You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2011/12/04 21:33:12 UTC
svn commit: r1210203 [6/16] - in
/webservices/wss4j/branches/swssf/rampart-policy: ./
src/main/java/META-INF/ src/main/java/org/apache/ws/secpolicy/
src/main/java/org/apache/ws/secpolicy/builders/
src/main/java/org/apache/ws/secpolicy/model/ src/main/j...
Modified: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/X509TokenBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/X509TokenBuilder.java?rev=1210203&r1=1197660&r2=1210203&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/X509TokenBuilder.java (original)
+++ webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/X509TokenBuilder.java Sun Dec 4 20:33:05 2011
@@ -1,161 +1,71 @@
-/*
- * Copyright 2001-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
-package org.apache.ws.secpolicy12.builders;
+package org.apache.ws.secpolicy.builders;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-
-import org.apache.axiom.om.OMAttribute;
-import org.apache.axiom.om.OMElement;
import org.apache.neethi.Assertion;
import org.apache.neethi.AssertionBuilderFactory;
-import org.apache.neethi.Constants;
import org.apache.neethi.Policy;
-import org.apache.neethi.PolicyEngine;
import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP13Constants;
import org.apache.ws.secpolicy.SPConstants;
-import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPUtils;
import org.apache.ws.secpolicy.model.X509Token;
+import org.w3c.dom.Element;
-public class X509TokenBuilder implements AssertionBuilder<OMElement> {
-
- public final static String USER_CERT_ALIAS_LN = "userCertAlias";
-
- public final static String ENCRYPTION_USER_LN = "encryptionUser";
-
- public static final QName RAMPART_CONFIG = new QName("http://ws.apache.org/rampart/policy",
- "RampartConfig");
-
- public static final QName USER_CERT_ALIAS = new QName("http://ws.apache.org/rampart/policy",
- USER_CERT_ALIAS_LN);
-
- public static final QName ENCRYPTION_USER = new QName("http://ws.apache.org/rampart/policy",
- ENCRYPTION_USER_LN);
-
- public Assertion build(OMElement element, AssertionBuilderFactory factory)
- throws IllegalArgumentException {
- X509Token x509Token = new X509Token(SPConstants.SP_V12);
-
- OMElement policyElement = element.getFirstElement();
-
- //Process token inclusion
- OMAttribute includeAttr = element.getAttribute(SP12Constants.INCLUDE_TOKEN);
- if(includeAttr != null) {
- int inclusion = SP12Constants.getInclusionFromAttributeValue(includeAttr.getAttributeValue());
- x509Token.setInclusion(inclusion);
- }
-
- OMAttribute isOptional = element.getAttribute(Constants.Q_ELEM_OPTIONAL_ATTR);
- if (isOptional != null) {
- x509Token.setOptional(Boolean.valueOf(isOptional.getAttributeValue())
- .booleanValue());
- }
-
- if (policyElement != null) {
-
- if (policyElement.getFirstChildWithName(SP12Constants.REQUIRE_DERIVED_KEYS) != null) {
- x509Token.setDerivedKeys(true);
- } else if (policyElement.getFirstChildWithName(SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS) != null) {
- x509Token.setImpliedDerivedKeys(true);
- } else if (policyElement.getFirstChildWithName(SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS) != null) {
- x509Token.setExplicitDerivedKeys(true);
- }
-
- Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
- policy = (Policy) policy.normalize(false);
-
- for (Iterator iterator = policy.getAlternatives(); iterator
- .hasNext();) {
- processAlternative((List) iterator.next(), x509Token);
-
- /*
- * since there should be only one alternative
- */
- break;
- }
+import javax.xml.namespace.QName;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class X509TokenBuilder implements AssertionBuilder<Element> {
+
+ public Assertion build(Element element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ final SPConstants.SPVersion spVersion = SPConstants.SPVersion.getSPVersion(element.getNamespaceURI());
+ final String includeTokenValue = SPUtils.getAttribute(element, spVersion.getSPConstants().getIncludeToken());
+ final Element issuer = SPUtils.getFirstChildElement(element, spVersion.getSPConstants().getIssuer());
+ if (spVersion == SPConstants.SPVersion.SP11 && issuer != null) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
}
-
- if (x509Token != null && policyElement != null) {
- OMElement ramp = null;
- ramp = policyElement.getFirstChildWithName(RAMPART_CONFIG);
- if (ramp != null) {
- OMElement child = null;
- if ((child = ramp.getFirstChildWithName(USER_CERT_ALIAS)) != null) {
- x509Token.setUserCertAlias(child.getText());
- }
- if ((child = ramp.getFirstChildWithName(ENCRYPTION_USER)) != null) {
- x509Token.setEncryptionUser(child.getText());
- }
- }
+ final String issuerName = SPUtils.getFirstChildElementText(element, spVersion.getSPConstants().getIssuerName());
+ if (spVersion == SPConstants.SPVersion.SP11 && issuerName != null) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
}
-
+ final Element claims = SPUtils.getFirstChildElement(element, spVersion.getSPConstants().getClaims());
+ final Element nestedPolicyElement = SPUtils.getFirstPolicyChildElement(element);
+ final Policy nestedPolicy = nestedPolicyElement != null ? factory.getPolicyEngine().getPolicy(nestedPolicyElement) : new Policy();
+ X509Token x509Token = new X509Token(
+ spVersion,
+ spVersion.getSPConstants().getInclusionFromAttributeValue(includeTokenValue),
+ issuer,
+ issuerName,
+ claims,
+ nestedPolicy
+ );
+ x509Token.setOptional(SPUtils.isOptional(element));
+ x509Token.setIgnorable(SPUtils.isIgnorable(element));
return x509Token;
}
- private void processAlternative(List assertions, X509Token parent) {
- Assertion assertion;
- QName name;
-
- for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
- assertion = (Assertion) iterator.next();
- name = assertion.getName();
-
- if (SP12Constants.REQUIRE_KEY_IDENTIFIRE_REFERENCE.equals(name)) {
- parent.setRequireKeyIdentifierReference(true);
-
- } else if (SP12Constants.REQUIRE_ISSUER_SERIAL_REFERENCE.equals(name)) {
- parent.setRequireIssuerSerialReference(true);
-
- } else if (SP12Constants.REQUIRE_EMBEDDED_TOKEN_REFERENCE.equals(name)) {
- parent.setRequireEmbeddedTokenReference(true);
-
- } else if (SP12Constants.REQUIRE_THUMBPRINT_REFERENCE.equals(name)) {
- parent.setRequireThumbprintReference(true);
-
- } else if (SP12Constants.WSS_X509_V1_TOKEN_10.equals(name)) {
- parent.setTokenVersionAndType(SPConstants.WSS_X509_V1_TOKEN10);
-
- } else if (SP12Constants.WSS_X509_V1_TOKEN_11.equals(name)) {
- parent.setTokenVersionAndType(SPConstants.WSS_X509_V1_TOKEN11);
-
- } else if (SP12Constants.WSS_X509_V3_TOKEN_10.equals(name)) {
- parent.setTokenVersionAndType(SPConstants.WSS_X509_V3_TOKEN10);
-
- } else if (SP12Constants.WSS_X509_V3_TOKEN_11.equals(name)) {
- parent.setTokenVersionAndType(SPConstants.WSS_X509_V3_TOKEN11);
-
- } else if (SP12Constants.WSS_X509_PKCS7_TOKEN_10.equals(name)) {
- parent.setTokenVersionAndType(SPConstants.WSS_X509_PKCS7_TOKEN10);
-
- } else if (SP12Constants.WSS_X509_PKCS7_TOKEN_11.equals(name)) {
- parent.setTokenVersionAndType(SPConstants.WSS_X509_PKCS7_TOKEN11);
-
- } else if (SP12Constants.WSS_X509_PKI_PATH_V1_TOKEN_10.equals(name)) {
- parent.setTokenVersionAndType(SPConstants.WSS_X509_PKI_PATH_V1_TOKEN10);
-
- } else if (SP12Constants.WSS_X509_PKI_PATH_V1_TOKEN_11.equals(name)) {
- parent.setTokenVersionAndType(SPConstants.WSS_X509_PKI_PATH_V1_TOKEN11);
-
- }
- }
- }
-
public QName[] getKnownElements() {
- return new QName[] {SP12Constants.X509_TOKEN};
+ return new QName[]{SP13Constants.X509_TOKEN, SP11Constants.X509_TOKEN};
}
}
Propchange: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/X509TokenBuilder.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Copied: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractBinding.java (from r1197660, axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractBinding.java?p2=webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractBinding.java&p1=axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java&r1=1197660&r2=1210203&rev=1210203&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java (original)
+++ webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractBinding.java Sun Dec 4 20:33:05 2011
@@ -1,103 +1,124 @@
-/*
- * Copyright 2004,2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
-
package org.apache.ws.secpolicy.model;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.neethi.PolicyContainingAssertion;
+import org.apache.ws.secpolicy.SPConstants;
+
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+import java.util.Iterator;
+import java.util.List;
+
/**
- * @author prabath
- *
+ * @author $Author$
+ * @version $Revision$ $Date$
*/
-public abstract class Binding extends AbstractSecurityAssertion implements AlgorithmWrapper {
+public abstract class AbstractBinding extends AbstractSecurityAssertion implements PolicyContainingAssertion {
+ private Policy nestedPolicy;
private AlgorithmSuite algorithmSuite;
- private boolean includeTimestamp;
- private boolean includeTimestampOptional;
private Layout layout;
- private SupportingToken signedSupportingToken;
- private SupportingToken signedEndorsingSupportingTokens;
-
- public Binding (int version) {
- setVersion(version);
- layout = new Layout(version);
- }
-
- /**
- * @return Returns the algorithmSuite.
