001: /*
002: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003: *
004: * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
005: *
006: * The contents of this file are subject to the terms of either the GNU
007: * General Public License Version 2 only ("GPL") or the Common Development
008: * and Distribution License("CDDL") (collectively, the "License"). You
009: * may not use this file except in compliance with the License. You can obtain
010: * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
011: * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific
012: * language governing permissions and limitations under the License.
013: *
014: * When distributing the software, include this License Header Notice in each
015: * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
016: * Sun designates this particular file as subject to the "Classpath" exception
017: * as provided by Sun in the GPL Version 2 section of the License file that
018: * accompanied this code. If applicable, add the following below the License
019: * Header, with the fields enclosed by brackets [] replaced by your own
020: * identifying information: "Portions Copyrighted [year]
021: * [name of copyright owner]"
022: *
023: * Contributor(s):
024: *
025: * If you wish your version of this file to be governed by only the CDDL or
026: * only the GPL Version 2, indicate your decision by adding "[Contributor]
027: * elects to include this software in this distribution under the [CDDL or GPL
028: * Version 2] license." If you don't indicate a single choice of license, a
029: * recipient has the option to distribute your version of this file under
030: * either the CDDL, the GPL Version 2 or to extend the choice of license to
031: * its licensees as provided above. However, if you add GPL Version 2 code
032: * and therefore, elected the GPL Version 2 license, then the option applies
033: * only if the new code is made subject to such option by the copyright
034: * holder.
035: */
036:
037: package com.sun.xml.ws.security.impl.policyconv;
038:
039: import com.sun.xml.wss.impl.PolicyTypeUtil;
040: import com.sun.xml.wss.impl.policy.MLSPolicy;
041: import com.sun.xml.wss.impl.policy.SecurityPolicy;
042: import com.sun.xml.ws.security.policy.MessageLayout;
043: import com.sun.xml.wss.impl.policy.PolicyGenerationException;
044: import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
045: import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
046: import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
047: import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
048: import java.util.ArrayList;
049: import java.util.List;
050:
051: /**
052: *
053: * @author Abhijit.Das@Sun.COM
054: */
055: public class XWSSPolicyContainer {
056: private enum Section {
057: ClientIncomingPolicy, ClientOutgoingPolicy, ServerIncomingPolicy, ServerOutgoingPolicy
058: };
059:
060: private Section section;
061: private List<SecurityPolicy> policyList;
062: private List<SecurityPolicy> effectivePolicyList;
063: private MessageLayout mode;
064: private int foundTimestamp = -1;
065:
066: private boolean modified = false;
067:
068: /** Creates a new instance of PolicyConverter */
069: public XWSSPolicyContainer(MessageLayout mode, boolean isServer,
070: boolean isIncoming) {
071: this .mode = mode;
072: setMessageMode(isServer, isIncoming);
073: effectivePolicyList = new ArrayList<SecurityPolicy>();
074: }
075:
076: public XWSSPolicyContainer(boolean isServer, boolean isIncoming) {
077: setMessageMode(isServer, isIncoming);
078: effectivePolicyList = new ArrayList<SecurityPolicy>();
079: }
080:
081: public void setMessageMode(boolean isServer, boolean isIncoming) {
082: if (isServer && isIncoming) {
083: section = Section.ServerIncomingPolicy;
084: } else if (isServer && !isIncoming) {
085: section = Section.ServerOutgoingPolicy;
086: } else if (!isServer && isIncoming) {
087: section = Section.ClientIncomingPolicy;
