001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the License). You may not use this file except in
005: * compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * Header Notice in each file and include the License file
014: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
015: * If applicable, add the following below the CDDL Header,
016: * with the fields enclosed by brackets [] replaced by
017: * you own identifying information:
018: * "Portions Copyrighted [year] [name of copyright owner]"
019: *
020: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
021: */
022:
023: package com.sun.xml.ws.security.opt.impl.incoming.processor;
024:
025: import com.sun.xml.stream.buffer.XMLStreamBufferException;
026: import com.sun.xml.stream.buffer.stax.StreamReaderBufferCreator;
027: import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
028: import com.sun.xml.ws.security.opt.api.TokenValidator;
029: import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
030: import com.sun.xml.ws.security.opt.impl.incoming.BinarySecurityToken;
031: import com.sun.xml.ws.security.opt.impl.incoming.DerivedKeyToken;
032: import com.sun.xml.ws.security.opt.impl.incoming.EncryptedData;
033: import com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey;
034: import com.sun.xml.ws.security.opt.impl.incoming.GenericSecuredHeader;
035: import com.sun.xml.ws.security.opt.impl.incoming.SAMLAssertion;
036: import com.sun.xml.ws.security.opt.impl.incoming.SecurityContextToken;
037: import com.sun.xml.ws.security.opt.impl.incoming.Signature;
038: import com.sun.xml.ws.security.opt.impl.incoming.SignatureConfirmation;
039: import com.sun.xml.ws.security.opt.impl.incoming.TimestampHeader;
040: import com.sun.xml.ws.security.opt.impl.incoming.UsernameTokenHeader;
041: import com.sun.xml.wss.BasicSecurityProfile;
042: import com.sun.xml.wss.XWSSecurityException;
043: import com.sun.xml.wss.impl.MessageConstants;
044: import com.sun.xml.wss.logging.LogDomainConstants;
045: import java.util.HashMap;
046: import java.util.Map;
047: import java.util.logging.Logger;
048: import javax.xml.stream.XMLInputFactory;
049: import javax.xml.stream.XMLStreamException;
050: import javax.xml.stream.XMLStreamReader;
051: import java.util.logging.Level;
052: import com.sun.xml.wss.logging.impl.opt.LogStringsMessages;
053: import com.sun.xml.wss.logging.impl.opt.LogStringsMessages;
054: import static com.sun.xml.wss.BasicSecurityProfile.*;
055:
056: /**
057: *
058: * @author K.Venugopal@sun.com
059: */
060: public class SecurityHeaderProcessor {
061:
062: private static final Logger logger = Logger.getLogger(
063: LogDomainConstants.IMPL_OPT_DOMAIN,
064: LogDomainConstants.IMPL_OPT_DOMAIN_BUNDLE);
065:
066: private static final int TIMESTAMP_ELEMENT = 1;
067: private static final int USERNAMETOKEN_ELEMENT = 2;
068: private static final int BINARYSECURITY_TOKEN_ELEMENT = 3;
069: private static final int ENCRYPTED_DATA_ELEMENT = 4;
070: private static final int ENCRYPTED_KEY_ELEMENT = 5;
071: private static final int SIGNATURE_ELEMENT = 6;
072: private static final int REFERENCE_LIST_ELEMENT = 7;
073: private static final int DERIVED_KEY_ELEMENT = 8;
074: private static final int SIGNATURE_CONFIRMATION_ELEMENT = 9;
075: private static final int SECURITY_CONTEXT_TOKEN = 10;
076: private static final int SAML_ASSERTION_ELEMEMENT = 11;
077: private Map<String, String> currentParentNS = new HashMap<String, String>();
078: private JAXBFilterProcessingContext context;
079: private XMLInputFactory staxIF = null;
080: private StreamReaderBufferCreator creator = null;
081: private BasicSecurityProfile bspContext = null;
082:
083: /** Creates a new instance of SecurityHeaderProcessor */
084:
085: public SecurityHeaderProcessor(JAXBFilterProcessingContext context,
086: Map<String, String> namespaceList, XMLInputFactory xi,
087: StreamReaderBufferCreator sbc) {
088: this .context = context;
089: this .currentParentNS = namespaceList;
090: this .staxIF = xi;
091: this .context = context;
092: this .creator = sbc;
