You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2011/12/04 22:40:58 UTC
svn commit: r1210233 [2/6] - in /webservices/wss4j/branches/swssf: ./
rampart-policy/ streaming-ws-policy/
streaming-ws-policy/src/main/java/org/swssf/policy/
streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/
streaming-ws-policy/src/m...
Copied: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementsAssertionState.java (from r1205951, webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementAssertionState.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementsAssertionState.java?p2=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementsAssertionState.java&p1=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementAssertionState.java&r1=1205951&r2=1210233&rev=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementsAssertionState.java Sun Dec 4 21:40:55 2011
@@ -18,43 +18,74 @@
*/
package org.swssf.policy.assertionStates;
-import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.AssertionState;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.EncryptedElements;
+import org.apache.ws.secpolicy.model.XPath;
+import org.swssf.policy.Assertable;
import org.swssf.wss.securityEvent.EncryptedElementSecurityEvent;
import org.swssf.wss.securityEvent.SecurityEvent;
import javax.xml.namespace.QName;
+import java.util.ArrayList;
import java.util.List;
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class EncryptedElementAssertionState extends AssertionState {
+public class EncryptedElementsAssertionState extends AssertionState implements Assertable {
- private List<QName> elements;
+ private List<QName> elements = new ArrayList<QName>();
- public EncryptedElementAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+ public EncryptedElementsAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
super(assertion, asserted);
- this.elements = elements;
+
+ EncryptedElements encryptedElements = (EncryptedElements) assertion;
+ for (int i = 0; i < encryptedElements.getXPaths().size(); i++) {
+ XPath xPath = encryptedElements.getXPaths().get(i);
+ String[] xPathElements = xPath.getXPath().split("/");
+ String[] xPathElement = xPathElements[xPathElements.length - 1].split(":");
+ if (xPathElement.length == 2) {
+ String ns = xPath.getPrefixNamespaceMap().get(xPathElement[0]);
+ if (ns == null) {
+ throw new IllegalArgumentException("Namespace not declared");
+ }
+ elements.add(new QName(ns, xPathElement[1]));
+ } else {
+ elements.add(new QName(xPathElement[1]));
+ }
+ }
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.EncryptedElement
+ };
}
@Override
- public boolean assertEvent(SecurityEvent securityEvent) {
+ public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
+ //todo better matching until we have a streaming xpath evaluation engine (work in progress)
+
for (int i = 0; i < elements.size(); i++) {
QName qName = elements.get(i);
if (qName.equals(encryptedElementSecurityEvent.getElement())) {
- if (encryptedElementSecurityEvent.isNotEncrypted()) {
- //an element must be encrypted but isn't
+ if (encryptedElementSecurityEvent.isEncrypted()) {
+ setAsserted(true);
+ return true;
+ } else {
+ //an element must be signed but isn't
setAsserted(false);
setErrorMessage("Element " + encryptedElementSecurityEvent.getElement() + " must be encrypted");
return false;
- } else {
- setAsserted(true);
}
}
}
- //if we return false here other encrypted elements will trigger a PolicyViolationException
+ //if we return false here other signed elements will trigger a PolicyViolationException
return true;
}
}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementsAssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Copied: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartsAssertionState.java (from r1205951, webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartAssertionState.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartsAssertionState.java?p2=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartsAssertionState.java&p1=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartAssertionState.java&r1=1205951&r2=1210233&rev=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartsAssertionState.java Sun Dec 4 21:40:55 2011
@@ -18,43 +18,68 @@
*/
package org.swssf.policy.assertionStates;
-import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.AssertionState;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.EncryptedParts;
+import org.apache.ws.secpolicy.model.Header;
+import org.swssf.policy.Assertable;
+import org.swssf.policy.PolicyConstants;
import org.swssf.wss.securityEvent.EncryptedPartSecurityEvent;
import org.swssf.wss.securityEvent.SecurityEvent;
-import javax.xml.namespace.QName;
-import java.util.List;
-
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class EncryptedPartAssertionState extends AssertionState {
-
- private List<QName> elements;
+public class EncryptedPartsAssertionState extends AssertionState implements Assertable {
- public EncryptedPartAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+ public EncryptedPartsAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
super(assertion, asserted);
- this.elements = elements;
}
@Override
- public boolean assertEvent(SecurityEvent securityEvent) {
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.EncryptedPart
+ };
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
+
+ //todo attachments
+
EncryptedPartSecurityEvent encryptedPartSecurityEvent = (EncryptedPartSecurityEvent) securityEvent;
- for (int i = 0; i < elements.size(); i++) {
- QName qName = elements.get(i);
- if (qName.equals(encryptedPartSecurityEvent.getElement())
- || (qName.getLocalPart().equals("*") && qName.getNamespaceURI().equals(encryptedPartSecurityEvent.getElement().getNamespaceURI()))) {
- if (encryptedPartSecurityEvent.isNotEncrypted()) {
- //an element must be encrypted but isn't
- setAsserted(false);
+ EncryptedParts encryptedParts = (EncryptedParts) getAssertion();
+
+ if (encryptedParts.isBody() && (encryptedPartSecurityEvent.getElement().equals(PolicyConstants.TAG_soap11_Body)
