001: /*
002: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003: *
004: * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
005: *
006: * The contents of this file are subject to the terms of either the GNU
007: * General Public License Version 2 only ("GPL") or the Common Development
008: * and Distribution License("CDDL") (collectively, the "License"). You
009: * may not use this file except in compliance with the License. You can obtain
010: * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
011: * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific
012: * language governing permissions and limitations under the License.
013: *
014: * When distributing the software, include this License Header Notice in each
015: * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
016: * Sun designates this particular file as subject to the "Classpath" exception
017: * as provided by Sun in the GPL Version 2 section of the License file that
018: * accompanied this code. If applicable, add the following below the License
019: * Header, with the fields enclosed by brackets [] replaced by your own
020: * identifying information: "Portions Copyrighted [year]
021: * [name of copyright owner]"
022: *
023: * Contributor(s):
024: *
025: * If you wish your version of this file to be governed by only the CDDL or
026: * only the GPL Version 2, indicate your decision by adding "[Contributor]
027: * elects to include this software in this distribution under the [CDDL or GPL
028: * Version 2] license." If you don't indicate a single choice of license, a
029: * recipient has the option to distribute your version of this file under
030: * either the CDDL, the GPL Version 2 or to extend the choice of license to
031: * its licensees as provided above. However, if you add GPL Version 2 code
032: * and therefore, elected the GPL Version 2 license, then the option applies
033: * only if the new code is made subject to such option by the copyright
034: * holder.
035: */
036:
037: package com.sun.xml.ws.security.impl.policyconv;
038:
039: import com.sun.xml.ws.policy.PolicyAssertion;
040: import com.sun.xml.ws.policy.PolicyException;
041: import com.sun.xml.ws.security.impl.policy.PolicyUtil;
042: import com.sun.xml.ws.security.policy.Binding;
043: import com.sun.xml.ws.security.policy.EncryptedElements;
044: import com.sun.xml.ws.security.policy.EncryptedParts;
045: import com.sun.xml.ws.security.policy.SamlToken;
046: import com.sun.xml.ws.security.policy.SecureConversationToken;
047: import com.sun.xml.ws.security.policy.SignedElements;
048: import com.sun.xml.ws.security.policy.SignedParts;
049: import com.sun.xml.ws.security.policy.SymmetricBinding;
050: import com.sun.xml.ws.security.policy.Token;
051: import com.sun.xml.ws.security.policy.X509Token;
052: import com.sun.xml.wss.impl.MessageConstants;
053: import com.sun.xml.wss.impl.PolicyTypeUtil;
054: import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
055: import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
056: import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
057: import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
058: import com.sun.xml.wss.impl.policy.mls.SecureConversationTokenKeyBinding;
059: import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
060: import com.sun.xml.wss.impl.policy.mls.TimestampPolicy;
061: import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
062: import java.util.Vector;
063: import javax.xml.crypto.dsig.CanonicalizationMethod;
064: import com.sun.xml.ws.security.policy.IssuedToken;
065:
066: /**
067: *
068: * @author K.Venugopal@sun.com
069: */
070: public class SymmetricBindingProcessor extends BindingProcessor {
071: private SymmetricBinding binding = null;
072:
073: /** Creates a new instance of SymmetricBindingProcessor */
074: public SymmetricBindingProcessor(SymmetricBinding binding,
