuilder(new SupportingTokensBuilder());
+ addAssertionBuilder(new SymmetricBindingBuilder());
+ addAssertionBuilder(new TransportBindingBuilder());
+ addAssertionBuilder(new TransportTokenBuilder());
+ addAssertionBuilder(new Trust13Builder());
+ addAssertionBuilder(new UsernameTokenBuilder());
+ addAssertionBuilder(new WSS10Builder());
+ addAssertionBuilder(new WSS11Builder());
+ addAssertionBuilder(new X509TokenBuilder());
+
+ List<Source> sourceList = new ArrayList<Source>();
+
+ SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+ sourceList.add(new StreamSource(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-securitypolicy-200507.xsd")));
+ sourceList.add(new StreamSource(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-securitypolicy-1.2.xsd")));
+ sourceList.add(new StreamSource(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-securitypolicy-1.2-errata-cd-01.xsd")));
+ sourceList.add(new StreamSource(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-securitypolicy-1.3.xsd")));
+ sourceList.add(new StreamSource(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-securitypolicy-200802.xsd")));
+
+ try {
+ schemaFactory.setResourceResolver(new LSResourceResolver() {
+ public LSInput resolveResource(String type, String namespaceURI, String publicId, String systemId, String baseURI) {
+ if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(systemId)) {
+ ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+ concreteLSInput.setSystemId(systemId);
+ concreteLSInput.setBaseURI(baseURI);
+ concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/oasis-200401-wss-wssecurity-secext-1.0.xsd"));
+ return concreteLSInput;
+ } else if ("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd".equals(systemId)) {
+ ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+ concreteLSInput.setSystemId(systemId);
+ concreteLSInput.setBaseURI(baseURI);
+ concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/oasis-wss-wssecurity-secext-1.1.xsd"));
+ return concreteLSInput;
+ } else if ("http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd".equals(systemId)) {
+ ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+ concreteLSInput.setSystemId(systemId);
+ concreteLSInput.setBaseURI(baseURI);
+ concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/xmldsig-core-schema.xsd"));
+ return concreteLSInput;
+ } else if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd".equals(systemId)) {
+ ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+ concreteLSInput.setSystemId(systemId);
+ concreteLSInput.setBaseURI(baseURI);
+ concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/oasis-200401-wss-wssecurity-utility-1.0.xsd"));
+ return concreteLSInput;
+ } else if ("http://www.w3.org/2005/08/addressing".equals(systemId) || "http://www.w3.org/2006/03/addressing/ws-addr.xsd".equals(systemId)) {
+ ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+ concreteLSInput.setSystemId(systemId);
+ concreteLSInput.setBaseURI(baseURI);
+ concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-addr200508.xsd"));
+ return concreteLSInput;
+ } else if ("http://schemas.xmlsoap.org/ws/2004/08/addressing".equals(systemId)) {
+ ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+ concreteLSInput.setSystemId(systemId);
+ concreteLSInput.setBaseURI(baseURI);
+ concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-addr200408.xsd"));
+ return concreteLSInput;
+ } else if ("http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd".equals(systemId)) {
+ ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+ concreteLSInput.setSystemId(systemId);
+ concreteLSInput.setBaseURI(baseURI);
+ concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-policy-200409.xsd"));
+ return concreteLSInput;
+ } else if ("http://www.w3.org/2001/xml.xsd".equals(systemId)) {
+ ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+ concreteLSInput.setSystemId(systemId);
+ concreteLSInput.setBaseURI(baseURI);
+ concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/xml.xsd"));
+ return concreteLSInput;
+ } else if ("XMLSchema.dtd".equals(systemId) || "http://www.w3.org/2001/XMLSchema.dtd".equals(systemId)) {
+ ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+ concreteLSInput.setSystemId(systemId);
+ concreteLSInput.setBaseURI(baseURI);
+ concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/XMLSchema.dtd"));
+ return concreteLSInput;
+ } else if ("datatypes.dtd".equals(systemId)) {
+ ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+ concreteLSInput.setSystemId(systemId);
+ concreteLSInput.setBaseURI(baseURI);
+ concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/datatypes.dtd"));
+ return concreteLSInput;
+ }
+ throw new IllegalArgumentException("Offline resource not available: " + systemId);
+ }
+ });
+ schemas = schemaFactory.newSchema(sourceList.toArray(new Source[sourceList.size()]));
+ } catch (SAXException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private static void addAssertionBuilder(AssertionBuilder assertionBuilder) {
+ QName[] knownElements = assertionBuilder.getKnownElements();
+ for (int i = 0; i < knownElements.length; i++) {
+ QName knownElement = knownElements[i];
+ PolicyEngine.registerBuilder(knownElement, assertionBuilder);
+ }
+ }
+
+ private PolicyEnforcerFactory() {
+ elementPolicyCache = new HashMap<Element, Policy>();
+ }
+
+ public static PolicyEnforcerFactory newInstance(URL wsdlUrl) throws WSSPolicyException {
+ PolicyEnforcerFactory policyEnforcerFactory = new PolicyEnforcerFactory();
+ policyEnforcerFactory.parseWsdl(wsdlUrl);
+ return policyEnforcerFactory;
+ }
+
+ //todo enforce uniqueness of operation names to prevent SOAPAction spoofing.
