001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the License). You may not use this file except in
005: * compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * Header Notice in each file and include the License file
014: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
015: * If applicable, add the following below the CDDL Header,
016: * with the fields enclosed by brackets [] replaced by
017: * you own identifying information:
018: * "Portions Copyrighted [year] [name of copyright owner]"
019: *
020: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
021: */
022:
023: /*
024: * SignatureConfirmationFilter.java
025: *
026: * Created on January 24, 2006, 6:30 PM
027: *
028: * To change this template, choose Tools | Template Manager
029: * and open the template in the editor.
030: */
031:
032: package com.sun.xml.wss.impl.filter;
033:
034: import com.sun.xml.ws.security.opt.impl.tokens.SignatureConfirmation;
035: import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
036: import java.util.logging.Level;
037: import java.util.logging.Logger;
038: import com.sun.xml.wss.logging.LogDomainConstants;
039:
040: import com.sun.xml.wss.XWSSecurityException;
041:
042: import com.sun.xml.wss.core.SecurityHeader;
043: import com.sun.xml.wss.core.SignatureConfirmationHeaderBlock;
044:
045: import com.sun.xml.wss.impl.MessageConstants;
046: import com.sun.xml.wss.impl.FilterProcessingContext;
047: import com.sun.xml.wss.impl.SecurableSoapMessage;
048: import com.sun.xml.wss.impl.policy.mls.SignatureConfirmationPolicy;
049: import com.sun.xml.ws.security.opt.impl.util.NamespaceContextEx;
050:
051: import javax.xml.soap.SOAPElement;
052: import javax.xml.soap.SOAPFactory;
053: import javax.xml.soap.Name;
054: import javax.xml.soap.SOAPException;
055:
056: import java.util.List;
057: import java.util.ArrayList;
058: import java.util.Iterator;
059:
060: /**
061: * Process SignatureConfirmation: Add SignatureConfirmation or verify
062: * received SignatureConfirmation
063: *
064: * @author Ashutosh.Shahi@sun.com
065: */
066: public class SignatureConfirmationFilter {
067:
068: protected static final Logger log = Logger.getLogger(
069: LogDomainConstants.FILTER_DOMAIN,
070: LogDomainConstants.FILTER_DOMAIN_BUNDLE);
071:
072: public static void process(FilterProcessingContext context)
073: throws XWSSecurityException {
074:
075: if (!context.isInboundMessage()) {
076: //The message is outgoing message
077: //Check for the property receivedSignValues in context.Extraneous properties
078: //If it is not null, add a SignatureConfirmation Header for each of the values in the property
079:
080: List scList = (ArrayList) context
081: .getExtraneousProperty("receivedSignValues");
082: //SignatureConfirmationPolicy policy = (SignatureConfirmationPolicy)context.getSecurityPolicy();
083:
084: setSignConfirmValues(context, scList);
085:
086: } else {
087: // The message is incoming message
088: // Take out all the SignatureConfirmation security headers, and check if each of the values is present
089: // in the SignatureConfirmation property of context.Extraneous properties
090: // Also make sure that all the values in SignatureConfirmation are exhausted
091:
092: //SignatureConfirmationPolicy policy = (SignatureConfirmationPolicy)context.getSecurityPolicy();
093:
094: SecurityHeader secHeader = context
095: .getSecurableSoapMessage().findSecurityHeader();
096: if (secHeader == null) {
097: //log
098: throw new XWSSecurityException(
099: "Message does not confirm to SignatureConfirmation Policy:"
100: + "wsse11:SignatureConfirmation element not found in Header");
101: }
102:
103: Object temp = context
104: .getExtraneousProperty("SignatureConfirmation");
105: List scList = null;
106: if (temp != null && temp instanceof ArrayList)
107: scList = (ArrayList) temp;
108: if (scList != null) {
109:
110: SignatureConfirmationHeaderBlock signConfirm = null;
111: SOAPElement sc = null;
112: try {
113: SOAPFactory factory = SOAPFactory.newInstance();
114: Name name = factory
115: .createName(
116: MessageConstants.SIGNATURE_CONFIRMATION_LNAME,
117: MessageConstants.WSSE11_PREFIX,
118: MessageConstants.WSSE11_NS);
119: Iterator i = secHeader.getChildElements(name);
