001: /*
002: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003: *
004: * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
005: *
006: * The contents of this file are subject to the terms of either the GNU
007: * General Public License Version 2 only ("GPL") or the Common Development
008: * and Distribution License("CDDL") (collectively, the "License"). You
009: * may not use this file except in compliance with the License. You can obtain
010: * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
011: * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific
012: * language governing permissions and limitations under the License.
013: *
014: * When distributing the software, include this License Header Notice in each
015: * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
016: * Sun designates this particular file as subject to the "Classpath" exception
017: * as provided by Sun in the GPL Version 2 section of the License file that
018: * accompanied this code. If applicable, add the following below the License
019: * Header, with the fields enclosed by brackets [] replaced by your own
020: * identifying information: "Portions Copyrighted [year]
021: * [name of copyright owner]"
022: *
023: * Contributor(s):
024: *
025: * If you wish your version of this file to be governed by only the CDDL or
026: * only the GPL Version 2, indicate your decision by adding "[Contributor]
027: * elects to include this software in this distribution under the [CDDL or GPL
028: * Version 2] license." If you don't indicate a single choice of license, a
029: * recipient has the option to distribute your version of this file under
030: * either the CDDL, the GPL Version 2 or to extend the choice of license to
031: * its licensees as provided above. However, if you add GPL Version 2 code
032: * and therefore, elected the GPL Version 2 license, then the option applies
033: * only if the new code is made subject to such option by the copyright
034: * holder.
035: */
036:
037: package com.sun.xml.ws.security.impl.policyconv;
038:
039: import com.sun.xml.ws.policy.PolicyAssertion;
040: import com.sun.xml.ws.policy.PolicyException;
041: import com.sun.xml.ws.security.impl.policy.PolicyUtil;
042: import com.sun.xml.ws.security.policy.UserNameToken;
043: import com.sun.xml.ws.security.policy.AlgorithmSuite;
044: import com.sun.xml.ws.security.policy.Binding;
045: import com.sun.xml.ws.security.policy.EncryptedElements;
046: import com.sun.xml.ws.security.policy.EncryptedParts;
047: import com.sun.xml.ws.security.policy.SignedElements;
048: import com.sun.xml.ws.security.policy.SignedParts;
049: import com.sun.xml.ws.security.policy.SupportingTokens;
050: import com.sun.xml.ws.security.policy.Target;
051: import com.sun.xml.ws.security.policy.Token;
052: import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
053: import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
054: import com.sun.xml.wss.impl.policy.mls.EncryptionTarget;
055: import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
056: import com.sun.xml.wss.impl.policy.mls.SignatureTarget;
057: import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
058: import java.util.ArrayList;
059: import java.util.Iterator;
060: import javax.xml.crypto.dsig.CanonicalizationMethod;
061:
062: /**
063: *
064: * @author K.Venugopal@sun.com
065: */
066: public class SupportingTokensProcessor {
067: protected TokenProcessor tokenProcessor = null;
068: protected SignatureTargetCreator stc = null;
069: protected EncryptionTargetCreator etc = null;
070: protected Binding binding = null;
071: protected XWSSPolicyContainer policyContainer = null;
072:
073: protected SignaturePolicy signaturePolicy = null;
074: protected EncryptionPolicy encryptionPolicy = null;
075: protected SupportingTokens st = null;
076: protected IntegrityAssertionProcessor iAP = null;
077: protected EncryptionAssertionProcessor eAP = null;
078:
079: protected ArrayList<SignaturePolicy> spList = null;
080: protected ArrayList<EncryptionPolicy> epList = null;
081: protected SignedParts emptySP = null;
082: protected boolean buildSP = false;
083: protected boolean buildEP = false;
084: protected PolicyID pid = null;
085:
086: protected SupportingTokensProcessor() {
087:
088: }
089:
090: /** Creates a new instance of SupportingTokensProcessor */
091: public SupportingTokensProcessor(SupportingTokens st,
092: TokenProcessor tokenProcessor, Binding binding,
093: XWSSPolicyContainer container, SignaturePolicy sp,
094: EncryptionPolicy ep, PolicyID pid) {
095: this .st = st;
096: this .tokenProcessor = tokenProcessor;
097: this .binding = binding;
098: this .pid = pid;
099: this .policyContainer = container;
100: this .encryptionPolicy = ep;
101: this .signaturePolicy = sp;
102: AlgorithmSuite as = null;
103: as = st.getAlgorithmSuite();
104: if (as == null) {
105: as = binding.getAlgorithmSuite();
106: }
107: this .iAP = new IntegrityAssertionProcessor(as, binding
108: .isSignContent());
109: this .eAP = new EncryptionAssertionProcessor(as, false);
110: this .stc = iAP.getTargetCreator();
111: this .etc = eAP.getTargetCreator();
112: this .emptySP = getEmptySignedParts(st.getSignedParts());
113: }
114:
115: public void process() throws PolicyException {
116: Iterator tokens = st.getTokens();
117:
118: if (st.getEncryptedParts().hasNext()
119: || st.getEncryptedElements().hasNext()) {
120: buildEP = true;
121: }
122: if (st.getSignedElements().hasNext()
123: || st.getSignedParts().hasNext()) {
124: buildSP = true;
125: }
126:
127: while (tokens.hasNext()) {
128: Token token = (Token) tokens.next();
129: WSSPolicy policy = tokenProcessor.getWSSToken(token);
130: if (policy.getUUID() != null) {
131:
132: addToPrimarySignature(policy, token);
133: if (PolicyUtil.isUsernameToken((PolicyAssertion) token)
134: && ((UserNameToken) token).hasPassword()) {
135: encryptToken(token);
136: }
137: if (PolicyUtil.isSamlToken((PolicyAssertion) token)) {
138: correctSAMLBinding(policy);
139: }
140:
141: collectSignaturePolicies(token);
142: if (buildEP) {
143: EncryptionPolicy ep = new EncryptionPolicy();
144: ep.setKeyBinding(policy);
145: getEPList().add(ep);
146: }
147: }
148:
149: //TODO:: Add token to MessagePolicy;
150: AuthenticationTokenPolicy atp = new AuthenticationTokenPolicy();
151: atp.setFeatureBinding(policy);
152: policyContainer.insert(atp);
153: //TODO: Take care of targets.
154: addTargets();
155: }
156: }
157:
158: protected void collectSignaturePolicies(Token token)
159: throws PolicyException {
160: if (buildSP) {
161: createSupportingSignature(token);
162: }
163: }
164:
165: protected void createSupportingSignature(Token token)
166: throws PolicyException {
167: SignaturePolicy sp = new SignaturePolicy();
168: sp.setUUID(pid.generateID());
169: tokenProcessor.addKeyBinding(sp, token, true);
170: if (binding.getTokenProtection()) {
171: protectToken((WSSPolicy) sp.getKeyBinding(), sp);
172: }
173: SignaturePolicy.FeatureBinding spFB = (com.sun.xml.wss.impl.policy.mls.SignaturePolicy.FeatureBinding) sp
174: .getFeatureBinding();
175: //spFB.setCanonicalizationAlgorithm(CanonicalizationMethod.EXCLUSIVE);
176: AlgorithmSuite as = null;
177: as = st.getAlgorithmSuite();
178: if (as == null) {
179: as = binding.getAlgorithmSuite();
180: }