+ private void parseWsdl(URL wsdlUrl) throws WSSPolicyException {
+ try {
+ WSDLFactory wsdlFactory = WSDLFactory.newInstance();
+ WSDLReader reader = wsdlFactory.newWSDLReader();
+ reader.setFeature("javax.wsdl.verbose", false);
+ wsdlDefinition = reader.readWSDL(wsdlUrl.toString());
+ operationPolicies = findPoliciesByOperation(wsdlDefinition);
+ } catch (WSDLException e) {
+ throw new WSSPolicyException(e.getMessage(), e);
+ }
+ }
+
+ private List<OperationPolicy> findPoliciesByOperation(Definition wsdlDefinition) throws WSSPolicyException {
+
+ List<OperationPolicy> operationPolicyList = new ArrayList<OperationPolicy>();
+ @SuppressWarnings("unchecked")
+ Iterator<Map.Entry> services = wsdlDefinition.getAllServices().entrySet().iterator();
+ while (services.hasNext()) {
+ @SuppressWarnings("unchecked")
+ Map.Entry<QName, Service> serviceEntry = services.next();
+ Service service = serviceEntry.getValue();
+ @SuppressWarnings("unchecked")
+ Iterator<Map.Entry> ports = service.getPorts().entrySet().iterator();
+ while (ports.hasNext()) {
+ @SuppressWarnings("unchecked")
+ Map.Entry<QName, Port> portEntry = ports.next();
+ Port port = portEntry.getValue();
+ Binding binding = port.getBinding();
+
+ @SuppressWarnings("unchecked")
+ List<BindingOperation> bindingOperations = binding.getBindingOperations();
+ for (int i = 0; i < bindingOperations.size(); i++) {
+ BindingOperation bindingOperation = bindingOperations.get(i);
+
+ Operation operation = bindingOperation.getOperation();
+
+ OperationPolicy operationPolicy = new OperationPolicy(operation.getName());
+ operationPolicyList.add(operationPolicy);
+
+ @SuppressWarnings("unchecked")
+ List<ExtensibilityElement> extensibilityElements = bindingOperation.getExtensibilityElements();
+ for (int j = 0; j < extensibilityElements.size(); j++) {
+ ExtensibilityElement extensibilityElement = extensibilityElements.get(j);
+ if (extensibilityElement instanceof SOAPOperation) {
+ SOAPOperation soapOperation = (SOAPOperation) extensibilityElement;
+ String soapActionUri = soapOperation.getSoapActionURI();
+ operationPolicy.setOperationAction(soapActionUri);
+ operationPolicy.setSoapMessageVersionNamespace(Constants.NS_SOAP11);
+ } else if (extensibilityElement instanceof SOAP12Operation) {
+ SOAP12Operation soap12Operation = (SOAP12Operation) extensibilityElement;
+ String soapActionUri = soap12Operation.getSoapActionURI();
+ operationPolicy.setOperationAction(soapActionUri);
+ operationPolicy.setSoapMessageVersionNamespace(Constants.NS_SOAP12);
+ }
+ }
+
+ Policy policy = getPolicy(service, port, binding, bindingOperation, operation);
+ operationPolicy.setPolicy((Policy) policy.normalize(true));
+ }
+ }
+ }
+ return operationPolicyList;
+ }
+
+ private Policy getPolicy(Service service, Port port, Binding binding, BindingOperation bindingOperation, Operation operation) throws WSSPolicyException {
+ List<Policy> policies = new ArrayList<Policy>();
+
+ Policy servicePolicy = findPolicies(service);
+ if (servicePolicy != null) {
+ policies.add(servicePolicy);
+ }
+ Policy portPolicy = findPolicies(port);
+ if (portPolicy != null) {
+ policies.add(portPolicy);
+ }
+ Policy bindingPolicy = findPolicies(binding);
+ if (bindingPolicy != null) {
+ policies.add(bindingPolicy);
+ }
+
+ Policy bindingOperationPolicy = findPolicies(bindingOperation);
+ if (bindingOperationPolicy != null) {
+ policies.add(bindingOperationPolicy);
+ }
+
+ Policy bindingOperationInputPolicy = findPolicies(bindingOperation.getBindingInput());
+ if (bindingOperationInputPolicy != null) {
+ policies.add(bindingOperationInputPolicy);
+ }
+
+ Policy portTypePolicy = findPortTypePolicy(binding, operation);
