001: /*
002: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003: *
004: * Copyright 1997-2007 Sun Microsystems, Inc. All rights reserved.
005: *
006: * The contents of this file are subject to the terms of either the GNU
007: * General Public License Version 2 only ("GPL") or the Common Development
008: * and Distribution License("CDDL") (collectively, the "License"). You
009: * may not use this file except in compliance with the License. You can obtain
010: * a copy of the License at https://glassfish.dev.java.net/public/CDDL+GPL.html
011: * or glassfish/bootstrap/legal/LICENSE.txt. See the License for the specific
012: * language governing permissions and limitations under the License.
013: *
014: * When distributing the software, include this License Header Notice in each
015: * file and include the License file at glassfish/bootstrap/legal/LICENSE.txt.
016: * Sun designates this particular file as subject to the "Classpath" exception
017: * as provided by Sun in the GPL Version 2 section of the License file that
018: * accompanied this code. If applicable, add the following below the License
019: * Header, with the fields enclosed by brackets [] replaced by your own
020: * identifying information: "Portions Copyrighted [year]
021: * [name of copyright owner]"
022: *
023: * Contributor(s):
024: *
025: * If you wish your version of this file to be governed by only the CDDL or
026: * only the GPL Version 2, indicate your decision by adding "[Contributor]
027: * elects to include this software in this distribution under the [CDDL or GPL
028: * Version 2] license." If you don't indicate a single choice of license, a
029: * recipient has the option to distribute your version of this file under
030: * either the CDDL, the GPL Version 2 or to extend the choice of license to
031: * its licensees as provided above. However, if you add GPL Version 2 code
032: * and therefore, elected the GPL Version 2 license, then the option applies
033: * only if the new code is made subject to such option by the copyright
034: * holder.
035: */
036:
037: package com.sun.xml.ws.security.impl.policyconv;
038:
039: import com.sun.xml.ws.security.impl.policy.PolicyUtil;
040: import com.sun.xml.ws.policy.Policy;
041: import com.sun.xml.ws.policy.PolicyAssertion;
042: import com.sun.xml.ws.policy.AssertionSet;
043: import com.sun.xml.ws.policy.PolicyException;
044: import com.sun.xml.ws.security.impl.policy.LogStringsMessages;
045: import com.sun.xml.ws.security.impl.policy.Trust10;
046: import com.sun.xml.ws.security.impl.policyconv.IntegrityAssertionProcessor;
047: import com.sun.xml.ws.security.impl.policyconv.XWSSPolicyContainer;
048: import com.sun.xml.ws.security.policy.AsymmetricBinding;
049: import com.sun.xml.ws.security.policy.AlgorithmSuite;
050: import com.sun.xml.ws.security.policy.Binding;
051: import com.sun.xml.ws.security.policy.EncryptedElements;
052: import com.sun.xml.ws.security.policy.EncryptedParts;
053: import com.sun.xml.ws.security.policy.EndorsingSupportingTokens;
054: import com.sun.xml.ws.security.policy.RequiredElements;
055: import com.sun.xml.ws.security.policy.SignedElements;
056: import com.sun.xml.ws.security.policy.SignedEndorsingSupportingTokens;
057: import com.sun.xml.ws.security.policy.SignedParts;
058: import com.sun.xml.ws.security.policy.SignedSupportingTokens;
059: import com.sun.xml.ws.security.policy.SupportingTokens;
060: import com.sun.xml.ws.security.policy.SymmetricBinding;
061: import com.sun.xml.ws.security.policy.TransportBinding;
062: import static com.sun.xml.ws.security.impl.policy.Constants.*;
063: import com.sun.xml.wss.impl.policy.PolicyGenerationException;
064: import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
065: import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
066: import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
067: import java.util.ArrayList;
068: import java.util.List;
069: import java.util.Vector;
070: import com.sun.xml.ws.security.policy.WSSAssertion;
071: import java.util.logging.Level;
072:
073: /**
074: * Will convert WS Security Policy to XWSS policy.
075: * WS Security Policies are digested and cached by the
076: * first pipe. The same objects are shared across instances
077: * of the pipe(refer to Pipe javadoc for more information)
078: *
079: * @author K.Venugopal@sun.com
080: */
081:
082: public class XWSSPolicyGenerator {
083:
084: String _protectionOrder = "";
085:
086: SignaturePolicy _primarySP = null;
087: EncryptionPolicy _primaryEP = null;
088: //current secondary encryption policy
089: EncryptionPolicy _sEncPolicy = null;
090: SignaturePolicy _csSP = null;
091: XWSSPolicyContainer _policyContainer = null;
092: Binding _binding;
093: Policy effectivePolicy = null;
094: int id = 1;
095: boolean isServer = false;
096: boolean isIncoming = false;
097: private PolicyAssertion wssAssertion = null;
098: private WSSAssertion wss11 = null;
099: private Trust10 trust10 = null;
100: private AlgorithmSuite algSuite = null;
101: //true if signed by primary signature
102: private boolean signBody = false;
103:
104: //true if encrypted by primary encryption policy
105: private boolean encryptBody = false;
106: //private HashSet<Header> signParts = new HashSet<Header>();
107:
108: private Vector<SignedParts> signedParts = new Vector<SignedParts>();
109: private Vector<EncryptedParts> encryptedParts = new Vector<EncryptedParts>();
110: private Vector<SignedElements> signedElements = new Vector<SignedElements>();
111: private Vector<EncryptedElements> encryptedElements = new Vector<EncryptedElements>();
112: private boolean ignoreST = false;
113: private boolean transportBinding = false;
114: private IntegrityAssertionProcessor iAP = null;
115: private EncryptionAssertionProcessor eAP = null;
116: private Binding policyBinding = null;
117: private List<RequiredElements> reqElements = new ArrayList<RequiredElements>();
118:
119: /** Creates a new instance of WSPolicyProcessorImpl */
120: //public XWSSPolicyGenerator(AssertionSet assertionSet,boolean isServer,boolean isIncoming){
121: public XWSSPolicyGenerator(Policy effectivePolicy,
122: boolean isServer, boolean isIncoming) {
123: this .effectivePolicy = effectivePolicy;
124: this ._policyContainer = new XWSSPolicyContainer(isServer,
125: isIncoming);
126: this .isServer = isServer;
127: this .isIncoming = isIncoming;
128: }
129:
130: public AlgorithmSuite getBindingLevelAlgSuite() {
131: return _binding.getAlgorithmSuite();
132: }
133:
134: public void process(boolean ignoreST) throws PolicyException {
135: this .ignoreST = ignoreST;
136: process();
137: }
138:
139: public void process() throws PolicyException {
140: collectPolicies();
141: PolicyAssertion binding = (PolicyAssertion) getBinding();
142: policyBinding = (Binding) binding;
143: if (binding == null) {
144: //log error.
145: logger.log(Level.SEVERE, LogStringsMessages
146: .SP_0105_ERROR_BINDING_ASSR_NOT_PRESENT());
147: throw new PolicyException(LogStringsMessages
148: .SP_0105_ERROR_BINDING_ASSR_NOT_PRESENT());
149: }
150: if (PolicyUtil.isTransportBinding(binding)) {
151: if (logger.isLoggable(Level.FINE)) {
152: logger
153: .log(Level.FINE,
154: "TransportBinding was configured in the policy");
155: }
156: TransportBindingProcessor tbp = new TransportBindingProcessor(
157: (TransportBinding) binding, isServer, isIncoming,
158: _policyContainer);
159: tbp.process();
160: processNonBindingAssertions(tbp);
161: transportBinding = true;
162: } else {
163:
164: iAP = new IntegrityAssertionProcessor(_binding
165: .getAlgorithmSuite(), _binding.isSignContent());
166: eAP = new EncryptionAssertionProcessor(_binding
167: .getAlgorithmSuite(), false);
168:
169: _policyContainer.setPolicyContainerMode(_binding
170: .getLayout());
171: if (PolicyUtil.isSymmetricBinding(binding.getName())) {
172:
173: if (logger.isLoggable(Level.FINE)) {
174: logger
175: .log(Level.FINE,
176: "SymmetricBinding was configured in the policy");
177: }
178: SymmetricBindingProcessor sbp = new SymmetricBindingProcessor(
179: (SymmetricBinding) _binding, _policyContainer,
180: isServer, isIncoming, signedParts,
181: encryptedParts, signedElements,
182: encryptedElements);
183: if (wssAssertion != null
184: && PolicyUtil.isWSS11(wssAssertion)) {
185: sbp.setWSS11((WSSAssertion) wssAssertion);
186: }
187: sbp.process();
188: processNonBindingAssertions(sbp);
189: sbp.close();
190:
191: } else if (PolicyUtil
192: .isAsymmetricBinding(binding.getName())) {
193:
194: if (logger.isLoggable(Level.FINE)) {
195: logger
196: .log(Level.FINE,
197: "AsymmetricBinding was configured in the policy");
198: }
199: AsymmetricBindingProcessor abp = new AsymmetricBindingProcessor(
200: (AsymmetricBinding) _binding, _policyContainer,
201: isServer, isIncoming, signedParts,
202: encryptedParts, signedElements,
203: encryptedElements);
204: if (wssAssertion != null
205: && PolicyUtil.isWSS11(wssAssertion)) {
206: abp.setWSS11((WSSAssertion) wssAssertion);
207: }
208: abp.process();
209: processNonBindingAssertions(abp);
210: abp.close();
211: }
212: }
213: }
214:
215: public MessagePolicy getXWSSPolicy() throws PolicyException {
216: MessagePolicy mp = null;
217: try {
218: mp = _policyContainer.getMessagePolicy();
219: } catch (PolicyGenerationException ex) {
220: logger.log(Level.SEVERE, "" + effectivePolicy, ex);
221: throw new PolicyException(
222: "Unable to digest SecurityPolicy ");
223: }
224: //try{
225: if (wssAssertion != null) {
226: try {
227: mp
228: .setWSSAssertion(getWssAssertion((com.sun.xml.ws.security.policy.WSSAssertion) wssAssertion));
229: } catch (PolicyGenerationException ex) {
230: logger
231: .log(
232: Level.SEVERE,
233: LogStringsMessages
234: .SP_0104_ERROR_SIGNATURE_CONFIRMATION_ELEMENT(ex
235: .getMessage()), ex);
236: throw new PolicyException(
237: LogStringsMessages
238: .SP_0104_ERROR_SIGNATURE_CONFIRMATION_ELEMENT(ex
239: .getMessage()));
240: }
241: }
242: if (policyBinding.getAlgorithmSuite() != null) {
243: mp.setAlgorithmSuite(getAlgoSuite(policyBinding
244: .getAlgorithmSuite()));
245: }
246: if (policyBinding.getLayout() != null) {
247: mp.setLayout(getLayout(policyBinding.getLayout()));
248: }
249: if (isIncoming && reqElements.size() > 0) {
250: try {
251: com.sun.xml.ws.security.impl.policyconv.RequiredElementsProcessor rep = new com.sun.xml.ws.security.impl.policyconv.RequiredElementsProcessor(
252: reqElements, mp);
253: rep.process();
254: } catch (PolicyGenerationException ex) {
255: logger.log(Level.SEVERE, LogStringsMessages
256: .SP_0103_ERROR_REQUIRED_ELEMENTS(ex
257: .getMessage()), ex);
258: throw new PolicyException(LogStringsMessages
259: .SP_0103_ERROR_REQUIRED_ELEMENTS(ex
260: .getMessage()));
261: }
262: }
263: if (transportBinding) {
264: mp.setSSL(transportBinding);
265: }
266: return mp;
267: }
268:
269: private void processNonBindingAssertions(
270: BindingProcessor bindingProcessor) throws PolicyException {
271: for (AssertionSet assertionSet : effectivePolicy) {
272: for (PolicyAssertion assertion : assertionSet) {
273: if (PolicyUtil.isBinding(assertion)) {
274: continue;
275: } else if (!ignoreST && shouldAddST()
276: && PolicyUtil.isSupportingToken(assertion)) {
277: bindingProcessor
278: .processSupportingTokens((SupportingTokens) assertion);
279: } else if (!ignoreST
280: && shouldAddST()
281: && PolicyUtil
282: .isSignedSupportingToken(assertion)) {
283: bindingProcessor
284: .processSupportingTokens((SignedSupportingTokens) assertion);
285: } else if (!ignoreST
286: && shouldAddST()
287: && PolicyUtil
288: .isEndorsedSupportingToken(assertion)) {
289: bindingProcessor
290: .processSupportingTokens((EndorsingSupportingTokens) assertion);
291: } else if (!ignoreST
292: && shouldAddST()
293: && PolicyUtil
294: .isSignedEndorsingSupportingToken(assertion)) {
295: bindingProcessor
296: .processSupportingTokens((SignedEndorsingSupportingTokens) assertion);
297: } else if (PolicyUtil.isWSS10(assertion)) {
298: wssAssertion = assertion;
299: } else if (PolicyUtil.isWSS11(assertion)) {
300: wssAssertion = assertion;
301: } else if (PolicyUtil.isTrust10(assertion)) {
302: trust10 = (Trust10) assertion;
303: }
304: }
305: }
306: }
307:
308: private Binding getBinding() {
309: return _binding;
310: }
311:
312: private void collectPolicies() {
313: for (AssertionSet assertionSet : effectivePolicy) {
314: for (PolicyAssertion assertion : assertionSet) {
315: if (PolicyUtil.isSignedParts(assertion)) {
316: signedParts.add((SignedParts) assertion);
317: } else if (PolicyUtil.isEncryptParts(assertion)) {
318: encryptedParts.add((EncryptedParts) assertion);
319: } else if (PolicyUtil.isSignedElements(assertion)) {
320: signedElements.add((SignedElements) assertion);
321: } else if (PolicyUtil.isEncryptedElements(assertion)) {
322: encryptedElements
323: .add((EncryptedElements) assertion);
324: } else if (PolicyUtil.isWSS10(assertion)) {
325: wssAssertion = assertion;
326: } else if (PolicyUtil.isWSS11(assertion)) {
327: wssAssertion = assertion;
328: } else if (PolicyUtil.isTrust10(assertion)) {
329: trust10 = (Trust10) assertion;
330: } else if (PolicyUtil.isBinding(assertion)) {
331: _binding = (Binding) assertion;
332: } else if (PolicyUtil.isRequiredElements(assertion)) {
333: reqElements.add((RequiredElements) assertion);
334: }
335: }
336: }
337: }
338:
339: private boolean shouldAddST() {
340: if (isServer && !isIncoming) {
341: return false;
342: }
343:
344: if (!isServer && isIncoming) {
345: return false;
346: }
347: return true;
348: }
349:
350: protected com.sun.xml.wss.impl.AlgorithmSuite getAlgoSuite(
351: AlgorithmSuite suite) {
352: com.sun.xml.wss.impl.AlgorithmSuite als = new com.sun.xml.wss.impl.AlgorithmSuite(
353: suite.getDigestAlgorithm(), suite
354: .getEncryptionAlgorithm(), suite
355: .getSymmetricKeyAlgorithm(), suite
356: .getAsymmetricKeyAlgorithm());
357:
358: return als;
359: }
360:
361: protected com.sun.xml.wss.impl.WSSAssertion getWssAssertion(
362: WSSAssertion asser) {
363: com.sun.xml.wss.impl.WSSAssertion assertion = new com.sun.xml.wss.impl.WSSAssertion(
364: asser.getRequiredProperties(), asser.getType());
365: return assertion;
366: }
367:
368: protected com.sun.xml.wss.impl.MessageLayout getLayout(
369: com.sun.xml.ws.security.policy.MessageLayout layout) {
370:
371: switch (layout) {
372: case Strict: {
373: if (logger.isLoggable(Level.FINE)) {
374: logger
375: .log(Level.FINE,
376: "MessageLayout has been configured to be STRICT ");
377: }
378: return com.sun.xml.wss.impl.MessageLayout.Strict;
379: }
380: case Lax: {
381: if (logger.isLoggable(Level.FINE)) {
382: logger.log(Level.FINE,
383: "MessageLayout has been configured to be LAX ");
384: }
385: return com.sun.xml.wss.impl.MessageLayout.Lax;
386: }
387: case LaxTsFirst: {
388: if (logger.isLoggable(Level.FINE)) {
389: logger
390: .log(Level.FINE,
391: "MessageLayout has been configured to be LaxTimestampFirst ");
392: }
393: return com.sun.xml.wss.impl.MessageLayout.LaxTsFirst;
394: }
395: case LaxTsLast: {
396: if (logger.isLoggable(Level.FINE)) {
397: logger
398: .log(Level.FINE,
399: "MessageLayout has been configured tp be LaxTimestampLast ");
400: }
401: return com.sun.xml.wss.impl.MessageLayout.LaxTsLast;
402: }
403: default: {
404: if (logger.isLoggable(Level.SEVERE)) {
405: logger.log(Level.SEVERE, LogStringsMessages
406: .SP_0106_UNKNOWN_MESSAGE_LAYOUT(layout));
407: }
408: throw new RuntimeException(LogStringsMessages
409: .SP_0106_UNKNOWN_MESSAGE_LAYOUT(layout));
410: }
411: }
412: }
413:
414: }
|