+ || encryptedPartSecurityEvent.getElement().equals(PolicyConstants.TAG_soap12_Body))) {
+ if (encryptedPartSecurityEvent.isEncrypted()) {
+ setAsserted(true);
+ return true;
+ } else {
+ setAsserted(false);
+ setErrorMessage("Element " + encryptedPartSecurityEvent.getElement() + " must be encrypted");
+ return false;
+ }
+ }
+ //body processed above. so this must be a header element
+ for (int i = 0; i < encryptedParts.getHeaders().size(); i++) {
+ Header header = encryptedParts.getHeaders().get(i);
+ if (header.getNamespace().equals(encryptedPartSecurityEvent.getElement().getNamespaceURI())
+ && (header.getName() == null //== wildcard
+ || header.getName().equals(encryptedPartSecurityEvent.getElement().getLocalPart()))) {
+ if (encryptedPartSecurityEvent.isEncrypted()) {
+ setAsserted(true);
+ return true;
+ } else {
setErrorMessage("Element " + encryptedPartSecurityEvent.getElement() + " must be encrypted");
return false;
- } else {
- setAsserted(true);
}
}
}
+
//if we return false here other encrypted elements will trigger a PolicyViolationException
return true;
}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartsAssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,81 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AbstractToken;
+import org.apache.ws.secpolicy.model.HttpsToken;
+import org.swssf.wss.securityEvent.HttpsTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.TokenSecurityEvent;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1197077 $ $Date: 2011-11-03 13:17:40 +0100 (Don, 03. Nov 2011) $
+ */
+
+public class HttpsTokenAssertionState extends TokenAssertionState {
+
+ public HttpsTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.HttpsToken
+ };
+ }
+
+ @Override
+ public void assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
+ if (!(tokenSecurityEvent instanceof HttpsTokenSecurityEvent)) {
+ throw new WSSPolicyException("Expected a HttpsTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
+ }
+ HttpsTokenSecurityEvent httpsTokenSecurityEvent = (HttpsTokenSecurityEvent) tokenSecurityEvent;
+ HttpsToken httpsToken = (HttpsToken) abstractToken;
+
+ setAsserted(true);
+ if (httpsToken.getIssuerName() != null && !httpsToken.getIssuerName().equals(httpsTokenSecurityEvent.getIssuerName())) {
+ setAsserted(false);
+ setErrorMessage("IssuerName in Policy (" + httpsToken.getIssuerName() + ") didn't match with the one in the HttpsToken (" + httpsTokenSecurityEvent.getIssuerName() + ")");
+ }
+ switch (httpsToken.getAuthenticationType()) {
+ case HttpBasicAuthentication:
+ if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication) {
+ setAsserted(false);
+ setErrorMessage("Policy enforces HttpBasicAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
+ }
+ break;
+ case HttpDigestAuthentication:
+ if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpDigestAuthentication) {
+ setAsserted(false);
+ setErrorMessage("Policy enforces HttpDigestAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
+ }
+ break;
+ case RequireClientCertificate:
+ if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication) {
+ setAsserted(false);
+ setErrorMessage("Policy enforces HttClientCertificateAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
+ }
+ break;
+ }
+ }
+}
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java?rev=1210233&r1=1210232&r2=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java Sun Dec 4 21:40:55 2011
@@ -18,8 +18,10 @@
*/
package org.swssf.policy.assertionStates;
-import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
-import org.swssf.policy.secpolicy.model.Binding;
+import org.apache.ws.secpolicy.AssertionState;
+import org.apache.ws.secpolicy.model.AbstractBinding;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.policy.Assertable;
import org.swssf.wss.securityEvent.SecurityEvent;
import org.swssf.wss.securityEvent.TimestampSecurityEvent;
@@ -27,15 +29,22 @@ import org.swssf.wss.securityEvent.Times
* @author $Author$
* @version $Revision$ $Date$
*/
-public class IncludeTimeStampAssertionState extends AssertionState {
+public class IncludeTimeStampAssertionState extends AssertionState implements Assertable {
public IncludeTimeStampAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
super(assertion, asserted);
}
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.Timestamp
+ };
+ }
+
public boolean assertEvent(SecurityEvent securityEvent) {
TimestampSecurityEvent timestampSecurityEvent = (TimestampSecurityEvent) securityEvent;
- boolean isIncludeTimestamp = ((Binding) getAssertion()).isIncludeTimestamp();
+ boolean isIncludeTimestamp = ((AbstractBinding) getAssertion()).isIncludeTimestamp();
if (isIncludeTimestamp) {
setAsserted(true);
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AbstractToken;
+import org.swssf.wss.securityEvent.IssuedTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.TokenSecurityEvent;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1197077 $ $Date: 2011-11-03 13:17:40 +0100 (Don, 03. Nov 2011) $
+ */
+
+public class IssuedTokenAssertionState extends TokenAssertionState {
+
+ //todo RequestSecurityTokenTemplate
+ //todo sowieso
+
+ public IssuedTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.IssuedToken
+ };
+ }
+
+ @Override
+ public void assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
+ if (!(tokenSecurityEvent instanceof IssuedTokenSecurityEvent)) {
+ throw new WSSPolicyException("Expected a IssuedTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
+ }
+ setAsserted(true);
+ //todo
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AbstractToken;
+import org.swssf.wss.securityEvent.KerberosTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.TokenSecurityEvent;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1197077 $ $Date: 2011-11-03 13:17:40 +0100 (Don, 03. Nov 2011) $
+ */
+
+public class KerberosTokenAssertionState extends TokenAssertionState {
+
+ public KerberosTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.KerberosToken
+ };
+ }
+
+ @Override
+ public void assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
+ if (!(tokenSecurityEvent instanceof KerberosTokenSecurityEvent)) {
