001: /*
002: * $Id: HarnessUtil.java,v 1.8 2007/01/08 09:28:49 ashutoshshahi Exp $
003: */
004:
005: /*
006: * The contents of this file are subject to the terms
007: * of the Common Development and Distribution License
008: * (the License). You may not use this file except in
009: * compliance with the License.
010: *
011: * You can obtain a copy of the license at
012: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
013: * See the License for the specific language governing
014: * permissions and limitations under the License.
015: *
016: * When distributing Covered Code, include this CDDL
017: * Header Notice in each file and include the License file
018: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
019: * If applicable, add the following below the CDDL Header,
020: * with the fields enclosed by brackets [] replaced by
021: * you own identifying information:
022: * "Portions Copyrighted [year] [name of copyright owner]"
023: *
024: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
025: */
026:
027: package com.sun.xml.wss.impl;
028:
029: import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
030: import org.w3c.dom.Node;
031:
032: import javax.xml.soap.SOAPBody;
033: import javax.xml.soap.SOAPMessage;
034: import javax.xml.soap.SOAPElement;
035: import javax.xml.soap.SOAPException;
036:
037: import javax.security.auth.callback.CallbackHandler;
038: import javax.security.auth.callback.Callback;
039: import javax.security.auth.callback.UnsupportedCallbackException;
040:
041: import java.util.logging.Level;
042: import java.util.logging.Logger;
043:
044: import com.sun.xml.wss.logging.LogDomainConstants;
045:
046: import com.sun.xml.wss.impl.policy.SecurityPolicy;
047: import com.sun.xml.wss.impl.policy.StaticPolicyContext;
048: import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
049: import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
050:
051: import com.sun.xml.wss.impl.filter.TimestampFilter;
052: import com.sun.xml.wss.impl.filter.SignatureFilter;
053: import com.sun.xml.wss.impl.filter.EncryptionFilter;
054: import com.sun.xml.wss.impl.filter.AuthenticationTokenFilter;
055: import com.sun.xml.wss.impl.filter.SignatureConfirmationFilter;
056:
057: import com.sun.xml.ws.api.message.Message;
058:
059: import com.sun.xml.wss.impl.callback.DynamicPolicyCallback;
060: import com.sun.xml.wss.*;
061: import org.w3c.dom.NodeList;
062:
063: public abstract class HarnessUtil {
064:
065: private static Logger log = Logger.getLogger(
066: LogDomainConstants.WSS_API_DOMAIN,
067: LogDomainConstants.WSS_API_DOMAIN_BUNDLE);
068:
069: /**
070: * @param fpContext com.sun.xml.wss.FilterProcessingContext
071: *
072: * @throws com.sun.xml.wss.XWSSecurityException
073: */
074: static void processWSSPolicy(FilterProcessingContext fpContext)
075: throws XWSSecurityException {
076:
077: WSSPolicy policy = (WSSPolicy) fpContext.getSecurityPolicy();
078: if (PolicyTypeUtil.signaturePolicy(policy)) {
079: SignatureFilter.process(fpContext);
080: } else if (PolicyTypeUtil.encryptionPolicy(policy)) {
081: EncryptionFilter.process(fpContext);
082: } else if (PolicyTypeUtil.timestampPolicy(policy)) {
083: TimestampFilter.process(fpContext);
084: } else if (PolicyTypeUtil.signatureConfirmationPolicy(policy)) {
085: SignatureConfirmationFilter.process(fpContext);
086: } else if (PolicyTypeUtil.authenticationTokenPolicy(policy)) {
087: WSSPolicy authPolicy = (WSSPolicy) policy
088: .getFeatureBinding();
089: if (PolicyTypeUtil.usernameTokenPolicy(authPolicy)) {
090: AuthenticationTokenFilter
