001: /*
002: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003: *
004: * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
005: *
006: * The contents of this file are subject to the terms of either the GNU
007: * General Public License Version 2 only ("GPL") or the Common Development
008: * and Distribution License("CDDL") (collectively, the "License"). You
009: * may not use this file except in compliance with the License. You can obtain
010: * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
011: * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific
012: * language governing permissions and limitations under the License.
013: *
014: * When distributing the software, include this License Header Notice in each
015: * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
016: * Sun designates this particular file as subject to the "Classpath" exception
017: * as provided by Sun in the GPL Version 2 section of the License file that
018: * accompanied this code. If applicable, add the following below the License
019: * Header, with the fields enclosed by brackets [] replaced by your own
020: * identifying information: "Portions Copyrighted [year]
021: * [name of copyright owner]"
022: *
023: * Contributor(s):
024: *
025: * If you wish your version of this file to be governed by only the CDDL or
026: * only the GPL Version 2, indicate your decision by adding "[Contributor]
027: * elects to include this software in this distribution under the [CDDL or GPL
028: * Version 2] license." If you don't indicate a single choice of license, a
029: * recipient has the option to distribute your version of this file under
030: * either the CDDL, the GPL Version 2 or to extend the choice of license to
031: * its licensees as provided above. However, if you add GPL Version 2 code
032: * and therefore, elected the GPL Version 2 license, then the option applies
033: * only if the new code is made subject to such option by the copyright
034: * holder.
035: */
036:
037: package com.sun.xml.ws.security.impl.policyconv;
038:
039: import com.sun.xml.ws.policy.PolicyException;
040: import com.sun.xml.ws.security.policy.AsymmetricBinding;
041: import com.sun.xml.ws.security.policy.Binding;
042: import com.sun.xml.ws.security.policy.EncryptedElements;
043: import com.sun.xml.ws.security.policy.EncryptedParts;
044: import com.sun.xml.ws.security.policy.SignedElements;
045: import com.sun.xml.ws.security.policy.SignedParts;
046: import com.sun.xml.ws.security.policy.Token;
047: import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
048: import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
049: import com.sun.xml.wss.impl.policy.mls.TimestampPolicy;
050: import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
051: import java.util.Vector;
052: import java.util.logging.Level;
053: import javax.xml.crypto.dsig.CanonicalizationMethod;
054: import static com.sun.xml.ws.security.impl.policy.Constants.logger;
055:
056: /**
057: *
058: * @author K.Venugopal@sun.com
059: */
060: public class AsymmetricBindingProcessor extends BindingProcessor {
061: private AsymmetricBinding binding = null;
062:
063: /** Creates a new instance of AsymmetricBindingProcessor */
064: public AsymmetricBindingProcessor(AsymmetricBinding asBinding,
065: XWSSPolicyContainer container, boolean isServer,
066: boolean isIncoming, Vector<SignedParts> signedParts,
067: Vector<EncryptedParts> encryptedParts,
068: Vector<SignedElements> signedElements,
069: Vector<EncryptedElements> encryptedElements) {
070: this .binding = asBinding;
071: this .container = container;
072: this .isServer = isServer;
073: this .isIncoming = isIncoming;
074: protectionOrder = binding.getProtectionOrder();
075: tokenProcessor = new TokenProcessor(isServer, isIncoming, pid);
076: iAP = new IntegrityAssertionProcessor(binding
077: .getAlgorithmSuite(), binding.isSignContent());
078: eAP = new EncryptionAssertionProcessor(binding
079: .getAlgorithmSuite(), false);
080: this .signedParts = signedParts;
081: this .signedElements = signedElements;
082: this .encryptedElements = encryptedElements;
083: this .encryptedParts = encryptedParts;
084: }
085:
086: public void process() throws PolicyException {
087: Token st = getSignatureToken();
088: Token et = getEncryptionToken();
089: if (st != null) {
090: primarySP = new SignaturePolicy();
091: primarySP.setUUID(pid.generateID());
092: if (logger.isLoggable(Level.FINEST)) {
093: logger.log(Level.FINEST,
094: "ID of Primary signature policy is "
095: + primarySP.getUUID());
096: }
097: tokenProcessor.addKeyBinding(primarySP, st, true);
098: SignaturePolicy.FeatureBinding spFB = (com.sun.xml.wss.impl.policy.mls.SignaturePolicy.FeatureBinding) primarySP
099: .getFeatureBinding();
100: //spFB.setCanonicalizationAlgorithm(CanonicalizationMethod.EXCLUSIVE);
101: SecurityPolicyUtil.setCanonicalizationMethod(spFB, binding
102: .getAlgorithmSuite());
103: spFB.isPrimarySignature(true);
104: }
105: if (et != null) {
106: primaryEP = new EncryptionPolicy();
107: primaryEP.setUUID(pid.generateID());
108: tokenProcessor.addKeyBinding(primaryEP, et, false);
109: if (logger.isLoggable(Level.FINEST)) {
110: logger.log(Level.FINEST, "ID of Encryption policy is "
111: + primaryEP.getUUID());
112: }
113: }
114: if (protectionOrder == Binding.SIGN_ENCRYPT) {
115: container.insert(primarySP);
116: } else {
117: container.insert(primaryEP);
118: container.insert(primarySP);
119:
120: }
121: addPrimaryTargets();
122: if (foundEncryptTargets && binding.getSignatureProtection()) {
123: if (logger.isLoggable(Level.FINEST)) {
124: logger.log(Level.FINEST,
125: "PrimarySignature will be Encrypted");
126: }
127: protectPrimarySignature();
128: }
129: if (binding.isIncludeTimeStamp()) {
130: if (logger.isLoggable(Level.FINEST)) {
131: logger
132: .log(
133: Level.FINEST,
134: "Timestamp header will be added to the message and will be Integrity protected ");
135: }
136: TimestampPolicy tp = new TimestampPolicy();
137: tp.setUUID(pid.generateID());
138: container.insert(tp);
139: if (!binding.isDisableTimestampSigning()) {
140: protectTimestamp(tp);
141: }
142: }
143: if (binding.getTokenProtection()) {
144: if (logger.isLoggable(Level.FINEST)) {
145: logger.log(Level.FINEST,
146: "Token reference by primary signature with ID "
147: + primarySP.getUUID()
148: + " will be Integrity protected");
149: }
150: protectToken((WSSPolicy) primarySP.getKeyBinding());
151: }
152:
153: }
154:
155: protected Token getEncryptionToken() {
156: if ((isServer && !isIncoming) || (!isServer && isIncoming)) {
157: return binding.getInitiatorToken();
158: } else {
159: return binding.getRecipientToken();
160: }
161: }
162:
163: protected Token getSignatureToken() {
164: if ((isServer && !isIncoming) || (!isServer && isIncoming)) {
165: return binding.getRecipientToken();
166: } else {
167: return binding.getInitiatorToken();
168: }
169: }
170:
171: protected Binding getBinding() {
172: return binding;
173: }
174:
175: protected EncryptionPolicy getSecondaryEncryptionPolicy()
176: throws PolicyException {
177: if (sEncPolicy == null) {
178: sEncPolicy = new EncryptionPolicy();
179: sEncPolicy.setUUID(pid.generateID());
180: Token token = null;
181: token = getEncryptionToken();
182: tokenProcessor.addKeyBinding(sEncPolicy, token, false);
183: container.insert(sEncPolicy);
184: }
185: return sEncPolicy;
186: }
187:
188: protected void close() {
189:
190: if (protectionOrder == Binding.SIGN_ENCRYPT) {
191: container.insert(primaryEP);
192: }
193: }
194: }
|