088: } else if (!isServer && !isIncoming) {
089: section = Section.ClientOutgoingPolicy;
090: }
091: }
092:
093: public void setPolicyContainerMode(MessageLayout mode) {
094: this .mode = mode;
095: }
096:
097: /**
098: * Insert into policyList
099: *
100: *
101: */
102: public void insert(SecurityPolicy secPolicy) {
103: if (secPolicy == null) {
104: return;
105: }
106: if (policyList == null) {
107: policyList = new ArrayList<SecurityPolicy>();
108: }
109: if (isSupportingToken(secPolicy)) {
110: switch (section) {
111: case ServerOutgoingPolicy:
112: case ClientIncomingPolicy:
113: return;
114: }
115: }
116: modified = true;
117: policyList.add(secPolicy);
118: }
119:
120: public MessagePolicy getMessagePolicy()
121: throws PolicyGenerationException {
122: if (modified) {
123: convert();
124: modified = false;
125: }
126: MessagePolicy msgPolicy = new MessagePolicy();
127:
128: msgPolicy.appendAll(effectivePolicyList);
129: removeEmptyPrimaryPolicies(msgPolicy);
130: return msgPolicy;
131:
132: }
133:
134: private void removeEmptyPrimaryPolicies(MessagePolicy msgPolicy) {
135: for (Object policy : msgPolicy.getPrimaryPolicies()) {
136: if (policy instanceof SecurityPolicy) {
137: SecurityPolicy secPolicy = (SecurityPolicy) policy;
138: if (PolicyTypeUtil.signaturePolicy(secPolicy)) {
139: if (((SignaturePolicy.FeatureBinding) ((SignaturePolicy) secPolicy)
140: .getFeatureBinding()).getTargetBindings()
141: .size() == 0) {
142: msgPolicy.remove(secPolicy);
143: }
144: } else if (PolicyTypeUtil.encryptionPolicy(secPolicy)) {
145: if (((EncryptionPolicy.FeatureBinding) ((EncryptionPolicy) secPolicy)
146: .getFeatureBinding()).getTargetBindings()
147: .size() == 0) {
148: msgPolicy.remove(secPolicy);
149: }
150: }
151: }
152: }
153: }
154:
155: /**
156: * Insert SecurityPolicy after supporting tokens.
157: *
158: */
159: //private void appendAfterToken(SecurityPolicy xwssPolicy , Section section) {
160: private void appendAfterToken(SecurityPolicy xwssPolicy) {
161: int pos = -1;
162: for (SecurityPolicy secPolicy : effectivePolicyList) {
163: if (isSupportingToken(secPolicy) || isTimestamp(secPolicy)) {
164: continue;
165: } else {
166: pos = effectivePolicyList.indexOf(secPolicy);
167: break;
168: }
169: }
170: if (pos != -1) {
171: effectivePolicyList.add(pos, xwssPolicy);
172: } else {
173: effectivePolicyList.add(xwssPolicy);
174: }
175: }
176:
177: /**
178: * Insert SecurityPolicy before supporting Tokens.
179: *
180: */
181: private void prependBeforeToken(SecurityPolicy xwssPolicy) {
182: int pos = -1;
183: for (SecurityPolicy secPolicy : effectivePolicyList) {
184: if (!isSupportingToken(secPolicy)) {
185: continue;
186: } else {
187: pos = effectivePolicyList.indexOf(secPolicy);
188: }
189: }
190: if (pos != -1) {
191: effectivePolicyList.add(pos, xwssPolicy);
192: } else {
193: effectivePolicyList.add(xwssPolicy);
194: }
195: }
196:
197: /**
198: *
199: * Add Security policy.
200: */
201: private void append(SecurityPolicy xwssPolicy) {
202: effectivePolicyList.add(xwssPolicy);
203: }
204:
205: /**
206: * Add SecurityPolicy.
207: *
208: */
209: private void prepend(SecurityPolicy xwssPolicy) {
210: effectivePolicyList.add(0, xwssPolicy);
211: }
212:
213: /**
214: *
215: * @return - true if xwssPolicy is SupportingToken policy else false.
216: */
217: private boolean isSupportingToken(SecurityPolicy xwssPolicy) {
218: if (xwssPolicy == null) {
219: return false;
220: }
221: //UsernameToken, SAML Token Policy, X509Certificate
222: if (PolicyTypeUtil.authenticationTokenPolicy(xwssPolicy)) {
223: MLSPolicy binding = ((AuthenticationTokenPolicy) xwssPolicy)
224: .getFeatureBinding();
225: if (PolicyTypeUtil.usernameTokenPolicy(binding)
226: || PolicyTypeUtil.samlTokenPolicy(binding)
227: || PolicyTypeUtil.x509CertificateBinding(binding)) {
228: return true;
229: }
230: }
231: return false;
232: }
233:
234: /**
235: *
236: * @return - true if xwssPolicy is TimestampPolicy else false.
