protected void assertSecurePartsIfTokenNotRequired( AbstractSecurityAssertion securedPart, QName name, AssertionInfoMap aim ) { Collection<AssertionInfo> ais = aim.get(name); if (ais != null && !ais.isEmpty()) { for (AssertionInfo ai : ais) { if (ai.getAssertion().equals(securedPart)) { ai.setAsserted(true); } } } } public boolean isEnforceEncryptedTokens() {
@Override public void unassertPolicy(Assertion assertion, String reason) { Collection<AssertionInfo> ais = aim.getAssertionInfo(assertion.getName()); if (ais != null && !ais.isEmpty()) { for (AssertionInfo ai : ais) { if (ai.getAssertion() == assertion) { ai.setNotAsserted(reason); } } } }
public PolicyException(AssertionInfo info) { super(new Message("ASSERTION_NOT_ASSERTED", BUNDLE, info.getAssertion().getName(), info.getErrorMessage())); } }
/** * Return true if this SecurityPolicyValidator implementation is capable of validating a * policy defined by the AssertionInfo parameter */ public boolean canValidatePolicy(AssertionInfo assertionInfo) { return assertionInfo.getAssertion() != null && SP12Constants.ENCRYPTED_SUPPORTING_TOKENS.equals(assertionInfo.getAssertion().getName()); }
/** * Validate policies. */ public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) { Element header = parameters.getSoapHeader(); for (AssertionInfo ai : ais) { RequiredParts rp = (RequiredParts)ai.getAssertion(); ai.setAsserted(true); for (Header h : rp.getHeaders()) { QName qName = new QName(h.getNamespace(), h.getName()); if (header == null || DOMUtils.getFirstChildWithName(header, qName) == null) { ai.setNotAsserted("No header element of name " + qName + " found."); } } } }
public static boolean assertPolicy(AssertionInfoMap aim, String localname) { Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, localname); if (!ais.isEmpty()) { for (AssertionInfo ai : ais) { ai.setAsserted(true); } return true; } return false; }
/** * Validate policies. */ public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) { for (AssertionInfo ai : ais) { AlgorithmSuite algorithmSuite = (AlgorithmSuite)ai.getAssertion(); ai.setAsserted(true); boolean valid = validatePolicy(ai, algorithmSuite, parameters.getResults().getResults()); if (valid) { String namespace = algorithmSuite.getAlgorithmSuiteType().getNamespace(); String name = algorithmSuite.getAlgorithmSuiteType().getName(); Collection<AssertionInfo> algSuiteAis = parameters.getAssertionInfoMap().get(new QName(namespace, name)); if (algSuiteAis != null) { for (AssertionInfo algSuiteAi : algSuiteAis) { algSuiteAi.setAsserted(true); } } PolicyUtils.assertPolicy(parameters.getAssertionInfoMap(), new QName(algorithmSuite.getName().getNamespaceURI(), algorithmSuite.getC14n().name())); } else if (!valid && ai.isAsserted()) { ai.setNotAsserted("Error in validating AlgorithmSuite policy"); } } }
protected void addToken(SoapMessage message) { UsernameToken tok = assertTokens(message); Header h = findSecurityHeader(message, true); Element el = (Element)h.getObject(); Document doc = el.getOwnerDocument(); WSSecUsernameToken utBuilder = addUsernameToken(message, doc, tok); if (utBuilder == null) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); for (AssertionInfo ai : ais) { if (ai.isAsserted()) { ai.setAsserted(false); } } return; } utBuilder.prepare(); el.appendChild(utBuilder.getUsernameTokenElement()); }
public void check() { for (Collection<AssertionInfo> ais : values()) { for (AssertionInfo ai : ais) { if (!ai.isAsserted()) { throw new PolicyException(new org.apache.cxf.common.i18n.Message( "NOT_ASSERTED_EXC", BUNDLE, ai.getAssertion().getName())); } } } } private static Collection<Assertion> getAssertions(PolicyOperator p) {
public void handleMessage(SoapMessage message) throws Fault { boolean foundSCT = NegotiationUtils.parseSCTResult(message); AssertionInfoMap aim = message.get(AssertionInfoMap.class); // extract Assertion information if (aim != null) { Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SPNEGO_CONTEXT_TOKEN); if (ais.isEmpty()) { return; } for (AssertionInfo inf : ais) { if (foundSCT) { inf.setAsserted(true); } else { inf.setNotAsserted("No SecurityContextToken token found in message."); } } } } }
