/* * Copyright 2004,2005 The Apache Software Foundation. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.rampart.policy; import org.apache.axis2.policy.model.MTOMAssertion; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.neethi.Assertion; import org.apache.rampart.policy.model.RampartConfig; import org.apache.ws.secpolicy.WSSPolicyException; import org.apache.ws.secpolicy.model.AsymmetricBinding; import org.apache.ws.secpolicy.model.Binding; import org.apache.ws.secpolicy.model.EncryptionToken; import org.apache.ws.secpolicy.model.Header; import org.apache.ws.secpolicy.model.InitiatorToken; import org.apache.ws.secpolicy.model.ProtectionToken; import org.apache.ws.secpolicy.model.RecipientToken; import org.apache.ws.secpolicy.model.SignatureToken; import org.apache.ws.secpolicy.model.SignedEncryptedElements; import org.apache.ws.secpolicy.model.SignedEncryptedParts; import org.apache.ws.secpolicy.model.SupportingToken; import org.apache.ws.secpolicy.model.SymmetricAsymmetricBindingBase; import org.apache.ws.secpolicy.model.SymmetricBinding; import org.apache.ws.secpolicy.model.TokenWrapper; import org.apache.ws.secpolicy.model.TransportBinding; import org.apache.ws.secpolicy.model.Trust10; import org.apache.ws.secpolicy.model.Wss10; import org.apache.ws.secpolicy.model.Wss11; import java.util.Iterator; import java.util.List; public class RampartPolicyBuilder { private static Log log = LogFactory.getLog(RampartPolicyBuilder.class); /** * Compile the parsed security data into one Policy data block. * * This methods loops over all top level Policy Engine data elements, * extracts the parsed parameters and sets them into a single data block. * During this processing the method prepares the parameters in a format * that is ready for processing by the WSS4J functions. * *

* * The WSS4J policy enabled handler takes this data block to control the * setup of the security header. * * @param topLevelAssertions * The iterator of the top level policy assertions * @return The compile Poilcy data block. * @throws WSSPolicyException */ public static RampartPolicyData build(List topLevelAssertions) throws WSSPolicyException { RampartPolicyData rpd = new RampartPolicyData(); for (Iterator iter = topLevelAssertions.iterator(); iter.hasNext();) { Assertion assertion = (Assertion) iter.next(); if (assertion instanceof Binding) { if (assertion instanceof SymmetricBinding) { processSymmetricPolicyBinding((SymmetricBinding) assertion, rpd); } else if(assertion instanceof AsymmetricBinding) { processAsymmetricPolicyBinding((AsymmetricBinding) assertion, rpd); } else { processTransportBinding((TransportBinding) assertion, rpd); } /* * Don't change the order of Wss11 / Wss10 instance checks * because Wss11 extends Wss10 - thus first check Wss11. */ } else if (assertion instanceof Wss11) { processWSS11((Wss11) assertion, rpd); } else if (assertion instanceof Wss10) { processWSS10((Wss10) assertion, rpd); } else if (assertion instanceof SignedEncryptedElements) { processSignedEncryptedElements((SignedEncryptedElements) assertion, rpd); } else if (assertion instanceof SignedEncryptedParts) { processSignedEncryptedParts((SignedEncryptedParts) assertion, rpd); } else if (assertion instanceof SupportingToken) { processSupportingTokens((SupportingToken) assertion, rpd); } else if (assertion instanceof Trust10) { processTrust10((Trust10)assertion, rpd); } else if (assertion instanceof RampartConfig) { processRampartConfig((RampartConfig)assertion, rpd); } else if (assertion instanceof MTOMAssertion){ processMTOMSerialization((MTOMAssertion)assertion, rpd); } else { log.debug("Unknown top level PED found: " + assertion.getClass().getName()); } } return rpd; } /** * @param binding * @param rpd */ private static void processTransportBinding(TransportBinding binding, RampartPolicyData rpd) { binding(binding, rpd); rpd.setTransportBinding(true); } /** * Add TRust10 assertion info into rampart policy data * @param trust10 * @param rpd */ private static void processTrust10(Trust10 trust10, RampartPolicyData rpd) { rpd.setTrust10(trust10); } /** * Add the rampart configuration information into rampart policy data. * @param config * @param rpd */ private static void processRampartConfig(RampartConfig config, RampartPolicyData rpd) { rpd.setRampartConfig(config); } /** * Evaluate the symmetric policy binding data. * * @param binding * The binding data * @param rpd * The WSS4J data to initialize * @throws WSSPolicyException */ private static void processSymmetricPolicyBinding( SymmetricBinding symmBinding, RampartPolicyData rpd) throws WSSPolicyException { rpd.setSymmetricBinding(true); binding(symmBinding, rpd); symmAsymmBinding(symmBinding, rpd); symmetricBinding(symmBinding, rpd); } private static void processWSS10(Wss10 wss10, RampartPolicyData rpd) { rpd.setWss10(wss10); } /** * Evaluate the asymmetric policy binding data. * * @param binding * The binding data * @param rpd * The WSS4J data to initialize * @throws WSSPolicyException */ private static void processAsymmetricPolicyBinding( AsymmetricBinding binding, RampartPolicyData rpd) throws WSSPolicyException { rpd.setSymmetricBinding(false); binding(binding, rpd); symmAsymmBinding(binding, rpd); asymmetricBinding(binding, rpd); } private static void processWSS11(Wss11 wss11, RampartPolicyData rpd) { rpd.setSignatureConfirmation(wss11.isRequireSignatureConfirmation()); rpd.setWss11(wss11); } /** * Populate elements to sign and/or encrypt with the message tokens. * * @param sep * The data describing the elements (XPath) * @param rpd * The WSS4J data to initialize */ private static void processSignedEncryptedElements( SignedEncryptedElements see, RampartPolicyData rpd) { Iterator it = see.getXPathExpressions().iterator(); if (see.isSignedElemets()) { while (it.hasNext()) { rpd.setSignedElements((String) it.next()); } } else { while (it.hasNext()) { rpd.setEncryptedElements((String) it.next()); } } } /** * Populate parts to sign and/or encrypt with the message tokens. * * @param sep * The data describing the parts * @param rpd * The WSS4J data to initialize */ private static void processSignedEncryptedParts(SignedEncryptedParts sep, RampartPolicyData rpd) { Iterator it = sep.getHeaders().iterator(); if (sep.isSignedParts()) { rpd.setSignBody(sep.isBody()); while (it.hasNext()) { Header header = (Header) it.next(); rpd.addSignedPart(header.getNamespace(), header.getName()); } } else { rpd.setEncryptBody(sep.isBody()); while (it.hasNext()) { Header header = (Header) it.next(); rpd.setEncryptedParts(header.getNamespace(), header.getName()); } } } /** * Evaluate policy data that is common to all bindings. * * @param binding * The common binding data * @param rpd * The WSS4J data to initialize */ private static void binding(Binding binding, RampartPolicyData rpd) { rpd.setLayout(binding.getLayout().getValue()); rpd.setIncludeTimestamp(binding.isIncludeTimestamp()); rpd.setAlgorithmSuite(binding.getAlgorithmSuite()); } /** * Evaluate policy data that is common to symmetric and asymmetric bindings. * * @param binding * The symmetric/asymmetric binding data * @param rpd * The WSS4J data to initialize */ private static void symmAsymmBinding( SymmetricAsymmetricBindingBase binding, RampartPolicyData rpd) { rpd.setEntireHeadersAndBodySignatures(binding .isEntireHeadersAndBodySignatures()); rpd.setProtectionOrder(binding.getProtectionOrder()); rpd.setSignatureProtection(binding.isSignatureProtection()); rpd.setTokenProtection(binding.isTokenProtection()); rpd.setAlgorithmSuite(binding.getAlgorithmSuite()); } /** * Evaluate policy data that is specific to symmetric binding. * * @param binding * The symmetric binding data * @param rpd * The WSS4J data to initialize */ private static void symmetricBinding(SymmetricBinding binding, RampartPolicyData rpd) throws WSSPolicyException { Assertion token = binding.getProtectionToken(); if (token != null) { rpd.setProtectionToken(((ProtectionToken)token).getProtectionToken()); } else { token = binding.getEncryptionToken(); Assertion token1 = binding.getSignatureToken(); if (token == null && token1 == null) { // this is an error - throw something } rpd.setEncryptionToken( ((EncryptionToken) token).getEncryptionToken()); rpd.setSignatureToken(((SignatureToken) token).getSignatureToken()); } } /** * Evaluate policy data that is specific to asymmetric binding. * * @param binding * The asymmetric binding data * @param rpd * The WSS4J data to initialize */ private static void asymmetricBinding(AsymmetricBinding binding, RampartPolicyData rpd) throws WSSPolicyException { TokenWrapper tokWrapper = binding.getRecipientToken(); TokenWrapper tokWrapper1 = binding.getInitiatorToken(); if (tokWrapper == null && tokWrapper1 == null) { // this is an error - throw something } rpd.setRecipientToken(((RecipientToken) tokWrapper).getReceipientToken()); rpd.setInitiatorToken(((InitiatorToken) tokWrapper1).getInitiatorToken()); } private static void processSupportingTokens(SupportingToken token, RampartPolicyData rpd) throws WSSPolicyException { rpd.setSupportingTokens(token); } private static void processMTOMSerialization(MTOMAssertion mtomAssertion, RampartPolicyData rpd) { rpd.setMTOMAssertion(mtomAssertion); } }