+ if (portTypePolicy != null) {
+ policies.add(portTypePolicy);
+ }
+
+ if (policies.size() == 0) {
+ return new Policy();
+ }
+
+ Policy mergedPolicy = policies.get(0);
+ for (int i = 1; i < policies.size(); i++) {
+ Policy policy = policies.get(i);
+ mergedPolicy = mergedPolicy.merge(policy);
+ }
+ return mergedPolicy;
+ }
+
+ private Policy findPortTypePolicy(Binding binding, Operation operation) throws WSSPolicyException {
+
+ List<Policy> policies = new ArrayList<Policy>();
+
+ PortType portType = binding.getPortType();
+ Policy portTypePolicy = findPolicies(portType);
+ if (portTypePolicy != null) {
+ policies.add(portTypePolicy);
+ }
+
+ @SuppressWarnings("unchecked")
+ List<Operation> operations = portType.getOperations();
+ for (int i = 0; i < operations.size(); i++) {
+ Operation portTypeOperation = operations.get(i);
+ if (portTypeOperation.getName().equals(operation.getName())) {
+ Policy operationPolicy = findPolicies(portTypeOperation);
+ if (operationPolicy != null) {
+ policies.add(operationPolicy);
+ }
+
+ Policy inputPolicy = findPolicies(portTypeOperation.getInput());
+ if (inputPolicy != null) {
+ policies.add(inputPolicy);
+ }
+
+ Policy messagePolicy = findPolicies(portTypeOperation.getInput().getMessage());
+ if (messagePolicy != null) {
+ policies.add(messagePolicy);
+ }
+ }
+ }
+
+ if (policies.size() == 0) {
+ return new Policy();
+ }
+
+ Policy mergedPolicy = policies.get(0);
+ for (int i = 1; i < policies.size(); i++) {
+ Policy policy = policies.get(i);
+ mergedPolicy = mergedPolicy.merge(policy);
+ }
+ return mergedPolicy;
+ }
+
+ private Policy findPolicies(WSDLElement wsdlElement) throws WSSPolicyException {
+ if (wsdlElement == null) {
+ return new Policy();
+ }
+
+ List<Policy> policies = new ArrayList<Policy>();
+
+ @SuppressWarnings("unchecked")
+ List<ExtensibilityElement> extensibilityElements = wsdlElement.getExtensibilityElements();
+ for (int i = 0; i < extensibilityElements.size(); i++) {
+ ExtensibilityElement extensibilityElement = extensibilityElements.get(i);
+ if (extensibilityElement instanceof UnknownExtensibilityElement) {
+ UnknownExtensibilityElement unknownExtensibilityElement = (UnknownExtensibilityElement) extensibilityElement;
+ if (unknownExtensibilityElement.getElementType().getLocalPart().equals("PolicyReference")) {
+ String uri = unknownExtensibilityElement.getElement().getAttribute("URI").substring(1);
+ NodeList policyNodeList = unknownExtensibilityElement.getElement().getOwnerDocument().getElementsByTagNameNS("*", "Policy");
+
+ boolean found = false;
+ for (int j = 0; j < policyNodeList.getLength(); j++) {
+ Element element = (Element) policyNodeList.item(j);
+ String refUri = element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
+ if (refUri != null && refUri.equals(uri)) {
+ found = true;
+ Policy policy = parsePolicy(element);
+ policies.add(policy);
+ break;
+ }
+ }
+ if (!found) {
+ throw new WSSPolicyException("Referenced Policy not found " + uri);
+ }
+ } else if (unknownExtensibilityElement.getElementType().getLocalPart().equals("Policy")) {
+ Element element = unknownExtensibilityElement.getElement();
+ Policy policy = parsePolicy(element);
+ policies.add(policy);
+ }
+ }
+ }
+
+ if (policies.size() == 0) {
+ return new Policy();
+ }
+
+ Policy mergedPolicy = policies.get(0);
+ for (int i = 1; i < policies.size(); i++) {
+ Policy policy = policies.get(i);
+ mergedPolicy = mergedPolicy.merge(policy);
+ }
+ return mergedPolicy;
+ }
+
+ private Policy parsePolicy(Element element) throws WSSPolicyException {
+ if (elementPolicyCache.containsKey(element)) {
+ return elementPolicyCache.get(element);
+ }
+ Validator validator = schemas.newValidator();
+ try {
