Package com.sun.xml.wss.impl.policy.mls

Examples of com.sun.xml.wss.impl.policy.mls.SignaturePolicy


            createSupportingSignature(token);
        }
    }

    protected void createSupportingSignature(Token token) throws PolicyException{
        SignaturePolicy sp = new SignaturePolicy();
        sp.setUUID(pid.generateID());
        tokenProcessor.addKeyBinding(binding,sp,token,true);
        if(binding != null && binding.getTokenProtection()){
            protectToken((WSSPolicy) sp.getKeyBinding(), sp);
        }
        SignaturePolicy.FeatureBinding spFB = (com.sun.xml.wss.impl.policy.mls.SignaturePolicy.FeatureBinding)sp.getFeatureBinding();
        //spFB.setCanonicalizationAlgorithm(CanonicalizationMethod.EXCLUSIVE);
        AlgorithmSuite as = null;
        as = st.getAlgorithmSuite();
        if( as == null && binding != null){
            as = binding.getAlgorithmSuite();
View Full Code Here


        SecurityContextTokenInfo ctx = securityContextTokenMap.get(key);                              
        return ctx;
    }
   
    private void appendEndorsingSCTRenewPolicy(final MessagePolicy policy) throws PolicyGenerationException{
        SignaturePolicy sp = scp.getRenewSignaturePolicy();
        SignaturePolicy.FeatureBinding spFB = (SignaturePolicy.FeatureBinding)sp.getFeatureBinding();
        List list = policy.getPrimaryPolicies();
        Iterator i = list.iterator();
        boolean addedSigTarget = false;
        while (i.hasNext()) {
            SecurityPolicy primaryPolicy = (SecurityPolicy) i.next();
            if(PolicyTypeUtil.signaturePolicy(primaryPolicy)){
                SignaturePolicy sigPolicy = (SignaturePolicy)primaryPolicy;
                IntegrityAssertionProcessor iAP = new IntegrityAssertionProcessor(scp.getAlgorithmSuite(), true);
                SignatureTargetCreator stc = iAP.getTargetCreator();
                SignatureTarget sigTarget = stc.newURISignatureTarget(sigPolicy.getUUID());
                SecurityPolicyUtil.setName(sigTarget, sigPolicy);
                spFB.addTargetBinding(sigTarget);
                spFB.isEndorsingSignature(true);
                addedSigTarget = true;
                break;
View Full Code Here

        ArrayList list = policy.getPrimaryPolicies();
        Iterator i = list.iterator();
        while (i.hasNext()) {
            SecurityPolicy primaryPolicy = (SecurityPolicy) i.next();
            if(PolicyTypeUtil.signaturePolicy(primaryPolicy)){
                SignaturePolicy sigPolicy = (SignaturePolicy)primaryPolicy;
                if(sigPolicy.getUUID().equals("_99")){
                    policy.remove((SecurityPolicy)sigPolicy);
                    break;
                }
            }
        }
View Full Code Here

        this.currentParentNS.putAll(namespaceList);
        this.creator = sbc;
        this.securityContext = jpc.getSecurityContext();
        this.context = jpc;
        cacheSignature = true;
        signPolicy = new SignaturePolicy();
        signPolicy.setFeatureBinding(new SignaturePolicy.FeatureBinding());
        //signatureFactory = JAXBSignatureFactory.newInstance();
    }
View Full Code Here

        this.currentParentNS.putAll(namespaceList);
        this.creator = sbc;
        this.securityContext = jpc.getSecurityContext();
        this.context = jpc;
        cacheSignature = cacheSig;
        signPolicy = new SignaturePolicy();
        signPolicy.setFeatureBinding(new SignaturePolicy.FeatureBinding());
    }
View Full Code Here

                requestPacket.invocationProperties.put(key, packet.invocationProperties.get(key));
        }
    }
   
    private void createRenewSignaturePolicy(final Token token){       
        renewSignaturePolicy = new SignaturePolicy();
        //renewSignaturePolicy.setUUID(pid.generateID());
        renewSignaturePolicy.setUUID("_99");
        SecurityPolicyVersion spVersion = token.getSecurityPolicyVersion();
        SecureConversationTokenKeyBinding sct = new SecureConversationTokenKeyBinding();
        SecureConversationToken scToken = (SecureConversationToken)token;       
View Full Code Here