181: SecurityPolicyUtil.setCanonicalizationMethod(spFB, as);
182: // sp.setKeyBinding(policy);
183: getSPList().add(sp);
184: endorseSignature(sp);
185: }
186:
187: protected void addToPrimarySignature(WSSPolicy policy, Token token)
188: throws PolicyException {
189: //no-op
190: }
191:
192: protected void endorseSignature(SignaturePolicy sp) {
193: //no-op
194: }
195:
196: protected ArrayList<SignaturePolicy> getSPList() {
197: if (spList == null) {
198: spList = new ArrayList<SignaturePolicy>();
199: }
200: return spList;
201: }
202:
203: protected ArrayList<EncryptionPolicy> getEPList() {
204: if (epList == null) {
205: epList = new ArrayList<EncryptionPolicy>();
206: }
207: return epList;
208: }
209:
210: protected void encryptToken(Token token) throws PolicyException {
211: if (token.getTokenId() != null) {
212: EncryptionPolicy.FeatureBinding fb = (EncryptionPolicy.FeatureBinding) encryptionPolicy
213: .getFeatureBinding();
214: EncryptionTarget et = etc.newURIEncryptionTarget(token
215: .getTokenId());
216: fb.addTargetBinding(et);
217: }
218: }
219:
220: protected SignedParts getEmptySignedParts(Iterator itr) {
221: while (itr.hasNext()) {
222: Target target = (Target) itr.next();
223: if (PolicyUtil.isSignedParts((PolicyAssertion) target)) {
224: if (SecurityPolicyUtil
225: .isSignedPartsEmpty((SignedParts) target)) {
226: return (SignedParts) target;
227: }
228: }
229: }
230: return null;
231: }
232:
233: protected void addTargets() {
234: if (binding.getProtectionOrder() == Binding.SIGN_ENCRYPT) {
235: if (spList != null) {
236: populateSignaturePolicy();
237: }
238: if (epList != null) {
239: populateEncryptionPolicy();
240: }
241: } else {
242: if (epList != null) {
243: populateEncryptionPolicy();
244: }
245: if (spList != null) {
246: populateSignaturePolicy();
247: }
248: }
249: }
250:
251: protected void populateSignaturePolicy() {
252: for (SignaturePolicy sp : spList) {
253: SignaturePolicy.FeatureBinding spFB = (SignaturePolicy.FeatureBinding) sp
254: .getFeatureBinding();
255: if (emptySP != null) {
256: iAP.process(emptySP, spFB);
257: } else {
258: Iterator<SignedParts> itr = st.getSignedParts();
259: while (itr.hasNext()) {
260: SignedParts target = itr.next();
261: iAP.process(target, spFB);
262: }
263: }
264: Iterator<SignedElements> itr = st.getSignedElements();
265: while (itr.hasNext()) {
266: SignedElements target = itr.next();
267: iAP.process(target, spFB);
268: }
269: policyContainer.insert(sp);
270: }
271: }
272:
273: protected void populateEncryptionPolicy() {
274: for (EncryptionPolicy ep : epList) {
275: EncryptionPolicy.FeatureBinding epFB = (EncryptionPolicy.FeatureBinding) ep
276: .getFeatureBinding();
277: Iterator<EncryptedElements> itr = st.getEncryptedElements();
278: while (itr.hasNext()) {
279: EncryptedElements target = itr.next();
280: eAP.process(target, epFB);
281: }
282: Iterator<EncryptedParts> epr = st.getEncryptedParts();
283: while (epr.hasNext()) {
284: EncryptedParts target = epr.next();
285: eAP.process(target, epFB);
286: }
287: policyContainer.insert(ep);
288: }
289: }
290:
291: protected void protectToken(WSSPolicy token, SignaturePolicy sp) {
292: String uid = token.getUUID();
293: if (uid != null) {
294: SignatureTargetCreator stc = iAP.getTargetCreator();
295: SignatureTarget st = stc.newURISignatureTarget(uid);
296: SecurityPolicyUtil.setName(st, token);
297: stc.addSTRTransform(st);
298: SignaturePolicy.FeatureBinding fb = (com.sun.xml.wss.impl.policy.mls.SignaturePolicy.FeatureBinding) sp
299: .getFeatureBinding();
300: fb.addTargetBinding(st);
301: }
302: }
303:
304: protected void correctSAMLBinding(WSSPolicy policy) {
305: //no-op
306: }
307: }
|