+ throw new WSSPolicyException("Expected a KerberosTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
+ }
+
+ setAsserted(true);
+ //todo
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AbstractToken;
+import org.swssf.wss.securityEvent.KeyValueTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.TokenSecurityEvent;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1197077 $ $Date: 2011-11-03 13:17:40 +0100 (Don, 03. Nov 2011) $
+ */
+
+public class KeyValueTokenAssertionState extends TokenAssertionState {
+
+ public KeyValueTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.KeyValueToken
+ };
+ }
+
+ @Override
+ public void assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
+ if (!(tokenSecurityEvent instanceof KeyValueTokenSecurityEvent)) {
+ throw new WSSPolicyException("Expected a KeyValueTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
+ }
+ setAsserted(true);
+ //todo
+ }
+}
Copied: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/LayoutAssertionState.java (from r1207047, webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/LayoutAssertionState.java?p2=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/LayoutAssertionState.java&p1=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java&r1=1207047&r2=1210233&rev=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/LayoutAssertionState.java Sun Dec 4 21:40:55 2011
@@ -18,95 +18,70 @@
*/
package org.swssf.policy.assertionStates;
-import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
-import org.swssf.policy.secpolicy.model.AlgorithmSuite;
-import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.securityEvent.AlgorithmSuiteSecurityEvent;
+import org.apache.ws.secpolicy.AssertionState;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.Layout;
+import org.swssf.policy.Assertable;
import org.swssf.wss.securityEvent.SecurityEvent;
-import org.swssf.xmlsec.ext.XMLSecurityConstants;
+
+import java.util.ArrayList;
+import java.util.List;
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class AlgorithmSuiteAssertionState extends AssertionState {
+public class LayoutAssertionState extends AssertionState implements Assertable {
+
+ private List<SecurityEvent.Event> occuredEvents = new ArrayList<SecurityEvent.Event>();
- public AlgorithmSuiteAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ public LayoutAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
super(assertion, asserted);
}
@Override
- public boolean assertEvent(SecurityEvent securityEvent) {
- AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = (AlgorithmSuiteSecurityEvent) securityEvent;
- AlgorithmSuite algorithmSuite = (AlgorithmSuite) getAssertion();
-
- XMLSecurityConstants.KeyUsage keyUsage = algorithmSuiteSecurityEvent.getKeyUsage();
- if (WSSConstants.Sym_Sig.equals(keyUsage)) {
- if (!algorithmSuite.getSymmetricSignature().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Symmetric signature algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.Asym_Sig.equals(keyUsage)) {
- if (!algorithmSuite.getAsymmetricSignature().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Asymmetric signature algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.Dig.equals(keyUsage)) {
- if (!algorithmSuite.getDigest().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Digest algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.Enc.equals(keyUsage)) {
- if (!algorithmSuite.getEncryption().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Encryption algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.Sym_Key_Wrap.equals(keyUsage)) {
- if (!algorithmSuite.getSymmetricKeyWrap().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Symmetric key wrap algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.Asym_Key_Wrap.equals(keyUsage)) {
- if (!algorithmSuite.getAsymmetricKeyWrap().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Asymmetric key wrap algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.Comp_Key.equals(keyUsage)) {
- if (!algorithmSuite.getComputedKey().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Computed key algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.Enc_KD.equals(keyUsage)) {
- if (!algorithmSuite.getEncryptionKeyDerivation().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Encryption key derivation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.Sig_KD.equals(keyUsage)) {
- if (!algorithmSuite.getSignatureKeyDerivation().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Signature key derivation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.C14n.equals(keyUsage)) {
- if (!algorithmSuite.getC14n().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("C14N algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.Soap_Norm.equals(keyUsage)) {
- if (!algorithmSuite.getSoapNormalization().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("Soap normalization algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.STR_Trans.equals(keyUsage)) {
- if (!algorithmSuite.getStrTransform().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("STR transformation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
- } else if (WSSConstants.XPath.equals(keyUsage)) {
- if (!algorithmSuite.getXPath().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
- setAsserted(false);
- setErrorMessage("XPath algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
- }
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.UsernameToken,
+ SecurityEvent.Event.IssuedToken,
+ SecurityEvent.Event.X509Token,
+ SecurityEvent.Event.KerberosToken,
+ SecurityEvent.Event.SpnegoContextToken,
+ SecurityEvent.Event.SecurityContextToken,
+ SecurityEvent.Event.SecureConversationToken,
+ SecurityEvent.Event.SamlToken,
+ SecurityEvent.Event.RelToken,
+ SecurityEvent.Event.HttpsToken,
+ SecurityEvent.Event.KeyValueToken,
+ SecurityEvent.Event.Timestamp,
+ };
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
+ Layout layout = (Layout) getAssertion();
+ switch (layout.getLayoutType()) {
+ case Strict:
+ //todo
+ break;
+ case Lax:
+ //todo?
