Author: nandana
Date: Wed Feb 25 06:21:49 2009
New Revision: 747676
URL: http://svn.apache.org/viewvc?rev=747676&view=rev
Log:
RAMPART-214 proper validationg for HTTPs token when we have clientAuth property
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=747676&r1=747675&r2=747676&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
Wed Feb 25 06:21:49 2009
@@ -22,34 +22,17 @@
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.SPConstants;
-import org.apache.ws.secpolicy.model.HttpsToken;
-import org.apache.ws.secpolicy.model.IssuedToken;
-import org.apache.ws.secpolicy.model.SignedEncryptedParts;
-import org.apache.ws.secpolicy.model.SupportingToken;
-import org.apache.ws.secpolicy.model.Token;
-import org.apache.ws.secpolicy.model.UsernameToken;
-import org.apache.ws.secpolicy.model.X509Token;
-import org.apache.ws.security.SOAP11Constants;
-import org.apache.ws.security.SOAP12Constants;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSDataRef;
-import org.apache.ws.security.WSEncryptionPart;
-import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.secpolicy.model.*;
+import org.apache.ws.security.*;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import javax.xml.namespace.QName;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Calendar;
-import java.util.Iterator;
-import java.util.Set;
-import java.util.Vector;
-
-import javax.xml.namespace.QName;
+import java.util.*;
public class PolicyBasedResultsValidator implements
PolicyValidatorCallbackHandler {
@@ -133,16 +116,6 @@
validateProtectionOrder(data, results);
}
- if(rpd.isTransportBinding() && !rmd.isInitiator()){
- if (rpd.getTransportToken() instanceof HttpsToken) {
- String incomingTransport =
rmd.getMsgContext().getIncomingTransportName();
-
if(!incomingTransport.equals(org.apache.axis2.Constants.TRANSPORT_HTTPS)){
- throw new RampartException("invalidTransport",
- new String[]{incomingTransport});
- }
- }
- }
-
validateEncryptedParts(data, encryptedParts, results);
validateSignedPartsHeaders(data, signatureParts, results);
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=747676&r1=747675&r2=747676&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
Wed Feb 25 06:21:49 2009
@@ -73,8 +73,11 @@
RampartPolicyData rpd = rmd.getPolicyData();
msgCtx.setProperty(RampartMessageData.RAMPART_POLICY_DATA, rpd);
-
- //If there is no policy information or if the message is a
security fault or no security
+
+ RampartUtil.validateTransport(rmd);
+
+
+ //If there is no policy information or if the message is a security
fault or no security
// header required by the policy
if(rpd == null || isSecurityFault(rmd) ||
!RampartUtil.isSecHeaderRequired(rpd,rmd.isInitiator(),true)) {
SOAPEnvelope env =
Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties?rev=747676&r1=747675&r2=747676&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
Wed Feb 25 06:21:49 2009
@@ -58,7 +58,6 @@
UnsupportedTokenInSupportingToken = Unsupported token in supporting tokens
encryptionTokenMissing = Encryption token missing
signatureTokenMissing = Signature token missing
-errorInEncryption = Error during encryption
sctIssuerPolicyMissing = sct-issuer-policy parameter missing
errorInTokenCancellation = Error in canceling token
tokenToBeCancelledInvalid = Token to be canceled is invalid or expired
@@ -69,6 +68,7 @@
rampartConigMissing = Please include configured RampartConfiguration assertion
in policy
missingSecurityHeader = Missing wsse:Security header in request
missingSOAPHeader = SOAP header missing
+clientAuthRequired= Service requires SSL mutual authentication
#Errors in processors
errorProcessingUT = Error in processing UsernameToken
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?rev=747676&r1=747675&r2=747676&view=diff
==============================================================================
---
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
(original)
+++
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
Wed Feb 25 06:21:49 2009
@@ -29,7 +29,6 @@
import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axis2.AxisFault;
import org.apache.axis2.addressing.AddressingConstants;
-import org.apache.axis2.addressing.EndpointReference;
import org.apache.axis2.client.Options;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.dataretrieval.DRConstants;
@@ -60,12 +59,7 @@
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.SPConstants;
-import org.apache.ws.secpolicy.model.IssuedToken;
-import org.apache.ws.secpolicy.model.SecureConversationToken;
-import org.apache.ws.secpolicy.model.SupportingToken;
-import org.apache.ws.secpolicy.model.Wss10;
-import org.apache.ws.secpolicy.model.Wss11;
-import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.secpolicy.model.*;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
@@ -94,6 +88,7 @@
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
+import javax.servlet.http.HttpServletRequest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
@@ -1541,4 +1536,32 @@
}
+ public static void validateTransport(RampartMessageData rmd) throws
RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if (rpd == null) {
+ return;
+ }
+
+ if (rpd.isTransportBinding() && !rmd.isInitiator()) {
+ if (rpd.getTransportToken() instanceof HttpsToken) {
+ String incomingTransport =
rmd.getMsgContext().getIncomingTransportName();
+ if
(!incomingTransport.equals(org.apache.axis2.Constants.TRANSPORT_HTTPS)) {
+ throw new RampartException("invalidTransport",
+ new String[]{incomingTransport});
+ }
+ if (((HttpsToken)
rpd.getTransportToken()).isRequireClientCertificate()) {
+
+ MessageContext messageContext = rmd.getMsgContext();
+ HttpServletRequest request = ((HttpServletRequest)
messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST));
+ if (request == null ||
request.getAttribute("javax.servlet.request.X509Certificate") == null) {
+ throw new RampartException("clientAuthRequired");
+ }
+ }
+
+ }
+ }
+ }
+
}
\ No newline at end of file