    * @throws com.sun.xml.wss.XWSSecurityException
    */
    public static UsernameTokenBinding createUntBinding(FilterProcessingContext context,UsernameTokenBinding untBinding, int firstByte) throws XWSSecurityException{
        UsernameTokenBinding binding = (UsernameTokenBinding)untBinding.clone();
        JAXBFilterProcessingContext opContext = (JAXBFilterProcessingContext) context;
        SignaturePolicy authPolicy = (SignaturePolicy) context.getSecurityPolicy();
        UsernameToken unToken = null;
        if (context.getusernameTokenBinding() == null) {
            unToken = new UsernameToken(opContext.getSOAPVersion());
        } else {
            if (untBinding.getUUID().equals(context.getusernameTokenBinding().getUUID())) {
View Full Code Here

    public static void process(FilterProcessingContext context) throws XWSSecurityException {
       
        if (!context.isInboundMessage()) {
           
            WSSPolicy policy =(WSSPolicy) context.getSecurityPolicy();
            SignaturePolicy resolvedPolicy = (SignaturePolicy) policy;
           
            if (!context.makeDynamicPolicyCallback()) {

                WSSPolicy keyBinding = (WSSPolicy) ((SignaturePolicy) policy).getKeyBinding();
                 if(PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)){
                    DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding)keyBinding.clone();
                    WSSPolicy originalKeyBinding = dtk.getOriginalKeyBinding();

                     if(PolicyTypeUtil.usernameTokenBinding(originalKeyBinding)){
                        AuthenticationTokenPolicy.UsernameTokenBinding ckBindingClone =
                                (AuthenticationTokenPolicy.UsernameTokenBinding)originalKeyBinding.clone();
                        SymmetricKeyBinding skb = new SymmetricKeyBinding();
                        skb.setKeyBinding(ckBindingClone);
                        dtk.setOriginalKeyBinding(skb);
                        keyBinding = dtk;
                    }
                }
                //SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) policy.getFeatureBinding();
                if (PolicyTypeUtil.usernameTokenBinding(keyBinding)) {
                    UsernameTokenBinding binding = createUntBinding(context,(UsernameTokenBinding)keyBinding,MessageConstants.VALUE_FOR_SIGNATURE);
                    context.setUsernameTokenBinding(binding);                   
                }else if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
                    try {
                        AuthenticationTokenPolicy.X509CertificateBinding binding = (AuthenticationTokenPolicy.X509CertificateBinding)keyBinding.clone();
                        String certIdentifier = binding.getCertificateIdentifier();
                        String algorithm = binding.getKeyAlgorithm();
                        if(MessageConstants.HMAC_SHA1_SIGMETHOD.equals(algorithm)){
                            X509Certificate cert = context.getSecurityEnvironment().getCertificate(context.getExtraneousProperties(), certIdentifier, false);
                            binding.setX509Certificate(cert);
                        }else {
                           
                            if(certIdentifier == null || "".equals(certIdentifier)) {
                               
                                WSSPolicy ckBinding = (WSSPolicy) binding.getKeyBinding();
                               
                                if (ckBinding == null) {
                                    ckBinding = (WSSPolicy)binding.newPrivateKeyBinding();
                                }
                               
                                if (context.getSecurityEnvironment().getClass().getName().equals(
                                        "com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl")) {
                                    SignatureKeyCallback.PrivKeyCertRequest request =
                                            ((DefaultSecurityEnvironmentImpl)context.getSecurityEnvironment()).
                                            getDefaultPrivKeyCertRequest(context.getExtraneousProperties());
                                   
                                    binding.setX509Certificate(request.getX509Certificate());
                                    if(request.getX509Certificate() == null){
                                        log.log(Level.SEVERE, LogStringsMessages.WSS_1421_NO_DEFAULT_X_509_CERTIFICATE_PROVIDED());
                                        throw new XWSSecurityException("No default X509Certificate was provided");
                                    }
                                    ((PrivateKeyBinding) ckBinding).setPrivateKey(request.getPrivateKey());
                                }else {
                                    X509Certificate cert = context.getSecurityEnvironment().
                                            getDefaultCertificate(context.getExtraneousProperties());
                                    if(cert == null){
                                        log.log(Level.SEVERE, LogStringsMessages.WSS_1421_NO_DEFAULT_X_509_CERTIFICATE_PROVIDED());
                                        throw new XWSSecurityException("No default X509Certificate was provided");
                                    }
                                    binding.setX509Certificate(cert);
                                    PrivateKey pk = context.getSecurityEnvironment().getPrivateKey(
                                            context.getExtraneousProperties(), cert);
                                    ((PrivateKeyBinding) ckBinding).setPrivateKey(pk);
                                }
                               
