You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ru...@apache.org on 2006/11/23 02:56:22 UTC
svn commit: r478434 - in
/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart:
PolicyBasedResultsValidator.java RampartEngine.java errors.properties
Author: ruchithf
Date: Wed Nov 22 17:56:21 2006
New Revision: 478434
URL: http://svn.apache.org/viewvc?view=rev&rev=478434
Log:
Completed AXIS2-1482
Modified:
webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/PolicyBasedResultsValidator.java
webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java
webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties
Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/PolicyBasedResultsValidator.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/PolicyBasedResultsValidator.java?view=diff&rev=478434&r1=478433&r2=478434
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/PolicyBasedResultsValidator.java (original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/PolicyBasedResultsValidator.java Wed Nov 22 17:56:21 2006
@@ -25,6 +25,7 @@
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.UsernameToken;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.message.token.Timestamp;
@@ -60,6 +61,14 @@
}
//sig/encr
+ Vector encryptedParts = RampartUtil.getEncryptedParts(rmd);
+ if(rpd.isSignatureProtection() && isSignatureRequired(rpd)) {
+ encryptedParts.add(new WSEncryptionPart(WSConstants.SIG_LN,
+ WSConstants.SIG_NS, "Element"));
+ }
+
+ Vector signatureParts = RampartUtil.getSignedParts(rmd);
+ validateEncrSig(encryptedParts, signatureParts, results);
validateProtectionOrder(data, results);
@@ -118,6 +127,56 @@
}
/**
+ * @param encryptedParts
+ * @param signatureParts
+ */
+ private void validateEncrSig(Vector encryptedParts, Vector signatureParts, Vector results)
+ throws RampartException {
+ ArrayList actions = getSigEncrActions(results);
+ boolean sig = false;
+ boolean encr = false;
+ for (Iterator iter = actions.iterator(); iter.hasNext();) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.SIGN) {
+ sig = true;
+ } else if(act.intValue() == WSConstants.ENCR) {
+ encr = true;
+ }
+ }
+
+ if(sig && signatureParts.size() == 0) {
+
+ //Unexpected signature
+ throw new RampartException("unexprectedSignature");
+ } else if(!sig && signatureParts.size() > 0) {
+
+ //required signature missing
+ throw new RampartException("signatureMissing");
+ }
+
+ if(encr && encryptedParts.size() == 0) {
+
+ //Check whether its just an encrypted key
+ ArrayList list = this.getResults(results, WSConstants.ENCR);
+ boolean encrDataFound = false;
+ for (Iterator iter = list.iterator(); iter.hasNext();) {
+ WSSecurityEngineResult result = (WSSecurityEngineResult) iter.next();
+ if(result.getDataRefUris() != null) {
+ encrDataFound = true;
+ }
+ }
+ if(encrDataFound) {
+ //Unexpected encryption
+ throw new RampartException("unexprectedEncryptedPart");
+ }
+ } else if(!encr && encryptedParts.size() > 0) {
+
+ //required signature missing
+ throw new RampartException("encryptionMissing");
+ }
+ }
+
+ /**
* @param data
* @param results
*/
@@ -236,7 +295,7 @@
//Check for encrypted body
if(rpd.isEncryptBody()) {
- if(!encrRefs.remove(data.getBodyEncrDataId())){
+ if(!encrRefs.contains(data.getBodyEncrDataId())){
throw new RampartException("encryptedPartMissing",
new String[]{data.getBodyEncrDataId()});
}
@@ -244,13 +303,6 @@
int refCount = 0;
- if(rpd.isSignatureProtection() &&
- ((rpd.isSymmetricBinding() && rpd.getSignatureToken() != null) ||
- (!rpd.isSymmetricBinding() && !rpd.isTransportBinding() &&
- rpd.getInitiatorToken() != null))) {
- refCount ++;
- }
-
refCount += rpd.getEncryptedParts().size();
if(encrRefs.size() != refCount) {
@@ -258,6 +310,12 @@
new String[]{Integer.toString(refCount)});
}
+ }
+
+ private boolean isSignatureRequired(RampartPolicyData rpd) {
+ return (rpd.isSymmetricBinding() && rpd.getSignatureToken() != null) ||
+ (!rpd.isSymmetricBinding() && !rpd.isTransportBinding() &&
+ rpd.getInitiatorToken() != null);
}
Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java?view=diff&rev=478434&r1=478433&r2=478434
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java (original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java Wed Nov 22 17:56:21 2006
@@ -19,23 +19,13 @@
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.WSSPolicyException;
-import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngine;
-import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.message.token.Timestamp;
-import org.apache.ws.security.util.WSSecurityUtil;
-import java.math.BigInteger;
-import java.security.cert.X509Certificate;
-import java.util.Calendar;
-import java.util.Date;
import java.util.Vector;
public class RampartEngine {
Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties?view=diff&rev=478434&r1=478433&r2=478434
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties (original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties Wed Nov 22 17:56:21 2006
@@ -77,4 +77,7 @@
encryptedPartMissing = Missing encryption result for id : {0}
invalidNumberOfEncryptedParts = Invalid number of encrypted parts
protectionOrderMismatch = Protection order mismatch
-usernameTokenMissing = UsernameToken missing in request
\ No newline at end of file
+usernameTokenMissing = UsernameToken missing in request
+signatureMissing = Message is not signed
+unexprectedEncryptedPart = Unexpected encrypted data found, no encryption required
+encryptionMissing = Expected encrypted part missing
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org