- */
+ private boolean includeTimestamp;
+
+ protected AbstractBinding(SPConstants.SPVersion version, Policy nestedPolicy) {
+ super(version);
+ this.nestedPolicy = nestedPolicy;
+ parseNestedBindingPolicy(nestedPolicy, this);
+ if (layout == null) {
+ layout = new Layout(version, new Policy());
+ }
+ }
+
+ public Policy getPolicy() {
+ return nestedPolicy;
+ }
+
+ public PolicyComponent normalize() {
+ return super.normalize(getPolicy());
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ super.serialize(writer, getPolicy());
+ }
+
+ protected void parseNestedBindingPolicy(Policy nestedPolicy, AbstractBinding binding) {
+ Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
+ //we just process the first alternative
+ //this means that if we have a compact policy only the first alternative is visible
+ //in contrary to a normalized policy where just one alternative exists
+ if (alternatives.hasNext()) {
+ List<Assertion> assertions = alternatives.next();
+ for (int i = 0; i < assertions.size(); i++) {
+ Assertion assertion = assertions.get(i);
+ String assertionName = assertion.getName().getLocalPart();
+ if (SPConstants.ALGORITHM_SUITE.equals(assertionName)) {
+ if (binding.getAlgorithmSuite() != null) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ binding.setAlgorithmSuite((AlgorithmSuite) assertion);
+ continue;
+ }
+ if (SPConstants.LAYOUT.equals(assertionName)) {
+ if (binding.getLayout() != null) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ Layout layout = (Layout) assertion;
+ binding.setLayout(layout);
+ if (layout.getLayoutType() == Layout.LayoutType.LaxTsFirst
+ || layout.getLayoutType() == Layout.LayoutType.LaxTsLast) {
+ binding.setIncludeTimestamp(true);
+ }
+ continue;
+ }
+ if (SPConstants.INCLUDE_TIMESTAMP.equals(assertionName)) {
+ binding.setIncludeTimestamp(true);
+ continue;
+ }
+ }
+ }
+ }
+
public AlgorithmSuite getAlgorithmSuite() {
return algorithmSuite;
}
- /**
- * @param algorithmSuite The algorithmSuite to set.
- */
- public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ protected void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
this.algorithmSuite = algorithmSuite;
}
- /**
- * @return Returns the includeTimestamp.
- */
- public boolean isIncludeTimestamp() {
- return includeTimestamp;
- }
-
- /**
- * @param includeTimestamp The includeTimestamp to set.
- */
- public void setIncludeTimestamp(boolean includeTimestamp) {
- this.includeTimestamp = includeTimestamp;
- }
-
- public boolean isIncludeTimestampOptional() {
- return includeTimestampOptional;
- }
-
- public void setIncludeTimestampOptional(boolean includeTimestampOptional) {
- this.includeTimestampOptional = includeTimestampOptional;
- }
-
- /**
- * @return Returns the layout.
- */
public Layout getLayout() {
return layout;
}
- /**
- * @param layout The layout to set.
- */
- public void setLayout(Layout layout) {
+ protected void setLayout(Layout layout) {
this.layout = layout;
}
- public SupportingToken getSignedEndorsingSupportingTokens() {
- return signedEndorsingSupportingTokens;
- }
-
- public void setSignedEndorsingSupportingTokens(
- SupportingToken signedEndorsingSupportingTokens) {
- this.signedEndorsingSupportingTokens = signedEndorsingSupportingTokens;
- }
-
- public SupportingToken getSignedSupportingToken() {
- return signedSupportingToken;
+ public boolean isIncludeTimestamp() {
+ return includeTimestamp;
}
- public void setSignedSupportingToken(SupportingToken signedSupportingToken) {
- this.signedSupportingToken = signedSupportingToken;
+ protected void setIncludeTimestamp(boolean includeTimestamp) {
+ this.includeTimestamp = includeTimestamp;
}
}
Propchange: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractBinding.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java?rev=1210203&r1=1210202&r2=1210203&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java (original)
+++ webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java Sun Dec 4 20:33:05 2011
@@ -1,81 +1,173 @@
-/*
- * Copyright 2001-2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
package org.apache.ws.secpolicy.model;
-import org.apache.neethi.Assertion;
-import org.apache.neethi.PolicyComponent;
-import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.neethi.*;
+import org.apache.ws.secpolicy.AssertionState;
import org.apache.ws.secpolicy.SPConstants;
-import org.apache.ws.secpolicy.SP12Constants;
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
public abstract class AbstractSecurityAssertion implements Assertion {
private boolean isOptional;
private boolean isIgnorable;
-
- private boolean normalized = true;
-
- protected int version;
+ private boolean normalized = false;
+
+ private SPConstants.SPVersion version;
+
+ protected AbstractSecurityAssertion(SPConstants.SPVersion version) {
+ this.version = version;
+ }
public boolean isOptional() {
return isOptional;
}
-
+
public void setOptional(boolean isOptional) {
this.isOptional = isOptional;
}
+
public boolean isIgnorable() {
return isIgnorable;
}
-
+
public void setIgnorable(boolean isIgnorable) {
this.isIgnorable = isIgnorable;
}
public short getType() {
return org.apache.neethi.Constants.TYPE_ASSERTION;
- }
-
+ }
+
public boolean equal(PolicyComponent policyComponent) {
throw new UnsupportedOperationException();
}
-
+
public void setNormalized(boolean normalized) {
this.normalized = normalized;
}
-
+
public boolean isNormalized() {
return this.normalized;
}
public PolicyComponent normalize() {
-
- /*
- * TODO: Handling the isOptional:TRUE case
- */
- return this;
- }
-
- public void setVersion(int version) {
- this.version = version;
+ Policy policy = new Policy();
+ ExactlyOne exactlyOne = new ExactlyOne();
+ policy.addPolicyComponent(exactlyOne);
+
+ if (isOptional()) {
+ exactlyOne.addPolicyComponent(new All());
+ }
+
+ AbstractSecurityAssertion a = clone(null);
+ a.setNormalized(true);
+ a.setOptional(false);
+
+ All all = new All();
+ all.addPolicyComponent(a);
+ exactlyOne.addPolicyComponent(all);
+
+ return policy;
}
-
- public int getVersion() {
+
+ public PolicyComponent normalize(Policy nestedPolicy) {
+ Policy normalizedNestedPolicy = nestedPolicy.normalize(true);
+
+ Policy policy = new Policy();
+ ExactlyOne exactlyOne = new ExactlyOne();
+ policy.addPolicyComponent(exactlyOne);
+
+ if (isOptional()) {
+ exactlyOne.addPolicyComponent(new All());
+ }
+
+ // for all alternatives in normalized nested policy
+ Iterator<List<Assertion>> alternatives = normalizedNestedPolicy.getAlternatives();
+ while (alternatives.hasNext()) {
+ List<Assertion> alternative = alternatives.next();
+
+ Policy ncp = new Policy(nestedPolicy.getPolicyRegistry(), nestedPolicy.getNamespace());
+ ExactlyOne nceo = new ExactlyOne();
+ ncp.addPolicyComponent(nceo);
+
+ All nca = new All();
+ nceo.addPolicyComponent(nca);
+ nca.addPolicyComponents(alternative);
+
+ AbstractSecurityAssertion a = clone(ncp);
+ a.setNormalized(true);
+ a.setOptional(false);
+
+ All all = new All();
+ all.addPolicyComponent(a);