120: if (!i.hasNext()) {
121: throw new XWSSecurityException(
122: "Message does not confirm to Security Policy:"
123: + "wss11:SignatureConfirmation Element not found");
124: }
125: while (i.hasNext()) {
126: sc = (SOAPElement) i.next();
127: try {
128: signConfirm = new SignatureConfirmationHeaderBlock(
129: sc);
130: } catch (XWSSecurityException xwsse) {
131: throw SecurableSoapMessage
132: .newSOAPFaultException(
133: MessageConstants.WSSE_INVALID_SECURITY,
134: "Failure in SignatureConfirmation validation\n"
135: + "Message is: "
136: + xwsse
137: .getMessage(),
138: xwsse);
139: }
140: String signValue = signConfirm
141: .getSignatureValue();
142:
143: //Case when there was no Signature in sent message, the received message should have one
144: //SignatureConfirmation with no Value attribute
145: if (signValue == null) {
146: if (i.hasNext() || !scList.isEmpty()) {
147: log
148: .log(Level.SEVERE,
149: "Failure in SignatureConfirmation Validation");
150: throw new XWSSecurityException(
151: "Failure in SignatureConfirmation Validation");
152: }
153: } else if (scList.contains(signValue)) { // match the Value in received message
154: //with the stored value
155: scList.remove(signValue);
156: } else {
157: log
158: .log(Level.SEVERE,
159: "Failure in SignatureConfirmation Validation");
160: throw new XWSSecurityException(
161: "Mismatch in SignatureConfirmation Element");
162: }
163: }
164:
165: } catch (SOAPException se) {
166: throw new XWSSecurityException(se);
167: }
168: if (!scList.isEmpty()) {
169: log
170: .log(Level.SEVERE,
171: "Failure in SignatureConfirmation Validation");
172: throw new XWSSecurityException(
173: "Failure in SignatureConfirmation");
174: }
175: context.setExtraneousProperty("SignatureConfirmation",
176: MessageConstants._EMPTY);
177: /*if (context.getMode() == FilterProcessingContext.WSDL_POLICY) {
178: SignatureConfirmationPolicy policy = new SignatureConfirmationPolicy();
179: context.getInferredSecurityPolicy().append(policy);
180: }*/
181: }
182: }
183: }
184:
185: private static void setSignConfirmValues(
186: com.sun.xml.wss.impl.FilterProcessingContext context,
187: List scList) throws XWSSecurityException {
188: if (scList != null) {
189: Iterator it = scList.iterator();
190: if (context instanceof JAXBFilterProcessingContext) {
191: JAXBFilterProcessingContext optContext = (JAXBFilterProcessingContext) context;
192: com.sun.xml.ws.security.opt.impl.outgoing.SecurityHeader secHeader = optContext
193: .getSecurityHeader();
194: ((NamespaceContextEx) optContext.getNamespaceContext())
195: .addWSS11NS();
196: if (!it.hasNext()) {
197: // Insert a SignatureConfirmation element with no Value attribute
198: String id = optContext.generateID();
199: SignatureConfirmation scHeader = new SignatureConfirmation(
200: id, optContext.getSOAPVersion());
201: secHeader.add(scHeader);
202: optContext.getSignatureConfirmationIds().add(id);
203: }
204:
205: while (it.hasNext()) {
206: byte[] signValue = (byte[]) it.next();
207: String id = optContext.generateID();
208: SignatureConfirmation scHeader = new SignatureConfirmation(
209: id, optContext.getSOAPVersion());
210: scHeader.setValue(signValue);
211: secHeader.add(scHeader);
212: optContext.getSignatureConfirmationIds().add(id);
213: }
214: } else {
215: SecurableSoapMessage secureMessage = context
216: .getSecurableSoapMessage();
217: SecurityHeader secHeader = secureMessage
218: .findOrCreateSecurityHeader();
219:
220: if (!it.hasNext()) {
221: // Insert a SignatureConfirmation element with no Value attribute
222: String id = secureMessage.generateId();
223: SignatureConfirmationHeaderBlock signConfirm = new SignatureConfirmationHeaderBlock(
224: id);
225: secHeader.insertHeaderBlock(signConfirm);
226: context.getSignatureConfirmationIds().add(id);
227: }
228:
229: while (it.hasNext()) {
230:
231: String signValue = (String) it.next();
232: String id = secureMessage.generateId();
233: SignatureConfirmationHeaderBlock signConfirm = new SignatureConfirmationHeaderBlock(
234: id);
235: signConfirm.setSignatureValue(signValue);
236: secHeader.insertHeaderBlock(signConfirm);
237: context.getSignatureConfirmationIds().add(id);
238: }
239: }
240: }
241: }
242:
243: }
|