private void putAssertionInfo(Assertion a) { if (a instanceof PolicyContainingAssertion) { Policy p = ((PolicyContainingAssertion)a).getPolicy(); if (p != null) { List<Assertion> pcs = new ArrayList<>(); getAssertions(p, pcs); for (Assertion na : pcs) { putAssertionInfo(na); } } } AssertionInfo ai = new AssertionInfo(a); Collection<AssertionInfo> ail = get(a.getName()); if (ail == null) { ail = new ArrayList<>(); put(a.getName(), ail); } for (AssertionInfo ai2 : ail) { if (ai2.getAssertion() == a) { return; } } ail.add(ai); }
/** * Return true if this SecurityPolicyValidator implementation is capable of validating a * policy defined by the AssertionInfo parameter */ public boolean canValidatePolicy(AssertionInfo assertionInfo) { QName sp12QName = SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS; return assertionInfo.getAssertion() != null && sp12QName.equals(assertionInfo.getAssertion().getName()); }
/** * Validate policies. */ public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) { Element header = parameters.getSoapHeader(); for (AssertionInfo ai : ais) { RequiredParts rp = (RequiredParts)ai.getAssertion(); ai.setAsserted(true); for (Header h : rp.getHeaders()) { QName qName = new QName(h.getNamespace(), h.getName()); if (header == null || DOMUtils.getFirstChildWithName(header, qName) == null) { ai.setNotAsserted("No header element of name " + qName + " found."); } } } }
public void assertPolicy(QName qName) { Collection<AssertionInfo> ais = aim.getAssertionInfo(qName); if (ais != null && !ais.isEmpty()) { for (AssertionInfo ai : ais) { ai.setAsserted(true); } } }
/** * Validate policies. */ public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) { for (AssertionInfo ai : ais) { AlgorithmSuite algorithmSuite = (AlgorithmSuite)ai.getAssertion(); ai.setAsserted(true); boolean valid = validatePolicy(ai, algorithmSuite, parameters.getResults().getResults()); if (valid) { String namespace = algorithmSuite.getAlgorithmSuiteType().getNamespace(); String name = algorithmSuite.getAlgorithmSuiteType().getName(); Collection<AssertionInfo> algSuiteAis = parameters.getAssertionInfoMap().get(new QName(namespace, name)); if (algSuiteAis != null) { for (AssertionInfo algSuiteAi : algSuiteAis) { algSuiteAi.setAsserted(true); } } PolicyUtils.assertPolicy(parameters.getAssertionInfoMap(), new QName(algorithmSuite.getName().getNamespaceURI(), algorithmSuite.getC14n().name())); } else if (!valid && ai.isAsserted()) { ai.setNotAsserted("Error in validating AlgorithmSuite policy"); } } }
protected void addToken(SoapMessage message) { UsernameToken tok = assertTokens(message); Header h = findSecurityHeader(message, true); Element el = (Element)h.getObject(); Document doc = el.getOwnerDocument(); WSSecUsernameToken utBuilder = addUsernameToken(message, doc, tok); if (utBuilder == null) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); for (AssertionInfo ai : ais) { if (ai.isAsserted()) { ai.setAsserted(false); } } return; } utBuilder.prepare(); el.appendChild(utBuilder.getUsernameTokenElement()); }
public void check() { for (Collection<AssertionInfo> ais : values()) { for (AssertionInfo ai : ais) { if (!ai.isAsserted()) { throw new PolicyException(new org.apache.cxf.common.i18n.Message( "NOT_ASSERTED_EXC", BUNDLE, ai.getAssertion().getName())); } } } } private static Collection<Assertion> getAssertions(PolicyOperator p) {
public void handleMessage(SoapMessage message) throws Fault { boolean foundSCT = NegotiationUtils.parseSCTResult(message); AssertionInfoMap aim = message.get(AssertionInfoMap.class); // extract Assertion information if (aim != null) { Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SPNEGO_CONTEXT_TOKEN); if (ais.isEmpty()) { return; } for (AssertionInfo inf : ais) { if (foundSCT) { inf.setAsserted(true); } else { inf.setNotAsserted("No SecurityContextToken token found in message."); } } } } }
public PolicyException(AssertionInfo info) { super(new Message("ASSERTION_NOT_ASSERTED", BUNDLE, info.getAssertion().getName(), info.getErrorMessage())); } }
private void putAssertionInfo(Assertion a) { if (a instanceof PolicyContainingAssertion) { Policy p = ((PolicyContainingAssertion)a).getPolicy(); if (p != null) { List<Assertion> pcs = new ArrayList<>(); getAssertions(p, pcs); for (Assertion na : pcs) { putAssertionInfo(na); } } } AssertionInfo ai = new AssertionInfo(a); Collection<AssertionInfo> ail = get(a.getName()); if (ail == null) { ail = new ArrayList<>(); put(a.getName(), ail); } for (AssertionInfo ai2 : ail) { if (ai2.getAssertion() == a) { return; } } ail.add(ai); }