001: /*
002: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003: *
004: * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
005: *
006: * The contents of this file are subject to the terms of either the GNU
007: * General Public License Version 2 only ("GPL") or the Common Development
008: * and Distribution License("CDDL") (collectively, the "License"). You
009: * may not use this file except in compliance with the License. You can obtain
010: * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
011: * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific
012: * language governing permissions and limitations under the License.
013: *
014: * When distributing the software, include this License Header Notice in each
015: * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
016: * Sun designates this particular file as subject to the "Classpath" exception
017: * as provided by Sun in the GPL Version 2 section of the License file that
018: * accompanied this code. If applicable, add the following below the License
019: * Header, with the fields enclosed by brackets [] replaced by your own
020: * identifying information: "Portions Copyrighted [year]
021: * [name of copyright owner]"
022: *
023: * Contributor(s):
024: *
025: * If you wish your version of this file to be governed by only the CDDL or
026: * only the GPL Version 2, indicate your decision by adding "[Contributor]
027: * elects to include this software in this distribution under the [CDDL or GPL
028: * Version 2] license." If you don't indicate a single choice of license, a
029: * recipient has the option to distribute your version of this file under
030: * either the CDDL, the GPL Version 2 or to extend the choice of license to
031: * its licensees as provided above. However, if you add GPL Version 2 code
032: * and therefore, elected the GPL Version 2 license, then the option applies
033: * only if the new code is made subject to such option by the copyright
034: * holder.
035: */
036: package com.sun.xml.ws.security.impl.policy;
037:
038: import com.sun.xml.ws.policy.PolicyAssertion;
039: import com.sun.xml.ws.policy.spi.PolicyAssertionValidator;
040: import com.sun.xml.ws.security.policy.SecurityAssertionValidator;
041: import com.sun.xml.ws.security.policy.SecurityAssertionValidator;
042: import static com.sun.xml.ws.security.impl.policy.Constants.*;
043: import java.util.ArrayList;
044: import javax.xml.namespace.QName;
045:
046: /**
047: *
048: * @author K.Venugopal@sun.com
049: */
050: public class SecurityPolicyValidator implements
051: PolicyAssertionValidator {
052: private static final ArrayList<QName> supportedAssertions = new ArrayList<QName>();
053: static {
054: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
055: CanonicalizationAlgorithm));
056: supportedAssertions
057: .add(new QName(SECURITY_POLICY_NS, Basic256));
058: supportedAssertions
059: .add(new QName(SECURITY_POLICY_NS, Basic192));
060: supportedAssertions
061: .add(new QName(SECURITY_POLICY_NS, Basic128));
062: supportedAssertions
063: .add(new QName(SECURITY_POLICY_NS, TripleDes));
064: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
065: Basic256Rsa15));
066:
067: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
068: Basic192Rsa15));
069: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
070: Basic192Rsa15));
071: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
072: TripleDesRsa15));
073: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
074: Basic256Sha256));
075: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
076: Basic256Rsa15));
077:
078: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
079: Basic192Sha256));
080: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
081: Basic128Sha256));
082: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
083: Basic192Sha256));
084: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
085: TripleDesSha256));
086: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
087: Basic256Sha256Rsa15));
088: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
089: Basic192Sha256Rsa15));
090: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
091: Basic128Sha256Rsa15));
092: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
093: TripleDesSha256Rsa15));
094: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
095: InclusiveC14N));
096: supportedAssertions.add(new QName(
097: SUN_WSS_SECURITY_SERVER_POLICY_NS,
098: InclusiveC14NWithComments));
099: supportedAssertions.add(new QName(
100: SUN_WSS_SECURITY_SERVER_POLICY_NS,
101: ExclusiveC14NWithComments));
102: // supportedAssertions.add(new QName(SECURITY_POLICY_NS,SoapNormalization10));
103:
104: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
105: STRTransform10));
106: //supportedAssertions.add(new QName(SECURITY_POLICY_NS,XPath10));
107: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
108: XPathFilter20));
109: supportedAssertions.add(new QName(SECURITY_POLICY_NS, Strict));
110: supportedAssertions.add(new QName(SECURITY_POLICY_NS, Lax));
111:
112: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
113: LaxTsFirst));
114: supportedAssertions
115: .add(new QName(SECURITY_POLICY_NS, LaxTsLast));
116: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
117: IncludeTimestamp));
118: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
119: EncryptBeforeSigning));
120: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
121: EncryptSignature));
122:
123: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
124: ProtectTokens));
125: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
126: OnlySignEntireHeadersAndBody));
127: supportedAssertions.add(new QName(SECURITY_POLICY_NS, Body));
128: //supportedAssertions.add(new QName(SECURITY_POLICY_NS,Header));
129: supportedAssertions.add(new QName(SECURITY_POLICY_NS, XPath));
130:
131: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
132: WssUsernameToken10));
133: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
134: WssUsernameToken11));
135: supportedAssertions.add(new QName(SECURITY_POLICY_NS, Issuer));
136:
137: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
138: RequestSecurityTokenTemplate));
139: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
140: RequireDerivedKeys));
141: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
142: RequireExternalReference));