+ exactlyOne.addPolicyComponent(all);
+
+ }
+ return policy;
+ }
+
+ public SPConstants.SPVersion getVersion() {
return version;
}
-
-
+
+ public void serialize(XMLStreamWriter writer, Policy nestedPolicy) throws XMLStreamException {
+ writer.writeStartElement(getName().getPrefix(), getName().getLocalPart(), getName().getNamespaceURI());
+ writer.writeNamespace(getName().getPrefix(), getName().getNamespaceURI());
+ if (!isNormalized() && isOptional()) {
+ writer.writeAttribute(Constants.ATTR_WSP, writer.getNamespaceContext().getNamespaceURI(Constants.ATTR_WSP), Constants.ATTR_OPTIONAL, "true");
+ }
+ if (isIgnorable()) {
+ writer.writeAttribute(Constants.ATTR_WSP, writer.getNamespaceContext().getNamespaceURI(Constants.ATTR_WSP), Constants.ATTR_IGNORABLE, "true");
+ }
+ nestedPolicy.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ protected abstract AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy);
+
+ public AbstractSecurityAssertion clone(Policy nestedPolicy) {
+ AbstractSecurityAssertion assertion = cloneAssertion(nestedPolicy);
+ assertion.setIgnorable(isIgnorable());
+ assertion.setNormalized(isNormalized());
+ assertion.setOptional(isOptional());
+ return assertion;
+ }
+
+ public boolean isAsserted(Map<QName, List<AssertionState>> assertionStatesMap) {
+ List<AssertionState> assertionStateList = assertionStatesMap.get(getName());
+ for (int i = 0; i < assertionStateList.size(); i++) {
+ AssertionState assertionState = assertionStateList.get(i);
+ if (assertionState.getAssertion() == this && !assertionState.isAsserted()) {
+ return false;
+ }
+ }
+ return true;
+ }
}
Propchange: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Copied: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSymmetricAsymmetricBinding.java (from r1197660, axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSymmetricAsymmetricBinding.java?p2=webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSymmetricAsymmetricBinding.java&p1=axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java&r1=1197660&r2=1210203&rev=1210203&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java (original)
+++ webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSymmetricAsymmetricBinding.java Sun Dec 4 20:33:05 2011
@@ -1,100 +1,138 @@
-/*
- * Copyright 2004,2005 The Apache Software Foundation.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
-
package org.apache.ws.secpolicy.model;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
import org.apache.ws.secpolicy.SPConstants;
-public abstract class SymmetricAsymmetricBindingBase extends Binding {
+import java.util.*;
- private String protectionOrder = SPConstants.SIGN_BEFORE_ENCRYPTING;
-
- private boolean signatureProtection;
-
- private boolean tokenProtection;
-
- private boolean entireHeadersAndBodySignatures;
-
- public SymmetricAsymmetricBindingBase(int version) {
- super(version);
- }
-
- /**
- * @return Returns the entireHeaderAndBodySignatures.
- */
- public boolean isEntireHeadersAndBodySignatures() {
- return entireHeadersAndBodySignatures;
- }
-
- /**
- * @param entireHeaderAndBodySignatures The entireHeaderAndBodySignatures to set.
- */
- public void setEntireHeadersAndBodySignatures(
- boolean entireHeaderAndBodySignatures) {
- this.entireHeadersAndBodySignatures = entireHeaderAndBodySignatures;
- }
-
- /**
- * @return Returns the protectionOrder.
- */
- public String getProtectionOrder() {
- return protectionOrder;
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public abstract class AbstractSymmetricAsymmetricBinding extends AbstractBinding {
+
+ public enum ProtectionOrder {
+ EncryptBeforeSigning,
+ SignBeforeEncrypting;
+
+ private static final Map<String, ProtectionOrder> lookup = new HashMap<String, ProtectionOrder>();
+
+ static {
+ for (ProtectionOrder u : EnumSet.allOf(ProtectionOrder.class))
+ lookup.put(u.name(), u);
+ }
+
+ public static ProtectionOrder lookUp(String name) {
+ return lookup.get(name);
+ }
}
- /**
- * @param protectionOrder The protectionOrder to set.
- */
- public void setProtectionOrder(String protectionOrder) {
- if(SPConstants.ENCRYPT_BEFORE_SIGNING.equals(protectionOrder) ||
- SPConstants.SIGN_BEFORE_ENCRYPTING.equals(protectionOrder)) {
- this.protectionOrder = protectionOrder;
- } else {
-// throw new WSSPolicyException("Incorrect protection order value : "
-// + protectionOrder);
+ private ProtectionOrder protectionOrder = ProtectionOrder.SignBeforeEncrypting;
+ private boolean encryptSignature = false;
+ private boolean protectTokens = false;
+ private boolean onlySignEntireHeadersAndBody = false;
+
+ protected AbstractSymmetricAsymmetricBinding(SPConstants.SPVersion version, Policy nestedPolicy) {
+ super(version, nestedPolicy);
+
+ parseNestedSymmetricAsymmetricBindingBasePolicy(nestedPolicy, this);
+ }
+
+ protected void parseNestedSymmetricAsymmetricBindingBasePolicy(Policy nestedPolicy, AbstractSymmetricAsymmetricBinding asymmetricBindingBase) {
+ Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
+ //we just process the first alternative
+ //this means that if we have a compact policy only the first alternative is visible
+ //in contrary to a normalized policy where just one alternative exists
+ if (alternatives.hasNext()) {
+ List<Assertion> assertions = alternatives.next();
+ for (int i = 0; i < assertions.size(); i++) {
+ Assertion assertion = assertions.get(i);
+ String assertionName = assertion.getName().getLocalPart();
+ String assertionNamespace = assertion.getName().getNamespaceURI();
+ ProtectionOrder protectionOrder = ProtectionOrder.lookUp(assertionName);
+ if (protectionOrder != null) {
+ if (asymmetricBindingBase.getProtectionOrder() == ProtectionOrder.EncryptBeforeSigning) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ asymmetricBindingBase.setProtectionOrder(protectionOrder);
+ continue;
+ }
+ if (getVersion().getSPConstants().getEncryptSignature().getLocalPart().equals(assertionName)
+ && getVersion().getSPConstants().getEncryptSignature().getNamespaceURI().equals(assertionNamespace)) {
+ if (asymmetricBindingBase.isEncryptSignature()) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ asymmetricBindingBase.setEncryptSignature(true);
+ continue;
+ }
+ if (getVersion().getSPConstants().getProtectTokens().getLocalPart().equals(assertionName)
+ && getVersion().getSPConstants().getProtectTokens().getNamespaceURI().equals(assertionNamespace)) {
+ if (asymmetricBindingBase.isProtectTokens()) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ asymmetricBindingBase.setProtectTokens(true);
+ continue;
+ }
+ if (getVersion().getSPConstants().getOnlySignEntireHeadersAndBody().getLocalPart().equals(assertionName)
+ && getVersion().getSPConstants().getOnlySignEntireHeadersAndBody().getNamespaceURI().equals(assertionNamespace)) {
+ if (asymmetricBindingBase.isOnlySignEntireHeadersAndBody()) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ asymmetricBindingBase.setOnlySignEntireHeadersAndBody(true);
+ continue;
+ }
+ }
}
}
- /**
- * @return Returns the signatureProtection.
