001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the License). You may not use this file except in
005: * compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * Header Notice in each file and include the License file
014: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
015: * If applicable, add the following below the CDDL Header,
016: * with the fields enclosed by brackets [] replaced by
017: * you own identifying information:
018: * "Portions Copyrighted [year] [name of copyright owner]"
019: *
020: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
021: */
022:
023: package com.sun.xml.ws.security.opt.impl.incoming;
024:
025: import com.sun.xml.ws.api.message.Header;
026: import com.sun.xml.ws.api.message.HeaderList;
027: import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
028: import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
029: import com.sun.xml.wss.ProcessingContext;
030: import com.sun.xml.wss.XWSSecurityException;
031: import com.sun.xml.wss.impl.MessageConstants;
032: import com.sun.xml.wss.impl.PolicyTypeUtil;
033: import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
034: import com.sun.xml.wss.impl.policy.mls.Target;
035: import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
036: import com.sun.xml.wss.impl.policy.verifier.TargetResolver;
037: import com.sun.xml.wss.logging.LogDomainConstants;
038: import java.util.ArrayList;
039: import java.util.Iterator;
040: import java.util.List;
041: import java.util.logging.Level;
042: import java.util.logging.Logger;
043:
044: /**
045: *
046: * @author Ashutosh.Shahi@sun.com
047: */
048: public class TargetResolverImpl implements TargetResolver {
049: private ProcessingContext ctx = null;
050:
051: private static Logger log = Logger.getLogger(
052: LogDomainConstants.WSS_API_DOMAIN,
053: LogDomainConstants.WSS_API_DOMAIN_BUNDLE);
054:
055: /** Creates a new instance of TargetResolverImpl */
056: public TargetResolverImpl(ProcessingContext ctx) {
057: this .ctx = ctx;
058: }
059:
060: public void resolveAndVerifyTargets(List<Target> actualTargets,
061: List<Target> inferredTargets, WSSPolicy actualPolicy)
062: throws XWSSecurityException {
063:
064: String policyType = PolicyTypeUtil
065: .signaturePolicy(actualPolicy) ? "Signature"
066: : "Encryption";
067: boolean isEndorsing = false;
068:
069: if (PolicyTypeUtil.signaturePolicy(actualPolicy)) {
070: SignaturePolicy.FeatureBinding fp = (SignaturePolicy.FeatureBinding) actualPolicy
071: .getFeatureBinding();
072: if (fp.isEndorsingSignature()) {
073: isEndorsing = true;
074: }
075: }
076:
077: for (Target actualTarget : actualTargets) {
078: boolean found = false;
079: String targetInPolicy = getTargetValue(actualTarget);
080: for (Target inferredTarget : inferredTargets) {
081: String targetInMessage = getTargetValue(inferredTarget);
082: if (targetInPolicy != null
083: && targetInPolicy.equals(targetInMessage)) {
084: found = true;
085: break;
086: }
087: }
088: if (!found && targetInPolicy != null) {
089: //check if message has the target
090: //check if the message has the element
091:
092: if (presentInMessage(targetInPolicy)) {
093: log.log(Level.SEVERE,
094: "WSS0206.policy.violation.exception");
095: log.log(Level.SEVERE, "Missing target : "
096: + targetInPolicy + " for " + policyType);
097: if (isEndorsing) {
098: throw new XWSSecurityException(
099: "Policy verification error:"
100: + "Missing target "
101: + targetInPolicy
102: + " for Endorsing "
103: + policyType);
104: } else {
105: throw new XWSSecurityException(
106: "Policy verification error:"
107: + "Missing target "
108: + targetInPolicy + " for "
109: + policyType);
110: }
111:
112: }
113: }