075: XWSSPolicyContainer container, boolean isServer,
076: boolean isIncoming, Vector<SignedParts> signedParts,
077: Vector<EncryptedParts> encryptedParts,
078: Vector<SignedElements> signedElements,
079: Vector<EncryptedElements> encryptedElements) {
080: this .binding = binding;
081: this .container = container;
082: this .isServer = isServer;
083: this .isIncoming = isIncoming;
084: protectionOrder = binding.getProtectionOrder();
085: tokenProcessor = new TokenProcessor(isServer, isIncoming, pid);
086: iAP = new IntegrityAssertionProcessor(binding
087: .getAlgorithmSuite(), binding.isSignContent());
088: eAP = new EncryptionAssertionProcessor(binding
089: .getAlgorithmSuite(), false);
090: this .signedParts = signedParts;
091: this .signedElements = signedElements;
092: this .encryptedElements = encryptedElements;
093: this .encryptedParts = encryptedParts;
094: }
095:
096: public void process() throws PolicyException {
097:
098: Token pt = binding.getProtectionToken();
099: Token st = null;
100: Token et = null;
101:
102: if (pt == null) {
103: st = binding.getSignatureToken();
104: et = binding.getEncryptionToken();
105:
106: if (et != null) {
107: primaryEP = new EncryptionPolicy();
108: primaryEP.setUUID(pid.generateID());
109: addSymmetricKeyBinding(primaryEP, et);
110: }
111:
112: if (st != null) {
113: primarySP = new SignaturePolicy();
114: primarySP.setUUID(pid.generateID());
115:
116: SignaturePolicy.FeatureBinding spFB = (com.sun.xml.wss.impl.policy.mls.SignaturePolicy.FeatureBinding) primarySP
117: .getFeatureBinding();
118: //spFB.setCanonicalizationAlgorithm(CanonicalizationMethod.EXCLUSIVE);
119: SecurityPolicyUtil.setCanonicalizationMethod(spFB,
120: binding.getAlgorithmSuite());
121: spFB.isPrimarySignature(true);
122: addSymmetricKeyBinding(primarySP, st);
123: }
124: } else {
125: primarySP = new SignaturePolicy();
126: primarySP.setUUID(pid.generateID());
127: primaryEP = new EncryptionPolicy();
128: primaryEP.setUUID(pid.generateID());
129: addSymmetricKeyBinding(primarySP, pt);
130: addSymmetricKeyBinding(primaryEP, pt);
131:
132: SignaturePolicy.FeatureBinding spFB = (com.sun.xml.wss.impl.policy.mls.SignaturePolicy.FeatureBinding) primarySP
133: .getFeatureBinding();
134: //spFB.setCanonicalizationAlgorithm(CanonicalizationMethod.EXCLUSIVE);
135: SecurityPolicyUtil.setCanonicalizationMethod(spFB, binding
136: .getAlgorithmSuite());
137: spFB.isPrimarySignature(true);
138: }
139:
140: if (protectionOrder == Binding.SIGN_ENCRYPT) {
141: container.insert(primarySP);
142: // container.insert(primaryEP);
143: } else {
144: container.insert(primaryEP);
145: container.insert(primarySP);
146: if (primaryEP != null) {
147: EncryptionPolicy.FeatureBinding efp = (EncryptionPolicy.FeatureBinding) primaryEP
148: .getFeatureBinding();
149: efp.setUseStandAloneRefList(true);
150: }
151:
152: }
153: addPrimaryTargets();
154:
155: if (foundEncryptTargets && binding.getSignatureProtection()) {
156: protectPrimarySignature();
157: }
158: if (binding.isIncludeTimeStamp()) {
159: TimestampPolicy tp = new TimestampPolicy();
160: tp.setUUID(pid.generateID());
161: container.insert(tp);
162: if (!binding.isDisableTimestampSigning()) {
163: protectTimestamp(tp);
164: }
165: }
166: if (binding.getTokenProtection()) {
167: WSSPolicy policy = (WSSPolicy) primarySP.getKeyBinding();
168: if (PolicyTypeUtil.derivedTokenKeyBinding(policy)) {
169: protectToken(policy, true);
170: } else {
171: protectToken((WSSPolicy) policy.getKeyBinding(), true);
172: }
173: }
174:
175: }
176:
177: protected void addSymmetricKeyBinding(WSSPolicy policy, Token token)
178: throws PolicyException {
179: com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding skb = new com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding();
180: //skb.setKeyAlgorithm(_binding.getAlgorithmSuite().getSymmetricKeyAlgorithm());