- */
- public boolean isSignatureProtection() {
- return signatureProtection;
- }
-
- /**
- * @param signatureProtection The signatureProtection to set.
- */
- public void setSignatureProtection(boolean signatureProtection) {
- this.signatureProtection = signatureProtection;
- }
-
- /**
- * @return Returns the tokenProtection.
- */
- public boolean isTokenProtection() {
- return tokenProtection;
- }
-
- /**
- * @param tokenProtection The tokenProtection to set.
- */
- public void setTokenProtection(boolean tokenProtection) {
- this.tokenProtection = tokenProtection;
- }
-
-
-
+ public ProtectionOrder getProtectionOrder() {
+ return protectionOrder;
+ }
+
+ protected void setProtectionOrder(ProtectionOrder protectionOrder) {
+ this.protectionOrder = protectionOrder;
+ }
+
+ public boolean isEncryptSignature() {
+ return encryptSignature;
+ }
+
+ protected void setEncryptSignature(boolean encryptSignature) {
+ this.encryptSignature = encryptSignature;
+ }
+
+ public boolean isProtectTokens() {
+ return protectTokens;
+ }
+
+ protected void setProtectTokens(boolean protectTokens) {
+ this.protectTokens = protectTokens;
+ }
+
+ public boolean isOnlySignEntireHeadersAndBody() {
+ return onlySignEntireHeadersAndBody;
+ }
+
+ protected void setOnlySignEntireHeadersAndBody(boolean onlySignEntireHeadersAndBody) {
+ this.onlySignEntireHeadersAndBody = onlySignEntireHeadersAndBody;
+ }
}
Propchange: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSymmetricAsymmetricBinding.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Copied: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractToken.java (from r1197660, axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractToken.java?p2=webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractToken.java&p1=axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java&r1=1197660&r2=1210203&rev=1210203&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java (original)
+++ webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractToken.java Sun Dec 4 20:33:05 2011
@@ -1,91 +1,158 @@
-/*
- * Copyright 2004,2005 The Apache Software Foundation.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
-
package org.apache.ws.secpolicy.model;
+import org.apache.neethi.Constants;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.neethi.PolicyContainingAssertion;
import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.SPUtils;
+import org.w3c.dom.Element;
+
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+import java.util.EnumSet;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public abstract class AbstractToken extends AbstractSecurityAssertion implements PolicyContainingAssertion {
+
+ public enum DerivedKeys {
+ RequireDerivedKeys,
+ RequireExplicitDerivedKeys,
+ RequireImpliedDerivedKeys;
+
+ private static final Map<String, X509Token.DerivedKeys> lookup = new HashMap<String, X509Token.DerivedKeys>();
+
+ static {
+ for (DerivedKeys u : EnumSet.allOf(DerivedKeys.class))
+ lookup.put(u.name(), u);
+ }
+
+ public static DerivedKeys lookUp(String name) {
+ return lookup.get(name);
+ }
+ }
+
+ private SPConstants.IncludeTokenType includeTokenType;
+ private Element issuer;
+ private Element claims;
+ private String issuerName;
+ private DerivedKeys derivedKeys;
+ private Policy nestedPolicy;
-public abstract class Token extends AbstractSecurityAssertion {
+ protected AbstractToken(SPConstants.SPVersion version, SPConstants.IncludeTokenType includeTokenType,
+ Element issuer, String issuerName, Element claims, Policy nestedPolicy) {
+ super(version);
+ this.nestedPolicy = nestedPolicy;
+ this.includeTokenType = includeTokenType;
+ this.issuer = issuer;
+ this.issuerName = issuerName;
+ this.claims = claims;
+ }
+
+ public Policy getPolicy() {
+ return nestedPolicy;
+ }
+
+ public PolicyComponent normalize() {
+ return super.normalize(getPolicy());
+ }
- /**
- * Inclusion property of a TokenAssertion
- */
- private int inclusion = SPConstants.INCLUDE_TOEKN_ALWAYS;
-
- /**
- * Whether to derive keys or not
- */
- private boolean derivedKeys;
-
- private boolean impliedDerivedKeys;
-
- private boolean explicitDerivedKeys;
-
- /**
- * @return Returns the inclusion.
- */
- public int getInclusion() {
- return inclusion;
- }
-
- /**
- * @param inclusion The inclusion to set.
- */
- public void setInclusion(int inclusion) {
- if(SPConstants.INCLUDE_TOEKN_ALWAYS == inclusion ||
- SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT == inclusion ||
- SPConstants.INCLUDE_TOEKN_ALWAYS_TO_INITIATOR == inclusion ||
- SPConstants.INCLUDE_TOKEN_NEVER == inclusion ||
- SPConstants.INCLUDE_TOKEN_ONCE == inclusion ) {
- this.inclusion = inclusion;
- } else {
- //TODO replace this with a proper (WSSPolicyException) exception
- throw new RuntimeException("Incorrect inclusion value: " + inclusion);
- }
- }
-
- /**
- * @return Returns the derivedKeys.
- */
- public boolean isDerivedKeys() {
+ public SPConstants.IncludeTokenType getIncludeTokenType() {
+ return includeTokenType;
+ }
+
+ protected void setIncludeTokenType(SPConstants.IncludeTokenType includeTokenType) {
+ this.includeTokenType = includeTokenType;
+ }
+
+ public Element getIssuer() {
+ return issuer;
+ }
+
+ protected void setIssuer(Element issuer) {
+ this.issuer = issuer;
+ }
+
+ public String getIssuerName() {
+ return issuerName;
+ }
+
+ protected void setIssuerName(String issuerName) {
+ this.issuerName = issuerName;
+ }
+
+ public Element getClaims() {
+ return claims;
+ }
+
+ protected void setClaims(Element claims) {
+ this.claims = claims;
+ }
+
+ public DerivedKeys getDerivedKeys() {
return derivedKeys;
}
- /**
- * @param derivedKeys The derivedKeys to set.
