Repository: cxf Updated Branches: refs/heads/master 08f376bdf -> a2e5fae3a
http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java index bd9ae7c..abf12e6 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java @@ -44,6 +44,7 @@ import org.apache.cxf.security.SecurityContext; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.common.cache.ReplayCache; import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.wss4j.common.ext.WSSecurityException; @@ -243,7 +244,8 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { } private boolean isAllowNoPassword(AssertionInfoMap aim) throws WSSecurityException { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); if (!ais.isEmpty()) { for (AssertionInfo ai : ais) { @@ -283,12 +285,12 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { protected UsernameToken assertTokens(SoapMessage message) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); - assertPolicy(aim, SPConstants.USERNAME_TOKEN10); - assertPolicy(aim, SPConstants.USERNAME_TOKEN11); - assertPolicy(aim, SPConstants.HASH_PASSWORD); - assertPolicy(aim, SPConstants.NO_PASSWORD); - assertPolicy(aim, SP13Constants.NONCE); - assertPolicy(aim, SP13Constants.CREATED); + PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN10); + PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN11); + PolicyUtils.assertPolicy(aim, SPConstants.HASH_PASSWORD); + PolicyUtils.assertPolicy(aim, SPConstants.NO_PASSWORD); + PolicyUtils.assertPolicy(aim, SP13Constants.NONCE); + PolicyUtils.assertPolicy(aim, SP13Constants.CREATED); return (UsernameToken)assertTokens(message, SPConstants.USERNAME_TOKEN, true); } @@ -299,7 +301,8 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { boolean signed ) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); UsernameToken tok = null; for (AssertionInfo ai : ais) { tok = (UsernameToken)ai.getAssertion(); @@ -308,7 +311,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { && (princ == null || !princ.isPasswordDigest())) { ai.setNotAsserted("Password hashing policy not enforced"); } else { - assertPolicy(aim, SPConstants.HASH_PASSWORD); + PolicyUtils.assertPolicy(aim, SPConstants.HASH_PASSWORD); } if ((tok.getPasswordType() != UsernameToken.PasswordType.NoPassword) @@ -316,28 +319,28 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { && (princ == null || princ.getPassword() == null)) { ai.setNotAsserted("Username Token No Password supplied"); } else { - assertPolicy(aim, SPConstants.NO_PASSWORD); + PolicyUtils.assertPolicy(aim, SPConstants.NO_PASSWORD); } if (tok.isCreated() && princ.getCreatedTime() == null) { ai.setNotAsserted("No Created Time"); } else { - assertPolicy(aim, SP13Constants.CREATED); + PolicyUtils.assertPolicy(aim, SP13Constants.CREATED); } if (tok.isNonce() && princ.getNonce() == null) { ai.setNotAsserted("No Nonce"); } else { - assertPolicy(aim, SP13Constants.NONCE); + PolicyUtils.assertPolicy(aim, SP13Constants.NONCE); } } - assertPolicy(aim, SPConstants.USERNAME_TOKEN10); - assertPolicy(aim, SPConstants.USERNAME_TOKEN11); - assertPolicy(aim, SPConstants.SUPPORTING_TOKENS); + PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN10); + PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN11); + PolicyUtils.assertPolicy(aim, SPConstants.SUPPORTING_TOKENS); if (signed || isTLSInUse(message)) { - assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS); + PolicyUtils.assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS); } return tok; } @@ -366,7 +369,7 @@ public class UsernameTokenInterceptor extends AbstractTokenInterceptor { if (utBuilder == null) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); Collection<AssertionInfo> ais = - getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); for (AssertionInfo ai : ais) { if (ai.isAsserted()) { ai.setAsserted(false); http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java index d748ede..d69e94d 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java @@ -350,5 +350,5 @@ public final class WSS4JUtils { } return CryptoFactory.getInstance(propFilename, classLoader); } - + } http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index 7dd95af..8198aa0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -69,6 +69,7 @@ import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.policy.PolicyConstants; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler; @@ -1057,7 +1058,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return new ArrayList<WSEncryptionPart>(); } - List<WSEncryptionPart> signedParts = new ArrayList<WSEncryptionPart>(); + List<WSEncryptionPart> signedParts = new ArrayList<>(); if (parts != null) { isBody = parts.isBody(); for (Header head : parts.getHeaders()) { @@ -2038,36 +2039,36 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle protected void addSupportingTokens(List<WSEncryptionPart> sigs) throws WSSecurityException { Collection<AssertionInfo> sgndSuppTokens = - getAllAssertionsByLocalname(aim, SPConstants.SIGNED_SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_SUPPORTING_TOKENS); List<SupportingToken> sigSuppTokList = this.handleSupportingTokens(sgndSuppTokens, false); Collection<AssertionInfo> endSuppTokens = - getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_SUPPORTING_TOKENS); endSuppTokList = this.handleSupportingTokens(endSuppTokens, true); Collection<AssertionInfo> sgndEndSuppTokens = - getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS); sgndEndSuppTokList = this.handleSupportingTokens(sgndEndSuppTokens, true); Collection<AssertionInfo> sgndEncryptedSuppTokens = - getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS); List<SupportingToken> sgndEncSuppTokList = this.handleSupportingTokens(sgndEncryptedSuppTokens, false); Collection<AssertionInfo> endorsingEncryptedSuppTokens = - getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS); endSuppTokList.addAll(this.handleSupportingTokens(endorsingEncryptedSuppTokens, true)); Collection<AssertionInfo> sgndEndEncSuppTokens = - getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS); sgndEndSuppTokList.addAll(this.handleSupportingTokens(sgndEndEncSuppTokens, true)); Collection<AssertionInfo> supportingToks = - getAllAssertionsByLocalname(aim, SPConstants.SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SUPPORTING_TOKENS); this.handleSupportingTokens(supportingToks, false); Collection<AssertionInfo> encryptedSupportingToks = - getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_SUPPORTING_TOKENS); this.handleSupportingTokens(encryptedSupportingToks, false); //Setup signature parts http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java index 5c8250c..e175f67 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java @@ -20,8 +20,6 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers; import java.util.Collection; -import java.util.Collections; -import java.util.HashSet; import java.util.logging.Level; import java.util.logging.Logger; @@ -35,13 +33,12 @@ import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.policy.PolicyException; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.neethi.Assertion; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.util.WSSecurityUtil; -import org.apache.wss4j.policy.SP11Constants; -import org.apache.wss4j.policy.SP12Constants; import org.apache.wss4j.policy.SP13Constants; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.SPConstants.IncludeTokenType; @@ -408,48 +405,11 @@ public abstract class AbstractCommonBindingHandler { } } - protected AssertionInfo getFirstAssertionByLocalname( - AssertionInfoMap aim, String localname - ) { - Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname)); - if (sp11Ais != null && !sp11Ais.isEmpty()) { - return sp11Ais.iterator().next(); - } - - Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname)); - if (sp12Ais != null && !sp12Ais.isEmpty()) { - return sp12Ais.iterator().next(); - } - - return null; - } - protected Collection<AssertionInfo> getAllAssertionsByLocalname(String localname) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); - return getAllAssertionsByLocalname(aim, localname); + return PolicyUtils.getAllAssertionsByLocalname(aim, localname); } - protected Collection<AssertionInfo> getAllAssertionsByLocalname( - AssertionInfoMap aim, - String localname - ) { - Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname)); - Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname)); - - if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) { - Collection<AssertionInfo> ais = new HashSet<AssertionInfo>(); - if (sp11Ais != null) { - ais.addAll(sp11Ais); - } - if (sp12Ais != null) { - ais.addAll(sp12Ais); - } - return ais; - } - - return Collections.emptySet(); - } - protected SoapMessage getMessage() { return message; } @@ -487,14 +447,15 @@ public abstract class AbstractCommonBindingHandler { protected Wss10 getWss10() { AssertionInfoMap aim = message.get(AssertionInfoMap.class); - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.WSS10); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.WSS10); if (!ais.isEmpty()) { for (AssertionInfo ai : ais) { return (Wss10)ai.getAssertion(); } } - ais = getAllAssertionsByLocalname(aim, SPConstants.WSS11); + ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.WSS11); if (!ais.isEmpty()) { for (AssertionInfo ai : ais) { return (Wss10)ai.getAssertion(); @@ -515,14 +476,9 @@ public abstract class AbstractCommonBindingHandler { return st; } - protected void assertPolicy(QName n) { + protected void assertPolicy(QName name) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); - Collection<AssertionInfo> ais = aim.getAssertionInfo(n); - if (ais != null && !ais.isEmpty()) { - for (AssertionInfo ai : ais) { - ai.setAsserted(true); - } - } + PolicyUtils.assertPolicy(aim, name); } protected void assertPolicy(Assertion assertion) { http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java index f65085a..3715162 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java @@ -44,6 +44,7 @@ import org.apache.cxf.message.MessageUtils; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.wss4j.common.ext.WSPasswordCallback; @@ -83,7 +84,6 @@ import org.apache.wss4j.policy.model.Wss11; import org.apache.wss4j.policy.model.X509Token; import org.apache.wss4j.policy.model.X509Token.TokenType; import org.apache.wss4j.policy.model.XPath; -import org.apache.wss4j.policy.stax.PolicyUtils; import org.apache.wss4j.stax.ext.WSSConstants; import org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType; import org.apache.wss4j.stax.ext.WSSSecurityProperties; @@ -472,7 +472,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa } protected void configureLayout(AssertionInfoMap aim) { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.LAYOUT); + Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.LAYOUT); Layout layout = null; for (AssertionInfo ai : ais) { layout = (Layout)ai.getAssertion(); @@ -828,13 +828,13 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa SignedElements elements = null; AssertionInfoMap aim = message.get(AssertionInfoMap.class); - AssertionInfo assertionInfo = getFirstAssertionByLocalname(aim, SPConstants.SIGNED_PARTS); + AssertionInfo assertionInfo = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_PARTS); if (assertionInfo != null) { parts = (SignedParts)assertionInfo.getAssertion(); assertionInfo.setAsserted(true); } - assertionInfo = getFirstAssertionByLocalname(aim, SPConstants.SIGNED_ELEMENTS); + assertionInfo = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_ELEMENTS); if (assertionInfo != null) { elements = (SignedElements)assertionInfo.getAssertion(); assertionInfo.setAsserted(true); @@ -871,7 +871,8 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa if (elements != null && elements.getXPaths() != null) { for (XPath xPath : elements.getXPaths()) { - List<QName> qnames = PolicyUtils.getElementPath(xPath); + List<QName> qnames = + org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath); if (!qnames.isEmpty()) { SecurePart securePart = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element); @@ -892,7 +893,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa ContentEncryptedElements celements = null; AssertionInfoMap aim = message.get(AssertionInfoMap.class); - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_PARTS); + Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_PARTS); if (!ais.isEmpty()) { for (AssertionInfo ai : ais) { parts = (EncryptedParts)ai.getAssertion(); @@ -900,7 +901,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa } } - ais = getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS); + ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS); if (!ais.isEmpty()) { for (AssertionInfo ai : ais) { elements = (EncryptedElements)ai.getAssertion(); @@ -908,7 +909,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa } } - ais = getAllAssertionsByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS); + ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS); if (!ais.isEmpty()) { for (AssertionInfo ai : ais) { celements = (ContentEncryptedElements)ai.getAssertion(); @@ -944,7 +945,8 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa if (elements != null && elements.getXPaths() != null) { for (XPath xPath : elements.getXPaths()) { - List<QName> qnames = PolicyUtils.getElementPath(xPath); + List<QName> qnames = + org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath); if (!qnames.isEmpty()) { SecurePart securePart = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element); @@ -955,7 +957,8 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa if (celements != null && celements.getXPaths() != null) { for (XPath xPath : celements.getXPaths()) { - List<QName> qnames = PolicyUtils.getElementPath(xPath); + List<QName> qnames = + org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath); if (!qnames.isEmpty()) { SecurePart securePart = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Content); http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java index f932698..1beb200 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java @@ -33,6 +33,7 @@ import org.apache.cxf.interceptor.Fault; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.wss4j.policy.SP11Constants; @@ -57,7 +58,6 @@ import org.apache.wss4j.policy.model.TransportToken; import org.apache.wss4j.policy.model.UsernameToken; import org.apache.wss4j.policy.model.X509Token; import org.apache.wss4j.policy.model.XPath; -import org.apache.wss4j.policy.stax.PolicyUtils; import org.apache.wss4j.stax.ext.WSSConstants; import org.apache.wss4j.stax.ext.WSSSecurityProperties; import org.apache.xml.security.stax.ext.OutboundSecurityContext; @@ -159,7 +159,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler { private void handleNonEndorsingSupportingTokens(AssertionInfoMap aim) throws Exception { Collection<AssertionInfo> ais; - ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_SUPPORTING_TOKENS); + ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_SUPPORTING_TOKENS); if (!ais.isEmpty()) { for (AssertionInfo ai : ais) { SupportingTokens sgndSuppTokens = (SupportingTokens)ai.getAssertion(); @@ -170,7 +170,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler { } } - ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS); + ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS); if (!ais.isEmpty()) { for (AssertionInfo ai : ais) { SupportingTokens sgndSuppTokens = (SupportingTokens)ai.getAssertion(); @@ -181,7 +181,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler { } } - ais = getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_SUPPORTING_TOKENS); + ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_SUPPORTING_TOKENS); if (!ais.isEmpty()) { for (AssertionInfo ai : ais) { SupportingTokens encrSuppTokens = (SupportingTokens)ai.getAssertion(); @@ -192,7 +192,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler { } } - ais = getAllAssertionsByLocalname(aim, SPConstants.SUPPORTING_TOKENS); + ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SUPPORTING_TOKENS); if (!ais.isEmpty()) { for (AssertionInfo ai : ais) { SupportingTokens suppTokens = (SupportingTokens)ai.getAssertion(); @@ -233,7 +233,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler { private void handleEndorsingSupportingTokens(AssertionInfoMap aim) throws Exception { Collection<AssertionInfo> ais; - ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS); + ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS); if (!ais.isEmpty()) { SupportingTokens sgndSuppTokens = null; for (AssertionInfo ai : ais) { @@ -247,7 +247,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler { } } - ais = getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_SUPPORTING_TOKENS); + ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_SUPPORTING_TOKENS); if (!ais.isEmpty()) { SupportingTokens endSuppTokens = null; for (AssertionInfo ai : ais) { @@ -261,7 +261,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler { } } } - ais = getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS); + ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS); if (!ais.isEmpty()) { SupportingTokens endSuppTokens = null; for (AssertionInfo ai : ais) { @@ -275,7 +275,7 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler { } } } - ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS); + ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS); if (!ais.isEmpty()) { SupportingTokens endSuppTokens = null; for (AssertionInfo ai : ais) { @@ -412,7 +412,8 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler { // Handle SignedElements if (signedElements != null && signedElements.getXPaths() != null) { for (XPath xPath : signedElements.getXPaths()) { - List<QName> qnames = PolicyUtils.getElementPath(xPath); + List<QName> qnames = + org.apache.wss4j.policy.stax.PolicyUtils.getElementPath(xPath); if (!qnames.isEmpty()) { SecurePart part = new SecurePart(qnames.get(qnames.size() - 1), Modifier.Element); http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java index d6a4462..0003d7e 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java @@ -22,21 +22,18 @@ package org.apache.cxf.ws.security.wss4j.policyvalidators; import java.security.PublicKey; import java.security.cert.X509Certificate; import java.util.Collection; -import java.util.Collections; -import java.util.HashSet; import java.util.List; import