114: }
115: }
116:
117: private String getTargetValue(Target target) {
118: String targetInPolicy = null;
119: if (target.getType() == Target.TARGET_TYPE_VALUE_QNAME) {
120: targetInPolicy = target.getQName().getLocalPart();
121: } else if (target.getType() == Target.TARGET_TYPE_VALUE_URI) {
122: if (target.getPolicyQName() != null) {
123: targetInPolicy = target.getPolicyQName().getLocalPart();
124: } else {
125: String val = target.getValue();
126: String id = null;
127: if (val.charAt(0) == '#')
128: id = val.substring(1, val.length());
129: else
130: id = val;
131: targetInPolicy = getElementById(id);
132: }
133: }
134: return targetInPolicy;
135: }
136:
137: private String getElementById(String id) {
138: SecurityContext sc = ((JAXBFilterProcessingContext) ctx)
139: .getSecurityContext();
140:
141: HeaderList headers = sc.getNonSecurityHeaders();
142: // look in non-security headers
143: if (headers != null && headers.size() > 0) {
144: Iterator<Header> listItr = headers.listIterator();
145: while (listItr.hasNext()) {
146: GenericSecuredHeader header = (GenericSecuredHeader) listItr
147: .next();
148: if (header.hasID(id)) {
149: return header.getLocalPart();
150: }
151: }
152: }
153:
154: // look in processed headers
155: ArrayList processedHeaders = sc.getProcessedSecurityHeaders();
156: for (int j = 0; j < processedHeaders.size(); j++) {
157: SecurityHeaderElement header = (SecurityHeaderElement) processedHeaders
158: .get(j);
159: if (id.equals(header.getId())) {
160: return header.getLocalPart();
161: }
162: }
163:
164: // look in buffered headers
165: ArrayList bufferedHeaders = sc.getBufferedSecurityHeaders();
166: for (int j = 0; j < bufferedHeaders.size(); j++) {
167: SecurityHeaderElement header = (SecurityHeaderElement) bufferedHeaders
168: .get(j);
169: if (id.equals(header.getId())) {
170: return header.getLocalPart();
171: }
172: }
173: return null;
174: }
175:
176: private boolean presentInMessage(String targetInPolicy) {
177:
178: if (MessageConstants.SOAP_BODY_LNAME.equals(targetInPolicy))
179: return true;
180:
181: SecurityContext sc = ((JAXBFilterProcessingContext) ctx)
182: .getSecurityContext();
183:
184: HeaderList headers = sc.getNonSecurityHeaders();
185: // look in non-security headers
186: if (headers != null && headers.size() > 0) {
187: Iterator<Header> listItr = headers.listIterator();
188: while (listItr.hasNext()) {
189: GenericSecuredHeader header = (GenericSecuredHeader) listItr
190: .next();
191: if (header != null
192: && header.getLocalPart().equals(targetInPolicy)) {
193: return true;
194: }
195: }
196: }
197:
198: // look in processed headers
199: ArrayList processedHeaders = sc.getProcessedSecurityHeaders();
200: for (int j = 0; j < processedHeaders.size(); j++) {
201: SecurityHeaderElement header = (SecurityHeaderElement) processedHeaders
202: .get(j);
203: if (header != null
204: && header.getLocalPart().equals(targetInPolicy)) {
205: return true;
206: }
207: }
208:
209: // look in buffered headers
210: ArrayList bufferedHeaders = sc.getBufferedSecurityHeaders();
211: for (int j = 0; j < bufferedHeaders.size(); j++) {
212: SecurityHeaderElement header = (SecurityHeaderElement) bufferedHeaders
213: .get(j);
214: if (header != null
215: && header.getLocalPart().equals(targetInPolicy)) {
216: return true;
217: }
218: }
219: return false;
220: }
221:
222: public boolean isTargetPresent(List<Target> actualTargets)
223: throws XWSSecurityException {
224:
225: for (Target actualTarget : actualTargets) {
226: String targetInPolicy = getTargetValue(actualTarget);
227: if (presentInMessage(targetInPolicy)) {
228: return true;
229: }
230: }
231: return false;
232: }
233: }
|