- */
- public void setDerivedKeys(boolean derivedKeys) {
+ protected void setDerivedKeys(DerivedKeys derivedKeys) {
this.derivedKeys = derivedKeys;
- }
-
-
- public boolean isExplicitDerivedKeys() {
- return explicitDerivedKeys;
- }
-
- public void setExplicitDerivedKeys(boolean explicitDerivedKeys) {
- this.explicitDerivedKeys = explicitDerivedKeys;
- }
-
- public boolean isImpliedDerivedKeys() {
- return impliedDerivedKeys;
- }
-
- public void setImpliedDerivedKeys(boolean impliedDerivedKeys) {
- this.impliedDerivedKeys = impliedDerivedKeys;
}
-
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ writer.writeStartElement(getName().getPrefix(), getName().getLocalPart(), getName().getNamespaceURI());
+ writer.writeNamespace(getName().getPrefix(), getName().getNamespaceURI());
+ if (getIncludeTokenType() != null) {
+ writer.writeAttribute(
+ getVersion().getSPConstants().getIncludeToken().getPrefix(),
+ getVersion().getSPConstants().getIncludeToken().getNamespaceURI(),
+ getVersion().getSPConstants().getIncludeToken().getLocalPart(),
+ getVersion().getSPConstants().getAttributeValueFromInclusion(getIncludeTokenType())
+ );
+ }
+ if (!isNormalized() && isOptional()) {
+ writer.writeAttribute(Constants.ATTR_WSP, writer.getNamespaceContext().getNamespaceURI(Constants.ATTR_WSP), Constants.ATTR_OPTIONAL, "true");
+ }
+ if (isIgnorable()) {
+ writer.writeAttribute(Constants.ATTR_WSP, writer.getNamespaceContext().getNamespaceURI(Constants.ATTR_WSP), Constants.ATTR_IGNORABLE, "true");
+ }
+ if (getIssuer() != null) {
+ SPUtils.serialize(getIssuer(), writer);
+ }
+ if (getIssuerName() != null) {
+ writer.writeStartElement(
+ getVersion().getSPConstants().getIssuerName().getPrefix(),
+ getVersion().getSPConstants().getIssuerName().getLocalPart(),
+ getVersion().getSPConstants().getIssuerName().getNamespaceURI()
+ );
+ writer.writeCharacters(getIssuerName());
+ writer.writeEndElement();
+ }
+ if (getClaims() != null) {
+ SPUtils.serialize(getClaims(), writer);
+ }
+ getPolicy().serialize(writer);
+ writer.writeEndElement();
+ }
}
\ No newline at end of file
Propchange: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractToken.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Copied: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractTokenWrapper.java (from r1197660, axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractTokenWrapper.java?p2=webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractTokenWrapper.java&p1=axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java&r1=1197660&r2=1210203&rev=1210203&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java (original)
+++ webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractTokenWrapper.java Sun Dec 4 20:33:05 2011
@@ -1,22 +1,87 @@
-/*
- * Copyright 2004,2005 The Apache Software Foundation.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
-
package org.apache.ws.secpolicy.model;
-public interface TokenWrapper {
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.neethi.PolicyContainingAssertion;
+import org.apache.ws.secpolicy.SPConstants;
+
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public abstract class AbstractTokenWrapper extends AbstractSecurityAssertion implements PolicyContainingAssertion {
+
+ private Policy nestedPolicy;
+ private AbstractToken token;
+
+ protected AbstractTokenWrapper(SPConstants.SPVersion version, Policy nestedPolicy) {
+ super(version);
+ this.nestedPolicy = nestedPolicy;
+
+ parseNestedPolicy(nestedPolicy, this);
+ }
+
+ public Policy getPolicy() {
+ return nestedPolicy;
+ }
+
+ public PolicyComponent normalize() {
+ return super.normalize(getPolicy());
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ super.serialize(writer, getPolicy());
+ }
+
+ protected void parseNestedPolicy(Policy nestedPolicy, AbstractTokenWrapper tokenWrapper) {
+ Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
+ //we just process the first alternative
+ //this means that if we have a compact policy only the first alternative is visible
+ //in contrary to a normalized policy where just one alternative exists
+ if (alternatives.hasNext()) {
+ List<Assertion> assertions = alternatives.next();
+ for (int i = 0; i < assertions.size(); i++) {
+ Assertion assertion = assertions.get(i);
+ if (assertion instanceof AbstractToken) {
+ if (tokenWrapper.getToken() != null) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ tokenWrapper.setToken((AbstractToken) assertion);
+ continue;
+ }
+ }
+ }
+ }
+
+ public AbstractToken getToken() {
+ return token;
+ }
- public void setToken(Token tok);
+ protected void setToken(AbstractToken token) {
+ this.token = token;
+ }
}
Propchange: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractTokenWrapper.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java?rev=1210203&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java (added)
+++ webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java Sun Dec 4 20:33:05 2011
@@ -0,0 +1,498 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ws.secpolicy.model;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.neethi.PolicyContainingAssertion;
+import org.apache.ws.secpolicy.SPConstants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+import java.util.*;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class AlgorithmSuite extends AbstractSecurityAssertion implements PolicyContainingAssertion {
+
+ public enum AlgorithmSuiteType {
+ Basic256(
+ SPConstants.SHA1,
+ SPConstants.AES256,
+ SPConstants.KW_AES256,
+ SPConstants.KW_RSA_OAEP,
+ SPConstants.P_SHA1_L256,
+ SPConstants.P_SHA1_L192,
+ 256, 192, 256, 256),
+ Basic192(
+ SPConstants.SHA1,
+ SPConstants.AES192,
+ SPConstants.KW_AES192,
+ SPConstants.KW_RSA_OAEP,
+ SPConstants.P_SHA1_L192,
+ SPConstants.P_SHA1_L192,
+ 192, 192, 192, 192),
+ Basic128(
+ SPConstants.SHA1,
+ SPConstants.AES128,
+ SPConstants.KW_AES128,
+ SPConstants.KW_RSA_OAEP,
+ SPConstants.P_SHA1_L128,
+ SPConstants.P_SHA1_L128,
+ 128, 128, 128, 128),
+ TripleDes(
+ SPConstants.SHA1,
+ SPConstants.TRIPLE_DES,
+ SPConstants.KW_TRIPLE_DES,
+ SPConstants.KW_RSA_OAEP,
+ SPConstants.P_SHA1_L192,
+ SPConstants.P_SHA1_L192,
+ 192, 192, 192, 192),
+ Basic256Rsa15(
+ SPConstants.SHA1,
+ SPConstants.AES256,
+ SPConstants.KW_AES256,
+ SPConstants.KW_RSA15,
+ SPConstants.P_SHA1_L256,
+ SPConstants.P_SHA1_L192,
+ 256, 192, 256, -1),
+ Basic192Rsa15(
+ SPConstants.SHA1,
+ SPConstants.AES192,
+ SPConstants.KW_AES192,
+ SPConstants.KW_RSA15,
+ SPConstants.P_SHA1_L192,
+ SPConstants.P_SHA1_L192,
+ 192, 192, 192, 192),
+ Basic128Rsa15(
+ SPConstants.SHA1,
+ SPConstants.AES128,
+ SPConstants.KW_AES128,
+ SPConstants.KW_RSA15,
+ SPConstants.P_SHA1_L128,
+ SPConstants.P_SHA1_L128,
+ 128, 128, 128, 128),
+ TripleDesRsa15(
+ SPConstants.SHA1,
+ SPConstants.TRIPLE_DES,
+ SPConstants.KW_TRIPLE_DES,
+ SPConstants.KW_RSA15,
+ SPConstants.P_SHA1_L192,
+ SPConstants.P_SHA1_L192,
+ 192, 192, 192, 192),
+ Basic256Sha256(
+ SPConstants.SHA256,
+ SPConstants.AES256,
+ SPConstants.KW_AES256,
+ SPConstants.KW_RSA_OAEP,
+ SPConstants.P_SHA1_L256,
+ SPConstants.P_SHA1_L192,
+ 256, 256, 256, -1),
+ Basic192Sha256(
+ SPConstants.SHA256,
+ SPConstants.AES192,
+ SPConstants.KW_AES192,
+ SPConstants.KW_RSA_OAEP,
+ SPConstants.P_SHA1_L192,
+ SPConstants.P_SHA1_L192,
+ 192, 192, 192, 192),
+ Basic128Sha256(
+ SPConstants.SHA256,
+ SPConstants.AES128,
+ SPConstants.KW_AES128,
+ SPConstants.KW_RSA_OAEP,
+ SPConstants.P_SHA1_L128,
+ SPConstants.P_SHA1_L128,
+ 128, 128, 128, 128),
+ TripleDesSha256(
+ SPConstants.SHA256,
+ SPConstants.TRIPLE_DES,
