Modified: webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java URL: http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java?rev=367649&r1=367648&r2=367649&view=diff ============================================================================== --- webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java (original) +++ webservices/commons/trunk/policy/src/examples/secParser/WSSPolicyProcessorFull.java Tue Jan 10 07:38:28 2006 @@ -20,7 +20,6 @@ import java.io.FileNotFoundException; import java.io.IOException; import java.lang.reflect.InvocationTargetException; -import java.util.ArrayList; import java.util.Iterator; import java.util.List; @@ -32,248 +31,306 @@ import org.apache.ws.policy.util.PolicyReader; import org.apache.ws.policy.util.PolicyFactory; - /** * @author Werner Dittmann ([EMAIL PROTECTED]) */ public class WSSPolicyProcessorFull { - FileInputStream fis = null; + FileInputStream fis = null; - PolicyReader prdr = null; + PolicyReader prdr = null; - Policy merged = null; + Policy merged = null; - int level = 0; + SecurityPolicyToken topLevel = new SecurityPolicyToken("_TopLevel_", + SecurityPolicyToken.COMPLEX_TOKEN, null); -// ArrayList securityTokens = new ArrayList(); - - SecurityPolicyToken topLevel = new SecurityPolicyToken("_TopLevel_", - SecurityPolicyToken.COMPLEX_TOKEN, true, null); - - SecurityPolicy secPolicy = null; - - public static void main(String[] args) throws Exception { - - WSSPolicyProcessorFull processor = new WSSPolicyProcessorFull(); - if (!processor.setup()) { - return; - } - String[] files = new String[1]; - // files[0] = "policy/src/examples/policy2.xml"; - // files[0] = "policy/src/examples/SecurityPolicyMsg.xml"; - // processor.go(files); - // System.out - // .println("\n ----------------------------------------------------"); - files = new String[2]; - files[0] = "policy/src/examples/SecurityPolicyBindings.xml"; - files[1] = "policy/src/examples/SecurityPolicyMsg.xml"; - processor.go(files); - } - - boolean setup() throws NoSuchMethodException { - prdr = PolicyFactory.getPolicyReader(PolicyFactory.OM_POLICY_READER); - secPolicy = new SecurityPolicy(); - - SecurityPolicyToken spt = secPolicy.initializeSignedParts(this); - topLevel.setChildToken(spt); - - return true; - } - - void go(String[] args) { - - merged = null; - for (int i = 0; i < args.length; i++) { - try { - fis = new FileInputStream(args[i]); - } catch (FileNotFoundException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - - Policy newPolicy = prdr.readPolicy(fis); - newPolicy = (Policy) newPolicy.normalize(); - // if (!newPolicy.isNormalized()) { - // throw new RuntimeException("newPolicy is not in normalized - // format"); - // } - if (merged == null) { - merged = newPolicy; - } else { - merged = (Policy) merged.merge(newPolicy); - } - try { - fis.close(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - processPolicy(merged); - } - - /** - * This method takes a normalized policy object, processes it and returns - * true if all assertion can be fulfilled. - * - * Each policy must be nromalized accordig to the WS Policy framework - * specification. Therefore a policy has one child (wsp:ExactlyOne) that is - * a XorCompositeAssertion. This child may contain one or more other terms - * (alternatives). To match the policy one of these terms (alternatives) - * must match. If none of the contained terms match this policy cannot be - * enforced. - * - * @param policy - * The policy to process - * @return True if this policy can be enforced by the policy enforcement - * implmentation - */ - public boolean processPolicy(Policy policy) { - - if (!policy.isNormalized()) { - throw new RuntimeException("Policy is not in normalized format"); - } - - XorCompositeAssertion xor = (XorCompositeAssertion) policy.getTerms() - .get(0); - List listOfPolicyAlternatives = xor.getTerms(); - - boolean success = false; - int numberOfAlternatives = listOfPolicyAlternatives.size(); - - for (int i = 0; !success && i < numberOfAlternatives; i++) { - AndCompositeAssertion aPolicyAlternative = (AndCompositeAssertion) listOfPolicyAlternatives - .get(i); - - List listOfAssertions = aPolicyAlternative.getTerms(); - - Iterator iterator = listOfAssertions.iterator(); - /* - * Loop over all assertions in this alternative. If all assertions - * can be fulfilled then we choose this alternative and signal a - * success. - */ - boolean all = true; - while (all && iterator.hasNext()) { - Assertion assertion = (Assertion) iterator.next(); - if (assertion instanceof Policy) { - all = processPolicy((Policy) assertion); - continue; - } - if (!(assertion instanceof PrimitiveAssertion)) { - System.out.println("Got a unexpected assertion type: " - + assertion.getClass().getName()); - continue; - } - all = processPrimitiveAssertion((PrimitiveAssertion) assertion); - } - /* - * copy the status of assertion processing. If all is true the this - * alternative is "success"ful - */ - success = all; - } - return success; - } - - boolean processPrimitiveAssertion(PrimitiveAssertion pa) { - /* - * We need to pick only the primitive assertions which conatain a - * WSSecurityPolicy policy assertion. For that we'll check the namespace - * of the primitive assertion - */ - boolean commit = true; - - if (pa.getName().getNamespaceURI().equals( - "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";)) { - commit = startPolicyTransaction(pa); - } - - List terms = pa.getTerms(); - if (terms.size() > 0) { - for (int i = 0; commit && i < terms.size(); i++) { - level++; - Assertion assertion = (Assertion) pa.getTerms().get(i); - if (assertion instanceof Policy) { - assertion = assertion.normalize(); - commit = processPolicy((Policy) assertion); - } else if (assertion instanceof PrimitiveAssertion) { - commit = processPrimitiveAssertion((PrimitiveAssertion) assertion); - } - level--; - } - } - if (commit) { - commitPolicyTransaction(pa); - } else { - abortPolicyTransaction(pa); - } - return commit; - } - - public boolean startPolicyTransaction(PrimitiveAssertion prim) { - - /* - * May be I should be setting the configuration options in - * WSDoAll*Handler according to this security assertion. - */ - StringBuffer indent = new StringBuffer(); - for (int i = 0; i < level; i++) { - indent.append(" "); - } - String tokenName = prim.getName().getLocalPart(); - System.out.println(new String(indent) + tokenName); - String text = prim.getStrValue(); - if (text != null) { - text = text.trim(); - System.out - .println(new String(indent) + "Value: '" + text.toString() + "'"); - } - SecurityPolicyToken spt = topLevel.getChildToken(tokenName); - SecurityProcessorContext spc = new SecurityProcessorContext(); - if (spt != null) { - try { - System.out.println("SPT: " + spt); - spt.invokeProcessTokenMethod(spc); - } catch (IllegalArgumentException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IllegalAccessException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (InvocationTargetException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - return true; - } - - public void abortPolicyTransaction(PrimitiveAssertion prim) { - System.out.println("Aborting Policy transaction " - + prim.getName().getLocalPart()); - } - - public void commitPolicyTransaction(PrimitiveAssertion prim) { - System.out.println("Commit Policy transaction " - + prim.getName().getLocalPart()); - } - - public Object doSignedParts(SecurityProcessorContext spc) { - System.out.println("We found a SignedParts token"); - return new Boolean(true); - } - - public Object doBody(SecurityProcessorContext spc) { - System.out.println("We found a Body token"); - return new Boolean(true); - } - - public Object doHeader(SecurityProcessorContext spc) { - System.out.println("We found a Header token"); - return new Boolean(true); - } - + SecurityPolicy secPolicy = null; + + SecurityProcessorContext