093: this .bspContext = context.getBSPContext();
094: }
095:
096: public SecurityHeaderElement createHeader(XMLStreamReader message)
097: throws XWSSecurityException {
098:
099: int eventType = getSecurityElementType(message);
100: try {
101: while (eventType != -1) {
102: switch (eventType) {
103: case TIMESTAMP_ELEMENT: {
104: if (context.isBSP()
105: && bspContext.isTimeStampFound()) {
106: log_bsp_3203();
107: }
108: bspContext.setTimeStampFound(true);
109: TimestampHeader timestamp = new TimestampHeader(
110: message, creator,
111: (HashMap) currentParentNS, context);
112: ((TokenValidator) timestamp).validate(context);
113: context.getSecurityContext()
114: .getProcessedSecurityHeaders().add(
115: timestamp);
116: context.getInferredSecurityPolicy().append(
117: timestamp.getPolicy());
118: return timestamp;
119:
120: }
121: case BINARYSECURITY_TOKEN_ELEMENT: {
122: BinarySecurityToken bst = new BinarySecurityToken(
123: message, creator,
124: (HashMap) currentParentNS, staxIF);
125: ((TokenValidator) bst).validate(context);
126: context.getSecurityContext()
127: .getProcessedSecurityHeaders().add(bst);
128: context.getInferredSecurityPolicy().append(
129: bst.getPolicy());
130: return bst;
131: }
132: case ENCRYPTED_KEY_ELEMENT: {
133: EncryptedKey ek = new EncryptedKey(message,
134: context, (HashMap) currentParentNS);
135: context.getSecurityContext()
136: .getProcessedSecurityHeaders().add(ek);
137: return ek;
138: }
139: case ENCRYPTED_DATA_ELEMENT: {
140: EncryptedData ed = new EncryptedData(message,
141: context, (HashMap) currentParentNS);
142: context.getSecurityContext()
143: .getProcessedSecurityHeaders().add(ed);
144: return ed;
145: }
146: case USERNAMETOKEN_ELEMENT: {
147: UsernameTokenHeader ut = new UsernameTokenHeader(
148: message, creator,
149: (HashMap) currentParentNS, staxIF);
150: ut.validate(context);
151: context.getSecurityContext()
152: .getProcessedSecurityHeaders().add(ut);
153: context.getInferredSecurityPolicy().append(
154: ut.getPolicy());
155: return ut;
156: }
157: case DERIVED_KEY_ELEMENT: {
158: DerivedKeyToken dkt = new DerivedKeyToken(message,
159: context, (HashMap) currentParentNS);
160: context.getSecurityContext()
161: .getProcessedSecurityHeaders().add(dkt);
162: return dkt;
163:
164: }
165: case SIGNATURE_CONFIRMATION_ELEMENT: {
166: SignatureConfirmation signConfirm = new SignatureConfirmation(
167: message, creator,
168: (HashMap) currentParentNS, staxIF);
169: signConfirm.validate(context);
170: context.getSecurityContext()
171: .getProcessedSecurityHeaders().add(
172: signConfirm);
173: return signConfirm;
174:
175: }
176: case SECURITY_CONTEXT_TOKEN: {
177: SecurityContextToken sct = new SecurityContextToken(
178: message, context, (HashMap) currentParentNS);
179: context.getSecurityContext()
180: .getProcessedSecurityHeaders().add(sct);
181: return sct;
182: }
183: case SIGNATURE_ELEMENT: {
184: Signature sig = new Signature(context,
185: currentParentNS, creator, true);
186: sig.process(message);
187: if (sig.getReferences().size() == 0) {
188: context.getSecurityContext()
189: .getProcessedSecurityHeaders().add(sig);
190: }
191: context.getInferredSecurityPolicy().append(
192: sig.getPolicy());
193: return sig;
194: }
195: case SAML_ASSERTION_ELEMEMENT: {
196: SAMLAssertion samlAssertion = new SAMLAssertion(
197: message, context, null,
198: (HashMap) currentParentNS);
199: return samlAssertion;
200: }
201: default: {
202: GenericSecuredHeader gsh = new GenericSecuredHeader(
203: message, null, creator,
204: (HashMap) currentParentNS, staxIF, context
205: .getEncHeaderContent());
206: // headers.add(gsh);
207: }
208: }
209: eventType = getSecurityElementType(message);
210: // moveToNextElement();
211: }
212: } catch (XMLStreamException xe) {
213: logger.log(Level.SEVERE, LogStringsMessages
214: .WSS_1608_ERROR_SECURITY_HEADER());
215: throw new XWSSecurityException(LogStringsMessages
216: .WSS_1608_ERROR_SECURITY_HEADER(), xe);
217: } catch (XMLStreamBufferException xbe) {