091: .processUserNameToken(fpContext);
092: } else if (PolicyTypeUtil.samlTokenPolicy(authPolicy)) {
093: AuthenticationTokenPolicy.SAMLAssertionBinding samlPolicy = (AuthenticationTokenPolicy.SAMLAssertionBinding) authPolicy;
094: try {
095: if (samlPolicy.getAssertionType() == AuthenticationTokenPolicy.SAMLAssertionBinding.SV_ASSERTION) {
096: AuthenticationTokenFilter
097: .processSamlToken(fpContext);
098: }
099: } catch (Exception ex) {
100: //ignore it
101: }
102: } else if (PolicyTypeUtil
103: .x509CertificateBinding(authPolicy)) {
104: AuthenticationTokenFilter.processX509Token(fpContext);
105: }
106: } else if (PolicyTypeUtil.isMandatoryTargetPolicy(policy)) {
107: return;
108: } else {
109: log.log(Level.SEVERE, "WSS0801.illegal.securitypolicy");
110: throw new XWSSecurityException("Invalid WSSPolicy Type");
111: }
112: }
113:
114: /**
115: * @param fpContext com.sun.xml.wss.FilterProcessingContext
116: *
117: * @throws com.sun.xml.wss.XWSSecurityException
118: */
119: /*static void processBooleanComposer(FilterProcessingContext fpContext)
120: throws XWSSecurityException {
121:
122: BooleanComposer bComposer = (BooleanComposer) fpContext.getSecurityPolicy();
123:
124: int type = bComposer.getComposerType();
125:
126: SecurityPolicy policyA = (SecurityPolicy) bComposer.getPolicyA();
127: SecurityPolicy policyB = (SecurityPolicy) bComposer.getPolicyB();
128:
129: if (type == BooleanComposer.OR) {
130: fpContext.setSecurityPolicy(policyA);
131: processDeep(fpContext);
132:
133: if (fpContext.isPrimaryPolicyViolation()) {
134: fpContext.setSecurityPolicy(policyB);
135: processDeep(fpContext);
136:
137: if (fpContext.isPrimaryPolicyViolation()) {
138: String message =
139: "Policy: " + policyA.getClass().getName() + " OR " +
140: "Policy: " + policyB.getClass().getName() +
141: " not satisfied";
142: log.log(Level.SEVERE,
143: "WSS0802.securitypolicy.notsatisfied",
144: new Object[] {message});
145:
146: throw new XWSSecurityException(message, fpContext.getPVE());
147: }
148: }
149: } else
150: if (type == BooleanComposer.AND_STRICT) {
151: fpContext.setSecurityPolicy(policyA);
152: processDeep(fpContext);
153:
154: if (fpContext.isPrimaryPolicyViolation()) {
155: String message =
156: "Policy: " + policyA.getClass().getName() + " AND_STRICT " +
157: "Policy: " + policyB.getClass().getName() +
158: " not satisfied";
159: log.log(Level.SEVERE,
160: "WSS0802.securitypolicy.notsatisfied",
161: new Object[] {message});
162:
163: throw new XWSSecurityException(message, fpContext.getPVE());
164: }
165:
166: fpContext.setSecurityPolicy(policyB);
167: processDeep(fpContext);
168:
169: if (fpContext.isPrimaryPolicyViolation()) {
170: String message =
171: "Policy: " + policyA.getClass().getName() + " AND_STRICT " +
172: "Policy: " + policyB.getClass().getName() +
173: " not satisfied";
174: log.log(Level.SEVERE,
175: "WSS0802.securitypolicy.notsatisfied",
176: new Object[] {message});
177: throw new XWSSecurityException(message, fpContext.getPVE());
178: }
179: } else
180: if (type == BooleanComposer.AND_FLEXIBLE) {
181: fpContext.setSecurityPolicy(policyA);
182: processDeep(fpContext);
183:
184: if (fpContext.isPrimaryPolicyViolation()) {
185: fpContext.setSecurityPolicy(policyB);
186: processDeep(fpContext);
187:
188: if (fpContext.isPrimaryPolicyViolation()) {
189: String message =
190: "Policy: " + policyA.getClass().getName() +
191: " AND_FLEXIBLE " +
192: "Policy: " + policyB.getClass().getName() +
193: " not satisfied";
194: log.log(Level.SEVERE,
195: "WSS0802.securitypolicy.notsatisfied",
196: new Object[] {message});