secProcessorContext = null; + + public static void main(String[] args) throws Exception { + + WSSPolicyProcessorFull processor = new WSSPolicyProcessorFull(); + if (!processor.setup()) { + return; + } + String[] files = new String[1]; + files = new String[2]; + files[0] = "policy/src/examples/SecurityPolicyBindings.xml"; + files[1] = "policy/src/examples/SecurityPolicyMsg.xml"; + processor.go(files); + } + + boolean setup() throws NoSuchMethodException { + prdr = PolicyFactory.getPolicyReader(PolicyFactory.OM_POLICY_READER); + + secPolicy = new SecurityPolicy(); + + /* + * Initialize the top level security policy token. + */ + SecurityPolicyToken spt = null; + + SignedPartsElementsProcessor spep = new SignedPartsElementsProcessor(); + spt = secPolicy.signedParts.copy(); + spt.setProcessTokenMethod(spep); + topLevel.setChildToken(spt); + + spt = secPolicy.signedElements.copy(); + spt.setProcessTokenMethod(spep); + topLevel.setChildToken(spt); + + EncryptedPartsElementsProcessor epep = new EncryptedPartsElementsProcessor(); + spt = secPolicy.encryptedParts.copy(); + spt.setProcessTokenMethod(epep); + topLevel.setChildToken(spt); + + spt = secPolicy.encryptedElements.copy(); + spt.setProcessTokenMethod(epep); + topLevel.setChildToken(spt); + +// X509TokenProcessor x509t = new X509TokenProcessor(); +// spt = secPolicy.x509Token.copy(); +// spt.setProcessTokenMethod(x509t); +// topLevel.setChildToken(spt); +// +// UsernameTokenProcessor unt = new UsernameTokenProcessor(); +// spt = secPolicy.usernameToken.copy(); +// spt.setProcessTokenMethod(unt); +// topLevel.setChildToken(spt); + + /* + * Now get a context and push the top level token onto the token stack. + * The top level token is a special token that acts as anchor to start + * parsing. + */ + secProcessorContext = new SecurityProcessorContext(); + secProcessorContext.pushSecurityToken(topLevel); + + return true; + } + + void go(String[] args) { + + merged = null; + for (int i = 0; i < args.length; i++) { + try { + fis = new FileInputStream(args[i]); + } catch (FileNotFoundException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + Policy newPolicy = prdr.readPolicy(fis); + newPolicy = (Policy) newPolicy.normalize(); + + if (merged == null) { + merged = newPolicy; + } else { + merged = (Policy) merged.merge(newPolicy); + } + try { + fis.close(); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + processPolicy(merged); + } + + /** + * This method takes a normalized policy object, processes it and returns + * true if all assertion can be fulfilled. + * + * Each policy must be nromalized accordig to the WS Policy framework + * specification. Therefore a policy has one child (wsp:ExactlyOne) that is + * a XorCompositeAssertion. This child may contain one or more other terms + * (alternatives). To match the policy one of these terms (alternatives) + * must match. If none of the contained terms match this policy cannot be + * enforced. + * + * @param policy + * The policy to process + * @return True if this policy can be enforced by the policy enforcement + * implmentation + */ + public boolean processPolicy(Policy policy) { + + if (!policy.isNormalized()) { + throw new RuntimeException("Policy is not in normalized format"); + } + + XorCompositeAssertion xor = (XorCompositeAssertion) policy.getTerms() + .get(0); + List listOfPolicyAlternatives = xor.getTerms(); + + boolean success = false; + int numberOfAlternatives = listOfPolicyAlternatives.size(); + + for (int i = 0; !success && i < numberOfAlternatives; i++) { + AndCompositeAssertion aPolicyAlternative = (AndCompositeAssertion) listOfPolicyAlternatives + .get(i); + + List listOfAssertions = aPolicyAlternative.getTerms(); + + Iterator iterator = listOfAssertions.iterator(); + /* + * Loop over all assertions in this alternative. If all assertions + * can be fulfilled then we choose this alternative and signal a + * success. + */ + boolean all = true; + while (all && iterator.hasNext()) { + Assertion assertion = (Assertion) iterator.next(); + + /* + * At this point we expect PrimitiveAssertions only. + */ + if (!