javax.xml.namespace.QName; import org.w3c.dom.Element; - import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.neethi.Assertion; - import org.apache.wss4j.common.saml.SAMLKeyInfo; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.WSConstants; @@ -47,8 +44,6 @@ import org.apache.wss4j.dom.message.token.PKIPathSecurity; import org.apache.wss4j.dom.message.token.Timestamp; import org.apache.wss4j.dom.message.token.X509Security; import org.apache.wss4j.dom.util.WSSecurityUtil; -import org.apache.wss4j.policy.SP11Constants; -import org.apache.wss4j.policy.SP12Constants; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding; import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding.ProtectionOrder; @@ -170,7 +165,7 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal ai.setNotAsserted(error); return false; } - assertPolicy(aim, SPConstants.INCLUDE_TIMESTAMP); + PolicyUtils.assertPolicy(aim, SPConstants.INCLUDE_TIMESTAMP); // Check the EntireHeaderAndBodySignatures property if (binding.isOnlySignEntireHeadersAndBody() @@ -179,15 +174,15 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal ai.setNotAsserted(error); return false; } - assertPolicy(aim, SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY); + PolicyUtils.assertPolicy(aim, SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY); // Check whether the signatures were encrypted or not if (binding.isEncryptSignature() && !isSignatureEncrypted(results)) { ai.setNotAsserted("The signature is not protected"); return false; } - assertPolicy(aim, SPConstants.ENCRYPT_SIGNATURE); - assertPolicy(aim, SPConstants.PROTECT_TOKENS); + PolicyUtils.assertPolicy(aim, SPConstants.ENCRYPT_SIGNATURE); + PolicyUtils.assertPolicy(aim, SPConstants.PROTECT_TOKENS); /* // Check ProtectTokens @@ -215,13 +210,13 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal ai.setNotAsserted("Not encrypted before signed"); return false; } - assertPolicy(aim, SPConstants.ENCRYPT_BEFORE_SIGNING); + PolicyUtils.assertPolicy(aim, SPConstants.ENCRYPT_BEFORE_SIGNING); } else if (protectionOrder == ProtectionOrder.SignBeforeEncrypting) { if (isEncryptedBeforeSigned(results)) { ai.setNotAsserted("Not signed before encrypted"); return false; } - assertPolicy(aim, SPConstants.SIGN_BEFORE_ENCRYPTING); + PolicyUtils.assertPolicy(aim, SPConstants.SIGN_BEFORE_ENCRYPTING); } return true; } @@ -447,17 +442,6 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal return false; } - protected void assertPolicy(AssertionInfoMap aim, Assertion token) { - Collection<AssertionInfo> ais = aim.get(token.getName()); - if (ais != null && !ais.isEmpty()) { - for (AssertionInfo ai : ais) { - if (ai.getAssertion() == token) { - ai.setAsserted(true); - } - } - } - } - protected void notAssertPolicy(AssertionInfoMap aim, Assertion token, String msg) { Collection<AssertionInfo> ais = aim.get(token.getName()); if (ais != null && !ais.isEmpty()) { @@ -469,28 +453,6 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal } } - protected boolean assertPolicy(AssertionInfoMap aim, String localname) { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, localname); - if (!ais.isEmpty()) { - for (AssertionInfo ai : ais) { - ai.setAsserted(true); - } - return true; - } - return false; - } - - protected boolean assertPolicy(AssertionInfoMap aim, QName q) { - Collection<AssertionInfo> ais = aim.get(q); - if (ais != null && !ais.isEmpty()) { - for (AssertionInfo ai : ais) { - ai.setAsserted(true); - } - return true; - } - return false; - } - protected void notAssertPolicy(AssertionInfoMap aim, QName q, String msg) { Collection<AssertionInfo> ais = aim.get(q); if (ais != null && !ais.isEmpty()) { @@ -500,24 +462,4 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal } } - protected Collection<AssertionInfo> getAllAssertionsByLocalname( - AssertionInfoMap aim, - String localname - ) { - Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname)); - Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname)); - - if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) { - Collection<AssertionInfo> ais = new HashSet<AssertionInfo>(); - if (sp11Ais != null) { - ais.addAll(sp11Ais); - } - if (sp12Ais != null) { - ais.addAll(sp12Ais); - } - return ais; - } - - return Collections.emptySet(); - } } http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java index 734a495..ba046d6 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java @@ -19,18 +19,8 @@ package org.apache.cxf.ws.security.wss4j.policyvalidators; -import java.util.Collection; -import java.util.Collections; -import java.util.HashSet; - -import javax.xml.namespace.QName; - import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; -import org.apache.cxf.ws.policy.AssertionInfo; -import org.apache.cxf.ws.policy.AssertionInfoMap; -import org.apache.wss4j.policy.SP11Constants; -import org.apache.wss4j.policy.SP12Constants; import org.apache.wss4j.policy.SPConstants.IncludeTokenType; import org.apache.wss4j.policy.model.AbstractToken; @@ -66,46 +56,4 @@ public abstract class AbstractTokenPolicyValidator { } } - protected boolean assertPolicy(AssertionInfoMap aim, QName name) { - Collection<AssertionInfo> ais = aim.getAssertionInfo(name); - if (aim != null && !ais.isEmpty()) { - for (AssertionInfo ai : ais) { - ai.setAsserted(true); - } - return true; - } - return false; - } - - protected boolean assertPolicy(AssertionInfoMap aim, String localname) { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, localname); - if (!ais.isEmpty()) { - for (AssertionInfo ai : ais) { - ai.setAsserted(true); - } - return true; - } - return false; - } - - protected Collection<AssertionInfo> getAllAssertionsByLocalname( - AssertionInfoMap aim, - String localname - ) { - Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname)); - Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname)); - - if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) { - Collection<AssertionInfo> ais = new HashSet<AssertionInfo>(); - if (sp11Ais != null) { - ais.addAll(sp11Ais); - } - if (sp12Ais != null) { - ais.addAll(sp12Ais); - } - return ais; - } - - return