+ break;
+ case LaxTsFirst:
+ if (occuredEvents.isEmpty() && securityEvent.getSecurityEventType() != SecurityEvent.Event.Timestamp) {
+ setAsserted(false);
+ setErrorMessage("Policy enforces " + layout.getLayoutType() + " but " + securityEvent.getSecurityEventType() + " occured first");
+ }
+ break;
+ case LaxTsLast:
+ if (occuredEvents.contains(SecurityEvent.Event.Timestamp)) {
+ setAsserted(false);
+ setErrorMessage("Policy enforces " + layout.getLayoutType() + " but " + securityEvent.getSecurityEventType() + " occured last");
+ }
+ break;
}
+ occuredEvents.add(securityEvent.getSecurityEventType());
return isAsserted();
}
}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.apache.ws.secpolicy.AssertionState;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AsymmetricBinding;
+import org.swssf.policy.Assertable;
+import org.swssf.policy.PolicyConstants;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class OnlySignEntireHeadersAndBodyAssertionState extends AssertionState implements Assertable {
+
+ public OnlySignEntireHeadersAndBodyAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.SignedPart
+ };
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
+ SignedPartSecurityEvent signedPartSecurityEvent = (SignedPartSecurityEvent) securityEvent;
+ AsymmetricBinding asymmetricBinding = (AsymmetricBinding) getAssertion();
+ if (!asymmetricBinding.isOnlySignEntireHeadersAndBody()) {
+ setAsserted(true);
+ return true;
+ }
+ if (asymmetricBinding.isOnlySignEntireHeadersAndBody()
+ && (signedPartSecurityEvent.getElement().equals(PolicyConstants.TAG_soap11_Body)
+ || signedPartSecurityEvent.getElement().equals(PolicyConstants.TAG_soap12_Body))) {
+ if (signedPartSecurityEvent.isSigned()) {
+ setAsserted(true);
+ return true;
+ } else {
+ setAsserted(false);
+ setErrorMessage("Element " + signedPartSecurityEvent.getElement() + " must be signed");
+ return false;
+ }
+ }
+ //body processed above. so this must be a header element
+ if (asymmetricBinding.isOnlySignEntireHeadersAndBody()) {
+ if (signedPartSecurityEvent.isSigned()) {
+ setAsserted(true);
+ return true;
+ } else {
+ setAsserted(false);
+ setErrorMessage("Element " + signedPartSecurityEvent.getElement() + " must be signed");
+ return false;
+ }
+ }
+ return true;
+ }
+}
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java?rev=1210233&r1=1210232&r2=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java Sun Dec 4 21:40:55 2011
@@ -18,19 +18,19 @@
*/
package org.swssf.policy.assertionStates;
-import org.swssf.policy.secpolicy.SPConstants;
-import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
-import org.swssf.policy.secpolicy.model.SymmetricAsymmetricBindingBase;
-import org.swssf.wss.securityEvent.EncryptionTokenSecurityEvent;
+import org.apache.ws.secpolicy.AssertionState;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AbstractSymmetricAsymmetricBinding;
+import org.swssf.policy.Assertable;
import org.swssf.wss.securityEvent.SecurityEvent;
-import org.swssf.wss.securityEvent.SignatureTokenSecurityEvent;
+import org.swssf.wss.securityEvent.TokenSecurityEvent;
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class ProtectionOrderAssertionState extends AssertionState {
+public class ProtectionOrderAssertionState extends AssertionState implements Assertable {
boolean firstEvent = true;
@@ -39,21 +39,39 @@ public class ProtectionOrderAssertionSta
}
@Override
- public boolean assertEvent(SecurityEvent securityEvent) {
- SPConstants.ProtectionOrder protectionOrder = ((SymmetricAsymmetricBindingBase) getAssertion()).getProtectionOrder();
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.UsernameToken,
+ SecurityEvent.Event.IssuedToken,
+ SecurityEvent.Event.X509Token,
+ SecurityEvent.Event.KerberosToken,
+ SecurityEvent.Event.SpnegoContextToken,
+ SecurityEvent.Event.SecurityContextToken,
+ SecurityEvent.Event.SecureConversationToken,
+ SecurityEvent.Event.SamlToken,
+ SecurityEvent.Event.RelToken,
+ SecurityEvent.Event.HttpsToken,
+ SecurityEvent.Event.KeyValueToken
+ };
+ }
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) {
+ AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder = ((AbstractSymmetricAsymmetricBinding) getAssertion()).getProtectionOrder();
+ TokenSecurityEvent tokenSecurityEvent = (TokenSecurityEvent) securityEvent;
+ setAsserted(true);
if (firstEvent) {
firstEvent = false;
//we have to invert the logic. When SignBeforeEncrypt is set then the Encryption token appears as first
//in contrary if EncryptBeforeSign is set then the SignatureToken appears as first. So...:
- if (protectionOrder.equals(SPConstants.ProtectionOrder.SignBeforeEncrypting)
- && securityEvent instanceof SignatureTokenSecurityEvent) {
+ if (protectionOrder.equals(AbstractSymmetricAsymmetricBinding.ProtectionOrder.SignBeforeEncrypting)
+ && tokenSecurityEvent.getTokenUsage() == TokenSecurityEvent.TokenUsage.Signature) {
setAsserted(false);
- setErrorMessage("ProtectionOrder is " + SPConstants.ProtectionOrder.SignBeforeEncrypting + " but we got " + securityEvent.getSecurityEventType() + " first");
- } else if (protectionOrder.equals(SPConstants.ProtectionOrder.EncryptBeforeSigning)
- && securityEvent instanceof EncryptionTokenSecurityEvent) {
+ setErrorMessage("ProtectionOrder is " + AbstractSymmetricAsymmetricBinding.ProtectionOrder.SignBeforeEncrypting + " but we got " + tokenSecurityEvent.getTokenUsage() + " first");
+ } else if (protectionOrder.equals(AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning)
+ && tokenSecurityEvent.getTokenUsage() == TokenSecurityEvent.TokenUsage.Encryption) {
setAsserted(false);
- setErrorMessage("ProtectionOrder is " + SPConstants.ProtectionOrder.SignBeforeEncrypting + " but we got " + securityEvent.getSecurityEventType() + " first");
+ setErrorMessage("ProtectionOrder is " + AbstractSymmetricAsymmetricBinding.ProtectionOrder.SignBeforeEncrypting + " but we got " + tokenSecurityEvent.getTokenUsage() + " first");
