Package com.sun.xml.wss.impl.policy.mls

Examples of com.sun.xml.wss.impl.policy.mls.MessagePolicy


    }
   
    private static void processMessagePolicy(FilterProcessingContext fpContext,
            SOAPElement current)throws XWSSecurityException {
        int idx = 0;
        MessagePolicy policy = (MessagePolicy) fpContext.getSecurityPolicy();
        SecurableSoapMessage secureMsg = fpContext.getSecurableSoapMessage();
        MessagePolicy secPolicy = null;
        ArrayList targets = null;
        StringBuffer buf = null;
       
        boolean foundPrimaryPolicy = false;
        while (idx < policy.size()) {
           
            WSSPolicy wssPolicy = null;
            try {
                wssPolicy = (WSSPolicy) policy.get(idx);
            } catch (Exception e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0270_FAILEDTO_GET_SECURITY_POLICY_MESSAGE_POLICY());
                throw new XWSSecurityException(e);
            }
           
           
            if (PolicyTypeUtil.isPrimaryPolicy(wssPolicy)) {
                if (wssPolicy.getType().equals("EncryptionPolicy")){
                    targets = ((EncryptionPolicy.FeatureBinding)wssPolicy.getFeatureBinding()).getTargetBindings();
                }else{
                    targets = ((SignaturePolicy.FeatureBinding)wssPolicy.getFeatureBinding()).getTargetBindings();
                }               
                foundPrimaryPolicy = true;
                Iterator ite = targets.iterator();
                while(ite.hasNext()){
                    Target t = (Target)ite.next();
                    if (t.getEnforce()){               
                       
                        // roll the pointer down the header till a primary block is hit
                        // if end of header is hit (pointer is null) break out of the loop
                        while (current != null && HarnessUtil.isSecondaryHeaderElement(current))
                            current = HarnessUtil.getNextElement(current);

                        // if pointer is null (hit end of header), reset pointer to begining of header
                        if (current != null) {

                            secureMsg.findSecurityHeader().
                                    setCurrentHeaderElement(current);

                            fpContext.setSecurityPolicy(wssPolicy);
                            HarnessUtil.processDeep(fpContext);

                            boolean keepCurrent = false;
                            if(MessageConstants.ENCRYPTED_DATA_LNAME.equals(current.getLocalName())){
                                keepCurrent = true;
                            }

                            if (fpContext.isPrimaryPolicyViolation()) {
                                log.log(Level.SEVERE, LogStringsMessages.WSS_0265_ERROR_PRIMARY_POLICY());
                                throw new XWSSecurityException(fpContext.getPVE());
                            }

                            if (fpContext.isOptionalPolicyViolation()) {
                                // rollback current security header ptr.
                                // if secondary security header element
                                // is found, proceed to next header element
                                secureMsg.findSecurityHeader().setCurrentHeaderElement(current);
                            }

                            if(!keepCurrent){
                                current = secureMsg.findSecurityHeader().getCurrentHeaderBlockElement();
                            }else{
                                current = HarnessUtil.getNextElement(secureMsg.findSecurityHeader().getCurrentHeaderBlockElement());
                            }
                            //current = HarnessUtil.getNextElement(current);                           
                            break;
                        }else{
                            //log
                            if ( buf == null )
                                buf = new StringBuffer();
                            buf.append(wssPolicy.getType() + " ");
                            //throw new XWSSecurityException("More Receiver requirements specified"+
                            //        " than present in the message");
                        }
                    }else{
                        // roll the pointer down the header till a primary block is hit
                        // if end of header is hit (pointer is null) break out of the loop
                        while (current != null && HarnessUtil.isSecondaryHeaderElement(current))
                            current = HarnessUtil.getNextElement(current);

                        if ((current!=null && wssPolicy.getType().equals("EncryptionPolicy")) && current.getLocalName().equals("Signature")){
                            continue;
                        }
                        if ((current!=null && wssPolicy.getType().equals("SignaturePolicy")) &&
                                (current.getLocalName().equals(MessageConstants.ENCRYPTED_DATA_LNAME) ||
                                  current.getLocalName().equals(MessageConstants.XENC_ENCRYPTED_KEY_LNAME) ||
                                    current.getLocalName().equals(MessageConstants.XENC_REFERENCE_LIST_LNAME))){
                            continue;
                        }
                       
                        // if pointer is null (hit end of header), reset pointer to begining of header
                        if (current != null) {

                            secureMsg.findSecurityHeader().
                                    setCurrentHeaderElement(current);

                            fpContext.setSecurityPolicy(wssPolicy);
                            HarnessUtil.processDeep(fpContext);

                            boolean keepCurrent = false;
                            if(MessageConstants.ENCRYPTED_DATA_LNAME.equals(current.getLocalName())){
                                keepCurrent = true;
                            }

                            if (fpContext.isPrimaryPolicyViolation()) {
                                log.log(Level.SEVERE, LogStringsMessages.WSS_0265_ERROR_PRIMARY_POLICY());
                                throw new XWSSecurityException(fpContext.getPVE());
                            }

                            if (fpContext.isOptionalPolicyViolation()) {
                                // rollback current security header ptr.
                                // if secondary security header element
                                // is found, proceed to next header element
                                secureMsg.findSecurityHeader().setCurrentHeaderElement(current);
                            }

                            if(!keepCurrent){
                                current = secureMsg.findSecurityHeader().getCurrentHeaderBlockElement();
                            }else{
                                current = HarnessUtil.getNextElement(secureMsg.findSecurityHeader().getCurrentHeaderBlockElement());
                            }
                            //current = HarnessUtil.getNextElement(current);                           
                            break;
                        }
                    }
                }
            }else{
                if(secPolicy == null){
                    secPolicy = new MessagePolicy();
                }
                secPolicy.append(wssPolicy);
            }
           
            idx++;
        }
       
        if ( buf != null) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0258_INVALID_REQUIREMENTS());
            throw new XWSSecurityException("More Receiver requirements [ " + buf + " ] specified"+
                    " than present in the message");
        }
       
        if ( !foundPrimaryPolicy) {
            SecurityHeader header = secureMsg.findSecurityHeader();
            if ( header != null && header.getCurrentHeaderElement() == null) {
                header.setCurrentHeaderElement(header.getFirstChildElement());
            }
            checkForExtraSecurity(fpContext);
        }
       
        // now process Secondary policies
        idx = 0;
        SOAPElement securityHeader = secureMsg.findSecurityHeader();
       
        NodeList uList = securityHeader.getElementsByTagNameNS(MessageConstants.WSSE_NS, MessageConstants.USERNAME_TOKEN_LNAME);
        if(uList.getLength() >1){
            log.log(Level.SEVERE, LogStringsMessages.WSS_0259_INVALID_SEC_USERNAME());
            throw  new XWSSecurityException("More than one wsse:UsernameToken element present in security header");
        }
       
        NodeList tList = securityHeader.getElementsByTagNameNS(MessageConstants.WSU_NS, MessageConstants.TIMESTAMP_LNAME);
        if(tList.getLength() >1){
            log.log(Level.SEVERE, LogStringsMessages.WSS_0274_INVALID_SEC_TIMESTAMP());
            throw  new XWSSecurityException("More than one wsu:Timestamp element present in security header");
        }
       
        int unpCount = 0;
        int tspCount = 0;
        if(secPolicy != null){
           
            while (idx < secPolicy.size()) {
                WSSPolicy wssPolicy = null;
                try {
                    wssPolicy = (WSSPolicy) secPolicy.get(idx);
                } catch (Exception e) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0270_FAILEDTO_GET_SECURITY_POLICY_MESSAGE_POLICY());
                    throw new XWSSecurityException(e);
                }
                if(PolicyTypeUtil.authenticationTokenPolicy(wssPolicy)){
View Full Code Here


   
    private static void checkForExtraSecondarySecurity(FilterProcessingContext context)
    throws XWSSecurityException {
       
        SecurityHeader header = context.getSecurableSoapMessage().findSecurityHeader();
        MessagePolicy policy  = (MessagePolicy) context.getSecurityPolicy();
       
        boolean _UT = false;
        boolean _TS = false;
       
        for (SOAPElement current = (SOAPElement) header.getFirstChildElement();
        current != null;
        current = (SOAPElement) current.getNextSibling()) {
            try {
                _UT = current.getLocalName().equals(MessageConstants.USERNAME_TOKEN_LNAME);
                _TS = current.getLocalName().equals(MessageConstants.TIMESTAMP_LNAME);
            } catch (Exception e) {
                log.log(Level.SEVERE, LogStringsMessages.WSS_0278_FAILEDTO_GET_LOCAL_NAME());
                throw new XWSSecurityRuntimeException(e);
            }
        }
       
        boolean throwFault = false;
        StringBuffer buf = null;
       
        if (!_UT)
            for (int i=0; i < policy.size(); i++)
                try {
                    if (PolicyTypeUtil.usernameTokenPolicy(policy.get(i))) {
                        if ( buf == null) {
                            buf = new StringBuffer();
                        }
                        buf.append(policy.get(i).getType() + " ");
                        throwFault = true;
                    }
                } catch (Exception e) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0279_FAILED_CHECK_SEC_SECURITY(), e);
                    throw new XWSSecurityRuntimeException(e);
                }
       
        if (!_TS)
            for (int j=0; j < policy.size(); j++)
                try {
                    if (PolicyTypeUtil.timestampPolicy(policy.get(j))) {
                        if ( buf == null) {
                            buf = new StringBuffer();
                        }
                        buf.append(policy.get(j).getType() + " ");
                        throwFault = true;
                    }
                } catch (Exception e) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0279_FAILED_CHECK_SEC_SECURITY(), e);
                    throw new XWSSecurityRuntimeException(e);
View Full Code Here