+ SPConstants.KW_TRIPLE_DES,
+ SPConstants.KW_RSA_OAEP,
+ SPConstants.P_SHA1_L192,
+ SPConstants.P_SHA1_L192,
+ 192, 192, 192, 192),
+ Basic256Sha256Rsa15(
+ SPConstants.SHA256,
+ SPConstants.AES256,
+ SPConstants.KW_AES256,
+ SPConstants.KW_RSA15,
+ SPConstants.P_SHA1_L256,
+ SPConstants.P_SHA1_L192,
+ 256, 192, 256, -1),
+ Basic192Sha256Rsa15(
+ SPConstants.SHA256,
+ SPConstants.AES192,
+ SPConstants.KW_AES192,
+ SPConstants.KW_RSA15,
+ SPConstants.P_SHA1_L192,
+ SPConstants.P_SHA1_L192,
+ 192, 192, 192, 192),
+ Basic128Sha256Rsa15(
+ SPConstants.SHA256,
+ SPConstants.AES128,
+ SPConstants.KW_AES128,
+ SPConstants.KW_RSA15,
+ SPConstants.P_SHA1_L128,
+ SPConstants.P_SHA1_L128,
+ 128, 128, 128, 192),
+ TripleDesSha256Rsa15(
+ SPConstants.SHA256,
+ SPConstants.TRIPLE_DES,
+ SPConstants.KW_TRIPLE_DES,
+ SPConstants.KW_RSA15,
+ SPConstants.P_SHA1_L192,
+ SPConstants.P_SHA1_L192,
+ 192, 192, 192, 192);
+
+ private String digest;
+ private String encryption;
+ private String symmetricKeyWrap;
+ private String asymmetricKeyWrap;
+ private String encryptionKeyDerivation;
+ private String signatureKeyDerivation;
+ private int encryptionDerivedKeyLength;
+ private int signatureDerivedKeyLength;
+ private int minimumSymmetricKeyLength;
+ private int maximumSymmetricKeyLength;
+
+ private static final Map<String, AlgorithmSuiteType> lookup = new HashMap<String, AlgorithmSuiteType>();
+
+ static {
+ for (AlgorithmSuiteType u : EnumSet.allOf(AlgorithmSuiteType.class))
+ lookup.put(u.name(), u);
+ }
+
+ public static AlgorithmSuiteType lookUp(String name) {
+ return lookup.get(name);
+ }
+
+ AlgorithmSuiteType(String digest, String encryption, String symmetricKeyWrap, String asymmetricKeyWrap,
+ String encryptionKeyDerivation, String signatureKeyDerivation, int encryptionDerivedKeyLength,
+ int signatureDerivedKeyLength, int minimumSymmetricKeyLength,
+ int maximumSymmetricKeyLength) {
+ this.digest = digest;
+ this.encryption = encryption;
+ this.symmetricKeyWrap = symmetricKeyWrap;
+ this.asymmetricKeyWrap = asymmetricKeyWrap;
+ this.encryptionKeyDerivation = encryptionKeyDerivation;
+ this.signatureKeyDerivation = signatureKeyDerivation;
+ this.encryptionDerivedKeyLength = encryptionDerivedKeyLength;
+ this.signatureDerivedKeyLength = signatureDerivedKeyLength;
+ this.minimumSymmetricKeyLength = minimumSymmetricKeyLength;
+ this.maximumSymmetricKeyLength = maximumSymmetricKeyLength;
+ }
+
+ public String getDigest() {
+ return digest;
+ }
+
+ public String getEncryption() {
+ return encryption;
+ }
+
+ public String getSymmetricKeyWrap() {
+ return symmetricKeyWrap;
+ }
+
+ public String getAsymmetricKeyWrap() {
+ return asymmetricKeyWrap;
+ }
+
+ public String getEncryptionKeyDerivation() {
+ return encryptionKeyDerivation;
+ }
+
+ public String getSignatureKeyDerivation() {
+ return signatureKeyDerivation;
+ }
+
+ public int getEncryptionDerivedKeyLength() {
+ return encryptionDerivedKeyLength;
+ }
+
+ public int getSignatureDerivedKeyLength() {
+ return signatureDerivedKeyLength;
+ }
+
+ public int getMinimumSymmetricKeyLength() {
+ return minimumSymmetricKeyLength;
+ }
+
+ public int getMaximumSymmetricKeyLength() {
+ return maximumSymmetricKeyLength;
+ }
+ }
+
+ public enum XPathType {
+ XPathNone(null),
+ XPath10(SPConstants.XPATH),
+ XPathFilter20(SPConstants.XPATH20),
+ AbsXPath(SPConstants.ABS_XPATH);
+
+ private static final Map<String, XPathType> lookup = new HashMap<String, XPathType>();
+
+ static {
+ for (XPathType u : EnumSet.allOf(XPathType.class))
+ lookup.put(u.name(), u);
+ }
+
+ public static XPathType lookUp(String name) {
+ return lookup.get(name);
+ }
+
+ private String value;
+
+ public String getValue() {
+ return value;
+ }
+
+ XPathType(String value) {
+ this.value = value;
+ }
+ }
+
+ public enum C14NType {
+ ExclusiveC14N(SPConstants.EX_C14N),
+ InclusiveC14N(SPConstants.C14N),
+ InclusiveC14N11(SPConstants.C14N11);
+
+ private static final Map<String, C14NType> lookup = new HashMap<String, C14NType>();
+
+ static {
+ for (C14NType u : EnumSet.allOf(C14NType.class))
+ lookup.put(u.name(), u);
+ }
+
+ private String value;
+
+ public static C14NType lookUp(String name) {
+ return lookup.get(name);
+ }
+
+ public String getValue() {
+ return value;
+ }
+
+ C14NType(String value) {
+ this.value = value;
+ }
+ }
+
+ public enum SOAPNormType {
+ SOAPNormalizationNone(null),
+ SOAPNormalization10(SPConstants.SOAP_NORMALIZATION_10);
+
+ private static final Map<String, SOAPNormType> lookup = new HashMap<String, SOAPNormType>();
+
+ static {
+ for (SOAPNormType u : EnumSet.allOf(SOAPNormType.class))
+ lookup.put(u.name(), u);
+ }
+
+ public static SOAPNormType lookUp(String name) {
+ return lookup.get(name);
+ }
+
+ private String value;
+
+ public String getValue() {
+ return value;
+ }
+
+ SOAPNormType(String value) {
+ this.value = value;
+ }
+ }
+
+ public enum STRType {
+ STRTransformNone(null),
+ STRTransform10(SPConstants.STR_TRANSFORM_10);
+
+ private static final Map<String, STRType> lookup = new HashMap<String, STRType>();
+
+ static {
+ for (STRType u : EnumSet.allOf(STRType.class))
+ lookup.put(u.name(), u);
+ }
+
+ public static STRType lookUp(String name) {
+ return lookup.get(name);
+ }
+
+ private String value;
+
+ public String getValue() {
+ return value;
+ }
+
+ STRType(String value) {
+ this.value = value;
+ }
+ }
+
+ private Policy nestedPolicy;
+ private AlgorithmSuiteType algorithmSuiteType;
+ private C14NType c14n = C14NType.ExclusiveC14N;
+ private SOAPNormType soapNormType = SOAPNormType.SOAPNormalizationNone;
+ private STRType strType = STRType.STRTransformNone;
+ private XPathType xPathType = XPathType.XPathNone;
+
+ private String symmetricSignature = SPConstants.HMAC_SHA1;
+ private String asymmetricSignature = SPConstants.RSA_SHA1;
+ private String computedKey = SPConstants.P_SHA1;
+
+ public AlgorithmSuite(SPConstants.SPVersion version, Policy nestedPolicy) {
+ super(version);
+ this.nestedPolicy = nestedPolicy;
+
+ parseNestedPolicy(nestedPolicy, this);
+ }
+
+ public Policy getPolicy() {
+ return nestedPolicy;
+ }
+
+ public QName getName() {
+ return getVersion().getSPConstants().getAlgorithmSuite();
+ }
+
+ public PolicyComponent normalize() {
+ return super.normalize(getPolicy());
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ super.serialize(writer, getPolicy());
+ }
+
+ @Override
+ protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
+ return new AlgorithmSuite(getVersion(), nestedPolicy);
+ }
+
+ protected void parseNestedPolicy(Policy nestedPolicy, AlgorithmSuite algorithmSuite) {
+ Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
+ //we just process the first alternative
+ //this means that if we have a compact policy only the first alternative is visible
+ //in contrary to a normalized policy where just one alternative exists
+ if (alternatives.hasNext()) {
+ List<Assertion> assertions = alternatives.next();
+ for (int i = 0; i < assertions.size(); i++) {
+ Assertion assertion = assertions.get(i);
+ String assertionName = assertion.getName().getLocalPart();
+ AlgorithmSuiteType algorithmSuiteType = AlgorithmSuiteType.lookUp(assertionName);
+ if (algorithmSuiteType != null) {
+ if (algorithmSuite.getAlgorithmSuiteType() != null) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ algorithmSuite.setAlgorithmSuiteType(algorithmSuiteType);
+ continue;
+ }
+ C14NType c14NType = C14NType.lookUp(assertionName);
+ if (c14NType != null) {
+ if (algorithmSuite.getC14n() == C14NType.InclusiveC14N) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ algorithmSuite.setC14n(c14NType);
