You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ru...@apache.org on 2006/11/22 00:26:33 UTC
svn commit: r477959 - in
/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart:
PolicyBasedResultsValidator.java RampartMessageData.java errors.properties
Author: ruchithf
Date: Tue Nov 21 15:26:32 2006
New Revision: 477959
URL: http://svn.apache.org/viewvc?view=rev&rev=477959
Log:
Validating protection order and validating supporting tokens
Modified:
webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/PolicyBasedResultsValidator.java
webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartMessageData.java
webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties
Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/PolicyBasedResultsValidator.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/PolicyBasedResultsValidator.java?view=diff&rev=477959&r1=477958&r2=477959
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/PolicyBasedResultsValidator.java (original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/PolicyBasedResultsValidator.java Tue Nov 21 15:26:32 2006
@@ -20,6 +20,10 @@
import org.apache.commons.logging.LogFactory;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.UsernameToken;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
@@ -55,7 +59,14 @@
}
+ //sig/encr
+
+ validateProtectionOrder(data, results);
+
validateEncryptedParts(data, results);
+
+ //supporting tokens - UT
+ validateSupportingTokens(data, results);
/*
* Now we can check the certificate used to sign the message. In the
@@ -104,8 +115,108 @@
}
}
+ /**
+ * @param data
+ * @param results
+ */
+ private void validateSupportingTokens(ValidatorData data, Vector results)
+ throws RampartException {
+
+ //Check for UsernameToken
+ RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
+ SupportingToken suppTok = rpd.getSupportingTokens();
+ handleSupportingTokens(results, suppTok);
+
+ }
+
+ /**
+ * @param results
+ * @param suppTok
+ * @throws RampartException
+ */
+ private void handleSupportingTokens(Vector results, SupportingToken suppTok) throws RampartException {
+
+ if(suppTok == null) {
+ return;
+ }
+
+ ArrayList tokens = suppTok.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof UsernameToken) {
+ //Check presence of a UsernameToken
+ WSSecurityEngineResult utResult = WSSecurityUtil.fetchActionResult(results, WSConstants.UT);
+ if(utResult == null) {
+ throw new RampartException("usernameTokenMissing");
+ }
+
+ }
+ }
+ }
+
+
+ /**
+ * @param data
+ * @param results
+ */
+ private void validateProtectionOrder(ValidatorData data, Vector results)
+ throws RampartException {
+
+ String protectionOrder = data.getRampartMessageData().getPolicyData().getProtectionOrder();
+ ArrayList sigEncrActions = this.getSigEncrActions(results);
+
+ if(sigEncrActions.size() < 2) {
+ //There are no results to COMPARE
+ return;
+ }
+ boolean done = false;
+ if(Constants.SIGN_BEFORE_ENCRYPTING.equals(protectionOrder)) {
+ boolean sigfound = false;
+ for (Iterator iter = sigEncrActions.iterator();
+ iter.hasNext() || !done;) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.SIGN) {
+ sigfound = true;
+ } else if(sigfound) {
+ //We have an ENCR action after sig
+ done = true;
+ }
+ }
+
+ } else {
+ boolean encrFound = false;
+ for (Iterator iter = sigEncrActions.iterator();
+ iter.hasNext() || !done;) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.ENCR) {
+ encrFound = true;
+ } else if(encrFound) {
+ //We have an ENCR action after sig
+ done = true;
+ }
+ }
+ }
+
+ if(!done) {
+ throw new RampartException("protectionOrderMismatch");
+ }
+ }
+
+
+ private ArrayList getSigEncrActions(Vector results) {
+ ArrayList sigEncrActions = new ArrayList();
+ for (Iterator iter = results.iterator(); iter.hasNext();) {
+ int action = ((WSSecurityEngineResult) iter.next()).getAction();
+ if(WSConstants.SIGN == action || WSConstants.ENCR == action) {
+ sigEncrActions.add(new Integer(action));
+ }
+
+ }
+ return sigEncrActions;
+ }
+
private void validateEncryptedParts(ValidatorData data, Vector results)
throws RampartException {
Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartMessageData.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartMessageData.java?view=diff&rev=477959&r1=477958&r2=477959
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartMessageData.java (original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartMessageData.java Tue Nov 21 15:26:32 2006
@@ -208,15 +208,16 @@
this.policyData = RampartPolicyBuilder.build(it);
}
+ RampartConfig rampartConfig = this.policyData.getRampartConfig();
+
+ if(isClientSide && rampartConfig == null) {
+ //We'r missing the extra info rampart needs
+ throw new RampartException("rampartConigMissing");
+ }
+
if(this.policyData != null) {
- //Check for RST and RSTR for an SCT
- RampartConfig rampartConfig = this.policyData.getRampartConfig();
-
- if(rampartConfig == null) {
- //We'r missing the extra info rampart needs
- throw new RampartException("rampartConigMissing");
- }
+ //Check for RST and RSTR for an SCT
if((WSSHandlerConstants.RST_ACTON_SCT.equals(msgContext.getWSAAction())
|| WSSHandlerConstants.RSTR_ACTON_SCT.equals(msgContext.getWSAAction())) &&
this.policyData.getIssuerPolicy() != null) {
Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties?view=diff&rev=477959&r1=477958&r2=477959
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties (original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties Tue Nov 21 15:26:32 2006
@@ -75,4 +75,6 @@
#Rampart Results Validation Errors
timestampMissing = Missing Timestamp
encryptedPartMissing = Missing encryption result for id : {0}
-invalidNumberOfEncryptedParts = Invalid number of encrypted parts
\ No newline at end of file
+invalidNumberOfEncryptedParts = Invalid number of encrypted parts
+protectionOrderMismatch = Protection order mismatch
+usernameTokenMissing = UsernameToken missing in request
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org