181: // policy.setKeyBinding(skb);
182: PolicyAssertion tokenAssertion = (PolicyAssertion) token;
183: if (PolicyUtil.isX509Token(tokenAssertion)) {
184: AuthenticationTokenPolicy.X509CertificateBinding x509CB = new AuthenticationTokenPolicy.X509CertificateBinding();
185: // (AuthenticationTokenPolicy.X509CertificateBinding)policy.newX509CertificateKeyBinding();
186: x509CB.setUUID(token.getTokenId());
187: tokenProcessor.setTokenValueType(x509CB, tokenAssertion);
188: tokenProcessor.setTokenInclusion(x509CB,
189: (Token) tokenAssertion);
190: //x509CB.setPolicyToken((Token) tokenAssertion);
191: tokenProcessor.setX509TokenRefType(x509CB,
192: (X509Token) token);
193:
194: if (((X509Token) token).isRequireDerivedKeys()) {
195: DerivedTokenKeyBinding dtKB = new DerivedTokenKeyBinding();
196: skb.setKeyBinding(x509CB);
197: policy.setKeyBinding(dtKB);
198: dtKB.setOriginalKeyBinding(skb);
199: dtKB.setUUID(pid.generateID());
200: } else {
201: skb.setKeyBinding(x509CB);
202: policy.setKeyBinding(skb);
203: }
204: } else if (PolicyUtil.isSamlToken(tokenAssertion)) {
205: AuthenticationTokenPolicy.SAMLAssertionBinding sab = new AuthenticationTokenPolicy.SAMLAssertionBinding();
206: sab.setUUID(token.getTokenId());
207: sab
208: .setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
209: tokenProcessor.setTokenInclusion(sab,
210: (Token) tokenAssertion);
211: //sab.setPolicyToken((Token) tokenAssertion);
212: if (((SamlToken) token).isRequireDerivedKeys()) {
213: DerivedTokenKeyBinding dtKB = new DerivedTokenKeyBinding();
214: dtKB.setOriginalKeyBinding(sab);
215: policy.setKeyBinding(dtKB);
216: dtKB.setUUID(pid.generateID());
217: } else {
218: policy.setKeyBinding(sab);
219: }
220: } else if (PolicyUtil.isIssuedToken(tokenAssertion)) {
221: IssuedTokenKeyBinding itkb = new IssuedTokenKeyBinding();
222: tokenProcessor.setTokenInclusion(itkb,
223: (Token) tokenAssertion);
224: //itkb.setPolicyToken((Token) tokenAssertion);
225: itkb.setUUID(((Token) tokenAssertion).getTokenId());
226: IssuedToken it = (IssuedToken) tokenAssertion;
227: if (it.isRequireDerivedKeys()) {
228: DerivedTokenKeyBinding dtKB = new DerivedTokenKeyBinding();
229: dtKB.setOriginalKeyBinding(itkb);
230: policy.setKeyBinding(dtKB);
231: dtKB.setUUID(pid.generateID());
232: } else {
233: policy.setKeyBinding(itkb);
234: }
235: } else if (PolicyUtil.isSecureConversationToken(tokenAssertion)) {
236: SecureConversationTokenKeyBinding sct = new SecureConversationTokenKeyBinding();
237: SecureConversationToken sctPolicy = (SecureConversationToken) tokenAssertion;
238: if (sctPolicy.isRequireDerivedKeys()) {
239: DerivedTokenKeyBinding dtKB = new DerivedTokenKeyBinding();
240: dtKB.setOriginalKeyBinding(sct);
241: policy.setKeyBinding(dtKB);
242: dtKB.setUUID(pid.generateID());
243: } else {
244: policy.setKeyBinding(sct);
245: }
246: tokenProcessor.setTokenInclusion(sct,
247: (Token) tokenAssertion);
248: //sct.setPolicyToken((Token) tokenAssertion);
249: sct.setUUID(((Token) tokenAssertion).getTokenId());
250: } else {
251: throw new UnsupportedOperationException(
252: "addKeyBinding for " + token + "is not supported");
253: }
254: }
255:
256: protected Binding getBinding() {
257: return binding;
258: }
259:
260: protected EncryptionPolicy getSecondaryEncryptionPolicy()
261: throws PolicyException {
262: if (sEncPolicy == null) {
263: sEncPolicy = new EncryptionPolicy();
264: sEncPolicy.setUUID(pid.generateID());
265: Token token = null;
266: token = binding.getProtectionToken();
267: if (token == null) {
268: token = binding.getEncryptionToken();
269: }
270: addSymmetricKeyBinding(sEncPolicy, token);
271: container.insert(sEncPolicy);
272: }
273: return sEncPolicy;
274: }
275:
276: protected void close() {
277: if (protectionOrder == Binding.SIGN_ENCRYPT) {
278: container.insert(primaryEP);
279: }
280: }
281: }
|