001: /**
002: * $Id: TimestampFilter.java,v 1.8 2007/05/10 09:22:42 kumarjayanti Exp $
003: */package com.sun.xml.wss.impl.filter;
004:
005: import com.sun.xml.wss.ProcessingContext;
006: import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
007:
008: import java.util.Iterator;
009: import java.util.logging.Level;
010: import java.util.logging.Logger;
011:
012: import javax.xml.soap.Name;
013: import javax.xml.soap.SOAPFactory;
014: import javax.xml.soap.SOAPElement;
015: import javax.xml.soap.SOAPException;
016:
017: import com.sun.xml.wss.core.Timestamp;
018: import com.sun.xml.wss.core.SecurityHeader;
019: import com.sun.xml.wss.impl.MessageConstants;
020: import com.sun.xml.wss.XWSSecurityException;
021: import com.sun.xml.wss.impl.SecurableSoapMessage;
022: import com.sun.xml.wss.impl.FilterProcessingContext;
023: import com.sun.xml.wss.logging.LogDomainConstants;
024: import com.sun.xml.wss.impl.XWSSecurityRuntimeException;
025: import com.sun.xml.wss.impl.policy.mls.TimestampPolicy;
026: import com.sun.xml.wss.impl.callback.DynamicPolicyCallback;
027: import com.sun.xml.wss.impl.configuration.DynamicApplicationContext;
028: import com.sun.xml.wss.impl.misc.SecurityHeaderBlockImpl;
029: import com.sun.xml.wss.impl.HarnessUtil;
030:
031: /**
032: * Processes export and import of wsu:Timestamp
033: *
034: * Message ANNOTATION is performed as follows:
035: *
036: * if (policy resolution should happen)
037: * // make-DPC flag turned on
038: * resolve TimestampPolicy
039: * write wsu:Timestamp to header
040: *
041: * Message VALIDATION is performed as follows:
042: *
043: * if (ADHOC processing mode)
044: * if (policy resolution should happen)
045: * // make-DPC flag turned on
046: * resolve TimestampPolicy
047: * locate wsu:Timestamp element in the header
048: * throw Exception if more than one found
049: * validate wsu:Timestamp (delegate to SecurityEnvironment Implementation)
050: * else
051: * import wsu:Timestamp element
052: * if (POSTHOC processing mode)
053: * construct Timestamp policy and set it on FPC
054: * else
055: * if (DEFAULT processing mode)
056: * validate wsu:Timestamp
057: */
058: public class TimestampFilter {
059:
060: protected static final Logger log = Logger.getLogger(
061: LogDomainConstants.FILTER_DOMAIN,
062: LogDomainConstants.FILTER_DOMAIN_BUNDLE);
063:
064: /**
065: * @param context FilterProcessingContext
066: *
067: * @throws XWSSecurityException
068: */
069: public static void process(FilterProcessingContext context)
070: throws XWSSecurityException {
071:
072: if (!context.isInboundMessage()) {
073:
074: //hack to prevent multiple timestamp exports
075: //TODO: revisit
076: if (context.timestampExported())
077: return;
078:
079: TimestampPolicy policy = (TimestampPolicy) context
080: .getSecurityPolicy();
081: long timeout = policy.getTimeout();
082: String created = policy.getCreationTime();
083: String id = policy.getUUID();
084: if (context.getTimestampTimeout() > 0) {
085: timeout = context.getTimestampTimeout();
086: }
087: if (context.makeDynamicPolicyCallback()) {
088: TimestampPolicy policyClone = (TimestampPolicy) policy
089: .clone();
090: try {
091: DynamicApplicationContext dynamicContext = new DynamicApplicationContext(
092: context.getPolicyContext());
093:
094: dynamicContext.setMessageIdentifier(context
095: .getMessageIdentifier());
096: dynamicContext.inBoundMessage(false);