(assertion instanceof PrimitiveAssertion)) { + System.out.println("Got a unexpected assertion type: " + + assertion.getClass().getName()); + continue; + } + /* + * We need to pick only the primitive assertions which contain a + * WSSecurityPolicy policy assertion. For that we'll check the + * namespace of the primitive assertion + */ + PrimitiveAssertion pa = (PrimitiveAssertion) assertion; + if (!(pa.getName().getNamespaceURI() + .equals("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";))) { + System.out.println("Got a unexpected assertion: " + + pa.getName().getLocalPart()); + continue; + } + all = processPrimitiveAssertion((PrimitiveAssertion) assertion); + } + /* + * copy the status of assertion processing. If all is true then this + * alternative is "success"ful + */ + success = all; + } + return success; + } + + boolean processPrimitiveAssertion(PrimitiveAssertion pa) { + boolean commit = true; + + commit = startPolicyTransaction(pa); + + List terms = pa.getTerms(); + if (commit && terms.size() > 0) { + for (int i = 0; commit && i < terms.size(); i++) { + Assertion assertion = (Assertion) pa.getTerms().get(i); + if (assertion instanceof Policy) { + commit = processPolicy((Policy) assertion); + } else if (assertion instanceof PrimitiveAssertion) { + commit = processPrimitiveAssertion((PrimitiveAssertion) assertion); + } + } + } + if (commit) { + commitPolicyTransaction(pa); + } else { + abortPolicyTransaction(pa); + } + return commit; + } + + public boolean startPolicyTransaction(PrimitiveAssertion pa) { + + String tokenName = pa.getName().getLocalPart(); + + SecurityPolicyToken spt = null; + + /* + * Get the current security token from the context and check if the + * current token supports/contains this assertion as token. If yes set + * this token as current token (push onto stack), set the assertion into + * context and call the processing method for this token. + */ + SecurityPolicyToken currentToken = secProcessorContext + .readCurrentSecurityToken(); + if (currentToken != null) { + spt = currentToken.getChildToken(tokenName); + } + secProcessorContext.pushSecurityToken(spt); + secProcessorContext.setAssertion(pa); + secProcessorContext.setAction(SecurityProcessorContext.START); + boolean ret = true; // initi to flase if all tokens a ready and intialized + if (spt != null) { + try { + ret = spt.invokeProcessTokenMethod(secProcessorContext); + } catch (IllegalArgumentException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IllegalAccessException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (InvocationTargetException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } finally { + secProcessorContext.setAction(SecurityProcessorContext.NONE); + } + } + return ret; + } + + public void abortPolicyTransaction(PrimitiveAssertion prim) { + System.out.println("Aborting Policy transaction " + + prim.getName().getLocalPart()); + secProcessorContext.setAction(SecurityProcessorContext.ABORT); + SecurityPolicyToken currentToken = secProcessorContext + .readCurrentSecurityToken(); + if (currentToken != null) { + try { + currentToken.invokeProcessTokenMethod(secProcessorContext); + } catch (IllegalArgumentException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IllegalAccessException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (InvocationTargetException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } finally { + secProcessorContext.setAction(SecurityProcessorContext.NONE); + } + secProcessorContext.setAction(SecurityProcessorContext.NONE); // only in finally block if all tokens are ready + secProcessorContext.popSecurityToken(); // put this in finally block if all tokens are ready + } + } + + public void commitPolicyTransaction(PrimitiveAssertion