}
}
return isAsserted();
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AbstractToken;
+import org.swssf.wss.securityEvent.RelTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.TokenSecurityEvent;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1197077 $ $Date: 2011-11-03 13:17:40 +0100 (Don, 03. Nov 2011) $
+ */
+
+public class RelTokenAssertionState extends TokenAssertionState {
+
+ public RelTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.RelToken
+ };
+ }
+
+ @Override
+ public void assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
+ if (!(tokenSecurityEvent instanceof RelTokenSecurityEvent)) {
+ throw new WSSPolicyException("Expected a RelTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
+ }
+
+ setAsserted(true);
+ //todo
+ }
+}
Copied: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementsAssertionState.java (from r1207047, webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementAssertionState.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementsAssertionState.java?p2=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementsAssertionState.java&p1=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementAssertionState.java&r1=1207047&r2=1210233&rev=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementsAssertionState.java Sun Dec 4 21:40:55 2011
@@ -18,30 +18,82 @@
*/
package org.swssf.policy.assertionStates;
-import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.AssertionState;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.RequiredElements;
+import org.apache.ws.secpolicy.model.XPath;
+import org.swssf.policy.Assertable;
import org.swssf.wss.securityEvent.RequiredElementSecurityEvent;
import org.swssf.wss.securityEvent.SecurityEvent;
import javax.xml.namespace.QName;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class RequiredElementAssertionState extends AssertionState {
+public class RequiredElementsAssertionState extends AssertionState implements Assertable {
- private QName element;
+ private Map<QName, Boolean> elements = new HashMap<QName, Boolean>();
- public RequiredElementAssertionState(AbstractSecurityAssertion assertion, boolean asserted, QName element) {
+ public RequiredElementsAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
super(assertion, asserted);
- this.element = element;
+
+ RequiredElements requiredElements = (RequiredElements) assertion;
+ for (int i = 0; i < requiredElements.getXPaths().size(); i++) {
+ XPath xPath = requiredElements.getXPaths().get(i);
+ String[] xPathElements = xPath.getXPath().split("/");
+ String[] xPathElement = xPathElements[xPathElements.length - 1].split(":");
+ if (xPathElement.length == 2) {
+ String ns = xPath.getPrefixNamespaceMap().get(xPathElement[0]);
+ if (ns == null) {
+ throw new IllegalArgumentException("Namespace not declared");
+ }
+ elements.put(new QName(ns, xPathElement[1]), Boolean.FALSE);
+ } else {
+ elements.put(new QName(xPathElement[1]), Boolean.FALSE);
+ }
+ }
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.RequiredElement
+ };
}
@Override
- public boolean assertEvent(SecurityEvent securityEvent) {
+ public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
RequiredElementSecurityEvent requiredElementSecurityEvent = (RequiredElementSecurityEvent) securityEvent;
- if (element.equals(requiredElementSecurityEvent.getElement())) {
- setAsserted(true);
+ //todo better matching until we have a streaming xpath evaluation engine (work in progress)
+
+ Iterator<Map.Entry<QName, Boolean>> elementMapIterator = elements.entrySet().iterator();
+ while (elementMapIterator.hasNext()) {
+ Map.Entry<QName, Boolean> next = elementMapIterator.next();
+ QName qName = next.getKey();
+ if (qName.equals(requiredElementSecurityEvent.getElement())) {
+ next.setValue(Boolean.TRUE);
+ break;
+ }
+ }
+ //if we return false here other required elements will trigger a PolicyViolationException
+ return true;
+ }
+
+ @Override
+ public boolean isAsserted() {
+ Iterator<Map.Entry<QName, Boolean>> elementMapIterator = elements.entrySet().iterator();
+ while (elementMapIterator.hasNext()) {
+ Map.Entry<QName, Boolean> next = elementMapIterator.next();
+ if (Boolean.FALSE.equals(next.getValue())) {
+ setErrorMessage("Element " + next.getKey().toString() + " must be present");
+ return false;
+ }
}
return true;
}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementsAssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Copied: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartsAssertionState.java (from r1207047, webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartAssertionState.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartsAssertionState.java?p2=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartsAssertionState.java&p1=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartAssertionState.java&r1=1207047&r2=1210233&rev=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartsAssertionState.java Sun Dec 4 21:40:55 2011
@@ -18,31 +18,73 @@
*/
package org.swssf.policy.assertionStates;
-import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.AssertionState;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.RequiredParts;
+import org.swssf.policy.Assertable;
import org.swssf.wss.securityEvent.RequiredPartSecurityEvent;
import org.swssf.wss.securityEvent.SecurityEvent;
-import javax.xml.namespace.QName;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class RequiredPartAssertionState extends AssertionState {
+public class RequiredPartsAssertionState extends AssertionState implements Assertable {
- private QName element;
+ private Map<Header, Boolean> headers = new HashMap<Header, Boolean>();
- public RequiredPartAssertionState(AbstractSecurityAssertion assertion, boolean asserted, QName element) {