Collections.emptySet(); - } } http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java index 533489d..8f9ce14 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java @@ -30,11 +30,11 @@ import java.util.List; import javax.xml.namespace.QName; import org.w3c.dom.Element; - import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSDataRef; @@ -57,7 +57,8 @@ public class AlgorithmSuitePolicyValidator extends AbstractTokenPolicyValidator List<WSSecurityEngineResult> results, List<WSSecurityEngineResult> signedResults ) { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.ALGORITHM_SUITE); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ALGORITHM_SUITE); if (!ais.isEmpty()) { parsePolicies(aim, ais, message, results); } http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java index b4047cf..04c6777 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java @@ -24,10 +24,10 @@ import java.util.Collection; import java.util.List; import org.w3c.dom.Element; - import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.policy.SPConstants; @@ -49,7 +49,8 @@ public class AsymmetricBindingPolicyValidator extends AbstractBindingPolicyValid List<WSSecurityEngineResult> signedResults, List<WSSecurityEngineResult> encryptedResults ) { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING); if (!ais.isEmpty()) { parsePolicies(aim, ais, message, soapBody, results, signedResults, encryptedResults); } @@ -163,14 +164,14 @@ public class AsymmetricBindingPolicyValidator extends AbstractBindingPolicyValid return false; } } - assertPolicy(aim, wrapper); + PolicyUtils.assertPolicy(aim, wrapper.getName()); if (!checkDerivedKeys(wrapper, hasDerivedKeys, signedResults, encryptedResults)) { ai.setNotAsserted("Message fails the DerivedKeys requirement"); return false; } - assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS); - assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS); - assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS); return true; } @@ -184,14 +185,14 @@ public class AsymmetricBindingPolicyValidator extends AbstractBindingPolicyValid List<WSSecurityEngineResult> signedResults, List<WSSecurityEngineResult> encryptedResults) { - assertPolicy(aim, wrapper); + PolicyUtils.assertPolicy(aim, wrapper.getName()); if (!checkDerivedKeys(wrapper, hasDerivedKeys, signedResults, encryptedResults)) { ai.setNotAsserted("Message fails the DerivedKeys requirement"); return false; } - assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS); - assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS); - assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS); return true; } http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java index b332486..15c2508 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java @@ -25,6 +25,7 @@ import java.util.List; import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractToken; @@ -54,7 +55,8 @@ public class ConcreteSupportingTokenPolicyValidator extends AbstractSupportingTo List<WSSecurityEngineResult> signedResults, List<WSSecurityEngineResult> encryptedResults ) { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.SUPPORTING_TOKENS); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SUPPORTING_TOKENS); if (!ais.isEmpty()) { setMessage(message); setResults(results); http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java index 2ebb47c..f545be4 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java @@ -25,6 +25,7 @@ import java.util.List; import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractToken; @@ -54,7 +55,8 @@ public class EncryptedTokenPolicyValidator extends AbstractSupportingTokenPolicy List<WSSecurityEngineResult> signedResults, List<WSSecurityEngineResult> encryptedResults ) { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_SUPPORTING_TOKENS); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_SUPPORTING_TOKENS); if (!ais.isEmpty()) { setMessage(message); setResults(results); http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java index cb490ba..3fc837f 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java @@ -25,6 +25,7 @@ import java.util.List; import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractToken; @@ -57,7 +58,7 @@ public class EndorsingEncryptedTokenPolicyValidator extends AbstractSupportingTo List<WSSecurityEngineResult> encryptedResults ) { Collection<AssertionInfo> ais = - getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS); if (!ais.isEmpty()) { setMessage(message); setResults(results); http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java index 50082c3..cbdc07b 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java @@ -25,6 +25,7 @@ import java.util.List; import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractToken; @@ -57,7 +58,7 @@ public class EndorsingTokenPolicyValidator extends AbstractSupportingTokenPolicy List<WSSecurityEngineResult> encryptedResults ) { Collection<AssertionInfo> ais = - getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_SUPPORTING_TOKENS); if (!ais.isEmpty()) { setMessage(message); setResults(results); http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java index 8cdf20f..55db72f 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java @@ -29,6 +29,7 @@ import org.apache.cxf.message.Message; import org.apache.cxf.security.transport.TLSSessionInfo; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.common.saml.SAMLKeyInfo; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.WSConstants; @@ -107,8 +108,8 @@ public class IssuedTokenPolicyValidator extends AbstractSamlPolicyValidator { } AssertionInfoMap aim = message.get(AssertionInfoMap.class); - assertPolicy(aim, SPConstants.REQUIRE_INTERNAL_REFERENCE); - assertPolicy(aim, SPConstants.REQUIRE_EXTERNAL_REFERENCE); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_INTERNAL_REFERENCE); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_EXTERNAL_REFERENCE); return true; } @@ -143,8 +144,8 @@ public class IssuedTokenPolicyValidator extends AbstractSamlPolicyValidator { } AssertionInfoMap aim = message.get(AssertionInfoMap.class); - assertPolicy(aim, SPConstants.REQUIRE_INTERNAL_REFERENCE); - assertPolicy(aim, SPConstants.REQUIRE_EXTERNAL_REFERENCE); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_INTERNAL_REFERENCE); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_EXTERNAL_REFERENCE); return true; } http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java index 6624e9c..aa22d73 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java @@ -26,6 +26,7 @@ import javax.xml.namespace.QName; import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.message.token.KerberosSecurity; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.KerberosToken; @@ -49,11 +50,12 @@ public class KerberosTokenPolicyValidator extends AbstractTokenPolicyValidator { AssertionInfoMap aim, KerberosSecurity kerberosToken ) { - Collection<AssertionInfo> krbAis = getAllAssertionsByLocalname(aim, SPConstants.KERBEROS_TOKEN); + Collection<AssertionInfo> krbAis = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.KERBEROS_TOKEN); if (!krbAis.isEmpty()) { parsePolicies(aim, krbAis, kerberosToken); - assertPolicy(aim, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE); } return true; @@ -69,12 +71,12 @@ public class KerberosTokenPolicyValidator extends AbstractTokenPolicyValidator { ai.setAsserted(true); if (!isTokenRequired(kerberosTokenPolicy, message)) { - assertPolicy( + PolicyUtils.assertPolicy( aim, new QName(kerberosTokenPolicy.getVersion().getNamespace(), "WssKerberosV5ApReqToken11") ); - assertPolicy( + PolicyUtils.assertPolicy( aim, new QName(kerberosTokenPolicy.getVersion().getNamespace(), "WssGssKerberosV5ApReqToken11") @@ -98,14 +100,14 @@ public class KerberosTokenPolicyValidator extends AbstractTokenPolicyValidator { if (apReqTokenType == ApReqTokenType.WssKerberosV5ApReqToken11 && kerberosToken.isV5ApReq()) { - assertPolicy( + PolicyUtils.assertPolicy( aim, new QName(kerberosTokenPolicy.getVersion().getNamespace(), "WssKerberosV5ApReqToken11") ); return true; } else if (apReqTokenType == ApReqTokenType.WssGssKerberosV5ApReqToken11 && kerberosToken.isGssV5ApReq()) { - assertPolicy( + PolicyUtils.assertPolicy( aim, new QName(kerberosTokenPolicy.getVersion().getNamespace(), "WssGssKerberosV5ApReqToken11") ); http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/LayoutPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/LayoutPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/LayoutPolicyValidator.java index 370906b..4ac51b0 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/LayoutPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/LayoutPolicyValidator.java @@ -32,6 +32,7 @@ import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.common.saml.SAMLKeyInfo; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.WSConstants; @@ -57,7 +58,8 @@ public class LayoutPolicyValidator extends AbstractTokenPolicyValidator { List<WSSecurityEngineResult> results, List<WSSecurityEngineResult> signedResults ) { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.LAYOUT); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.LAYOUT); if (!ais.isEmpty()) { parsePolicies(aim, ais, message, results, signedResults); } @@ -82,10 +84,10 @@ public class LayoutPolicyValidator extends AbstractTokenPolicyValidator { } } - assertPolicy(aim, SPConstants.LAYOUT_LAX); - assertPolicy(aim, SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST); - assertPolicy(aim, SPConstants.LAYOUT_LAX_TIMESTAMP_LAST); - assertPolicy(aim, SPConstants.LAYOUT_STRICT); + PolicyUtils.assertPolicy(aim, SPConstants.LAYOUT_LAX); + PolicyUtils.assertPolicy(aim, SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST); + PolicyUtils.assertPolicy(aim, SPConstants.LAYOUT_LAX_TIMESTAMP_LAST); + PolicyUtils.assertPolicy(aim, SPConstants.LAYOUT_STRICT); } public boolean validatePolicy( http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java index 6a77ff6..37adc67 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java @@ -27,11 +27,11 @@ import java.util.List; import javax.xml.namespace.QName; import org.w3c.dom.Element; - import org.apache.cxf.message.Message; import org.apache.cxf.security.transport.TLSSessionInfo; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSSecurityEngineResult; @@ -60,11 +60,12 @@ public class SamlTokenPolicyValidator extends AbstractSamlPolicyValidator implem body = soapBody; signed = signedResults; - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.SAML_TOKEN); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SAML_TOKEN); if (!ais.isEmpty()) { parsePolicies(aim, ais, message, results, signedResults); - assertPolicy(aim, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE); } return true; @@ -88,7 +89,7 @@ public class SamlTokenPolicyValidator extends AbstractSamlPolicyValidator implem ai.setAsserted(true); if (!isTokenRequired(samlToken, message)) { - assertPolicy( + PolicyUtils.assertPolicy( aim, new QName(samlToken.getVersion().getNamespace(), samlToken.getSamlTokenType().name()) ); @@ -166,7 +167,7 @@ public class SamlTokenPolicyValidator extends AbstractSamlPolicyValidator implem } if (samlTokenType != null) { - assertPolicy(aim, new QName(samlToken.getVersion().getNamespace(), samlTokenType.name())); + PolicyUtils.assertPolicy(aim, new QName(samlToken.getVersion().getNamespace(), samlTokenType.name())); } return true; } http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java index 5103b2b..6171e9e 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java @@ -23,10 +23,10 @@ import java.util.Collection; import java.util.List; import org.w3c.dom.Element; - import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.util.WSSecurityUtil; @@ -49,7 +49,7 @@ public class SecurityContextTokenPolicyValidator List<WSSecurityEngineResult> signedResults ) { Collection<AssertionInfo> ais = - getAllAssertionsByLocalname(aim, SPConstants.SECURITY_CONTEXT_TOKEN); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SECURITY_CONTEXT_TOKEN); if (!ais.isEmpty()) { parsePolicies(aim, ais, message, results); } @@ -70,9 +70,9 @@ public class SecurityContextTokenPolicyValidator SecurityContextToken sctPolicy = (SecurityContextToken)ai.getAssertion(); ai.setAsserted(true); - assertPolicy(aim, SP12Constants.REQUIRE_EXTERNAL_URI_REFERENCE); - assertPolicy(aim, SP12Constants.SC13_SECURITY_CONTEXT_TOKEN); - assertPolicy(aim, SP11Constants.SC10_SECURITY_CONTEXT_TOKEN); + PolicyUtils.assertPolicy(aim, SP12Constants.REQUIRE_EXTERNAL_URI_REFERENCE); + PolicyUtils.assertPolicy(aim, SP12Constants.SC13_SECURITY_CONTEXT_TOKEN); + PolicyUtils.assertPolicy(aim, SP11Constants.SC10_SECURITY_CONTEXT_TOKEN); if (!isTokenRequired(sctPolicy, message)) { continue; http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java index c40bae3..7d7287a 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java @@ -25,6 +25,7 @@ import java.util.List; import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractToken; @@ -56,7 +57,7 @@ public class SignedEncryptedTokenPolicyValidator extends AbstractSupportingToken List<WSSecurityEngineResult> encryptedResults ) { Collection<AssertionInfo> ais = - getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS); if (!ais.isEmpty()) { setMessage(message); setResults(results); http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java index da0640b..2d4f691 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java @@ -25,6 +25,7 @@ import java.util.List; import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractToken; @@ -58,7 +59,7 @@ public class SignedEndorsingEncryptedTokenPolicyValidator extends AbstractSuppor List<WSSecurityEngineResult> encryptedResults ) { Collection<AssertionInfo> ais = - getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS); if (!ais.isEmpty()) { setMessage(message); setResults(results); http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java index 5262e7f..14ef12f 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java @@ -25,6 +25,7 @@ import java.util.List; import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractToken; @@ -57,7 +58,7 @@ public class SignedEndorsingTokenPolicyValidator extends AbstractSupportingToken List<WSSecurityEngineResult> encryptedResults ) { Collection<AssertionInfo> ais = - getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS); if (!ais.isEmpty()) { setMessage(message); setResults(results); http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java index b695b41..0727d19 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java @@ -25,6 +25,7 @@ import java.util.List; import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractToken; @@ -54,7 +55,7 @@ public class SignedTokenPolicyValidator extends AbstractSupportingTokenPolicyVal List<WSSecurityEngineResult> encryptedResults ) { Collection<AssertionInfo> ais = - getAllAssertionsByLocalname(aim, SPConstants.SIGNED_SUPPORTING_TOKENS); + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_SUPPORTING_TOKENS); if (!ais.isEmpty()) { setMessage(message); setResults(results); http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java index 2501eba..cbaecbb 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java @@ -23,10 +23,10 @@ import java.util.Collection; import java.util.List; import org.w3c.dom.Element; - import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.policy.SPConstants; @@ -45,7 +45,8 @@ public class SymmetricBindingPolicyValidator extends AbstractBindingPolicyValida List<WSSecurityEngineResult> signedResults, List<WSSecurityEngineResult> encryptedResults ) { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING); if (!ais.isEmpty()) { parsePolicies(aim, ais, message, soapBody, results, signedResults, encryptedResults); } @@ -104,42 +105,42 @@ public class SymmetricBindingPolicyValidator extends AbstractBindingPolicyValida List<WSSecurityEngineResult> encryptedResults ) { if (binding.getEncryptionToken() != null) { - assertPolicy(aim, binding.getEncryptionToken()); + PolicyUtils.assertPolicy(aim, binding.getEncryptionToken().getName()); if (!checkDerivedKeys( binding.getEncryptionToken(), hasDerivedKeys, signedResults, encryptedResults )) { ai.setNotAsserted("Message fails the DerivedKeys requirement"); return false; } - assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS); - assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS); - assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS); } if (binding.getSignatureToken() != null) { - assertPolicy(aim, binding.getSignatureToken()); + PolicyUtils.assertPolicy(aim, binding.getSignatureToken().getName()); if (!checkDerivedKeys( binding.getSignatureToken(), hasDerivedKeys, signedResults, encryptedResults )) { ai.setNotAsserted("Message fails the DerivedKeys requirement"); return false; } - assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS); - assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS); - assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS); } if (binding.getProtectionToken() != null) { - assertPolicy(aim, binding.getProtectionToken()); + PolicyUtils.assertPolicy(aim, binding.getProtectionToken().getName()); if (!checkDerivedKeys( binding.getProtectionToken(), hasDerivedKeys, signedResults, encryptedResults )) { ai.setNotAsserted("Message fails the DerivedKeys requirement"); return false; } - assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS); - assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS); - assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS); } return true; http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java index 963efca..cb4ccbb 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java @@ -23,12 +23,12 @@ import java.util.Collection; import java.util.List; import org.w3c.dom.Element; - import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.security.transport.TLSSessionInfo; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.policy.SP11Constants; import org.apache.wss4j.policy.SP12Constants; @@ -48,15 +48,16 @@ public class TransportBindingPolicyValidator extends AbstractBindingPolicyValida List<WSSecurityEngineResult> signedResults, List<WSSecurityEngineResult> encryptedResults ) { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING); if (!ais.isEmpty()) { parsePolicies(aim, ais, message, results, signedResults); // We don't need to check these policies for the Transport binding - assertPolicy(aim, SP12Constants.ENCRYPTED_PARTS); - assertPolicy(aim, SP11Constants.ENCRYPTED_PARTS); - assertPolicy(aim, SP12Constants.SIGNED_PARTS); - assertPolicy(aim, SP11Constants.SIGNED_PARTS); + PolicyUtils.assertPolicy(aim, SP12Constants.ENCRYPTED_PARTS); + PolicyUtils.assertPolicy(aim, SP11Constants.ENCRYPTED_PARTS); + PolicyUtils.assertPolicy(aim, SP12Constants.SIGNED_PARTS); + PolicyUtils.assertPolicy(aim, SP11Constants.SIGNED_PARTS); } return true; @@ -83,7 +84,7 @@ public class TransportBindingPolicyValidator extends AbstractBindingPolicyValida // HttpsToken is validated by the HttpsTokenInterceptorProvider if (binding.getTransportToken() != null) { - assertPolicy(aim, binding.getTransportToken()); + PolicyUtils.assertPolicy(aim, binding.getTransportToken().getName()); } // Check the IncludeTimestamp @@ -92,7 +93,7 @@ public class TransportBindingPolicyValidator extends AbstractBindingPolicyValida ai.setNotAsserted(error); continue; } - assertPolicy(aim, SPConstants.INCLUDE_TIMESTAMP); + PolicyUtils.assertPolicy(aim, SPConstants.INCLUDE_TIMESTAMP); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java index 0133bb9..e642a9a 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java @@ -24,10 +24,10 @@ import java.util.Collection; import java.util.List; import org.w3c.dom.Element; - import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.message.token.UsernameToken; @@ -51,16 +51,17 @@ public class UsernameTokenPolicyValidator List<WSSecurityEngineResult> results, List<WSSecurityEngineResult> signedResults ) { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); if (!ais.isEmpty()) { parsePolicies(ais, message, results); - assertPolicy(aim, SP13Constants.CREATED); - assertPolicy(aim, SP13Constants.NONCE); - assertPolicy(aim, SPConstants.NO_PASSWORD); - assertPolicy(aim, SPConstants.HASH_PASSWORD); - assertPolicy(aim, SPConstants.USERNAME_TOKEN10); - assertPolicy(aim, SPConstants.USERNAME_TOKEN11); + PolicyUtils.assertPolicy(aim, SP13Constants.CREATED); + PolicyUtils.assertPolicy(aim, SP13Constants.NONCE); + PolicyUtils.assertPolicy(aim, SPConstants.NO_PASSWORD); + PolicyUtils.assertPolicy(aim, SPConstants.HASH_PASSWORD); + PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN10); + PolicyUtils.assertPolicy(aim, SPConstants.USERNAME_TOKEN11); } return true; http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java index bbaebf9..f163b81 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java @@ -23,11 +23,11 @@ import java.util.Collection; import java.util.List; import org.w3c.dom.Element; - import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSSecurityEngineResult; import org.apache.wss4j.dom.util.WSSecurityUtil; @@ -47,19 +47,20 @@ public class WSS11PolicyValidator List<WSSecurityEngineResult> results, List<WSSecurityEngineResult> signedResults ) { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.WSS11); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.WSS11); if (!ais.isEmpty()) { parsePolicies(ais, message, results); - assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_THUMBPRINT); - assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY); - assertPolicy(aim, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION); + PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_THUMBPRINT); + PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION); // WSS 1.0 - assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER); - assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL); - assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI); - assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN); + PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER); + PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL); + PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI); + PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN); } return true; http://git-wip-us.apache.org/repos/asf/cxf/blob/a2e5fae3/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java index 4759f27..dfc6a74 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java @@ -30,6 +30,7 @@ import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.message.Message; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; +import org.apache.cxf.ws.security.policy.PolicyUtils; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSSecurityEngineResult; @@ -59,21 +60,22 @@ public class X509TokenPolicyValidator extends AbstractTokenPolicyValidator imple List<WSSecurityEngineResult> results, List<WSSecurityEngineResult> signedResults ) { - Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.X509_TOKEN); + Collection<AssertionInfo> ais = + PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.X509_TOKEN); if (!ais.isEmpty()) { parsePolicies(ais, message, signedResults, results); - assertPolicy(aim, SPConstants.WSS_X509_PKI_PATH_V1_TOKEN10); - assertPolicy(aim, SPConstants.WSS_X509_PKI_PATH_V1_TOKEN11); - assertPolicy(aim, SPConstants.WSS_X509_V1_TOKEN10); - assertPolicy(aim, SPConstants.WSS_X509_V1_TOKEN11); - assertPolicy(aim, SPConstants.WSS_X509_V3_TOKEN10); - assertPolicy(aim, SPConstants.WSS_X509_V3_TOKEN11); + PolicyUtils.assertPolicy(aim, SPConstants.WSS_X509_PKI_PATH_V1_TOKEN10); + PolicyUtils.assertPolicy(aim, SPConstants.WSS_X509_PKI_PATH_V1_TOKEN11); + PolicyUtils.assertPolicy(aim, SPConstants.WSS_X509_V1_TOKEN10); + PolicyUtils.assertPolicy(aim, SPConstants.WSS_X509_V1_TOKEN11); + PolicyUtils.assertPolicy(aim, SPConstants.WSS_X509_V3_TOKEN10); + PolicyUtils.assertPolicy(aim, SPConstants.WSS_X509_V3_TOKEN11); - assertPolicy(aim, SPConstants.REQUIRE_ISSUER_SERIAL_REFERENCE); - assertPolicy(aim, SPConstants.REQUIRE_THUMBPRINT_REFERENCE); - assertPolicy(aim, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE); - assertPolicy(aim, SPConstants.REQUIRE_EMBEDDED_TOKEN_REFERENCE); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_ISSUER_SERIAL_REFERENCE); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_THUMBPRINT_REFERENCE); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE); + PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_EMBEDDED_TOKEN_REFERENCE); } return true;