                            } else {
                               
                                if (context.getSecurityEnvironment().getClass().getName().equals(
                                        "com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl")) {
                                    SignatureKeyCallback.AliasPrivKeyCertRequest request =
                                            ((DefaultSecurityEnvironmentImpl)context.getSecurityEnvironment()).
                                            getAliasPrivKeyCertRequest(certIdentifier);
                                   
                                    binding.setX509Certificate(request.getX509Certificate());
                                    if(request.getX509Certificate() == null){
                                        log.log(Level.SEVERE,LogStringsMessages.WSS_1421_NO_DEFAULT_X_509_CERTIFICATE_PROVIDED());
                                        throw new XWSSecurityException("No X509Certificate was provided");
                                    }
                                   
                                    WSSPolicy ckBinding = (WSSPolicy) binding.getKeyBinding();
                                   
                                    if (PolicyTypeUtil.privateKeyBinding(ckBinding)) {
                                        ((PrivateKeyBinding) ckBinding).setPrivateKey(request.getPrivateKey());
                                    } else {
                                        if (ckBinding == null) {
                                            // keyBinding un-defined
                                           
                                            ((PrivateKeyBinding) binding.newPrivateKeyBinding()).
                                                    setPrivateKey(request.getPrivateKey());
                                        } else {
                                            log.log(Level.SEVERE, LogStringsMessages.WSS_1416_UNSUPPORTED_KEYBINDING());
                                            throw new XWSSecurityException(
                                                    "Unsupported KeyBinding for X509CertificateBinding");
                                        }
                                    }
                                } else {
                                    // not handling symmetric key for provider
                                    X509Certificate cert = context.getSecurityEnvironment().
                                            getCertificate(
                                            context.getExtraneousProperties(), certIdentifier,true);
                                    binding.setX509Certificate(cert);
                                    WSSPolicy ckBinding = (WSSPolicy) binding.getKeyBinding();
                                    PrivateKey key = context.getSecurityEnvironment().getPrivateKey(
                                            context.getExtraneousProperties(), certIdentifier);
                                   
                                    if (PolicyTypeUtil.privateKeyBinding(ckBinding)) {
                                        ((PrivateKeyBinding) ckBinding).setPrivateKey(key);
                                    } else {
                                        if (ckBinding == null) {
                                            // keyBinding un-defined
                                            ((PrivateKeyBinding) binding.newPrivateKeyBinding()).
                                                    setPrivateKey(key);
                                        } else {
                                            log.log(Level.SEVERE, LogStringsMessages.WSS_1416_UNSUPPORTED_KEYBINDING());
                                            throw new XWSSecurityException(
                                                    "Unsupported KeyBinding for X509CertificateBinding");
                                        }
                                    }
                                   
                                }
                            }
                           
                        }
                       
                        context.setX509CertificateBinding(binding);
                       
                    } catch (Exception e) {
                        log.log(Level.SEVERE, LogStringsMessages.WSS_1417_EXCEPTION_PROCESSING_SIGNATURE(new Object[] {e.getMessage()}));
                        throw new XWSSecurityException(e);
                    }
                } else if(PolicyTypeUtil.kerberosTokenBinding(keyBinding)) {
                    AuthenticationTokenPolicy.KerberosTokenBinding binding = (AuthenticationTokenPolicy.KerberosTokenBinding)keyBinding.clone();
                    String algorithm = binding.getKeyAlgorithm();
                   
                    //String ktPolicyId = binding.getUUID();
                    String encodedRef = (String)context.getExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE);
                    KerberosContext krbContext = null;
                    if(encodedRef != null){
                        krbContext = context.getKerberosContext();
                    }
                    String dataEncAlgo = null;
                    if (context.getAlgorithmSuite() != null) {
                        dataEncAlgo = context.getAlgorithmSuite().getEncryptionAlgorithm();
                    } else {
                        dataEncAlgo = MessageConstants.DEFAULT_DATA_ENC_ALGO;
                        // warn about using default
                    }
                    if(krbContext != null){
                        byte[] kerberosToken = krbContext.getKerberosToken();
                        binding.setTokenValue(kerberosToken);
                       
                        SecretKey sKey = krbContext.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(dataEncAlgo));
                        binding.setSecretKey(sKey);
                    }else{
                        log.log(Level.SEVERE, LogStringsMessages.WSS_1423_KERBEROS_CONTEXT_NOTSET());
                        throw new XWSSecurityException("WSS1423.kerberos.context.notset");
                    }
                   
                    context.setKerberosTokenBinding(binding);
                } else if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
                    //resolvedPolicy = (SignaturePolicy)policy.clone();
                    keyBinding =(WSSPolicy) ((SignaturePolicy) policy).getKeyBinding();                   
                    AuthenticationTokenPolicy.SAMLAssertionBinding binding =
                            (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding;
                    if(binding.getAssertion() != null || binding.getAssertionReader() != null ||
                            binding.getAuthorityBinding() != null){
                        binding.setAssertion((org.w3c.dom.Element)null);
                        binding.setAuthorityBinding(null);
                        binding.setAssertion((javax.xml.stream.XMLStreamReader)null);
                    }
                   
                    binding.isReadOnly(true);
                   