143: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
144: RequireInternalReference));
145: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
146: RequireKeyIdentifierReference));
147:
148: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
149: RequireIssuerSerialReference));
150: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
151: RequireEmbeddedTokenReference));
152: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
153: RequireThumbprintReference));
154: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
155: WssX509V1Token10));
156: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
157: WssX509V3Token10));
158:
159: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
160: WssX509Pkcs7Token10));
161: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
162: WssX509PkiPathV1Token10));
163: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
164: WssX509V1Token11));
165: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
166: WssX509V3Token11));
167: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
168: WssX509Pkcs7Token11));
169:
170: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
171: WssX509PkiPathV1Token11));
172: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
173: WssKerberosV5ApReqToken11));
174: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
175: WssGssKerberosV5ApReqToken11));
176: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
177: SC10SecurityContextToken));
178: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
179: WssSamlV10Token10));
180:
181: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
182: WssSamlV11Token10));
183: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
184: WssSamlV10Token11));
185: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
186: WssSamlV11Token11));
187: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
188: WssSamlV20Token11));
189: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
190: WssRelV10Token10));
191:
192: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
193: WssRelV20Token10));
194: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
195: WssRelV10Token11));
196: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
197: WssRelV20Token11));
198: //supportedAssertions.add(new QName(SECURITY_POLICY_NS,X509V3Token));
199: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
200: SupportingTokens));
201: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
202: SignedSupportingTokens));
203: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
204: EndorsingSupportingTokens));
205: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
206: SignedEndorsingSupportingTokens));
207: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
208: MustSupportRefKeyIdentifier));
209: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
210: MustSupportRefIssuerSerial));
211: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
212: MustSupportRefExternalURI));
213: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
214: MustSupportRefEmbeddedToken));
215: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
216: MustSupportRefKeyIdentifier));
217: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
218: MustSupportRefIssuerSerial));
219: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
220: MustSupportRefExternalURI));
221: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
222: MustSupportRefEmbeddedToken));
223: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
224: MustSupportRefThumbprint));
225: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
226: MustSupportRefEncryptedKey));
227: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
228: MustSupportClientChallenge));
229: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
230: MustSupportServerChallenge));
231: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
232: RequireClientEntropy));
233: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
234: RequireServerEntropy));
235: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
236: MustSupportIssuedTokens));
237: supportedAssertions.add(new QName(SECURITY_POLICY_NS,
238: NoPassword));
239: supportedAssertions.add(new QName(TRUST_NS,
240: RequestSecurityToken));
241: supportedAssertions.add(new QName(TRUST_NS, RequestType));
242: supportedAssertions.add(new QName(TRUST_NS, TokenType));
243: supportedAssertions
244: .add(new QName(TRUST_NS, AuthenticationType));
245: supportedAssertions.add(new QName(TRUST_NS, OnBehalfOf));
246: supportedAssertions.add(new QName(TRUST_NS, KeyType));
247: supportedAssertions.add(new QName(TRUST_NS, KeySize));
248: supportedAssertions
249: .add(new QName(TRUST_NS, SignatureAlgorithm));
250: supportedAssertions
251: .add(new QName(TRUST_NS, EncryptionAlgorithm));
252: supportedAssertions.add(new QName(TRUST_NS,
253: CanonicalizationAlgorithm));
254: supportedAssertions.add(new QName(TRUST_NS,
255: ComputedKeyAlgorithm));
256: supportedAssertions.add(new QName(TRUST_NS, Encryption));
257: supportedAssertions.add(new QName(TRUST_NS, ProofEncryption));
258: supportedAssertions.add(new QName(TRUST_NS, UseKey));
259: supportedAssertions.add(new QName(TRUST_NS, SignWith));
260: supportedAssertions.add(new QName(TRUST_NS, EncryptWith));
261: supportedAssertions.add(new QName(
262: SUN_WSS_SECURITY_SERVER_POLICY_NS,
263: "DisableStreamingSecurity"));
264: supportedAssertions.add(new QName(
265: SUN_WSS_SECURITY_CLIENT_POLICY_NS,
266: "DisableStreamingSecurity"));
267: supportedAssertions.add(new QName(
268: SUN_WSS_SECURITY_SERVER_POLICY_NS,
269: "DisableTimestampSigning"));
270: supportedAssertions.add(new QName(
271: SUN_WSS_SECURITY_CLIENT_POLICY_NS,
272: "DisableTimestampSigning"));
273: supportedAssertions.add(new QName(
274: SUN_WSS_SECURITY_SERVER_POLICY_NS,
275: "EncryptHeaderContent"));
276: supportedAssertions.add(new QName(
277: SUN_WSS_SECURITY_CLIENT_POLICY_NS,
278: "EncryptHeaderContent"));
279: supportedAssertions.add(new QName(
280: SUN_WSS_SECURITY_SERVER_POLICY_NS,
281: "DisableInclusivePrefixList"));
282: supportedAssertions.add(new QName(
283: SUN_WSS_SECURITY_CLIENT_POLICY_NS,
284: "DisableInclusivePrefixList"));
285: supportedAssertions.add(new QName(
286: SUN_WSS_SECURITY_SERVER_POLICY_NS,
287: "DisablePayloadBuffering"));
288: supportedAssertions.add(new QName(
289: SUN_WSS_SECURITY_CLIENT_POLICY_NS,
290: "DisablePayloadBuffering"));
291: // newly added by M.P.