+ public RequiredPartsAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
super(assertion, asserted);
- this.element = element;
+
+ RequiredParts requiredParts = (RequiredParts) assertion;
+ for (int i = 0; i < requiredParts.getHeaders().size(); i++) {
+ Header header = requiredParts.getHeaders().get(i);
+ headers.put(header, Boolean.FALSE);
+ }
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.RequiredPart
+ };
}
@Override
- public boolean assertEvent(SecurityEvent securityEvent) {
+ public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
RequiredPartSecurityEvent requiredPartSecurityEvent = (RequiredPartSecurityEvent) securityEvent;
- if (element.equals(requiredPartSecurityEvent.getElement())
- || (element.getLocalPart().equals("*") && element.getNamespaceURI().equals(requiredPartSecurityEvent.getElement().getNamespaceURI()))) {
- setAsserted(true);
+ //todo better matching until we have a streaming xpath evaluation engine (work in progress)
+
+ Iterator<Map.Entry<Header, Boolean>> elementMapIterator = headers.entrySet().iterator();
+ while (elementMapIterator.hasNext()) {
+ Map.Entry<Header, Boolean> next = elementMapIterator.next();
+ Header header = next.getKey();
+ if (header.getNamespace().equals(requiredPartSecurityEvent.getElement().getNamespaceURI())
+ && (header.getName() == null //== wildcard
+ || header.getName().equals(requiredPartSecurityEvent.getElement().getLocalPart()))) {
+ next.setValue(Boolean.TRUE);
+ break;
+ }
+ }
+ //if we return false here other required elements will trigger a PolicyViolationException
+ return true;
+ }
+
+ @Override
+ public boolean isAsserted() {
+ Iterator<Map.Entry<Header, Boolean>> elementMapIterator = headers.entrySet().iterator();
+ while (elementMapIterator.hasNext()) {
+ Map.Entry<Header, Boolean> next = elementMapIterator.next();
+ if (Boolean.FALSE.equals(next.getValue())) {
+ setErrorMessage("Element " + next.getKey().toString() + " must be present");
+ return false;
+ }
}
return true;
}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartsAssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AbstractToken;
+import org.apache.ws.secpolicy.model.SamlToken;
+import org.opensaml.common.SAMLVersion;
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.impl.securityToken.DelegatingSecurityToken;
+import org.swssf.wss.securityEvent.SamlTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.TokenSecurityEvent;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1197077 $ $Date: 2011-11-03 13:17:40 +0100 (Don, 03. Nov 2011) $
+ */
+
+public class SamlTokenAssertionState extends TokenAssertionState {
+
+ public SamlTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.SamlToken
+ };
+ }
+
+ @Override
+ public void assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
+ if (!(tokenSecurityEvent instanceof SamlTokenSecurityEvent)) {
+ throw new WSSPolicyException("Expected a SamlTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
+ }
+ SamlTokenSecurityEvent samlTokenSecurityEvent = (SamlTokenSecurityEvent) tokenSecurityEvent;
+ SamlToken samlToken = (SamlToken) abstractToken;
+
+ setAsserted(true);
+ if (samlToken.getIssuerName() != null && !samlToken.getIssuerName().equals(samlTokenSecurityEvent.getIssuerName())) {
+ setAsserted(false);
+ setErrorMessage("IssuerName in Policy (" + samlToken.getIssuerName() + ") didn't match with the one in the SamlToken (" + samlTokenSecurityEvent.getIssuerName() + ")");
+ }
+ if (samlToken.isRequireKeyIdentifierReference() && ((DelegatingSecurityToken) samlTokenSecurityEvent.getSecurityToken()).getKeyIdentifierType() != WSSConstants.KeyIdentifierType.X509_KEY_IDENTIFIER) {
+ setAsserted(false);
+ setErrorMessage("Policy enforces KeyIdentifierReference but we got " + samlTokenSecurityEvent.getSecurityToken().getTokenType());
+ }
+ switch (samlToken.getSamlTokenType()) {
+ case WssSamlV11Token10:
+ if (samlTokenSecurityEvent.getSamlVersion() != SAMLVersion.VERSION_10) {
+ setAsserted(false);
+ setErrorMessage("Policy enforces SamlVersion11Profile10 but we got " + samlTokenSecurityEvent.getSamlVersion());
+ }
+ break;
+ case WssSamlV11Token11:
+ if (samlTokenSecurityEvent.getSamlVersion() != SAMLVersion.VERSION_11) {
+ setAsserted(false);
+ setErrorMessage("Policy enforces SamlVersion11Profile11 but we got " + samlTokenSecurityEvent.getSamlVersion());
+ }
+ break;
+ case WssSamlV20Token11:
+ if (samlTokenSecurityEvent.getSamlVersion() != SAMLVersion.VERSION_20) {
+ setAsserted(false);
+ setErrorMessage("Policy enforces SamlVersion20Profile11 but we got " + samlTokenSecurityEvent.getSamlVersion());
+ }
+ break;
+ case WssSamlV10Token10:
+ case WssSamlV10Token11:
+ setAsserted(false);
+ setErrorMessage("Unsupported token type: " + samlToken.getSamlTokenType());
+ break;
+ }
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AbstractToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.swssf.wss.securityEvent.SecureConversationTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.TokenSecurityEvent;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1197077 $ $Date: 2011-11-03 13:17:40 +0100 (Don, 03. Nov 2011) $
+ */
+
+public class SecureConversationTokenAssertionState extends TokenAssertionState {
+
+ public SecureConversationTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.SecureConversationToken
+ };
+ }
+
+ @Override
+ public void assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
+ if (!(tokenSecurityEvent instanceof SecureConversationTokenSecurityEvent)) {
+ throw new WSSPolicyException("Expected a SecureConversationSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
+ }
+ SecureConversationTokenSecurityEvent secureConversationSecurityEvent = (SecureConversationTokenSecurityEvent) tokenSecurityEvent;
+ SecureConversationToken secureConversationToken = (SecureConversationToken) abstractToken;
+
+ setAsserted(true);
+ //todo move to super-class?