+ continue;
+ }
+ SOAPNormType soapNormType = SOAPNormType.lookUp(assertionName);
+ if (soapNormType != null) {
+ if (algorithmSuite.getSoapNormType() == SOAPNormType.SOAPNormalization10) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ algorithmSuite.setSoapNormType(soapNormType);
+ continue;
+ }
+ STRType strType = STRType.lookUp(assertionName);
+ if (strType != null) {
+ if (algorithmSuite.getStrType() == STRType.STRTransform10) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ algorithmSuite.setStrType(strType);
+ continue;
+ }
+ XPathType xPathType = XPathType.lookUp(assertionName);
+ if (xPathType != null) {
+ if (algorithmSuite.getXPathType() != XPathType.XPathNone) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ algorithmSuite.setXPathType(xPathType);
+ continue;
+ }
+ }
+ }
+ }
+
+ public AlgorithmSuiteType getAlgorithmSuiteType() {
+ return algorithmSuiteType;
+ }
+
+ protected void setAlgorithmSuiteType(AlgorithmSuiteType algorithmSuiteType) {
+ this.algorithmSuiteType = algorithmSuiteType;
+ }
+
+ public C14NType getC14n() {
+ return c14n;
+ }
+
+ protected void setC14n(C14NType c14n) {
+ this.c14n = c14n;
+ }
+
+ public SOAPNormType getSoapNormType() {
+ return soapNormType;
+ }
+
+ protected void setSoapNormType(SOAPNormType soapNormType) {
+ this.soapNormType = soapNormType;
+ }
+
+ public STRType getStrType() {
+ return strType;
+ }
+
+ protected void setStrType(STRType strType) {
+ this.strType = strType;
+ }
+
+ public XPathType getXPathType() {
+ return xPathType;
+ }
+
+ protected void setXPathType(XPathType xPathType) {
+ this.xPathType = xPathType;
+ }
+
+ public String getAsymmetricSignature() {
+ return asymmetricSignature;
+ }
+
+ public String getSymmetricSignature() {
+ return symmetricSignature;
+ }
+
+ public String getComputedKey() {
+ return computedKey;
+ }
+}
Propchange: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java?rev=1210203&r1=1210202&r2=1210203&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java (original)
+++ webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java Sun Dec 4 20:33:05 2011
@@ -1,225 +1,175 @@
-/*
- * Copyright 2004,2005 The Apache Software Foundation.
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
-
package org.apache.ws.secpolicy.model;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.ws.secpolicy.SPConstants;
+
+import javax.xml.namespace.QName;
import java.util.Iterator;
import java.util.List;
-import javax.xml.namespace.QName;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.XMLStreamWriter;
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class AsymmetricBinding extends AbstractSymmetricAsymmetricBinding {
-import org.apache.neethi.All;
-import org.apache.neethi.ExactlyOne;
-import org.apache.neethi.Policy;
-import org.apache.neethi.PolicyComponent;
-import org.apache.ws.secpolicy.SP11Constants;
-import org.apache.ws.secpolicy.SP12Constants;
-import org.apache.ws.secpolicy.SPConstants;
+ private InitiatorToken initiatorToken;
+ private InitiatorSignatureToken initiatorSignatureToken;
+ private InitiatorEncryptionToken initiatorEncryptionToken;
+ private RecipientToken recipientToken;
+ private RecipientSignatureToken recipientSignatureToken;
+ private RecipientEncryptionToken recipientEncryptionToken;
-public class AsymmetricBinding extends SymmetricAsymmetricBindingBase {
+ public AsymmetricBinding(SPConstants.SPVersion version, Policy nestedPolicy) {
+ super(version, nestedPolicy);
- private InitiatorToken initiatorToken;
+ parseNestedPolicy(nestedPolicy, this);
+ }
- private RecipientToken recipientToken;
-
- public AsymmetricBinding(int version) {
- super(version);
+ public QName getName() {
+ return getVersion().getSPConstants().getAsymmetricBinding();
+ }
+
+ @Override
+ protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
+ return new AsymmetricBinding(getVersion(), nestedPolicy);
+ }
+
+ protected void parseNestedPolicy(Policy nestedPolicy, AsymmetricBinding asymmetricBinding) {
+ Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
+ //we just process the first alternative
+ //this means that if we have a compact policy only the first alternative is visible
+ //in contrary to a normalized policy where just one alternative exists
+ if (alternatives.hasNext()) {
+ List<Assertion> assertions = alternatives.next();
+ for (int i = 0; i < assertions.size(); i++) {
+ Assertion assertion = assertions.get(i);
+ String assertionName = assertion.getName().getLocalPart();
+ String assertionNamespace = assertion.getName().getNamespaceURI();
+ if (getVersion().getSPConstants().getInitiatorToken().getLocalPart().equals(assertionName)
+ && getVersion().getSPConstants().getInitiatorToken().getNamespaceURI().equals(assertionNamespace)) {
+ if (asymmetricBinding.getInitiatorToken() != null
+ || asymmetricBinding.getInitiatorSignatureToken() != null
+ || asymmetricBinding.getInitiatorEncryptionToken() != null) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ asymmetricBinding.setInitiatorToken((InitiatorToken) assertion);
+ continue;
+ }
+ if (getVersion().getSPConstants().getInitiatorSignatureToken().getLocalPart().equals(assertionName)
+ && getVersion().getSPConstants().getInitiatorSignatureToken().getNamespaceURI().equals(assertionNamespace)) {
+ if (asymmetricBinding.getInitiatorToken() != null
+ || asymmetricBinding.getInitiatorSignatureToken() != null) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ asymmetricBinding.setInitiatorSignatureToken((InitiatorSignatureToken) assertion);
+ continue;
+ }
+ if (getVersion().getSPConstants().getInitiatorEncryptionToken().getLocalPart().equals(assertionName)
+ && getVersion().getSPConstants().getInitiatorEncryptionToken().getNamespaceURI().equals(assertionNamespace)) {
+ if (asymmetricBinding.getInitiatorToken() != null
+ || asymmetricBinding.getInitiatorEncryptionToken() != null) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ asymmetricBinding.setInitiatorEncryptionToken((InitiatorEncryptionToken) assertion);
+ continue;
+ }
+ if (getVersion().getSPConstants().getRecipientToken().getLocalPart().equals(assertionName)
+ && getVersion().getSPConstants().getRecipientToken().getNamespaceURI().equals(assertionNamespace)) {
+ if (asymmetricBinding.getRecipientToken() != null
+ || asymmetricBinding.getRecipientSignatureToken() != null
+ || asymmetricBinding.getRecipientEncryptionToken() != null) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ asymmetricBinding.setRecipientToken((RecipientToken) assertion);
+ continue;
+ }
+ if (getVersion().getSPConstants().getRecipientSignatureToken().getLocalPart().equals(assertionName)
+ && getVersion().getSPConstants().getRecipientSignatureToken().getNamespaceURI().equals(assertionNamespace)) {
+ if (asymmetricBinding.getRecipientToken() != null
+ || asymmetricBinding.getRecipientSignatureToken() != null) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ asymmetricBinding.setRecipientSignatureToken((RecipientSignatureToken) assertion);
+ continue;
+ }
+ if (getVersion().getSPConstants().getRecipientEncryptionToken().getLocalPart().equals(assertionName)
+ && getVersion().getSPConstants().getRecipientEncryptionToken().getNamespaceURI().equals(assertionNamespace)) {
+ if (asymmetricBinding.getRecipientToken() != null
+ || asymmetricBinding.getRecipientEncryptionToken() != null) {
+ throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
+ }
+ asymmetricBinding.setRecipientEncryptionToken((RecipientEncryptionToken) assertion);
+ continue;
+ }
+ }
+ }
}
- /**
- * @return Returns the initiatorToken.