237: */
238: private boolean isTimestamp(SecurityPolicy xwssPolicy) {
239: if (xwssPolicy != null
240: && PolicyTypeUtil.timestampPolicy(xwssPolicy)) {
241: return true;
242: }
243: return false;
244: }
245:
246: /**
247: *
248: * Lax mode
249: */
250: private void convertLax() {
251: for (SecurityPolicy xwssPolicy : policyList) {
252: if (isTimestamp(xwssPolicy)) {
253: foundTimestamp = policyList.indexOf(xwssPolicy);
254: prepend(xwssPolicy);
255: continue;
256: }
257:
258: if (!isSupportingToken(xwssPolicy)) {
259: switch (section) {
260: case ClientIncomingPolicy:
261: prepend(xwssPolicy);
262: break;
263: case ClientOutgoingPolicy:
264: append(xwssPolicy);
265: break;
266: case ServerIncomingPolicy:
267: appendAfterToken(xwssPolicy);
268: break;
269: case ServerOutgoingPolicy:
270: append(xwssPolicy);
271: break;
272: }
273: } else if (isSupportingToken(xwssPolicy)
274: || isTimestamp(xwssPolicy)) {
275: prepend(xwssPolicy);
276:
277: }
278: }
279: }
280:
281: /**
282: *
283: * Strict mode.
284: */
285: private void convertStrict() {
286: for (SecurityPolicy xwssPolicy : policyList) {
287: if (isSupportingToken(xwssPolicy)) {
288: prepend(xwssPolicy);
289:
290: } else if (isTimestamp(xwssPolicy)) {
291: prepend(xwssPolicy);
292: } else {
293: switch (section) {
294: case ClientIncomingPolicy:
295: appendAfterToken(xwssPolicy);
296: break;
297: case ClientOutgoingPolicy:
298: append(xwssPolicy);
299: break;
300: case ServerIncomingPolicy:
301: appendAfterToken(xwssPolicy);
302: break;
303: case ServerOutgoingPolicy:
304: append(xwssPolicy);
305: break;
306: }
307: }
308: }
309: }
310:
311: /**
312: * LaxTsFirst mode.
313: *
314: */
315: private void convertLaxTsFirst() {
316: convertLax();
317: if (foundTimestamp != -1) {
318: switch (section) {
319: case ClientOutgoingPolicy:
320: effectivePolicyList.add(0, effectivePolicyList
321: .remove(foundTimestamp));
322: break;
323: case ServerOutgoingPolicy:
324: effectivePolicyList.add(0, effectivePolicyList
325: .remove(foundTimestamp));
326: break;
327: }
328: }
329:
330: }
331:
332: /**
333: * LaxTsLast mode.
334: *
335: */
336: private void convertLaxTsLast() {
337: convertLax();
338: if (foundTimestamp != -1) {
339: switch (section) {
340: case ClientOutgoingPolicy:
341: effectivePolicyList.add(effectivePolicyList.size() - 1,
342: effectivePolicyList.remove(foundTimestamp));
343: break;
344: case ServerOutgoingPolicy:
345: effectivePolicyList.add(effectivePolicyList.size() - 1,
346: effectivePolicyList.remove(foundTimestamp));
347: break;
348: }
349: }
350: }
351:
352: /**
353: *
354: * Convert WS-Security Policy to XWSS policy.
355: */
356: public void convert() {
357: if (MessageLayout.Lax == mode) {
358: convertLax();
359: } else if (MessageLayout.Strict == mode) {
360: convertStrict();
361: } else if (MessageLayout.LaxTsFirst == mode) {
362: convertLaxTsFirst();
363: } else if (MessageLayout.LaxTsLast == mode) {
364: convertLaxTsLast();
365: }
366: }
367: }
|