218: logger.log(Level.SEVERE, LogStringsMessages
219: .WSS_1608_ERROR_SECURITY_HEADER());
220: throw new XWSSecurityException(LogStringsMessages
221: .WSS_1608_ERROR_SECURITY_HEADER(), xbe);
222: }
223:
224: return null;
225: }
226:
227: private boolean isTimeStamp(XMLStreamReader reader) {
228: if (reader.getLocalName() == MessageConstants.TIMESTAMP_LNAME
229: && reader.getNamespaceURI() == MessageConstants.WSU_NS) {
230: return true;
231: }
232: return false;
233: }
234:
235: private boolean isBST(XMLStreamReader reader) {
236: if (reader.getLocalName() == MessageConstants.WSSE_BINARY_SECURITY_TOKEN_LNAME
237: && reader.getNamespaceURI() == MessageConstants.WSSE_NS) {
238: return true;
239: }
240: return false;
241: }
242:
243: private boolean isSignature(XMLStreamReader reader) {
244: if (reader.getLocalName() == MessageConstants.SIGNATURE_LNAME
245: && reader.getNamespaceURI() == MessageConstants.DSIG_NS) {
246: return true;
247: }
248: return false;
249: }
250:
251: private boolean isEncryptedKey(XMLStreamReader reader) {
252: if (reader.getLocalName() == MessageConstants.ENCRYPTEDKEY_LNAME
253: && reader.getNamespaceURI() == MessageConstants.XENC_NS) {
254: return true;
255: }
256: return false;
257: }
258:
259: private boolean isEncryptedData(XMLStreamReader reader) {
260: if (reader.getLocalName() == MessageConstants.ENCRYPTED_DATA_LNAME
261: && reader.getNamespaceURI() == MessageConstants.XENC_NS) {
262: return true;
263: }
264: return false;
265: }
266:
267: private boolean isUsernameToken(XMLStreamReader reader) {
268: if (reader.getLocalName() == MessageConstants.USERNAME_TOKEN_LNAME
269: && reader.getNamespaceURI() == MessageConstants.WSSE_NS) {
270: return true;
271: }
272: return false;
273: }
274:
275: private boolean isDerivedKey(XMLStreamReader reader) {
276: if (reader.getLocalName() == MessageConstants.DERIVEDKEY_TOKEN_LNAME
277: && reader.getNamespaceURI() == MessageConstants.WSSC_NS) {
278: return true;
279: }
280: return false;
281: }
282:
283: private boolean isSignatureConfirmation(XMLStreamReader reader) {
284: if (reader.getLocalName() == MessageConstants.SIGNATURE_CONFIRMATION_LNAME
285: && reader.getNamespaceURI() == MessageConstants.WSSE11_NS) {
286: return true;
287: }
288: return false;
289: }
290:
291: private boolean isSCT(XMLStreamReader reader) {
292: if (reader.getLocalName() == MessageConstants.SECURITY_CONTEXT_TOKEN_LNAME
293: && reader.getNamespaceURI() == MessageConstants.WSSC_NS) {
294: return true;
295: }
296: return false;
297: }
298:
299: private boolean isSAML(XMLStreamReader message) {
300: if (message.getLocalName() == MessageConstants.SAML_ASSERTION_LNAME) {
301: String uri = message.getNamespaceURI();
302: if (uri == MessageConstants.SAML_v2_0_NS
303: || uri == MessageConstants.SAML_v1_0_NS
304: || uri == MessageConstants.SAML_v1_1_NS) {
305: return true;
306: }
307: }
308: return false;
309: }
310:
311: private void moveToNextElement(XMLStreamReader reader)
312: throws XMLStreamException {
313: reader.next();
314: while (reader.getEventType() != XMLStreamReader.START_ELEMENT) {
315: reader.next();
316: }
317: }
318:
319: public int getSecurityElementType(XMLStreamReader reader) {
320: if (isTimeStamp(reader)) {
321: return TIMESTAMP_ELEMENT;
322: }
323:
324: if (isBST(reader)) {
325: return BINARYSECURITY_TOKEN_ELEMENT;
326: }
327:
328: if (isSignature(reader)) {
329: return SIGNATURE_ELEMENT;
330: }
331:
332: if (isEncryptedKey(reader)) {
333: return ENCRYPTED_KEY_ELEMENT;
334: }
335:
336: if (isEncryptedData(reader)) {
337: return ENCRYPTED_DATA_ELEMENT;
338: }
339:
340: if (isUsernameToken(reader)) {
341: return USERNAMETOKEN_ELEMENT;
342: }
343:
344: if (isSignatureConfirmation(reader)) {
345: return SIGNATURE_CONFIRMATION_ELEMENT;
346: }
347:
348: if (isDerivedKey(reader)) {
349: return this .DERIVED_KEY_ELEMENT;
350: }
351:
352: if (isSCT(reader)) {
353: return this .SECURITY_CONTEXT_TOKEN;
354: }
355: if (isSAML(reader)) {
356: return this .SAML_ASSERTION_ELEMEMENT;
357: }
358: return -1;
359: }
360:
361: }
|