+ validator.setFeature("http://apache.org/xml/features/honour-all-schemaLocations", true);
+ validator.validate(new DOMSource(element));
+ } catch (SAXException e) {
+ throw new WSSPolicyException(e.getMessage(), e);
+ } catch (IOException e) {
+ throw new WSSPolicyException(e.getMessage(), e);
+ }
+ XMLInputFactory xmlInputFactory = XMLInputFactory.newFactory();
+ XMLStreamReader xmlStreamReader;
+ try {
+ //because of old JAXP implementation in the jdk 1.6 we get the
+ //following exception when we try to create an XMLStreamReader from DOMSource:
+ //java.lang.UnsupportedOperationException: Cannot create XMLStreamReader or XMLEventReader from a javax.xml.transform.dom.DOMSource
+ //xmlStreamReader = xmlInputFactory.createXMLStreamReader(new DOMSource(element));
+ //so we serialize / deserialze the xml...
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(element), new StreamResult(baos));
+ xmlStreamReader = xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+ } catch (XMLStreamException e) {
+ throw new WSSPolicyException(e.getMessage(), e);
+ } catch (TransformerConfigurationException e) {
+ throw new WSSPolicyException(e.getMessage(), e);
+ } catch (TransformerException e) {
+ throw new WSSPolicyException(e.getMessage(), e);
+ }
+ OMElement omElement = OMXMLBuilderFactory.createStAXOMBuilder(OMAbstractFactory.getOMFactory(), xmlStreamReader).getDocumentElement();
+ Policy policy = PolicyEngine.getPolicy(omElement);
+ elementPolicyCache.put(element, policy);
+ return policy;
+ }
+
+ public PolicyEnforcer newPolicyEnforcer(String soapAction) throws WSSPolicyException {
+ return new PolicyEnforcer(this.operationPolicies, soapAction);
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,157 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy;
+
+import org.swssf.ext.*;
+import org.swssf.impl.processor.input.SecurityHeaderInputProcessor;
+import org.swssf.securityEvent.*;
+
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.XMLEvent;
+
+/**
+ * Processor to generate SecurityEvents regarding not secured elements
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class PolicyInputProcessor extends AbstractInputProcessor {
+
+ private PolicyEnforcer policyEnforcer;
+ private boolean firstHeaderCall = true;
+ private boolean firstBodyCall = true;
+
+ public PolicyInputProcessor(PolicyEnforcer policyEnforcer, SecurityProperties securityProperties) {
+ super(securityProperties);
+ this.setPhase(Constants.Phase.POSTPROCESSING);
+ this.getBeforeProcessors().add(SecurityHeaderInputProcessor.class.getName());
+ this.policyEnforcer = policyEnforcer;
+ }
+
+ @Override
+ public XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+ if (firstHeaderCall) {
+ firstHeaderCall = false;
+ if (policyEnforcer.isTransportSecurityActive()) {
+ inputProcessorChain.getDocumentContext().setIsInEncryptedContent();
+ inputProcessorChain.getDocumentContext().setIsInSignedContent();
+ }
+ }
+ XMLEvent xmlEvent = inputProcessorChain.processHeaderEvent();
+ //test if non encrypted element have to be encrypted per policy
+ if (!inputProcessorChain.getDocumentContext().isInEncryptedContent() && inputProcessorChain.getDocumentContext().isInSecurityHeader()) {
+ testEncryptionPolicy(xmlEvent, inputProcessorChain);
+ }
+ if (xmlEvent.isStartElement() && inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && inputProcessorChain.getDocumentContext().isInSOAPHeader()) {
+ RequiredPartSecurityEvent requiredPartSecurityEvent = new RequiredPartSecurityEvent(SecurityEvent.Event.RequiredPart);
+ requiredPartSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+ policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
+ RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent(SecurityEvent.Event.RequiredElement);
+ requiredElementSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+ policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
+ }
+ return xmlEvent;
+ }
+
+ @Override
+ public XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+ if (firstBodyCall) {
+ firstBodyCall = false;
+ if (policyEnforcer.isTransportSecurityActive()) {
+ inputProcessorChain.getDocumentContext().setIsInEncryptedContent();
+ inputProcessorChain.getDocumentContext().setIsInSignedContent();
+ }
+ }
+ XMLEvent xmlEvent = inputProcessorChain.processEvent();
+
+ if (xmlEvent.isStartElement()) {
+ if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && inputProcessorChain.getDocumentContext().isInSOAPBody()) {
+ OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent(SecurityEvent.Event.Operation);
+ operationSecurityEvent.setOperation(xmlEvent.asStartElement().getName());
+ policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+ }
+ } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 0
+ && xmlEvent.isEndElement()
+ //ns mismatch should be detected by the xml parser so a local-name equality check should be enough
+ && xmlEvent.asEndElement().getName().getLocalPart().equals(Constants.TAG_soap_Envelope_LocalName)) {
+ policyEnforcer.doFinal();
+ }
+
+ //test if non encrypted element have to be encrypted per policy
+ if (!inputProcessorChain.getDocumentContext().isInEncryptedContent() && !inputProcessorChain.getDocumentContext().isInSecurityHeader()) {
+ testEncryptionPolicy(xmlEvent, inputProcessorChain);
+ }
+
+ //test if non signed element have to be signed per policy
+ if (!inputProcessorChain.getDocumentContext().isInSignedContent()) {
+ testSignaturePolicy(inputProcessorChain, xmlEvent);
+ }
+ return xmlEvent;
+ }
+
+ private void testSignaturePolicy(InputProcessorChain inputProcessorChain, XMLEvent xmlEvent) throws WSSecurityException {
+ if (xmlEvent.isStartElement()) {
+
+ if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && inputProcessorChain.getDocumentContext().isInSOAPHeader()) {
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, true);
+ signedPartSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 2 && inputProcessorChain.getDocumentContext().isInSOAPBody()) {
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, true);
+ signedPartSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() > 3) {
+ SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(SecurityEvent.Event.SignedElement, true);
+ signedElementSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+ policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
+ }
+ }
+ }
+
+ private void testEncryptionPolicy(XMLEvent xmlEvent, InputProcessorChain inputProcessorChain) throws WSSecurityException {
+ //the following events are only interesting for policy verification. So call directly the policyEnforcer for these
+ if (xmlEvent.isStartElement()) {
+
+ if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && inputProcessorChain.getDocumentContext().isInSOAPHeader()) {
+ EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(SecurityEvent.Event.EncryptedPart, true);
+ encryptedPartSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && inputProcessorChain.getDocumentContext().isInSOAPBody()) {
+ EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(SecurityEvent.Event.EncryptedPart, true);
+ encryptedPartSecurityEvent.setElement(inputProcessorChain.getDocumentContext().getParentElement(xmlEvent.getEventType()));
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() > 3) {
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+
+ //... or it could be a contentEncryption too...
+ ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(SecurityEvent.Event.ContentEncrypted, true);
+ contentEncryptedElementSecurityEvent.setElement(inputProcessorChain.getDocumentContext().getParentElement(xmlEvent.getEventType()));
+ policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+ }
+
+ } else if (xmlEvent.isCharacters() || xmlEvent.isEntityReference() || xmlEvent.isProcessingInstruction()) {
+ //can only be a content encryption
+ ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(SecurityEvent.Event.ContentEncrypted, true);
+ contentEncryptedElementSecurityEvent.setElement(inputProcessorChain.getDocumentContext().getParentElement(xmlEvent.getEventType()));
+ policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+ }
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyViolationException.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyViolationException.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyViolationException.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyViolationException.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy;
+
+import org.swssf.policy.secpolicy.WSSPolicyException;
+
+/**
+ * Exception for PolicyViolation
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class PolicyViolationException extends WSSPolicyException {
+
+ public PolicyViolationException(String message) {
+ super(message);
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyViolationException.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,124 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.policy.secpolicy.model.AlgorithmSuite;
+import org.swssf.securityEvent.AlgorithmSuiteSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class AlgorithmSuiteAssertionState extends AssertionState {
+
+ public AlgorithmSuiteAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) {
+ AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = (AlgorithmSuiteSecurityEvent) securityEvent;
+ AlgorithmSuite algorithmSuite = (AlgorithmSuite) getAssertion();
+
+ switch (algorithmSuiteSecurityEvent.getKeyUsage()) {
+ case Sym_Sig:
+ if (!algorithmSuite.getSymmetricSignature().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ setAsserted(false);
+ setErrorMessage("Symmetric signature algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ }
+ break;
+ case Asym_Sig:
+ if (!algorithmSuite.getAsymmetricSignature().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ setAsserted(false);
+ setErrorMessage("Asymmetric signature algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ }
+ break;
+ case Dig:
+ if (!algorithmSuite.getDigest().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ setAsserted(false);
+ setErrorMessage("Digest algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ }
+ break;
+ case Enc:
+ if (!algorithmSuite.getEncryption().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ setAsserted(false);
+ setErrorMessage("Encryption algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ }
+ break;
+ case Sym_Key_Wrap:
+ if (!algorithmSuite.getSymmetricKeyWrap().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ setAsserted(false);
+ setErrorMessage("Symmetric key wrap algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ }
+ break;
+ case Asym_Key_Wrap:
+ if (!algorithmSuite.getAsymmetricKeyWrap().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ setAsserted(false);
+ setErrorMessage("Asymmetric key wrap algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ }
+ break;
+ case Comp_Key:
+ if (!algorithmSuite.getComputedKey().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ setAsserted(false);
+ setErrorMessage("Computed key algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ }
+ break;
+ case Enc_KD:
+ if (!algorithmSuite.getEncryptionKeyDerivation().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ setAsserted(false);
+ setErrorMessage("Encryption key derivation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ }
+ break;
+ case Sig_KD:
+ if (!algorithmSuite.getSignatureKeyDerivation().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ setAsserted(false);
+ setErrorMessage("Signature key derivation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ }
+ break;
+ case C14n:
+ if (!algorithmSuite.getC14n().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ setAsserted(false);
+ setErrorMessage("C14N algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ }
+ break;
+ case Soap_Norm:
+ if (!algorithmSuite.getSoapNormalization().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ setAsserted(false);
+ setErrorMessage("Soap normalization algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ }
+ break;
+ case STR_Trans:
+ if (!algorithmSuite.getStrTransform().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ setAsserted(false);
+ setErrorMessage("STR transformation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ }
+ break;
+ case XPath:
+ if (!algorithmSuite.getXPath().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+ setAsserted(false);
+ setErrorMessage("XPath algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+ }
+ break;
+
+ }
+ return isAsserted();
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.SecurityEvent;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class AssertionState {
+
+ private AbstractSecurityAssertion assertion;
+ private boolean asserted;
+ private StringBuilder errorMessage = new StringBuilder();
+
+ public AssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ this.assertion = assertion;
+ this.asserted = asserted;
+ }
+
+ public AbstractSecurityAssertion getAssertion() {