197: throw new XWSSecurityException(
198: message, fpContext.getPVE());
199: }
200:
201: fpContext.setSecurityPolicy(policyA);
202: processDeep(fpContext);
203:
204: if (fpContext.isPrimaryPolicyViolation()) {
205: String message =
206: "Policy: " + policyA.getClass().getName() +
207: " AND_FLEXIBLE " +
208: "Policy: " + policyB.getClass().getName() +
209: " not satisfied";
210: log.log(Level.SEVERE,
211: "WSS0802.securitypolicy.notsatisfied",
212: new Object[] {message});
213:
214: throw new XWSSecurityException(
215: message, fpContext.getPVE());
216: }
217:
218: return;
219: }
220:
221: fpContext.setSecurityPolicy(policyB);
222: processDeep(fpContext);
223:
224: if (fpContext.isPrimaryPolicyViolation()) {
225: String message =
226: "Policy: " + policyA.getClass().getName() +
227: " AND_FLEXIBLE " +
228: "Policy: " + policyB.getClass().getName() +
229: " not satisfied";
230: log.log(Level.SEVERE,
231: "WSS0802.securitypolicy.notsatisfied",
232: new Object[] {message});
233:
234: throw new XWSSecurityException(message, fpContext.getPVE());
235: }
236: }
237: }*/
238:
239: /**
240: * @param fpContext com.sun.xml.wss.FilterProcessingContext
241: *
242: * @throws com.sun.xml.wss.XWSSecurityException
243: */
244: static void processDeep(FilterProcessingContext fpContext)
245: throws XWSSecurityException {
246: /*if (PolicyTypeUtil.booleanComposerPolicy(fpContext.getSecurityPolicy())) {
247: processBooleanComposer(fpContext);
248: } else*/
249: if (fpContext.getSecurityPolicy() instanceof WSSPolicy) {
250: processWSSPolicy(fpContext);
251: } else {
252: log.log(Level.SEVERE, "WSS0801.illegal.securitypolicy");
253: throw new XWSSecurityException(
254: "Invalid SecurityPolicy Type");
255: }
256: }
257:
258: /**
259: * Checks for required context parameters
260: *
261: * @param context ProcessingContext
262: *
263: * @throws XWSSecurityException
264: */
265: static void validateContext(ProcessingContext context)
266: throws XWSSecurityException {
267: SOAPMessage message = null;
268: Message jaxWsMessage = null;
269: if (context instanceof JAXBFilterProcessingContext)
270: jaxWsMessage = ((JAXBFilterProcessingContext) context)
271: .getJAXWSMessage();
272: else
273: message = context.getSOAPMessage();
274: SecurityEnvironment handler = context.getSecurityEnvironment();
275: SecurityPolicy policy = context.getSecurityPolicy();
276: boolean isInboundMessage = context.isInboundMessage();
277: StaticPolicyContext staticContext = context.getPolicyContext();
278:
279: if (message == null && jaxWsMessage == null) {
280: log.log(Level.SEVERE, "WSS0803.soapmessage.notset");
281: throw new XWSSecurityException(
282: "javax.xml.soap.SOAPMessage parameter not set in the ProcessingContext");
283: }
284:
285: if (handler == null) {
286: log.log(Level.SEVERE, "WSS0804.callback.handler.notset");
287: throw new XWSSecurityException(
288: "SecurityEnvironment/javax.security.auth.callback.CallbackHandler implementation not set in the ProcessingContext");
289: }
290:
291: if (policy == null && !isInboundMessage) {
292: if (log.isLoggable(Level.WARNING)) {
293: log.log(Level.WARNING, "WSS0805.policy.null");
294: }
295: }
296:
297: if (staticContext == null) {
298: // log.log(Level.WARNING, "WSS0806.static.context.null");
299: }
300: }
301:
302: /**
303: * TODO: Handle doc-lit/non-wrap JAXRPC Mode
304: * @param message SOAPMessage
305: */
306: static String resolvePolicyIdentifier(SOAPMessage message)
307: throws XWSSecurityException {
308:
309: Node firstChild = null;
310: SOAPBody body = null;
311:
312: try {
313: body = message.getSOAPBody();