                   
                    DynamicApplicationContext dynamicContext =
                            new DynamicApplicationContext(context.getPolicyContext());
                   
                    dynamicContext.setMessageIdentifier(context.getMessageIdentifier());
                    dynamicContext.inBoundMessage(false);
                    AuthenticationTokenPolicy.SAMLAssertionBinding resolvedSAMLBinding =
                           (AuthenticationTokenPolicy.SAMLAssertionBinding)
                    context.getExtraneousProperties().get(MessageConstants.SAML_ASSERTION_CLIENT_CACHE);
                    if (resolvedSAMLBinding == null) {
                        //try to obtain the HOK assertion
                        resolvedSAMLBinding =
                                context.getSecurityEnvironment().populateSAMLPolicy(context.getExtraneousProperties(), binding, dynamicContext);
                        context.getExtraneousProperties().put(MessageConstants.SAML_ASSERTION_CLIENT_CACHE, resolvedSAMLBinding);
                    }
                    if ((resolvedSAMLBinding.getAssertion() == null) &&
                            (resolvedSAMLBinding.getAuthorityBinding() == null) && (resolvedSAMLBinding.getAssertionReader() == null) ) {
                        log.log(Level.SEVERE, LogStringsMessages.WSS_1418_SAML_INFO_NOTSET());
                        throw new XWSSecurityException(
                                "None of SAML Assertion, SAML AuthorityBinding information was set into " +
                                " the Policy by the CallbackHandler");
                    }
                   
                    policy.setKeyBinding(resolvedSAMLBinding);
                    resolvedPolicy = (SignaturePolicy)policy;                 
                   
                }else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
                    try {
                       
                        String dataEncAlgo = null;
                        if (context.getAlgorithmSuite() != null) {
                            dataEncAlgo = context.getAlgorithmSuite().getEncryptionAlgorithm();
                        } else {
                            dataEncAlgo = MessageConstants.DEFAULT_DATA_ENC_ALGO;
                            // warn about using default
                        }
                       
                        SymmetricKeyBinding binding = (SymmetricKeyBinding)keyBinding.clone();
                       
                        String keyIdentifier = binding.getKeyIdentifier();
                        SecretKey sKey = null;
                       
                        WSSPolicy ckBinding = (WSSPolicy) binding.getKeyBinding();
                        boolean wss11Receiver = "true".equals(context.getExtraneousProperty("EnableWSS11PolicyReceiver"));
                        boolean wss11Sender = "true".equals(context.getExtraneousProperty("EnableWSS11PolicySender"));
                        boolean wss10 = !wss11Sender;
                        boolean sendEKSHA1 =  wss11Receiver && wss11Sender && (getReceivedSecret(context) != null);
                        if (PolicyTypeUtil.usernameTokenBinding(ckBinding)) {
                            try {
                                if (!sendEKSHA1) {
                                    AuthenticationTokenPolicy.UsernameTokenBinding untbinding = createUntBinding(context, (UsernameTokenBinding) ckBinding, MessageConstants.VALUE_FOR_ENCRYPTION);
                                    context.setUsernameTokenBinding(untbinding);
                                    sKey = untbinding.getSecretKey();
                                }
                            } catch (Exception e) {
                                log.log(Level.SEVERE, LogStringsMessages.WSS_1433_ERROR_EXTRACTING_USERNAMETOKEN(), e);
                                throw new XWSSecurityException(e);
                            }
                        }else if (PolicyTypeUtil.x509CertificateBinding(ckBinding)) {
                            try {
                                if (!sendEKSHA1) {
                                    AuthenticationTokenPolicy.X509CertificateBinding ckBindingClone =
                                            (AuthenticationTokenPolicy.X509CertificateBinding)ckBinding.clone();
                                    String certIdentifier = ckBindingClone.getCertificateIdentifier();
                                    X509Certificate cert = context.getSecurityEnvironment().
                                            getCertificate(context.getExtraneousProperties(), certIdentifier, false);
                                    ckBindingClone.setX509Certificate(cert);
                                    context.setX509CertificateBinding(ckBindingClone);
                                }
                            } catch (Exception e) {
                                log.log(Level.SEVERE, LogStringsMessages.WSS_1413_ERROR_EXTRACTING_CERTIFICATE(), e);
                                throw new XWSSecurityException(e);
                            }
                           
                        } else if(PolicyTypeUtil.kerberosTokenBinding(ckBinding)){
                            AuthenticationTokenPolicy.KerberosTokenBinding ckBindingClone =
                                    (AuthenticationTokenPolicy.KerberosTokenBinding)ckBinding;
                            //String ktPolicyId = ckBindingClone.getUUID();
                            String encodedRef = (String)context.getExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE);
                            KerberosContext krbContext = null;
                            if(encodedRef != null){
                                krbContext = context.getKerberosContext();
                            }
                            if(krbContext != null){
                                byte[] kerberosToken = krbContext.getKerberosToken();
                                ckBindingClone.setTokenValue(kerberosToken);
                               
                                sKey = krbContext.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(dataEncAlgo));
                                ckBindingClone.setSecretKey(sKey);
                            }else{
                                log.log(Level.SEVERE, LogStringsMessages.WSS_1423_KERBEROS_CONTEXT_NOTSET());
                                throw new XWSSecurityException("WSS1423.kerberos.context.notset");
                            }
                            context.setKerberosTokenBinding(ckBindingClone);
                        }
                        if((!PolicyTypeUtil.kerberosTokenBinding(ckBinding))){
                            if(!binding.getKeyIdentifier().equals(MessageConstants._EMPTY)){
                                sKey = context.getSecurityEnvironment().getSecretKey(
                                        context.getExtraneousProperties(),
                                        keyIdentifier, true);
                            } else if(sendEKSHA1){
                                sKey = getReceivedSecret(context);
                            }else if(wss11Sender || wss10){
                               
                                sKey =  SecurityUtil.generateSymmetricKey(dataEncAlgo);
                            }
                        }
                       
                        binding.setSecretKey(sKey);
                        context.setSymmetricKeyBinding(binding);
                    } catch (Exception e) {
                        //TODO: this error message should come only in Symm Keystore case
                        log.log(Level.SEVERE, LogStringsMessages.WSS_1414_ERROR_EXTRACTING_SYMMETRICKEY(new Object[] { e.getMessage()}));
                        throw new XWSSecurityException(e);
                    }
                } else if (PolicyTypeUtil.issuedTokenKeyBinding(keyBinding)) {
                    IssuedTokenKeyBinding itkb = (IssuedTokenKeyBinding)keyBinding;
                    SecurityUtil.resolveIssuedToken(context, itkb);
                   
                } else if (PolicyTypeUtil.derivedTokenKeyBinding(keyBinding)) {
                   
                    DerivedTokenKeyBinding dtk = (DerivedTokenKeyBinding)keyBinding.clone();
                    WSSPolicy originalKeyBinding = dtk.getOriginalKeyBinding();
                   
                    if ( PolicyTypeUtil.symmetricKeyBinding(originalKeyBinding)) {
                       
                        String dataEncAlgo = null;
                        if (context.getAlgorithmSuite() != null) {
                            dataEncAlgo = context.getAlgorithmSuite().getEncryptionAlgorithm();
                        } else {
                            dataEncAlgo = MessageConstants.DEFAULT_DATA_ENC_ALGO;
                            // warn about using default
                        }
                       
                        SymmetricKeyBinding symmBinding = (SymmetricKeyBinding)originalKeyBinding.clone();
                        SecretKey sKey = null;
                        boolean wss11Receiver = "true".equals(context.getExtraneousProperty("EnableWSS11PolicyReceiver"));
                        boolean wss11Sender = "true".equals(context.getExtraneousProperty("EnableWSS11PolicySender"));
                        boolean wss10 = !wss11Sender;
                        boolean sendEKSHA1 =  wss11Receiver && wss11Sender && (getReceivedSecret(context) != null);
                       
                        WSSPolicy ckBinding = (WSSPolicy) originalKeyBinding.getKeyBinding();
                        if (PolicyTypeUtil.usernameTokenBinding(ckBinding)) {
                            try {
                                if (!sendEKSHA1) {
                                    AuthenticationTokenPolicy.UsernameTokenBinding untbinding = createUntBinding(context, (UsernameTokenBinding) ckBinding, MessageConstants.VALUE_FOR_ENCRYPTION);
                                    context.setUsernameTokenBinding(untbinding);
                                }
                            } catch (Exception e) {
                                log.log(Level.SEVERE,LogStringsMessages.WSS_1433_ERROR_EXTRACTING_USERNAMETOKEN(), e);
                                throw new XWSSecurityException(e);
                            }

                        } else if (PolicyTypeUtil.x509CertificateBinding(ckBinding)) {
                            try {
                                if (!sendEKSHA1) {
                                    AuthenticationTokenPolicy.X509CertificateBinding ckBindingClone =
                                            (AuthenticationTokenPolicy.X509CertificateBinding)ckBinding.clone();
                                    String certIdentifier = ckBindingClone.getCertificateIdentifier();
                                    X509Certificate cert = context.getSecurityEnvironment().
                                            getCertificate(context.getExtraneousProperties(), certIdentifier, false);
                                    ckBindingClone.setX509Certificate(cert);
                                    context.setX509CertificateBinding(ckBindingClone);
                                }
                            } catch (Exception e) {
                                log.log(Level.SEVERE, LogStringsMessages.WSS_1413_ERROR_EXTRACTING_CERTIFICATE(), e);
                                throw new XWSSecurityException(e);
                            }
                        } else if(PolicyTypeUtil.kerberosTokenBinding(ckBinding)){
                            AuthenticationTokenPolicy.KerberosTokenBinding ckBindingClone =
                                    (AuthenticationTokenPolicy.KerberosTokenBinding)ckBinding;
                            String encodedRef = (String)context.getExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE);
                            KerberosContext krbContext = null;
                            if(encodedRef != null){
                                krbContext = context.getKerberosContext();
                            }
                            if(krbContext != null){
                                byte[] kerberosToken = krbContext.getKerberosToken();
                                ckBindingClone.setTokenValue(kerberosToken);
                                sKey = krbContext.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(dataEncAlgo));
                                ckBindingClone.setSecretKey(sKey);
                            } else{
                                log.log(Level.SEVERE, LogStringsMessages.WSS_1423_KERBEROS_CONTEXT_NOTSET());
                                throw new XWSSecurityException("WSS1423.kerberos.context.notset");
                            }
                            context.setKerberosTokenBinding(ckBindingClone);
                        }
                        if(!PolicyTypeUtil.kerberosTokenBinding(ckBinding)){
                            if(sendEKSHA1){
                                sKey = getReceivedSecret(context);
                            }else if(wss11Sender || wss10){
                                sKey =  SecurityUtil.generateSymmetricKey(dataEncAlgo);
                            }
                        }
                        symmBinding.setSecretKey(sKey);
                        context.setSymmetricKeyBinding(symmBinding);
                    } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(originalKeyBinding)) {
                        // resolve the ProofKey here and set it into ProcessingContext
                        SecureConversationTokenKeyBinding sctBinding = (SecureConversationTokenKeyBinding)originalKeyBinding;
                        SecurityUtil.resolveSCT(context, sctBinding);
                    } else if (PolicyTypeUtil.issuedTokenKeyBinding(originalKeyBinding)) {
                        IssuedTokenKeyBinding itkb = (IssuedTokenKeyBinding)originalKeyBinding;
                        SecurityUtil.resolveIssuedToken(context, itkb);
                    }
                   
                } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(keyBinding)) {
                    // resolve the ProofKey here and set it into ProcessingContext
                    SecureConversationTokenKeyBinding sctBinding = (SecureConversationTokenKeyBinding)keyBinding;
                    SecurityUtil.resolveSCT(context, sctBinding);
                } else if (PolicyTypeUtil.keyValueTokenBinding(keyBinding)) {
                    // resolve the ProofKey here and set it into ProcessingContext
                    AuthenticationTokenPolicy.KeyValueTokenBinding binding = (AuthenticationTokenPolicy.KeyValueTokenBinding)keyBinding.clone();
                else {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_1419_UNSUPPORTED_KEYBINDING_SIGNATURE());
                    throw new XWSSecurityException("Unsupported KeyBinding for SignaturePolicy");
                }
            } else {
                //resolvedPolicy = (SignaturePolicy)policy.clone();
                ((SignaturePolicy)policy).isReadOnly(true);
               
                try {
                    DynamicApplicationContext dynamicContext =
                            new DynamicApplicationContext(context.getPolicyContext());
                   
                    dynamicContext.setMessageIdentifier(context.getMessageIdentifier());
                    dynamicContext.inBoundMessage(false);
                    // TODO: set runtime context for making callback
                    DynamicPolicyCallback dynamicCallback = new DynamicPolicyCallback(
                            policy, dynamicContext);
                    ProcessingContext.copy(dynamicContext.getRuntimeProperties(), context.getExtraneousProperties());
                    HarnessUtil.makeDynamicPolicyCallback(dynamicCallback,
                            context.getSecurityEnvironment().getCallbackHandler());
                    resolvedPolicy = (SignaturePolicy)dynamicCallback.getSecurityPolicy();
                   
                } catch (Exception e) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_1420_DYNAMIC_POLICY_SIGNATURE(new Object[] {e.getMessage()}));
                    throw new XWSSecurityException(e);
                }
            }
           
            context.setSecurityPolicy(resolvedPolicy);
           
            sign(context);
           
        } else {
           
            if ( context.makeDynamicPolicyCallback()) {
                WSSPolicy policy =(WSSPolicy) context.getSecurityPolicy();
                SignaturePolicy resolvedPolicy = null;
                ((SignaturePolicy)policy).isReadOnly(true);
               
                try {
                    DynamicApplicationContext dynamicContext =
                            new DynamicApplicationContext(context.getPolicyContext());
View Full Code Here

                primaryEP.setUUID(pid.generateID());
                addSymmetricKeyBinding(primaryEP,et);
            }
           
            if(st != null){
                primarySP = new SignaturePolicy();
                primarySP.setUUID(pid.generateID());
               
                SignaturePolicy.FeatureBinding spFB = (com.sun.xml.wss.impl.policy.mls.SignaturePolicy.FeatureBinding)
                primarySP.getFeatureBinding();
                //spFB.setCanonicalizationAlgorithm(CanonicalizationMethod.EXCLUSIVE);
                SecurityPolicyUtil.setCanonicalizationMethod(spFB, binding.getAlgorithmSuite());
                spFB.isPrimarySignature(true);
                addSymmetricKeyBinding(primarySP,st);
            }
        }else{
            primarySP = new SignaturePolicy();
            primarySP.setUUID(pid.generateID());
            primaryEP = new EncryptionPolicy();
            primaryEP.setUUID(pid.generateID());
            PolicyAssertion tokenAssertion = (PolicyAssertion)pt;
            SecurityPolicyVersion spVersion = SecurityPolicyUtil.getSPVersion(tokenAssertion);
View Full Code Here

    private  void processPrimaryPolicy(WSSPolicy actualPol,
            MessagePolicy inferredSecurityPolicy) throws XWSSecurityException{
       
        //WSSAssertion wssAssertion = ((ProcessingContextImpl)ctx).getWSSAssertion();
        if(PolicyTypeUtil.signaturePolicy(actualPol)){
            SignaturePolicy actualSignPolicy = (SignaturePolicy)actualPol;
            boolean isEndorsing = ((SignaturePolicy.FeatureBinding)actualSignPolicy.getFeatureBinding()).isEndorsingSignature();
            boolean isPrimary = ((SignaturePolicy.FeatureBinding)actualSignPolicy.getFeatureBinding()).isPrimarySignature();
            int nth = 0;
            WSSPolicy pol = getFirstPrimaryPolicy(inferredSecurityPolicy, isEndorsing, nth++);
            if(pol == null && isOptionalPolicy(actualSignPolicy) == true){
                    return;
            }
            if(pol == null){
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0268_ERROR_POLICY_VERIFICATION());
                throw new XWSSecurityException("Policy verification error:" +
                        "Missing Signature Element");
                }
           
            if(PolicyTypeUtil.signaturePolicy(pol)){
                SignaturePolicy inferredPol = (SignaturePolicy)pol;
                // verify key binding
                boolean isKBTrue = verifyKeyBinding(actualSignPolicy.getKeyBinding(), inferredPol.getKeyBinding(),
                        false);               
                while(!isKBTrue && !isPrimary){
                    pol = getFirstPrimaryPolicy(inferredSecurityPolicy, isEndorsing, nth++);                   
                    if (pol == null && isOptionalPolicy(actualSignPolicy) == true) {
                        return;
                    }
                    if(pol == null){
                        log.log(Level.SEVERE, LogStringsMessages.WSS_0268_ERROR_POLICY_VERIFICATION());
                        throw new XWSSecurityException("Policy verification error:" +
                                "Missing Signature Element - perhaps a second supporting signature or " +
                                "Incorrect Key types or references were used in Signature");
                    }
                    inferredPol = (SignaturePolicy)pol;
                    isKBTrue = verifyKeyBinding(actualSignPolicy.getKeyBinding(), inferredPol.getKeyBinding(),
                            false);
                    //nth++;
                }
                // verify target binding
                boolean isTBTrue = verifySignTargetBinding((SignaturePolicy.FeatureBinding)actualSignPolicy.getFeatureBinding(),
                        (SignaturePolicy.FeatureBinding)inferredPol.getFeatureBinding());
               