+ return assertion;
+ }
+
+ public void setAsserted(boolean asserted) {
+ this.asserted = asserted;
+ }
+
+ public boolean isAsserted() {
+ return asserted;
+ }
+
+ public boolean assertEvent(SecurityEvent securityEvent) {
+ if (securityEvent != null) {
+ this.asserted = true;
+ }
+ return this.asserted;
+ }
+
+ public void setErrorMessage(String errorMessage) {
+ this.errorMessage.append("\n").append(errorMessage);
+ }
+
+ public String getErrorMessage() {
+ if (errorMessage.length() == 0) {
+ return "Assertion " + assertion.getName() + " not satisfied";
+ } else {
+ return errorMessage.toString();
+ }
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.ContentEncryptedElementSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+
+import javax.xml.namespace.QName;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class ContentEncryptedElementAssertionState extends AssertionState {
+
+ private List<QName> elements;
+
+ public ContentEncryptedElementAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+ super(assertion, asserted);
+ this.elements = elements;
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) {
+ ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = (ContentEncryptedElementSecurityEvent) securityEvent;
+ for (int i = 0; i < elements.size(); i++) {
+ QName qName = elements.get(i);
+ if (qName.equals(contentEncryptedElementSecurityEvent.getElement())) {
+ if (contentEncryptedElementSecurityEvent.isNotEncrypted()) {
+ //an element must be encrypted but isn't
+ setAsserted(false);
+ setErrorMessage("Element " + contentEncryptedElementSecurityEvent.getElement() + " must be encrypted");
+ return false;
+ } else {
+ setAsserted(true);
+ }
+ }
+ }
+ //if we return false here other encrypted elements will trigger a PolicyViolationException
+ return true;
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementAssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.EncryptedElementSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+
+import javax.xml.namespace.QName;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class EncryptedElementAssertionState extends AssertionState {
+
+ private List<QName> elements;
+
+ public EncryptedElementAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+ super(assertion, asserted);
+ this.elements = elements;
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) {
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
+ for (int i = 0; i < elements.size(); i++) {
+ QName qName = elements.get(i);
+ if (qName.equals(encryptedElementSecurityEvent.getElement())) {
+ if (encryptedElementSecurityEvent.isNotEncrypted()) {
+ //an element must be encrypted but isn't
+ setAsserted(false);
+ setErrorMessage("Element " + encryptedElementSecurityEvent.getElement() + " must be encrypted");
+ return false;
+ } else {
+ setAsserted(true);
+ }
+ }
+ }
+ //if we return false here other encrypted elements will trigger a PolicyViolationException
+ return true;
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementAssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.EncryptedPartSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+
+import javax.xml.namespace.QName;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class EncryptedPartAssertionState extends AssertionState {
+
+ private List<QName> elements;
+
+ public EncryptedPartAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+ super(assertion, asserted);
+ this.elements = elements;
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) {
+ EncryptedPartSecurityEvent encryptedPartSecurityEvent = (EncryptedPartSecurityEvent) securityEvent;
+ for (int i = 0; i < elements.size(); i++) {
+ QName qName = elements.get(i);
+ if (qName.equals(encryptedPartSecurityEvent.getElement())
+ || (qName.getLocalPart().equals("*") && qName.getNamespaceURI().equals(encryptedPartSecurityEvent.getElement().getNamespaceURI()))) {
+ if (encryptedPartSecurityEvent.isNotEncrypted()) {
+ //an element must be encrypted but isn't
+ setAsserted(false);
+ setErrorMessage("Element " + encryptedPartSecurityEvent.getElement() + " must be encrypted");
+ return false;
+ } else {
+ setAsserted(true);
+ }
+ }
+ }
+ //if we return false here other encrypted elements will trigger a PolicyViolationException
+ return true;
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartAssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.policy.secpolicy.model.Binding;
+import org.swssf.securityEvent.SecurityEvent;
+import org.swssf.securityEvent.TimestampSecurityEvent;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class IncludeTimeStampAssertionState extends AssertionState {
+
+ public IncludeTimeStampAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+ }
+
+ public boolean assertEvent(SecurityEvent securityEvent) {
+ TimestampSecurityEvent timestampSecurityEvent = (TimestampSecurityEvent) securityEvent;
+ boolean isIncludeTimestamp = ((Binding) getAssertion()).isIncludeTimestamp();
+
+ if (isIncludeTimestamp) {
+ setAsserted(true);
+ } else {
+ setAsserted(false);
+ setErrorMessage("Timestamp must not be present");
+ }
+ return isAsserted();
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,61 @@
+ /**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.SPConstants;
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.policy.secpolicy.model.SymmetricAsymmetricBindingBase;
+import org.swssf.securityEvent.EncryptionTokenSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+import org.swssf.securityEvent.SignatureTokenSecurityEvent;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 272 $ $Date: 2010-12-23 14:30:56 +0100 (Thu, 23 Dec 2010) $
