}
private static void processMessagePolicy(FilterProcessingContext fpContext,
SOAPElement current)throws XWSSecurityException {
int idx = 0;
MessagePolicy policy = (MessagePolicy) fpContext.getSecurityPolicy();
SecurableSoapMessage secureMsg = fpContext.getSecurableSoapMessage();
MessagePolicy secPolicy = null;
ArrayList targets = null;
StringBuffer buf = null;
boolean foundPrimaryPolicy = false;
while (idx < policy.size()) {
WSSPolicy wssPolicy = null;
try {
wssPolicy = (WSSPolicy) policy.get(idx);
} catch (Exception e) {
log.log(Level.SEVERE, LogStringsMessages.WSS_0270_FAILEDTO_GET_SECURITY_POLICY_MESSAGE_POLICY());
throw new XWSSecurityException(e);
}
if (PolicyTypeUtil.isPrimaryPolicy(wssPolicy)) {
if (wssPolicy.getType().equals("EncryptionPolicy")){
targets = ((EncryptionPolicy.FeatureBinding)wssPolicy.getFeatureBinding()).getTargetBindings();
}else{
targets = ((SignaturePolicy.FeatureBinding)wssPolicy.getFeatureBinding()).getTargetBindings();
}
foundPrimaryPolicy = true;
Iterator ite = targets.iterator();
while(ite.hasNext()){
Target t = (Target)ite.next();
if (t.getEnforce()){
// roll the pointer down the header till a primary block is hit
// if end of header is hit (pointer is null) break out of the loop
while (current != null && HarnessUtil.isSecondaryHeaderElement(current))
current = HarnessUtil.getNextElement(current);
// if pointer is null (hit end of header), reset pointer to begining of header
if (current != null) {
secureMsg.findSecurityHeader().
setCurrentHeaderElement(current);
fpContext.setSecurityPolicy(wssPolicy);
HarnessUtil.processDeep(fpContext);
boolean keepCurrent = false;
if(MessageConstants.ENCRYPTED_DATA_LNAME.equals(current.getLocalName())){
keepCurrent = true;
}
if (fpContext.isPrimaryPolicyViolation()) {
log.log(Level.SEVERE, LogStringsMessages.WSS_0265_ERROR_PRIMARY_POLICY());
throw new XWSSecurityException(fpContext.getPVE());
}
if (fpContext.isOptionalPolicyViolation()) {
// rollback current security header ptr.
// if secondary security header element
// is found, proceed to next header element
secureMsg.findSecurityHeader().setCurrentHeaderElement(current);
}
if(!keepCurrent){
current = secureMsg.findSecurityHeader().getCurrentHeaderBlockElement();
}else{
current = HarnessUtil.getNextElement(secureMsg.findSecurityHeader().getCurrentHeaderBlockElement());
}
//current = HarnessUtil.getNextElement(current);
break;
}else{
//log
if ( buf == null )
buf = new StringBuffer();
buf.append(wssPolicy.getType() + " ");
//throw new XWSSecurityException("More Receiver requirements specified"+
// " than present in the message");
}
}else{
// roll the pointer down the header till a primary block is hit
// if end of header is hit (pointer is null) break out of the loop
while (current != null && HarnessUtil.isSecondaryHeaderElement(current))
current = HarnessUtil.getNextElement(current);
if ((current!=null && wssPolicy.getType().equals("EncryptionPolicy")) && current.getLocalName().equals("Signature")){
continue;
}
if ((current!=null && wssPolicy.getType().equals("SignaturePolicy")) &&
(current.getLocalName().equals(MessageConstants.ENCRYPTED_DATA_LNAME) ||
current.getLocalName().equals(MessageConstants.XENC_ENCRYPTED_KEY_LNAME) ||
current.getLocalName().equals(MessageConstants.XENC_REFERENCE_LIST_LNAME))){
continue;
}
// if pointer is null (hit end of header), reset pointer to begining of header
if (current != null) {
secureMsg.findSecurityHeader().
setCurrentHeaderElement(current);
fpContext.setSecurityPolicy(wssPolicy);
HarnessUtil.processDeep(fpContext);
boolean keepCurrent = false;
if(MessageConstants.ENCRYPTED_DATA_LNAME.equals(current.getLocalName())){
keepCurrent = true;
}
if (fpContext.isPrimaryPolicyViolation()) {
log.log(Level.SEVERE, LogStringsMessages.WSS_0265_ERROR_PRIMARY_POLICY());
throw new XWSSecurityException(fpContext.getPVE());
}
if (fpContext.isOptionalPolicyViolation()) {
// rollback current security header ptr.
// if secondary security header element
// is found, proceed to next header element
secureMsg.findSecurityHeader().setCurrentHeaderElement(current);
}
if(!keepCurrent){
current = secureMsg.findSecurityHeader().getCurrentHeaderBlockElement();
}else{
current = HarnessUtil.getNextElement(secureMsg.findSecurityHeader().getCurrentHeaderBlockElement());
}
//current = HarnessUtil.getNextElement(current);
break;
}
}
}
}else{
if(secPolicy == null){
secPolicy = new MessagePolicy();
}
secPolicy.append(wssPolicy);
}
idx++;
}
if ( buf != null) {
log.log(Level.SEVERE, LogStringsMessages.WSS_0258_INVALID_REQUIREMENTS());
throw new XWSSecurityException("More Receiver requirements [ " + buf + " ] specified"+
" than present in the message");
}
if ( !foundPrimaryPolicy) {
SecurityHeader header = secureMsg.findSecurityHeader();
if ( header != null && header.getCurrentHeaderElement() == null) {
header.setCurrentHeaderElement(header.getFirstChildElement());
}
checkForExtraSecurity(fpContext);
}
// now process Secondary policies
idx = 0;
SOAPElement securityHeader = secureMsg.findSecurityHeader();
NodeList uList = securityHeader.getElementsByTagNameNS(MessageConstants.WSSE_NS, MessageConstants.USERNAME_TOKEN_LNAME);
if(uList.getLength() >1){
log.log(Level.SEVERE, LogStringsMessages.WSS_0259_INVALID_SEC_USERNAME());
throw new XWSSecurityException("More than one wsse:UsernameToken element present in security header");
}
NodeList tList = securityHeader.getElementsByTagNameNS(MessageConstants.WSU_NS, MessageConstants.TIMESTAMP_LNAME);
if(tList.getLength() >1){
log.log(Level.SEVERE, LogStringsMessages.WSS_0274_INVALID_SEC_TIMESTAMP());
throw new XWSSecurityException("More than one wsu:Timestamp element present in security header");
}
int unpCount = 0;
int tspCount = 0;
if(secPolicy != null){
while (idx < secPolicy.size()) {
WSSPolicy wssPolicy = null;
try {
wssPolicy = (WSSPolicy) secPolicy.get(idx);
} catch (Exception e) {
log.log(Level.SEVERE, LogStringsMessages.WSS_0270_FAILEDTO_GET_SECURITY_POLICY_MESSAGE_POLICY());
throw new XWSSecurityException(e);
}
if(PolicyTypeUtil.authenticationTokenPolicy(wssPolicy)){