                inferredSecurityPolicy.remove(pol);
                if(!isKBTrue){
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0206_POLICY_VIOLATION_EXCEPTION());
                    throw new XWSSecurityException("Policy verification error: " +
                            "Incorrect Key types or references were used in Signature");
                }
                if(!isTBTrue){
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0206_POLICY_VIOLATION_EXCEPTION());
                    throw new XWSSecurityException("Policy verification error: " +
                            "One or more Signed Parts could not be validated");
                }
                checkTargets(actualPol, pol);
            } else{
                //It could be a case of Extra Security, an Encrypted Signature
                //when the policy just requires a Signature
                if (!isEncryptedSignature(actualPol, pol)) {
                    //check to see for the case when no Signature Target present in message
                    //The incoming message will not have Signature policy in that case.
                    if (checkTargetPresence(actualPol)) {
                        log.log(Level.SEVERE, LogStringsMessages.WSS_0206_POLICY_VIOLATION_EXCEPTION());
                        throw new XWSSecurityException("Signature Policy verification error: Looking for a Signature Element " + " in Security header, but found " + pol + ".");
                    }
                } else {
                    inferredSecurityPolicy.remove(pol);
                }
            }
        } else if(PolicyTypeUtil.encryptionPolicy(actualPol)){
            EncryptionPolicy actualEncryptionPolicy = (EncryptionPolicy)actualPol;
            WSSPolicy pol = getFirstPrimaryPolicy(inferredSecurityPolicy, false, 0);
            if(pol == null){
                log.log(Level.SEVERE, LogStringsMessages.WSS_0269_ERROR_ENCRYPTIONPOLICY_VERIFICATION());
                throw new XWSSecurityException("Encryption Policy verification error:" +
                        "Missing encryption element");
            }
           
            if(PolicyTypeUtil.encryptionPolicy(pol)){
                EncryptionPolicy inferredPol = (EncryptionPolicy)pol;
                //verify key binding
                boolean isKBTrue = verifyKeyBinding(actualEncryptionPolicy.getKeyBinding(),
                        inferredPol.getKeyBinding(), true);
                // verify target binding
                boolean isTBTrue = verifyEncTargetBinding((EncryptionPolicy.FeatureBinding)actualEncryptionPolicy.getFeatureBinding(),
                        (EncryptionPolicy.FeatureBinding)inferredPol.getFeatureBinding());
               
                inferredSecurityPolicy.remove(pol);
                if(!isKBTrue){
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0206_POLICY_VIOLATION_EXCEPTION());
                    throw new XWSSecurityException("Encryption Policy verification error: " +
                            "Incorrect Key types or references were used in encryption");
                }
                if(!isTBTrue){
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0206_POLICY_VIOLATION_EXCEPTION());
                    throw new XWSSecurityException("Policy verification error: " +
                            "One or more encrypted parts could not be validated");
                }
                List<Target> inferredList = ((EncryptionPolicy.FeatureBinding)pol.getFeatureBinding()).getTargetBindings();
                List<Target> actualList = ((EncryptionPolicy.FeatureBinding)actualPol.getFeatureBinding()).getTargetBindings();
                if(actualList.size() > inferredList.size()){
                    int nthEncrypt = 0;
                    EncryptionPolicy inferredPol2 = getNthEncryptionPolicy(inferredSecurityPolicy, nthEncrypt);
                    while(inferredPol2 != null){
                        boolean isKBTrue2 = verifyKeyBinding(actualEncryptionPolicy.getKeyBinding(),
                                inferredPol2.getKeyBinding(), true);
                        boolean isTBTrue2 = verifyEncTargetBinding((EncryptionPolicy.FeatureBinding)actualEncryptionPolicy.getFeatureBinding(),
                                (EncryptionPolicy.FeatureBinding)inferredPol2.getFeatureBinding());
                        if(!isKBTrue2 || !isTBTrue2){
                            nthEncrypt++;
                            inferredPol2 = getNthEncryptionPolicy(inferredSecurityPolicy, nthEncrypt);
                        } else{
                            List<Target> moreTargets = ((EncryptionPolicy.FeatureBinding)inferredPol2.getFeatureBinding()).getTargetBindings();
                            for(Target moreTarget : moreTargets){
                                ((EncryptionPolicy.FeatureBinding)inferredPol.getFeatureBinding()).addTargetBinding(moreTarget);
                            }
                            if(actualList.size() == inferredList.size()){
                                inferredSecurityPolicy.remove(inferredPol2);
                                break;
                            }
View Full Code Here

TOP

Related Classes of com.sun.xml.wss.impl.policy.mls.SignaturePolicy

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.