- */
public InitiatorToken getInitiatorToken() {
return initiatorToken;
}
- /**
- * @param initiatorToken
- * The initiatorToken to set.
- */
- public void setInitiatorToken(InitiatorToken initiatorToken) {
+ protected void setInitiatorToken(InitiatorToken initiatorToken) {
this.initiatorToken = initiatorToken;
}
- /**
- * @return Returns the recipientToken.
- */
- public RecipientToken getRecipientToken() {
- return recipientToken;
+ public InitiatorSignatureToken getInitiatorSignatureToken() {
+ return initiatorSignatureToken;
}
- /**
- * @param recipientToken
- * The recipientToken to set.
- */
- public void setRecipientToken(RecipientToken recipientToken) {
- this.recipientToken = recipientToken;
+ protected void setInitiatorSignatureToken(InitiatorSignatureToken initiatorSignatureToken) {
+ this.initiatorSignatureToken = initiatorSignatureToken;
}
- public QName getName() {
- if (version == SPConstants.SP_V12) {
- return SP12Constants.ASYMMETRIC_BINDING;
- } else {
- return SP11Constants.ASYMMETRIC_BINDING;
- }
+ public InitiatorEncryptionToken getInitiatorEncryptionToken() {
+ return initiatorEncryptionToken;
}
- public PolicyComponent normalize() {
-
- if (isNormalized()) {
- return this;
- }
-
- AlgorithmSuite algorithmSuite = getAlgorithmSuite();
- List configs = algorithmSuite.getConfigurations();
-
- Policy policy = new Policy();
- ExactlyOne exactlyOne = new ExactlyOne();
-
- policy.addPolicyComponent(exactlyOne);
-
- All wrapper;
- AsymmetricBinding asymmetricBinding;
-
- for (Iterator iterator = configs.iterator(); iterator.hasNext();) {
- wrapper = new All();
- asymmetricBinding = new AsymmetricBinding(this.version);
-
- asymmetricBinding.setAlgorithmSuite((AlgorithmSuite) iterator
- .next());
- asymmetricBinding
- .setEntireHeadersAndBodySignatures(isEntireHeadersAndBodySignatures());
- asymmetricBinding.setIncludeTimestamp(isIncludeTimestamp());
- asymmetricBinding.setInitiatorToken(getInitiatorToken());
- asymmetricBinding.setLayout(getLayout());
- asymmetricBinding.setProtectionOrder(getProtectionOrder());
- asymmetricBinding.setRecipientToken(getRecipientToken());
- asymmetricBinding.setSignatureProtection(isSignatureProtection());
- asymmetricBinding
- .setSignedEndorsingSupportingTokens(getSignedEndorsingSupportingTokens());
- asymmetricBinding.setTokenProtection(isTokenProtection());
-
- asymmetricBinding.setNormalized(true);
- wrapper.addPolicyComponent(wrapper);
- }
-
- return policy;
-
+ protected void setInitiatorEncryptionToken(InitiatorEncryptionToken initiatorEncryptionToken) {
+ this.initiatorEncryptionToken = initiatorEncryptionToken;
}
- public void serialize(XMLStreamWriter writer) throws XMLStreamException {
- String localname = getName().getLocalPart();
- String namespaceURI = getName().getNamespaceURI();
-
- String prefix = writer.getPrefix(namespaceURI);
-
- if (prefix == null) {
- prefix = getName().getPrefix();
- writer.setPrefix(prefix, namespaceURI);
- }
-
- // <sp:AsymmetricBinding>
- writer.writeStartElement(prefix, localname, namespaceURI);
- writer.writeNamespace(prefix, namespaceURI);
-
- String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
- if (pPrefix == null) {
- pPrefix = SPConstants.POLICY.getPrefix();
- writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
- }
-
- // <wsp:Policy>
- writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(),
- SPConstants.POLICY.getNamespaceURI());
-
- if (initiatorToken == null) {
- throw new RuntimeException("InitiatorToken is not set");
- }
-
- // <sp:InitiatorToken>
- initiatorToken.serialize(writer);
- // </sp:InitiatorToken>
-
- if (recipientToken == null) {
- throw new RuntimeException("RecipientToken is not set");
- }
-
- // <sp:RecipientToken>
- recipientToken.serialize(writer);
- // </sp:RecipientToken>
-
- AlgorithmSuite algorithmSuite = getAlgorithmSuite();
- if (algorithmSuite == null) {
- throw new RuntimeException("AlgorithmSuite is not set");
- }
-
- // <sp:AlgorithmSuite>
- algorithmSuite.serialize(writer);
- // </sp:AlgorithmSuite>
-
- Layout layout = getLayout();
- if (layout != null) {
- // <sp:Layout>
- layout.serialize(writer);
- // </sp:Layout>
- }
-
- if (isIncludeTimestamp()) {
- // <sp:IncludeTimestamp>
- writer.writeStartElement(prefix, SPConstants.INCLUDE_TIMESTAMP,
- namespaceURI);
- writer.writeEndElement();
- // </sp:IncludeTimestamp>
- }
-
- if (SPConstants.ENCRYPT_BEFORE_SIGNING.equals(getProtectionOrder())) {
- // <sp:EncryptBeforeSign />
- writer.writeStartElement(prefix, SPConstants.ENCRYPT_BEFORE_SIGNING,
- namespaceURI);
- writer.writeEndElement();
- }
+ public RecipientToken getRecipientToken() {
+ return recipientToken;
+ }
- if (isSignatureProtection()) {
- // <sp:EncryptSignature />
- // FIXME move the String constants to a QName
- writer.writeStartElement(prefix, SPConstants.ENCRYPT_SIGNATURE,
- namespaceURI);
- writer.writeEndElement();
- }
+ protected void setRecipientToken(RecipientToken recipientToken) {
+ this.recipientToken = recipientToken;
+ }
- if (isTokenProtection()) {
- // <sp:ProtectTokens />
- writer.writeStartElement(prefix, SPConstants.PROTECT_TOKENS,
- namespaceURI);
- writer.writeEndElement();
- }
+ public RecipientSignatureToken getRecipientSignatureToken() {
+ return recipientSignatureToken;
+ }
- if (isEntireHeadersAndBodySignatures()) {
- // <sp:OnlySignEntireHeaderAndBody />
- writer.writeStartElement(prefix,
- SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY, namespaceURI);
- writer.writeEndElement();
- }
+ protected void setRecipientSignatureToken(RecipientSignatureToken recipientSignatureToken) {
+ this.recipientSignatureToken = recipientSignatureToken;
+ }
- // </wsp:Policy>
- writer.writeEndElement();
+ public RecipientEncryptionToken getRecipientEncryptionToken() {
+ return recipientEncryptionToken;
+ }
- // </sp:AsymmetircBinding>
- writer.writeEndElement();
+ protected void setRecipientEncryptionToken(RecipientEncryptionToken recipientEncryptionToken) {
+ this.recipientEncryptionToken = recipientEncryptionToken;
}
}
Propchange: webservices/wss4j/branches/swssf/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision