Examples of org.apache.rampart.policy.RampartPolicyData

• org.apache.rampart.policy.RampartPolicyData

      log.debug("Enter process(MessageContext msgCtx)");
    }

    RampartMessageData rmd = new RampartMessageData(msgCtx, false);

    RampartPolicyData rpd = rmd.getPolicyData();

    msgCtx.setProperty(RampartMessageData.RAMPART_POLICY_DATA, rpd);

          //If there is no policy information or if the message is a security fault or no security
                // header required by the policy
    if(rpd == null || isSecurityFault(rmd) || !RampartUtil.isSecHeaderRequired(rpd,rmd.isInitiator(),true)) {
      SOAPEnvelope env = Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);

      //Convert back to llom since the inflow cannot use llom
      msgCtx.setEnvelope(env);
      Axis2Util.useDOOM(false);
      if(doDebug){
        log.debug("Return process MessageContext msgCtx)");
      }
      return null;
    }


    Vector results = null;

    WSSecurityEngine engine = new WSSecurityEngine();

    ValidatorData data = new ValidatorData(rmd);

    SOAPHeader header = rmd.getMsgContext().getEnvelope().getHeader();
    if(header == null) {
        throw new RampartException("missingSOAPHeader");
    }

                ArrayList headerBlocks = header.getHeaderBlocksWithNSURI(WSConstants.WSSE_NS);
    SOAPHeaderBlock secHeader = null;
    //Issue is axiom - a returned collection must not be null
    if(headerBlocks != null) {
        Iterator headerBlocksIterator = headerBlocks.iterator();
        while (headerBlocksIterator.hasNext()) {
          SOAPHeaderBlock elem = (SOAPHeaderBlock) headerBlocksIterator.next();
          if(elem.getLocalName().equals(WSConstants.WSSE_LN)) {
            secHeader = elem;
            break;
          }
        }
    }

    if(secHeader == null) {
        throw new RampartException("missingSecurityHeader");
    }

    long t0=0, t1=0, t2=0, t3=0;
    if(dotDebug){
      t0 = System.currentTimeMillis();
    }

    String actorValue = secHeader.getAttributeValue(new QName(rmd
        .getSoapConstants().getEnvelopeURI(), "actor"));

    Crypto signatureCrypto = RampartUtil.getSignatureCrypto(rpd.getRampartConfig(),
            msgCtx.getAxisService().getClassLoader());
        TokenCallbackHandler tokenCallbackHandler = new TokenCallbackHandler(rmd.getTokenStorage(), RampartUtil.getPasswordCB(rmd));
        if(rpd.isSymmetricBinding()) {
      //Here we have to create the CB handler to get the tokens from the
      //token storage
      if(doDebug){
        log.debug("Processing security header using SymetricBinding");
      }

      results = engine.processSecurityHeader(rmd.getDocument(),
          actorValue,
          tokenCallbackHandler,
          signatureCrypto);
    } else {
      if(doDebug){
        log.debug("Processing security header in normal path");
      }
      results = engine.processSecurityHeader(rmd.getDocument(),
          actorValue,
          tokenCallbackHandler,
          signatureCrypto,
              RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(),
                  msgCtx.getAxisService().getClassLoader()));
    }

    if(dotDebug){
      t1 = System.currentTimeMillis();

    public void validate(ValidatorData data, Vector results)
    throws RampartException {

        RampartMessageData rmd = data.getRampartMessageData();

        RampartPolicyData rpd = rmd.getPolicyData();

        //If there's Security policy present and no results
        //then we should throw an error
        if(rpd != null && results == null) {
            throw new RampartException("noSecurityResults");
        }

        //Check presence of timestamp
        WSSecurityEngineResult tsResult = null;
        if(rpd != null &&  rpd.isIncludeTimestamp()) {
            tsResult =
                WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
            if(tsResult == null) {
                throw new RampartException("timestampMissing");
            }

        }

        //sig/encr
        Vector encryptedParts = RampartUtil.getEncryptedParts(rmd);
        if(rpd != null && rpd.isSignatureProtection() && isSignatureRequired(rmd)) {

            String sigId = RampartUtil.getSigElementId(rmd);

            encryptedParts.add(new WSEncryptionPart(WSConstants.SIG_LN,
                    WSConstants.SIG_NS, "Element"));
        }

        Vector signatureParts = RampartUtil.getSignedParts(rmd);

        //Timestamp is not included in sig parts
        if(rpd != null && rpd.isIncludeTimestamp() && !rpd.isTransportBinding()) {
            signatureParts.add(new WSEncryptionPart("timestamp"));
        }

        if(!rmd.isInitiator()) {

            //Just an indicator for EndorsingSupportingToken signature
            SupportingToken endSupportingToken = rpd.getEndorsingSupportingTokens();
            if(endSupportingToken !=  null) {
                SignedEncryptedParts endSignedParts = endSupportingToken.getSignedParts();
                if((endSignedParts != null &&
                        (endSignedParts.isBody() ||
                                endSignedParts.getHeaders().size() > 0)) ||
                                rpd.isIncludeTimestamp()) {
                    signatureParts.add(
                            new WSEncryptionPart("EndorsingSupportingTokens"));
                }
            }
            //Just an indicator for SignedEndorsingSupportingToken signature
            SupportingToken sgndEndSupportingToken = rpd.getSignedEndorsingSupportingTokens();
            if(sgndEndSupportingToken != null) {
                SignedEncryptedParts sgndEndSignedParts = sgndEndSupportingToken.getSignedParts();
                if((sgndEndSignedParts != null &&
                        (sgndEndSignedParts.isBody() ||
                                sgndEndSignedParts.getHeaders().size() > 0)) ||
                                rpd.isIncludeTimestamp()) {
                    signatureParts.add(
                            new WSEncryptionPart("SignedEndorsingSupportingTokens"));
                }
            }
        }

