Element protectedElement = signedRef.getProtectedElement(); if (protectedElement != null && ("EncryptedData".equals(protectedElement.getLocalName()) && WSS4JConstants.SAML2_NS.equals(protectedElement.getNamespaceURI()))) { for (WSDataRef encryptedRef : encryptedRefs) { if (protectedElement == encryptedRef.getEncryptedElement()) { final WSDataRef encryptedSignedRef = new WSDataRef(); encryptedSignedRef.setWsuId(signedRef.getWsuId()); encryptedSignedRef.setContent(false); encryptedSignedRef.setName(encryptedRef.getName()); encryptedSignedRef.setProtectedElement(encryptedRef .getProtectedElement()); encryptedSignedRef.setXpath(encryptedRef.getXpath());
private static boolean matchElement(Collection<WSDataRef> refs, CoverageType type, CoverageScope scope, Element el) { final boolean content; switch (scope) { case CONTENT: content = true; break; case ELEMENT: default: content = false; } for (WSDataRef r : refs) { // If the element is the same object instance // as that in the ref, we found it and can // stop looking at this element. if (r.getProtectedElement() == el && r.isContent() == content) { return true; } } return false; }
private boolean isEncryptedTokenSigned(Element token, WSDataRef signedRef, List<WSSecurityEngineResult> encryptedResults) { if (signedRef.getProtectedElement() != null && "EncryptedData".equals(signedRef.getProtectedElement().getLocalName()) && WSS4JConstants.ENC_NS.equals(signedRef.getProtectedElement().getNamespaceURI())) { String encryptedDataId = signedRef.getProtectedElement().getAttributeNS(null, "Id"); for (WSSecurityEngineResult result : encryptedResults) { List<WSDataRef> encryptedDataRefs = CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (encryptedDataRefs != null) { for (WSDataRef encryptedDataRef : encryptedDataRefs) { if (token == encryptedDataRef.getProtectedElement() && (encryptedDataRef.getWsuId() != null && encryptedDataRef.getWsuId().equals(encryptedDataId))) { return true; } } } } } return false; }
|| reference.getURI().equals(samlAssertion.getId()) || reference.getURI().equals("#" + samlAssertion.getId())) { WSDataRef ref = new WSDataRef(); ref.setWsuId(reference.getURI()); ref.setProtectedElement(token); ref.setAlgorithm(signatureMethod); ref.setDigestAlgorithm(reference.getDigestMethod().getAlgorithm()); ref.setDigestValue(reference.getDigestValue()); transformAlgorithms.add(transform.getAlgorithm()); ref.setTransformAlgorithms(transformAlgorithms); ref.setXpath(EncryptionUtils.getXPath(token)); protectedRefs.add(ref);
WSDataRef dataRef = new WSDataRef(); dataRef.setEncryptedElement(encData); dataRef.setWsuId(dataRefURI); dataRef.setAlgorithm(symEncAlgo); dataRef.setContent(content); soapHeader.replaceChild(decryptedHeader, parent); dataRef.setProtectedElement((Element)decryptedHeader); dataRef.setXpath(getXPath(decryptedHeader)); } else if (content) { dataRef.setProtectedElement(encData); dataRef.setXpath(getXPath(encData)); } else { if (decryptedNode == null) { dataRef.setProtectedElement((Element)decryptedNode); dataRef.setXpath(getXPath(decryptedNode));
CallbackHandler attachmentCallbackHandler ) throws WSSecurityException { WSDataRef dataRef = new WSDataRef(); dataRef.setWsuId(dataRefURI); dataRef.setAlgorithm(symEncAlgo); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK); dataRef.setWsuId(uri); dataRef.setAttachment(true); dataRef.setContent(true);
/** * Return true if a token was encrypted, false otherwise. */ private boolean isTokenEncrypted(Element token, List<WSSecurityEngineResult> encryptedResults) { for (WSSecurityEngineResult result : encryptedResults) { List<WSDataRef> dataRefs = CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (dataRefs != null) { for (WSDataRef dataRef : dataRefs) { if (token == dataRef.getProtectedElement()) { return true; } } } } return false; }
private boolean checkSignatureIsSignedPlacement( List<WSSecurityEngineResult> results, List<WSSecurityEngineResult> signedResults ) { for (WSSecurityEngineResult signedResult : signedResults) { List<WSDataRef> sl = CastUtils.cast((List<?>)signedResult.get( WSSecurityEngineResult.TAG_DATA_REF_URIS )); if (sl != null && sl.size() >= 1) { for (WSDataRef dataRef : sl) { QName signedQName = dataRef.getName(); if (WSConstants.SIGNATURE.equals(signedQName)) { Element protectedElement = dataRef.getProtectedElement(); if (!isEndorsingSignatureInCorrectPlace(results, signedResult, protectedElement)) { return false; } } } } } return true; }