+ */
+
+public class ProtectionOrderAssertionState extends AssertionState {
+
+ boolean firstEvent = true;
+
+ public ProtectionOrderAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) {
+ SPConstants.ProtectionOrder protectionOrder = ((SymmetricAsymmetricBindingBase) getAssertion()).getProtectionOrder();
+
+ if (firstEvent) {
+ firstEvent = false;
+ //we have to invert the logic. When SignBeforeEncrypt is set then the Encryption token appears as first
+ //in contrary if EncryptBeforeSign is set then the SignatureToken appears as first. So...:
+ if (protectionOrder.equals(SPConstants.ProtectionOrder.SignBeforeEncrypting)
+ && securityEvent instanceof SignatureTokenSecurityEvent) {
+ setAsserted(false);
+ setErrorMessage("ProtectionOrder is " + SPConstants.ProtectionOrder.SignBeforeEncrypting + " but we got " + securityEvent.getSecurityEventType() + " first");
+ } else if (protectionOrder.equals(SPConstants.ProtectionOrder.EncryptBeforeSigning)
+ && securityEvent instanceof EncryptionTokenSecurityEvent) {
+ setAsserted(false);
+ setErrorMessage("ProtectionOrder is " + SPConstants.ProtectionOrder.SignBeforeEncrypting + " but we got " + securityEvent.getSecurityEventType() + " first");
+ }
+ }
+ return isAsserted();
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,48 @@
+ /**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.RequiredElementSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+
+import javax.xml.namespace.QName;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 272 $ $Date: 2010-12-23 14:30:56 +0100 (Thu, 23 Dec 2010) $
+ */
+public class RequiredElementAssertionState extends AssertionState {
+
+ private QName element;
+
+ public RequiredElementAssertionState(AbstractSecurityAssertion assertion, boolean asserted, QName element) {
+ super(assertion, asserted);
+ this.element = element;
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) {
+ RequiredElementSecurityEvent requiredElementSecurityEvent = (RequiredElementSecurityEvent) securityEvent;
+ if (element.equals(requiredElementSecurityEvent.getElement())) {
+ setAsserted(true);
+ }
+ return true;
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,49 @@
+ /**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.RequiredPartSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+
+import javax.xml.namespace.QName;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 272 $ $Date: 2010-12-23 14:30:56 +0100 (Thu, 23 Dec 2010) $
+ */
+public class RequiredPartAssertionState extends AssertionState {
+
+ private QName element;
+
+ public RequiredPartAssertionState(AbstractSecurityAssertion assertion, boolean asserted, QName element) {
+ super(assertion, asserted);
+ this.element = element;
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) {
+ RequiredPartSecurityEvent requiredPartSecurityEvent = (RequiredPartSecurityEvent) securityEvent;
+ if (element.equals(requiredPartSecurityEvent.getElement())
+ || (element.getLocalPart().equals("*") && element.getNamespaceURI().equals(requiredPartSecurityEvent.getElement().getNamespaceURI()))) {
+ setAsserted(true);
+ }
+ return true;
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.SecurityEvent;
+import org.swssf.securityEvent.SignedElementSecurityEvent;
+
+import javax.xml.namespace.QName;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class SignedElementAssertionState extends AssertionState {
+
+ private List<QName> elements;
+
+ public SignedElementAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+ super(assertion, asserted);
+ this.elements = elements;
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) {
+ SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
+ for (int i = 0; i < elements.size(); i++) {
+ QName qName = elements.get(i);
+ if (qName.equals(signedElementSecurityEvent.getElement())) {
+ if (signedElementSecurityEvent.isNotSigned()) {
+ //an element must be signed but isn't
+ setAsserted(false);
+ setErrorMessage("Element " + signedElementSecurityEvent.getElement() + " must be signed");
+ return false;
+ } else {
+ setAsserted(true);
+ }
+ }
+ }
+ //if we return false here other signed elements will trigger a PolicyViolationException
+ return true;
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementAssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.SecurityEvent;
+import org.swssf.securityEvent.SignedPartSecurityEvent;
+
+import javax.xml.namespace.QName;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class SignedPartAssertionState extends AssertionState {
+
+ private List<QName> elements;
+
+ public SignedPartAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+ super(assertion, asserted);
+ this.elements = elements;
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) {
+ SignedPartSecurityEvent signedPartSecurityEvent = (SignedPartSecurityEvent) securityEvent;
+ for (int i = 0; i < elements.size(); i++) {
+ QName qName = elements.get(i);
+ if (qName.equals(signedPartSecurityEvent.getElement())
+ || (qName.getLocalPart().equals("*") && qName.getNamespaceURI().equals(signedPartSecurityEvent.getElement().getNamespaceURI()))) {
+ if (signedPartSecurityEvent.isNotSigned()) {
+ //an element must be signed but isn't
+ setAsserted(false);
+ setErrorMessage("Element " + signedPartSecurityEvent.getElement() + " must be signed");
+ return false;
+ } else {
+ setAsserted(true);
+ }
+ }
+ }
+ //if we return false here other signed elements will trigger a PolicyViolationException
+ return true;
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartAssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision