//End SignatureConfirmation specific code
validationContext.setURIDereferencer(DSigResolver.getInstance());
// Validate the XMLSignature (generated above)
validationContext.put(MessageConstants.WSS_PROCESSING_CONTEXT, context);
SignaturePolicy currentMessagePolicy = null;
if(context.getMode() == FilterProcessingContext.ADHOC ||
context.getMode() == FilterProcessingContext.POSTHOC){
currentMessagePolicy = new SignaturePolicy();
context.setInferredPolicy(currentMessagePolicy);
} else if (context.getMode() == FilterProcessingContext.WSDL_POLICY) {
currentMessagePolicy = new SignaturePolicy();
context.getInferredSecurityPolicy().append(currentMessagePolicy);
}
// XMLUtils.circumventBug2650(context.getSecurableSoapMessage().getSOAPPart());
boolean coreValidity = signature.validate(validationContext);
SecurityPolicy securityPolicy = context.getSecurityPolicy();
boolean isBSP = false;
if(securityPolicy != null) {
if (PolicyTypeUtil.messagePolicy(securityPolicy)) {
isBSP = ((MessagePolicy)securityPolicy).isBSP();
} else {
isBSP = ((WSSPolicy)securityPolicy).isBSP();
}
}
// Check core validation status
if (coreValidity == false) {
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINEST,"Signature failed core validation");
boolean sv = signature.getSignatureValue().validate(validationContext);
logger.log(Level.FINEST,"Signature validation status: " + sv);
// check the validation status of each Reference
Iterator i = signature.getSignedInfo().getReferences().iterator();
for (int j=0; i.hasNext(); j++) {
Reference ref = (Reference) i.next();
logger.log(Level.FINEST,"Reference ID "+ref.getId());
logger.log(Level.FINEST,"Reference URI "+ref.getURI());
boolean refValid =
ref.validate(validationContext);
logger.log(Level.FINEST,"Reference["+j+"] validity status: " + refValid);
}
}
logger.log(Level.SEVERE, LogStringsMessages.WSS_1315_SIGNATURE_VERIFICATION_FAILED());
XWSSecurityException xwsse = new XWSSecurityException("Signature verification failed");
throw SecurableSoapMessage.newSOAPFaultException(
MessageConstants.WSSE_FAILED_CHECK,"Signature verification failed ",xwsse);
} else {
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINE,"Signature Passed Core Validation");
}
SignedInfo signInfo = signature.getSignedInfo();
if (isBSP) {
Iterator i = signInfo.getReferences().iterator();
for (int j=0; i.hasNext(); j++) {
Reference reference = (Reference) i.next();
Iterator t = reference.getTransforms().iterator();
for (int index=0; t.hasNext(); index++) {
Transform transform = (Transform) t.next();
if (Transform.ENVELOPED.equals(transform.getAlgorithm())) {
logger.log(Level.SEVERE, LogStringsMessages.WSS_1336_ILLEGAL_ENVELOPEDSIGNATURE());
throw new XWSSecurityException("Enveloped signatures not permitted by BSP");
}
if (MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS.equals(transform.getAlgorithm())) {
//check the inclusiveprefix list is not empty
if (transform.getParameterSpec()!=null) {
ExcC14NParameterSpec spec = (ExcC14NParameterSpec)transform.getParameterSpec();
if (spec.getPrefixList().isEmpty())
logger.log(Level.SEVERE, LogStringsMessages.WSS_1337_INVALID_EMPTYPREFIXLIST());
throw new XWSSecurityException("Prefix List cannot be empty: violation of BSP 5407");
}
}
}
}
}
if(context.getMode() == FilterProcessingContext.POSTHOC){
//TODO: handle SAML KeyBinding here
MessagePolicy policy = (MessagePolicy) context.getSecurityPolicy();
dsigUtil.constructSignaturePolicy(signInfo, policy.isBSP(),currentMessagePolicy);
policy.append(currentMessagePolicy);
}
if(context.getMode() == FilterProcessingContext.ADHOC){
//throws Exception for now , need to throw only
//appropriate errors.
//Next step do it more efficiently.
verifyRequirements(context,signature,validationContext);
SignaturePolicy policy =(SignaturePolicy) context.getSecurityPolicy();
dsigUtil.constructSignaturePolicy(signInfo, policy.isBSP(),currentMessagePolicy);
SignaturePolicyVerifier spv = new SignaturePolicyVerifier(context);
spv.verifyPolicy(policy,currentMessagePolicy);
if(logger.isLoggable(Level.FINEST)){
logger.log(Level.FINE,"Reciever Requirements are met");