            }
        }

        // for policy verification, replace target uris with qnames for signature and encryption targets
        try {
            MessagePolicy inferredMessagePolicy = context.getInferredSecurityPolicy();
            for (int i = 0; i < inferredMessagePolicy.size(); i++) {
                WSSPolicy wssPolicy = (WSSPolicy) inferredMessagePolicy.get(i);
                if (PolicyTypeUtil.signaturePolicy(wssPolicy)) {
                    SignaturePolicy.FeatureBinding fb = (SignaturePolicy.FeatureBinding) wssPolicy.getFeatureBinding();
                    ArrayList targets = fb.getTargetBindings();
                    // replace uri target types with qname target types
                    modifyTargets(targets);
                } else if (PolicyTypeUtil.encryptionPolicy(wssPolicy)) {
                    EncryptionPolicy.FeatureBinding fb = (EncryptionPolicy.FeatureBinding) wssPolicy.getFeatureBinding();
                    ArrayList targets = fb.getTargetBindings();
                    // replace uri target types with qname target types
                    modifyTargets(targets);
                }
            }

        } catch (Exception ex) {
            throw new XWSSecurityException(ex);
        }

        if (scCancel) {
            boolean securedBody = false;
            boolean allHeaders = false;
            try {
                MessagePolicy mp = context.getInferredSecurityPolicy();
                for (int i = 0; i < mp.size(); i++) {
                    WSSPolicy wp = (WSSPolicy) mp.get(i);
                    if (PolicyTypeUtil.encryptionPolicy(wp)) {
                        EncryptionPolicy ep = (EncryptionPolicy) wp;
                        ArrayList list = ((EncryptionPolicy.FeatureBinding) ep.getFeatureBinding()).getTargetBindings();
                        for (int ei = 0; ei < list.size(); ei++) {
                            EncryptionTarget et = (EncryptionTarget) list.get(ei);
View Full Code Here

                SecurityPolicy policy = (SecurityPolicy)list.get(i);
                if (PolicyTypeUtil.applicationSecurityConfiguration(policy)) {
                    d.addAll(((ApplicationSecurityConfiguration)policy).getAllSenderPolicies());
                }else{
                    DeclarativeSecurityConfiguration dsc = (DeclarativeSecurityConfiguration) policy;
                    MessagePolicy mp = dsc.senderSettings();
                    d.add(mp);
                }
            }
        }
        return d;
View Full Code Here

                if (PolicyTypeUtil.applicationSecurityConfiguration(policy)) {
                    d.addAll(((ApplicationSecurityConfiguration)policy).getAllReceiverPolicies());
                }else{
                    if (PolicyTypeUtil.declarativeSecurityConfiguration(policy)) {
                        DeclarativeSecurityConfiguration dsc = (DeclarativeSecurityConfiguration) policy;
                        MessagePolicy mp = dsc.receiverSettings();
                        if ( (mp.getPrimaryPolicies().size() == 0 && mp.getSecondaryPolicies().size() == 0 ) ||
                                (mp.getPrimaryPolicies().size() != 0 && mp.getSecondaryPolicies().size() == 0 ) ||
                                (mp.getPrimaryPolicies().size() != 0 && mp.getSecondaryPolicies().size() != 0 ) ) {
                            d.add(mp);
                        }
                    } else {
                        //probably a DSP
                        d.add(policy);
View Full Code Here

        }           
    }
       
    public void renew(IssuedTokenContext ctx)throws WSTrustException{
        SCTokenConfiguration sctConfig = (SCTokenConfiguration)ctx.getSecurityPolicy().get(0);
        MessagePolicy msgPolicy = (MessagePolicy)sctConfig.getOtherOptions().get("MessagePolicy");
        if(issuedTokenContextMap.get(sctConfig.getTokenId()) != null ){
            ctx = issuedTokenContextMap.get(sctConfig.getTokenId());
            SCTokenConfiguration origSCTConfig = (SCTokenConfiguration)ctx.getSecurityPolicy().get(0);           
            if(this.tokenExpired && origSCTConfig.isRenewExpiredSCT()){
                scp.processRenew(ctx);
View Full Code Here

        }
        //set timestamp timeout
        ctx.setTimestampTimeout(this.timestampTimeOut);
        ctx.setSecurityPolicyVersion(spVersion.namespaceUri);
        try {
            MessagePolicy policy = null;
             PolicyAlternativeHolder applicableAlternative =
                    resolveAlternative(packet,isSCMessage);

            if (packet.getMessage().isFault()) {
                policy =  getOutgoingFaultPolicy(packet);
            } else if (isRMMessage(packet)|| isMakeConnectionMessage(packet)) {
                SecurityPolicyHolder holder = applicableAlternative.getOutProtocolPM().get("RM");
                policy = holder.getMessagePolicy();
            } else if(isSCCancel(packet)){
                SecurityPolicyHolder holder = applicableAlternative.getOutProtocolPM().get("SC-CANCEL");
                policy = holder.getMessagePolicy();
            }else {
                policy = getOutgoingXWSSecurityPolicy(packet, isSCMessage);
            }
           
            if (debug && policy != null) {
                policy.dumpMessages(true);
            }
            //this might mislead if there is a bug in code above
            //but we are doing this check for cases such as no-fault-security-policy
            if (policy != null) {
                ctx.setSecurityPolicy(policy);
            }
            if(isTrustMessage(packet)){
                ctx.isTrustMessage(true);
            }
            // set the policy, issued-token-map, and extraneous properties
            //ctx.setIssuedTokenContextMap(issuedTokenContextMap);
             if (isSCMessage){
                ctx.setAlgorithmSuite(policy.getAlgorithmSuite());
            } else {
                ctx.setAlgorithmSuite(getAlgoSuite(getBindingAlgorithmSuite(packet)));
            }
            ctx.setSecurityEnvironment(secEnv);
            ctx.isInboundMessage(false);         
View Full Code Here

            Token scToken = (Token)packet.invocationProperties.get(SC_ASSERTION);
            return getOutgoingXWSBootstrapPolicy(scToken);
        }
        //Message message = packet.getMessage();
       
        MessagePolicy mp = null;
        PolicyAlternativeHolder applicableAlternative =
                    resolveAlternative(packet,isSCMessage);
        WSDLBoundOperation wsdlOperation = cachedOperation(packet);
        //if(operation == null){
        //Body could be encrypted. Security will have to infer the
        //policy from the message till the Body is decrypted.
        //    mp = emptyMessagePolicy;
        //}
        if (applicableAlternative.getOutMessagePolicyMap() == null) {
            //empty message policy
            return new MessagePolicy();
        }
       
        if(isTrustMessage(packet)){
            //TODO: no runtime updates of variables: store this in Map of MessageInfo
            wsdlOperation = getWSDLOpFromAction(packet,false);
            cacheOperation(wsdlOperation, packet);
        }
       
        SecurityPolicyHolder sph = (SecurityPolicyHolder)
                applicableAlternative.getOutMessagePolicyMap().get(wsdlOperation);
        if(sph == null){
            return new MessagePolicy();
        }
        mp = sph.getMessagePolicy();
        return mp;
    }
View Full Code Here

            if (faultDetail != null) {
                fault = wsdlOperation.getFault(faultDetail);
            }
            SecurityPolicyHolder sph = applicableAlternative.getOutMessagePolicyMap().get(cachedOp);
            if (fault == null) {
                MessagePolicy faultPolicy1 = (sph != null)?(sph.getMessagePolicy()):new MessagePolicy();
                return faultPolicy1;
            }
            SecurityPolicyHolder faultPolicyHolder = sph.getFaultPolicy(fault);
            MessagePolicy faultPolicy = (faultPolicyHolder == null) ? new MessagePolicy() : faultPolicyHolder.getMessagePolicy();
            return faultPolicy;
        }
        return null;
       
    }
View Full Code Here

     * @throws com.sun.xml.wss.XWSSecurityException
     */
    private static void processMessagePolicy (FilterProcessingContext fpContext)
    throws XWSSecurityException {

        MessagePolicy policy = (MessagePolicy) fpContext.getSecurityPolicy ();

        if(policy.enableWSS11Policy()){
            // set a property in context to determine if its WSS11
            fpContext.setExtraneousProperty("EnableWSS11PolicySender","true");
        }

        // DO it always as policy not available in optimized path
        //if (policy.enableSignatureConfirmation()) {
            //For SignatureConfirmation
            //Set a list in extraneous property which will store all the outgoing SignatureValues
            //If there was no Signature in outgoing message this list will be empty
            List scList = new ArrayList();
            fpContext.setExtraneousProperty("SignatureConfirmation", scList);
        //}
       
        Iterator i = policy.iterator ();

        while (i.hasNext ()) {
            SecurityPolicy sPolicy = (SecurityPolicy) i.next();
            fpContext.setSecurityPolicy (sPolicy);
            HarnessUtil.processDeep (fpContext);
        }

        if(!(fpContext instanceof JAXBFilterProcessingContext)){
            if (policy.dumpMessages())
                DumpFilter.process(fpContext);
        }
    }
View Full Code Here

TOP

Related Classes of com.sun.xml.wss.impl.policy.mls.MessagePolicy

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.