+ if (secureConversationToken.getIssuerName() != null && !secureConversationToken.getIssuerName().equals(secureConversationSecurityEvent.getIssuerName())) {
+ setAsserted(false);
+ setErrorMessage("IssuerName in Policy (" + secureConversationToken.getIssuerName() + ") didn't match with the one in the SecureConversationToken (" + secureConversationSecurityEvent.getIssuerName() + ")");
+ }
+ if (secureConversationToken.isRequireExternalUriReference() && !secureConversationSecurityEvent.isExternalUriRef()) {
+ setAsserted(false);
+ setErrorMessage("Policy enforces externalUriRef but we didn't got one");
+ }
+ //todo sp:SC13SecurityContextToken:
+ //if (securityContextToken.isSc10SecurityContextToken() && )
+ //todo MustNotSendCancel etc...
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AbstractToken;
+import org.apache.ws.secpolicy.model.SecurityContextToken;
+import org.swssf.wss.securityEvent.SecurityContextTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.TokenSecurityEvent;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1197077 $ $Date: 2011-11-03 13:17:40 +0100 (Don, 03. Nov 2011) $
+ */
+
+public class SecurityContextTokenAssertionState extends TokenAssertionState {
+
+ public SecurityContextTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.SecurityContextToken
+ };
+ }
+
+ @Override
+ public void assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
+ if (!(tokenSecurityEvent instanceof SecurityContextTokenSecurityEvent)) {
+ throw new WSSPolicyException("Expected a SecurityContextTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
+ }
+ SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = (SecurityContextTokenSecurityEvent) tokenSecurityEvent;
+ SecurityContextToken securityContextToken = (SecurityContextToken) abstractToken;
+
+ setAsserted(true);
+ //todo move issuerName to superClass?
+ if (securityContextToken.getIssuerName() != null && !securityContextToken.getIssuerName().equals(securityContextTokenSecurityEvent.getIssuerName())) {
+ setAsserted(false);
+ setErrorMessage("IssuerName in Policy (" + securityContextToken.getIssuerName() + ") didn't match with the one in the SecurityContextToken (" + securityContextTokenSecurityEvent.getIssuerName() + ")");
+ }
+ if (securityContextToken.isRequireExternalUriReference() && !securityContextTokenSecurityEvent.isExternalUriRef()) {
+ setAsserted(false);
+ setErrorMessage("Policy enforces externalUriRef but we didn't got one");
+ }
+ //todo sp:SC13SecurityContextToken:
+ //if (securityContextToken.isSc10SecurityContextToken() && )
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignatureProtectionAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignatureProtectionAssertionState.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignatureProtectionAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignatureProtectionAssertionState.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,89 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.apache.ws.secpolicy.AssertionState;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AsymmetricBinding;
+import org.swssf.policy.Assertable;
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.securityEvent.EncryptedElementSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+
+import javax.xml.namespace.QName;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class SignatureProtectionAssertionState extends AssertionState implements Assertable {
+
+ private List<QName> elements = new ArrayList<QName>();
+
+ public SignatureProtectionAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+
+ elements.add(WSSConstants.TAG_dsig_Signature);
+ elements.add(WSSConstants.TAG_wsse11_SignatureConfirmation);
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.EncryptedElement
+ };
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
+ AsymmetricBinding asymmetricBinding = (AsymmetricBinding) getAssertion();
+ //todo better matching until we have a streaming xpath evaluation engine (work in progress)
+
+ for (int i = 0; i < elements.size(); i++) {
+ QName qName = elements.get(i);
+ if (qName.equals(encryptedElementSecurityEvent.getElement())) {
+ if (encryptedElementSecurityEvent.isEncrypted()) {
+ if (asymmetricBinding.isEncryptSignature()) {
+ setAsserted(true);
+ return true;
+ } else {
+ setAsserted(false);
+ setErrorMessage("Element " + encryptedElementSecurityEvent.getElement() + " must be encrypted");
+ return false;
+ }
+ } else {
+ if (asymmetricBinding.isEncryptSignature()) {
+ setAsserted(false);
+ setErrorMessage("Element " + encryptedElementSecurityEvent.getElement() + " must be encrypted");
+ return false;
+ } else {
+ setAsserted(true);
+ return true;
+ }
+ }
+ }
+ }
+ //if we return false here other encrypted elements will trigger a PolicyViolationException
+ return true;
+ }
+}
Copied: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementsAssertionState.java (from r1205951, webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementAssertionState.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementsAssertionState.java?p2=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementsAssertionState.java&p1=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementAssertionState.java&r1=1205951&r2=1210233&rev=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementsAssertionState.java Sun Dec 4 21:40:55 2011
@@ -18,39 +18,76 @@
*/
package org.swssf.policy.assertionStates;
-import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.AssertionState;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.SignedElements;
+import org.apache.ws.secpolicy.model.XPath;
+import org.swssf.policy.Assertable;
import org.swssf.wss.securityEvent.SecurityEvent;
import org.swssf.wss.securityEvent.SignedElementSecurityEvent;
import javax.xml.namespace.QName;
+import java.util.ArrayList;
import java.util.List;
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class SignedElementAssertionState extends AssertionState {
+public class SignedElementsAssertionState extends AssertionState implements Assertable {
- private List<QName> elements;
+ private List<QName> elements = new ArrayList<QName>();
- public SignedElementAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+ public SignedElementsAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
super(assertion, asserted);
- this.elements = elements;
+
+ if (assertion instanceof SignedElements) {
+ SignedElements signedElements = (SignedElements) assertion;