097: // TODO: copy runtime properties into callback context
098: DynamicPolicyCallback callback = new DynamicPolicyCallback(
099: policyClone, dynamicContext);
100: ProcessingContext.copy(dynamicContext
101: .getRuntimeProperties(), context
102: .getExtraneousProperties());
103: HarnessUtil.makeDynamicPolicyCallback(callback,
104: context.getSecurityEnvironment()
105: .getCallbackHandler());
106:
107: } catch (Exception e) {
108: // log
109: throw new XWSSecurityException(e);
110: }
111:
112: timeout = policyClone.getTimeout();
113: created = policyClone.getCreationTime();
114: }
115:
116: setTimestamp(context, timeout, created, id);
117:
118: //hack to prevent multiple timestamp exports
119: //TODO: revisit
120: context.timestampExported(true);
121:
122: } else {
123:
124: // Processing inbound messages
125: Timestamp timestamp = null;
126:
127: if (context.getMode() == FilterProcessingContext.ADHOC) {
128:
129: if (context.makeDynamicPolicyCallback()) {
130: TimestampPolicy policyClone = (TimestampPolicy) ((TimestampPolicy) context
131: .getSecurityPolicy()).clone();
132: try {
133: DynamicApplicationContext dynamicContext = new DynamicApplicationContext(
134: context.getPolicyContext());
135:
136: dynamicContext.setMessageIdentifier(context
137: .getMessageIdentifier());
138: dynamicContext.inBoundMessage(true);
139: DynamicPolicyCallback callback = new DynamicPolicyCallback(
140: policyClone, dynamicContext);
141: ProcessingContext.copy(dynamicContext
142: .getRuntimeProperties(), context
143: .getExtraneousProperties());
144: HarnessUtil.makeDynamicPolicyCallback(callback,
145: context.getSecurityEnvironment()
146: .getCallbackHandler());
147:
148: } catch (Exception e) {
149: // log
150: throw new XWSSecurityException(e);
151: }
152: context.setSecurityPolicy(policyClone);
153: }
154:
155: TimestampPolicy policy = (TimestampPolicy) context
156: .getSecurityPolicy();
157: long maxClockSkew = policy.getMaxClockSkew();
158: long timeStampFreshness = policy
159: .getTimestampFreshness();
160:
161: SecurityHeader secHeader = context
162: .getSecurableSoapMessage().findSecurityHeader();
163: if (secHeader == null) {
164: // log
165: throw new XWSSecurityException(
166: "Message does not conform to Timestamp policy: "
167: + "wsu:Timestamp element not found in header");
168: }
169:
170: SOAPElement ts = null;
171:
172: try {
173: SOAPFactory factory = SOAPFactory.newInstance();
174: Name name = factory.createName(
175: MessageConstants.TIMESTAMP_LNAME,
176: MessageConstants.WSU_PREFIX,
177: MessageConstants.WSU_NS);
178: Iterator i = secHeader.getChildElements(name);
179:
180: if (i.hasNext()) {
181: ts = (SOAPElement) i.next();
182: if (i.hasNext()) {
183: log.log(Level.SEVERE,
184: "BSP3227.Single.Timestamp");
185: throw new XWSSecurityException(
186: "More than one wsu:Timestamp element in the header");
187: }
188: } else {
189: // log
190: throw new XWSSecurityException(
191: "Message does not conform to Timestamp policy: "
192: + "wsu:Timestamp element not found in header");
193: }
194: } catch (SOAPException se) {
195: // log
196: throw new XWSSecurityRuntimeException(se);
197: }
198:
199: try {
200: timestamp = new Timestamp(ts);
201: } catch (XWSSecurityException xwsse) {
202: throw SecurableSoapMessage.newSOAPFaultException(
203: MessageConstants.WSSE_INVALID_SECURITY,
204: "Failure in Timestamp internalization.\n"