        validateEncrSig(data,encryptedParts, signatureParts, results);

        if(!rpd.isTransportBinding()) {
            validateProtectionOrder(data, results);
        }

        if(rpd.isTransportBinding() && !rmd.isInitiator()){
            if (rpd.getTransportToken() instanceof HttpsToken) {
                String incomingTransport = rmd.getMsgContext().getIncomingTransportName();
                if(!incomingTransport.equals(org.apache.axis2.Constants.TRANSPORT_HTTPS)){
                    throw new RampartException("invalidTransport",
                            new String[]{incomingTransport});
                }

            } else if(act.intValue() == WSConstants.ENCR) {
                encr = true;
            }
        }

        RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();

        SupportingToken sgndSupTokens = rpd.getSignedSupportingTokens();
        SupportingToken sgndEndorSupTokens = rpd.getSignedEndorsingSupportingTokens();

        if(sig && signatureParts.size() == 0
                && (sgndSupTokens == null || sgndSupTokens.getTokens().size() == 0)
                 && (sgndEndorSupTokens == null || sgndEndorSupTokens.getTokens().size() == 0)) {

     */
    protected void validateSupportingTokens(ValidatorData data, Vector results)
    throws RampartException {

        //Check for UsernameToken
        RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
        SupportingToken suppTok = rpd.getSupportingTokens();
        handleSupportingTokens(results, suppTok);
        SupportingToken signedSuppToken = rpd.getSignedSupportingTokens();
        handleSupportingTokens(results, signedSuppToken);
        SupportingToken signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens();
        handleSupportingTokens(results, signedEndSuppToken);
        SupportingToken endSuppToken = rpd.getEndorsingSupportingTokens();
        handleSupportingTokens(results, endSuppToken);
    }

        RampartMessageData rmd = data.getRampartMessageData();

        ArrayList encrRefs = getEncryptedReferences(results);

        RampartPolicyData rpd = rmd.getPolicyData();

        //Check for encrypted body
        if(rpd.isEncryptBody()) {

            if( !isRefIdPresent(encrRefs, data.getBodyEncrDataId())){
                throw new RampartException("encryptedPartMissing",
                        new String[]{data.getBodyEncrDataId()});
            }

    public void validateRequiredElements(ValidatorData data) throws RampartException {

        RampartMessageData rmd = data.getRampartMessageData();

        RampartPolicyData rpd = rmd.getPolicyData();

        SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();

        Iterator elementsIter = rpd.getRequiredElements().iterator();

        while (elementsIter.hasNext()) {

            String expression = (String) elementsIter.next();

            if ( !RampartUtil.checkRequiredElements(envelope, rpd.getDeclaredNamespaces(), expression)) {
                throw new RampartException("requiredElementsMissing", new String[] { expression } );
            }
        }

    }

        }
    }


    protected boolean isSignatureRequired(RampartMessageData rmd) {
        RampartPolicyData rpd = rmd.getPolicyData();
        return (rpd.isSymmetricBinding() && rpd.getSignatureToken() != null) ||
                (!rpd.isSymmetricBinding() && !rpd.isTransportBinding() &&
                        ((rpd.getInitiatorToken() != null && rmd.isInitiator())
                                || rpd.getRecipientToken() != null && !rmd.isInitiator()));
    }

        }



        if (securityPolicyPresent) {
            RampartPolicyData rpd = (RampartPolicyData)msgContext.
                                                getProperty(RampartMessageData.RAMPART_POLICY_DATA);
            // Security policy data has not been populated at the time of verification
            if (rpd == null ) {
                throw new AxisFault("InvalidSecurity");
            }

    protected boolean isUsernameTokenPresent(ValidatorData data) {

        //TODO This can be integrated with supporting token processing
        // which also checks whether Username Tokens present

        RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();

        SupportingToken suppTok = rpd.getSupportingTokens();
        if(isUsernameTokenPresent(suppTok)){
            return true;
        }

        SupportingToken signedSuppToken = rpd.getSignedSupportingTokens();
        if(isUsernameTokenPresent(signedSuppToken)) {
            return true;
        }

        SupportingToken signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens();
        if(isUsernameTokenPresent(signedEndSuppToken)) {
            return true;
        }

        SupportingToken endSuppToken = rpd.getEndorsingSupportingTokens();
        if(isUsernameTokenPresent(endSuppToken)){
            return true;
        }

        return false;

     */
    protected WSSecUsernameToken addUsernameToken(RampartMessageData rmd, UsernameToken token) throws RampartException {

        log.debug("Adding a UsernameToken");

        RampartPolicyData rpd = rmd.getPolicyData();

        //Get the user
        //First try options
        Options options = rmd.getMsgContext().getOptions();
        String user = options.getUserName();
        if(user == null || user.length() == 0) {
            //Then try RampartConfig
            if(rpd.getRampartConfig() != null) {
                user = rpd.getRampartConfig().getUser();
            }
        }

        if(user != null && !"".equals(user)) {
            log.debug("User : " + user);