+ for (int i = 0; i < signedElements.getXPaths().size(); i++) {
+ XPath xPath = signedElements.getXPaths().get(i);
+ String[] xPathElements = xPath.getXPath().split("/");
+ String[] xPathElement = xPathElements[xPathElements.length - 1].split(":");
+ if (xPathElement.length == 2) {
+ String ns = xPath.getPrefixNamespaceMap().get(xPathElement[0]);
+ if (ns == null) {
+ throw new IllegalArgumentException("Namespace not declared");
+ }
+ elements.add(new QName(ns, xPathElement[1]));
+ } else {
+ elements.add(new QName(xPathElement[1]));
+ }
+ }
+ }
}
@Override
- public boolean assertEvent(SecurityEvent securityEvent) {
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.SignedElement
+ };
+ }
+
+ protected void addElement(QName element) {
+ this.elements.add(element);
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
+ //todo better matching until we have a streaming xpath evaluation engine (work in progress)
+
for (int i = 0; i < elements.size(); i++) {
QName qName = elements.get(i);
if (qName.equals(signedElementSecurityEvent.getElement())) {
- if (signedElementSecurityEvent.isNotSigned()) {
+ if (signedElementSecurityEvent.isSigned()) {
+ setAsserted(true);
+ return true;
+ } else {
//an element must be signed but isn't
setAsserted(false);
setErrorMessage("Element " + signedElementSecurityEvent.getElement() + " must be signed");
return false;
- } else {
- setAsserted(true);
}
}
}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementsAssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Copied: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartsAssertionState.java (from r1205951, webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartAssertionState.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartsAssertionState.java?p2=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartsAssertionState.java&p1=webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartAssertionState.java&r1=1205951&r2=1210233&rev=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartsAssertionState.java Sun Dec 4 21:40:55 2011
@@ -18,43 +18,80 @@
*/
package org.swssf.policy.assertionStates;
-import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.AssertionState;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.SignedParts;
+import org.swssf.policy.Assertable;
+import org.swssf.policy.PolicyConstants;
import org.swssf.wss.securityEvent.SecurityEvent;
import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
-import javax.xml.namespace.QName;
-import java.util.List;
-
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class SignedPartAssertionState extends AssertionState {
-
- private List<QName> elements;
+public class SignedPartsAssertionState extends AssertionState implements Assertable {
- public SignedPartAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+ public SignedPartsAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
super(assertion, asserted);
- this.elements = elements;
}
@Override
- public boolean assertEvent(SecurityEvent securityEvent) {
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.SignedPart
+ };
+ }
+
+ @Override
+ public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
+
+ //todo attachments
+
SignedPartSecurityEvent signedPartSecurityEvent = (SignedPartSecurityEvent) securityEvent;
- for (int i = 0; i < elements.size(); i++) {
- QName qName = elements.get(i);
- if (qName.equals(signedPartSecurityEvent.getElement())
- || (qName.getLocalPart().equals("*") && qName.getNamespaceURI().equals(signedPartSecurityEvent.getElement().getNamespaceURI()))) {
- if (signedPartSecurityEvent.isNotSigned()) {
- //an element must be signed but isn't
- setAsserted(false);
- setErrorMessage("Element " + signedPartSecurityEvent.getElement() + " must be signed");
- return false;
- } else {
- setAsserted(true);
+ SignedParts signedParts = (SignedParts) getAssertion();
+
+ if (signedParts.isBody() && (signedPartSecurityEvent.getElement().equals(PolicyConstants.TAG_soap11_Body)
+ || signedPartSecurityEvent.getElement().equals(PolicyConstants.TAG_soap12_Body))) {
+ if (signedPartSecurityEvent.isSigned()) {
+ setAsserted(true);
+ return true;
+ } else {
+ setAsserted(false);
+ setErrorMessage("Element " + signedPartSecurityEvent.getElement() + " must be signed");
+ return false;
+ }
+ }
+ //body processed above. so this must be a header element
+ if (signedParts.isSignAllHeaders()) {
+ if (signedPartSecurityEvent.isSigned()) {
+ setAsserted(true);
+ return true;
+ } else {
+ setAsserted(false);
+ setErrorMessage("Element " + signedPartSecurityEvent.getElement() + " must be signed");
+ return false;
+ }
+ } else {
+ for (int i = 0; i < signedParts.getHeaders().size(); i++) {
+ Header header = signedParts.getHeaders().get(i);
+ if (header.getNamespace().equals(signedPartSecurityEvent.getElement().getNamespaceURI())
+ && (header.getName() == null //== wildcard
+ || header.getName().equals(signedPartSecurityEvent.getElement().getLocalPart()))) {
+ if (signedPartSecurityEvent.isSigned()) {
+ setAsserted(true);
+ return true;
+ } else {
+ setAsserted(false);
+ setErrorMessage("Element " + signedPartSecurityEvent.getElement() + " must be signed");
+ return false;
+ }
}
}
}
+
//if we return false here other signed elements will trigger a PolicyViolationException
return true;
}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartsAssertionState.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AbstractToken;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.SpnegoContextTokenSecurityEvent;
+import org.swssf.wss.securityEvent.TokenSecurityEvent;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1197077 $ $Date: 2011-11-03 13:17:40 +0100 (Don, 03. Nov 2011) $
+ */
+
+public class SpnegoContextTokenAssertionState extends TokenAssertionState {
+
+ public SpnegoContextTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+ super(assertion, asserted);
+ }
+
+ @Override
+ public SecurityEvent.Event[] getSecurityEventType() {
+ return new SecurityEvent.Event[]{
+ SecurityEvent.Event.SpnegoContextToken
+ };
+ }
+
+ @Override
+ public void assertToken(TokenSecurityEvent tokenSecurityEvent, AbstractToken abstractToken) throws WSSPolicyException {
+ if (!(tokenSecurityEvent instanceof SpnegoContextTokenSecurityEvent)) {
+ throw new WSSPolicyException("Expected a SpnegoContextTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
+ }
+ setAsserted(true);
+ //todo
+ }
+}