314: } catch (SOAPException se) {
315: log.log(Level.SEVERE, "WSS0807.no.body.element", se);
316: throw new XWSSecurityException(se);
317: }
318:
319: if (body != null) {
320: firstChild = body.getFirstChild();
321: } else {
322: log.log(Level.SEVERE, "WSS0808.no.body.element.operation");
323: throw new XWSSecurityException(
324: "No body element identifying an operation is found");
325: }
326:
327: String id = firstChild != null ? "{"
328: + firstChild.getNamespaceURI() + "}"
329: + firstChild.getLocalName() : null;
330:
331: return id;
332: }
333:
334: /*
335: * @param current
336: *
337: * @return boolean
338: */
339: static boolean isSecondaryHeaderElement(SOAPElement element) {
340: if (element.getLocalName().equals(
341: MessageConstants.ENCRYPTEDKEY_LNAME)) {
342: NodeList nl = element.getElementsByTagNameNS(
343: MessageConstants.XENC_NS,
344: MessageConstants.XENC_REFERENCE_LIST_LNAME);
345: if (nl.getLength() == 0) {
346: return true;
347: }
348: }
349: return (element.getLocalName().equals(
350: MessageConstants.WSSE_BINARY_SECURITY_TOKEN_LNAME)
351: || element.getLocalName().equals(
352: MessageConstants.USERNAME_TOKEN_LNAME)
353: || element.getLocalName().equals(
354: MessageConstants.SAML_ASSERTION_LNAME)
355: || element.getLocalName().equals(
356: MessageConstants.TIMESTAMP_LNAME)
357: || element.getLocalName().equals(
358: MessageConstants.SIGNATURE_CONFIRMATION_LNAME)
359: || element
360: .getLocalName()
361: .equals(
362: MessageConstants.WSSE_SECURITY_TOKEN_REFERENCE_LNAME)
363: || element.getLocalName().equals(
364: MessageConstants.DERIVEDKEY_TOKEN_LNAME) || element
365: .getLocalName().equals(
366: MessageConstants.SECURITY_CONTEXT_TOKEN_LNAME));
367: }
368:
369: /*
370: * @param current SOAPElement
371: */
372: static SOAPElement getNextElement(SOAPElement current) {
373: if (current == null) {
374: return null;
375: }
376: Node node = current.getNextSibling();
377: while ((null != node)
378: && (node.getNodeType() != Node.ELEMENT_NODE))
379: node = node.getNextSibling();
380: return (SOAPElement) node;
381: }
382:
383: /*
384: * @param current SOAPElement
385: */
386: static SOAPElement getPreviousElement(SOAPElement current) {
387: Node node = current.getPreviousSibling();
388: while ((node != null)
389: && !(node.getNodeType() == Node.ELEMENT_NODE))
390: node = node.getPreviousSibling();
391: return (SOAPElement) node;
392: }
393:
394: /*
395: * @param message
396: *
397: * @throws com.sun.xml.wss.WssSoapFaultException
398: */
399: static void throwWssSoapFault(String message)
400: throws WssSoapFaultException {
401: XWSSecurityException xwsse = new XWSSecurityException(message);
402: log.log(Level.SEVERE, "WSS0809.fault.WSSSOAP", xwsse);
403: throw SecurableSoapMessage.newSOAPFaultException(
404: MessageConstants.WSSE_INVALID_SECURITY, message, xwsse);
405: }
406:
407: /*
408: * make a DynamicPolicyCallback
409: * @param callback the DynamicPolicyCallback object
410: */
411: public static void makeDynamicPolicyCallback(
412: DynamicPolicyCallback callback,
413: CallbackHandler callbackHandler)
414: throws XWSSecurityException {
415:
416: if (callbackHandler == null)
417: return;
418:
419: try {
420: Callback[] callbacks = new Callback[] { callback };
421: callbackHandler.handle(callbacks);
422: } catch (UnsupportedCallbackException ex) {
423: //ok to ignore this since not all callback-handlers will implement this
424: } catch (Exception e) {
425: log.log(Level.SEVERE,
426: "WSS0237.failed.DynamicPolicyCallback", e);
427: throw new XWSSecurityException(e);
428: }
429: }
430:
431: }
|