prim) { + System.out.println("Commit Policy transaction " + + prim.getName().getLocalPart()); + secProcessorContext.setAction(SecurityProcessorContext.COMMIT); + SecurityPolicyToken currentToken = secProcessorContext + .readCurrentSecurityToken(); + if (currentToken != null) { + try { + currentToken.invokeProcessTokenMethod(secProcessorContext); + } catch (IllegalArgumentException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IllegalAccessException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (InvocationTargetException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } finally { + secProcessorContext.setAction(SecurityProcessorContext.NONE); + } + } + secProcessorContext.setAction(SecurityProcessorContext.NONE); // only in finally block if all tokens are ready + secProcessorContext.popSecurityToken(); // put this in finally block if all tokens are ready + + } }
Added: webservices/commons/trunk/policy/src/examples/secParser/X509TokenProcessor.java URL: http://svn.apache.org/viewcvs/webservices/commons/trunk/policy/src/examples/secParser/X509TokenProcessor.java?rev=367649&view=auto ============================================================================== --- webservices/commons/trunk/policy/src/examples/secParser/X509TokenProcessor.java (added) +++ webservices/commons/trunk/policy/src/examples/secParser/X509TokenProcessor.java Tue Jan 10 07:38:28 2006 @@ -0,0 +1,99 @@ +/* + * Copyright 2004,2005 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package examples.secParser; + +/** + * @author Werner Dittmann ([EMAIL PROTECTED]) + */ +public class X509TokenProcessor { + private boolean initializedUsernameToken = false; + + private SecurityPolicy secPol = new SecurityPolicy(); + + + + /** + * Intialize the X509 complex token. + * + * This method creates a copy of the X509Token token and sets the handler + * object to the copy. Then it creates copies of the child tokens that are + * allowed for X509Token. These tokens are: + * + * These copies are also initialized with the handler object and then set as + * child tokens of X509Token. + * + * <p/> + * The handler object that must contain the methods + * <code>doX509Token</code>. + * + * @param spt + * The token that will hold the child tokens. + * @throws NoSuchMethodException + */ + private void initializeX509Token(SecurityPolicyToken spt) + throws NoSuchMethodException { +// SecurityPolicyToken spt = secPol.x509Token.copy(); +// spt.setProcessTokenMethod(handler); + + SecurityPolicyToken tmpSpt = secPol.requireKeyIdentifierReference.copy(); + tmpSpt.setProcessTokenMethod(this); + spt.setChildToken(tmpSpt); + + tmpSpt = secPol.requireIssuerSerialReference.copy(); + tmpSpt.setProcessTokenMethod(this); + spt.setChildToken(tmpSpt); + + tmpSpt = secPol.requireEmbeddedTokenReference.copy(); + tmpSpt.setProcessTokenMethod(this); + spt.setChildToken(tmpSpt); + + tmpSpt = secPol.requireThumbprintReference.copy(); + tmpSpt.setProcessTokenMethod(this); + spt.setChildToken(tmpSpt); + + tmpSpt = secPol.wssX509V1Token10.copy(); + tmpSpt.setProcessTokenMethod(this); + spt.setChildToken(tmpSpt); + + tmpSpt = secPol.wssX509V3Token10.copy(); + tmpSpt.setProcessTokenMethod(this); + spt.setChildToken(tmpSpt); + + tmpSpt = secPol.wssX509Pkcs7Token10.copy(); + tmpSpt.setProcessTokenMethod(this); + spt.setChildToken(tmpSpt); + + tmpSpt = secPol.wssX509PkiPathV1Token10.copy(); + tmpSpt.setProcessTokenMethod(this); + spt.setChildToken(tmpSpt); + + tmpSpt = secPol.wssX509V1Token11.copy(); + tmpSpt.setProcessTokenMethod(this); + spt.setChildToken(tmpSpt); + + tmpSpt = secPol.wssX509V3Token11.copy(); + tmpSpt.setProcessTokenMethod(this); + spt.setChildToken(tmpSpt); + + tmpSpt = secPol.wssX509Pkcs7Token11.copy(); + tmpSpt.setProcessTokenMethod(this); + spt.setChildToken(tmpSpt); + + tmpSpt = secPol.wssX509PkiPathV1Token11.copy(); + tmpSpt.setProcessTokenMethod(this); + spt.setChildToken(tmpSpt); + } +}