205: + "Message is: "
206: + xwsse.getMessage(), xwsse);
207: }
208:
209: try {
210: context.getSecurityEnvironment()
211: .validateTimestamp(
212: context.getExtraneousProperties(),
213: timestamp, maxClockSkew,
214: timeStampFreshness);
215: } catch (XWSSecurityException xwsse) {
216: throw SecurableSoapMessage.newSOAPFaultException(
217: MessageConstants.WSSE_INVALID_SECURITY,
218: "Failure in Timestamp validation.\n"
219: + "Message is: "
220: + xwsse.getMessage(), xwsse);
221: }
222:
223: if (MessageConstants.debug) {
224: log.log(Level.FINEST, "Validated TIMESTAMP.....");
225: }
226: } else {
227:
228: if (context.getMode() == FilterProcessingContext.POSTHOC) {
229: throw new XWSSecurityException(
230: "Internal Error: Called TimestampFilter in POSTHOC Mode");
231: }
232:
233: if (context.getMode() == FilterProcessingContext.WSDL_POLICY) {
234: TimestampPolicy ts = new TimestampPolicy();
235: context.getInferredSecurityPolicy().append(ts);
236: }
237:
238: SecurityHeader secHeader = context
239: .getSecurableSoapMessage().findSecurityHeader();
240: try {
241: timestamp = (Timestamp) SecurityHeaderBlockImpl
242: .fromSoapElement(secHeader
243: .getCurrentHeaderElement(),
244: Timestamp.class);
245: } catch (XWSSecurityException xwsse) {
246: throw SecurableSoapMessage.newSOAPFaultException(
247: MessageConstants.WSSE_INVALID_SECURITY,
248: "Failure in Timestamp internalization.\n"
249: + "Message is: "
250: + xwsse.getMessage(), xwsse);
251: }
252: // FilterProcessingContext.DEFAULT
253: try {
254: context.getSecurityEnvironment().validateTimestamp(
255: context.getExtraneousProperties(),
256: timestamp, Timestamp.MAX_CLOCK_SKEW,
257: Timestamp.TIMESTAMP_FRESHNESS_LIMIT);
258: } catch (XWSSecurityException xwsse) {
259: throw SecurableSoapMessage.newSOAPFaultException(
260: MessageConstants.WSSE_INVALID_SECURITY,
261: "Failure in Timestamp validation.\n"
262: + "Message is: "
263: + xwsse.getMessage(), xwsse);
264: }
265:
266: if (MessageConstants.debug) {
267: log.log(Level.FINEST, "Validated TIMESTAMP.....");
268: }
269: }
270: }
271: }
272:
273: private static void setTimestamp(FilterProcessingContext context,
274: Long timeout, String created, String id)
275: throws XWSSecurityException {
276: if (context instanceof JAXBFilterProcessingContext) {
277: JAXBFilterProcessingContext optContext = (JAXBFilterProcessingContext) context;
278: com.sun.xml.ws.security.opt.impl.outgoing.SecurityHeader secHeader = optContext
279: .getSecurityHeader();
280: com.sun.xml.ws.security.opt.impl.tokens.Timestamp wsuTimestamp = new com.sun.xml.ws.security.opt.impl.tokens.Timestamp(
281: optContext.getSOAPVersion());
282:
283: wsuTimestamp.setTimeout(timeout);
284: if (id != null) {
285: wsuTimestamp.setId(id);
286: }
287:
288: //sets the creation and expiration time
289: wsuTimestamp.createDateTime();
290:
291: secHeader.add(wsuTimestamp);
292:
293: } else {
294: SecurityHeader secHeader = context
295: .getSecurableSoapMessage()
296: .findOrCreateSecurityHeader();
297:
298: Timestamp wsuTimestamp = new Timestamp();
299: if ("".equals(created)) {
300: wsuTimestamp.setCreated(null);
301: } else {
302: wsuTimestamp.setCreated(created);
303: }
304:
305: wsuTimestamp.setTimeout(timeout);
306: if (id != null) {
307: wsuTimestamp.setId(id);
308: }
309: secHeader.insertHeaderBlock(wsuTimestamp);
310: }
311: }
312: }
|