292: supportedAssertions.add(new QName(
293: SUN_WSS_SECURITY_SERVER_POLICY_NS, "KeyStore"));
294: supportedAssertions.add(new QName(
295: SUN_WSS_SECURITY_SERVER_POLICY_NS, "TrustStore"));
296:
297: supportedAssertions.add(new QName(
298: SUN_WSS_SECURITY_CLIENT_POLICY_NS, "KeyStore"));
299: supportedAssertions.add(new QName(
300: SUN_WSS_SECURITY_CLIENT_POLICY_NS, "TrustStore"));
301:
302: supportedAssertions.add(new QName(
303: SUN_SECURE_CLIENT_CONVERSATION_POLICY_NS,
304: "SCClientConfiguration"));
305:
306: supportedAssertions
307: .add(new QName(SUN_TRUST_CLIENT_SECURITY_POLICY_NS,
308: "PreconfiguredSTS"));
309: supportedAssertions
310: .add(new QName(SUN_TRUST_SERVER_SECURITY_POLICY_NS,
311: "STSConfiguration"));
312:
313: supportedAssertions
314: .add(new QName(SUN_WSS_SECURITY_CLIENT_POLICY_NS,
315: Constants.CertStore));
316: supportedAssertions
317: .add(new QName(SUN_WSS_SECURITY_SERVER_POLICY_NS,
318: Constants.CertStore));
319: supportedAssertions.add(new QName(
320: SUN_WSS_SECURITY_CLIENT_POLICY_NS, Constants.BSP10));
321: supportedAssertions.add(new QName(
322: SUN_WSS_SECURITY_SERVER_POLICY_NS, Constants.BSP10));
323: }
324:
325: /** Creates a new instance of SecurityPolicyValidator. To be used by appropriate service finder */
326: public SecurityPolicyValidator() {
327: }
328:
329: public Fitness validateClientSide(PolicyAssertion policyAssertion) {
330: String uri = policyAssertion.getName().getNamespaceURI();
331:
332: if (uri.equals(SUN_WSS_SECURITY_SERVER_POLICY_NS)
333: || uri.equals(SUN_TRUST_SERVER_SECURITY_POLICY_NS)) {
334: return Fitness.UNSUPPORTED;
335: }
336:
337: if (policyAssertion instanceof SecurityAssertionValidator) {
338: SecurityAssertionValidator.AssertionFitness fitness = ((SecurityAssertionValidator) policyAssertion)
339: .validate(false);
340: if (fitness == fitness.IS_VALID) {
341: return Fitness.SUPPORTED;
342: } else {
343: return Fitness.UNSUPPORTED;
344: }
345:
346: //return ((SecurityAssertionValidator)policyAssertion).validate() ? Fitness.SUPPORTED : Fitness.UNSUPPORTED;
347: } else if (supportedAssertions.contains(policyAssertion
348: .getName())) {
349: return Fitness.SUPPORTED;
350: } else {
351: return Fitness.UNKNOWN;
352: }
353: }
354:
355: public Fitness validateServerSide(PolicyAssertion policyAssertion) {
356: String uri = policyAssertion.getName().getNamespaceURI();
357:
358: if (uri.equals(SUN_WSS_SECURITY_CLIENT_POLICY_NS)
359: || uri.equals(SUN_WSS_SECURITY_CLIENT_POLICY_NS)
360: || uri.equals(SUN_SECURE_CLIENT_CONVERSATION_POLICY_NS)
361: || uri.equals(SUN_TRUST_CLIENT_SECURITY_POLICY_NS)) {
362: return Fitness.UNSUPPORTED;
363: }
364:
365: if (policyAssertion instanceof SecurityAssertionValidator) {
366: return (((SecurityAssertionValidator) policyAssertion)
367: .validate(true) == SecurityAssertionValidator.AssertionFitness.IS_VALID) ? Fitness.SUPPORTED
368: : Fitness.UNSUPPORTED;
369: } else if (supportedAssertions.contains(policyAssertion
370: .getName())) {
371: return Fitness.SUPPORTED;
372: } else {
373: return Fitness.UNKNOWN;
374: }
375: }
376:
377: public String[] declareSupportedDomains() {
378: return new String[] { SECURITY_POLICY_NS, TRUST_NS,
379: SUN_WSS_SECURITY_CLIENT_POLICY_NS,
380: SUN_WSS_SECURITY_SERVER_POLICY_NS,
381: SUN_SECURE_CLIENT_CONVERSATION_POLICY_NS,
382:
383: };
384: }
385: }
|