/** * Check to see if a signature was applied before encryption. * Note that results are stored in the reverse order. */ private boolean isSignedBeforeEncrypted(List<WSSecurityEngineResult> results) { boolean signed = false; for (WSSecurityEngineResult result : results) { Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION); List<WSDataRef> el = CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); // Don't count an endorsing signature if (actInt.intValue() == WSConstants.SIGN && el != null && !(el.size() == 1 && el.get(0).getName().equals(SIG_QNAME))) { signed = true; } if (actInt.intValue() == WSConstants.ENCR && el != null) { return signed; } } return false; }
String id = r.getWsuId(); if (id != null && id.startsWith("cid:")) { id = id.substring(4); if (r.isAttachment() && attachment.getId() != null && attachment.getId().equals(id) && (CoverageType.ENCRYPTED == type || r.getTransformAlgorithms() != null && r.getTransformAlgorithms().contains(requiredTransform))) { matched = true; break;
.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); for (WSDataRef dataRef : dataRefs) { if (dataRef.getProtectedElement() == node) { dataRef.setProtectedElement((Element)newNode); .get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); for (WSDataRef dataRef :dataRefs) { if (dataRef.getProtectedElement() == node) { dataRef.setProtectedElement((Element)newNode);
encAlgorithm = refs.get(0).getAlgorithm(); userMsgs.stream().map(userMsg -> userMsg.getPayloads()) .filter(umPayloads -> !Utils.isNullOrEmpty(umPayloads)) refs.stream() .filter(ref -> SecurityUtils.isPayloadReferenced(p, ref.getWsuId(), domEnvelope)) .forEach(match -> payloads.add(p))));
String xpath = r.getXpath(); if (xpath != null) { String[] nodes = xpath.split("/"); Element protectedElement = r.getProtectedElement(); boolean tokenFound = false;
if (dataRefs != null) { for (WSDataRef dataRef : dataRefs) { String encryptionAlgorithm = dataRef.getAlgorithm(); if (!algorithmSuiteType.getEncryption().equals(encryptionAlgorithm)) { ai.setNotAsserted(
AlgorithmSuiteType algorithmSuiteType = algorithmPolicy.getAlgorithmSuiteType(); for (WSDataRef dataRef : dataRefs) { String digestMethod = dataRef.getDigestAlgorithm(); if (!algorithmSuiteType.getDigest().equals(digestMethod)) { ai.setNotAsserted( List<String> transformAlgorithms = dataRef.getTransformAlgorithms();
WSDataRef ref = new WSDataRef(); ref.setWsuId(uri); ref.setProtectedElement(se); ref.setAlgorithm(signedInfo.getSignatureMethod().getAlgorithm()); ref.setDigestAlgorithm(siRef.getDigestMethod().getAlgorithm()); ref.setDigestValue(siRef.getDigestValue()); ref.setAttachment(attachment); transformAlgorithms.add(transform.getAlgorithm()); ref.setTransformAlgorithms(transformAlgorithms); ref.setXpath(EncryptionUtils.getXPath(se)); protectedRefs.add(ref);
/** * Return true if a token was encrypted, false otherwise. */ private boolean isTokenEncrypted(Element token, List<WSSecurityEngineResult> encryptedResults) { for (WSSecurityEngineResult result : encryptedResults) { List<WSDataRef> dataRefs = CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (dataRefs != null) { for (WSDataRef dataRef : dataRefs) { if (token == dataRef.getProtectedElement()) { return true; } } } } return false; }
private boolean checkSignatureIsSignedPlacement( List<WSSecurityEngineResult> results, List<WSSecurityEngineResult> signedResults ) { for (WSSecurityEngineResult signedResult : signedResults) { List<WSDataRef> sl = CastUtils.cast((List<?>)signedResult.get( WSSecurityEngineResult.TAG_DATA_REF_URIS )); if (sl != null && sl.size() >= 1) { for (WSDataRef dataRef : sl) { QName signedQName = dataRef.getName(); if (WSConstants.SIGNATURE.equals(signedQName)) { Element protectedElement = dataRef.getProtectedElement(); if (!isEndorsingSignatureInCorrectPlace(results, signedResult, protectedElement)) { return false; } } } } } return true; }
private static boolean matchElement(Collection<WSDataRef> refs, CoverageType type, CoverageScope scope, Element el) { final boolean content; switch (scope) { case CONTENT: content = true; break; case ELEMENT: default: content = false; } for (WSDataRef r : refs) { // If the element is the same object instance // as that in the ref, we found it and can // stop looking at this element. if (r.getProtectedElement() == el && r.isContent() == content) { return true; } } return false; }
/** * Check to see if encryption was applied before signature. * Note that results are stored in the reverse order. */ private boolean isEncryptedBeforeSigned(List<WSSecurityEngineResult> results) { boolean encrypted = false; for (WSSecurityEngineResult result : results) { Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION); List<WSDataRef> el = CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (actInt.intValue() == WSConstants.ENCR && el != null) { encrypted = true; } // Don't count an endorsing signature if (actInt.intValue() == WSConstants.SIGN && el != null && !(el.size() == 1 && el.get(0).getName().equals(SIG_QNAME))) { return encrypted; } } return false; }