Source Code Cross Referenced for SecurityConfigurationXmlReader.java in  » 6.0-JDK-Modules-com.sun » xws-security » com » sun » xml » wss » impl » config » Java Source Code / Java DocumentationJava Source Code and Java Documentation

Java Source Code / Java Documentation
1. 6.0 JDK Core
2. 6.0 JDK Modules
3. 6.0 JDK Modules com.sun
4. 6.0 JDK Modules com.sun.java
5. 6.0 JDK Modules sun
6. 6.0 JDK Platform
7. Ajax
8. Apache Harmony Java SE
9. Aspect oriented
10. Authentication Authorization
11. Blogger System
12. Build
13. Byte Code
14. Cache
15. Chart
16. Chat
17. Code Analyzer
18. Collaboration
19. Content Management System
20. Database Client
21. Database DBMS
22. Database JDBC Connection Pool
23. Database ORM
24. Development
25. EJB Server geronimo
26. EJB Server GlassFish
27. EJB Server JBoss 4.2.1
28. EJB Server resin 3.1.5
29. ERP CRM Financial
30. ESB
31. Forum
32. GIS
33. Graphic Library
34. Groupware
35. HTML Parser
36. IDE
37. IDE Eclipse
38. IDE Netbeans
39. Installer
40. Internationalization Localization
41. Inversion of Control
42. Issue Tracking
43. J2EE
44. JBoss
45. JMS
46. JMX
47. Library
48. Mail Clients
49. Net
50. Parser
51. PDF
52. Portal
53. Profiler
54. Project Management
55. Report
56. RSS RDF
57. Rule Engine
58. Science
59. Scripting
60. Search Engine
61. Security
62. Sevlet Container
63. Source Control
64. Swing Library
65. Template Engine
66. Test Coverage
67. Testing
68. UML
69. Web Crawler
70. Web Framework
71. Web Mail
72. Web Server
73. Web Services
74. Web Services apache cxf 2.0.1
75. Web Services AXIS2
76. Wiki Engine
77. Workflow Engines
78. XML
79. XML UI
Java
Java Tutorial
Java Open Source
Jar File Download
Java Articles
Java Products
Java by API
Photoshop Tutorials
Maya Tutorials
Flash Tutorials
3ds-Max Tutorials
Illustrator Tutorials
GIMP Tutorials
C# / C Sharp
C# / CSharp Tutorial
C# / CSharp Open Source
ASP.Net
ASP.NET Tutorial
JavaScript DHTML
JavaScript Tutorial
JavaScript Reference
HTML / CSS
HTML CSS Reference
C / ANSI-C
C Tutorial
C++
C++ Tutorial
Ruby
PHP
Python
Python Tutorial
Python Open Source
SQL Server / T-SQL
SQL Server / T-SQL Tutorial
Oracle PL / SQL
Oracle PL/SQL Tutorial
PostgreSQL
SQL / MySQL
MySQL Tutorial
VB.Net
VB.Net Tutorial
Flash / Flex / ActionScript
VBA / Excel / Access / Word
XML
XML Tutorial
Microsoft Office PowerPoint 2007 Tutorial
Microsoft Office Excel 2007 Tutorial
Microsoft Office Word 2007 Tutorial
Java Source Code / Java Documentation » 6.0 JDK Modules com.sun » xws security » com.sun.xml.wss.impl.config 
Source Cross Referenced  Class Diagram Java Document (Java Doc) 


0001:        /*
0002:         * $Id: SecurityConfigurationXmlReader.java,v 1.8 2007/08/24 09:12:51 kumarjayanti Exp $
0003:         */
0004:
0005:        /*
0006:         * The contents of this file are subject to the terms
0007:         * of the Common Development and Distribution License
0008:         * (the License).  You may not use this file except in
0009:         * compliance with the License.
0010:         * 
0011:         * You can obtain a copy of the license at
0012:         * https://glassfish.dev.java.net/public/CDDLv1.0.html.
0013:         * See the License for the specific language governing
0014:         * permissions and limitations under the License.
0015:         * 
0016:         * When distributing Covered Code, include this CDDL
0017:         * Header Notice in each file and include the License file
0018:         * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
0019:         * If applicable, add the following below the CDDL Header,
0020:         * with the fields enclosed by brackets [] replaced by
0021:         * you own identifying information:
0022:         * "Portions Copyrighted [year] [name of copyright owner]"
0023:         * 
0024:         * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
0025:         */
0026:
0027:        package com.sun.xml.wss.impl.config;
0028:
0029:        import com.sun.xml.wss.impl.policy.mls.Parameter;
0030:        import javax.xml.crypto.dsig.Transform;
0031:        import javax.xml.crypto.dsig.spec.XPathFilter2ParameterSpec;
0032:        import javax.xml.crypto.dsig.spec.XPathFilterParameterSpec;
0033:        import javax.xml.crypto.dsig.spec.XPathType;
0034:
0035:        import org.xml.sax.SAXException;
0036:        import org.xml.sax.SAXParseException;
0037:        import org.xml.sax.helpers.DefaultHandler;
0038:
0039:        import java.io.PrintStream;
0040:        import java.io.InputStream;
0041:        import java.io.ByteArrayInputStream;
0042:        import java.util.Random;
0043:        import java.util.HashMap;
0044:        import java.util.ArrayList;
0045:        import java.util.logging.Level;
0046:        import java.util.logging.Logger;
0047:
0048:        import javax.xml.namespace.QName;
0049:        import javax.xml.parsers.DocumentBuilder;
0050:        import javax.xml.parsers.DocumentBuilderFactory;
0051:
0052:        import org.w3c.dom.Attr;
0053:        import org.w3c.dom.Document;
0054:        import org.w3c.dom.Element;
0055:        import org.w3c.dom.NamedNodeMap;
0056:        import org.w3c.dom.Node;
0057:        import org.w3c.dom.NodeList;
0058:
0059:        import com.sun.xml.wss.impl.policy.mls.Target;
0060:        import com.sun.xml.wss.impl.XMLUtil;
0061:        import com.sun.xml.wss.impl.MessageConstants;
0062:        import com.sun.xml.wss.logging.LogDomainConstants;
0063:        import com.sun.xml.wss.XWSSecurityException;
0064:        import com.sun.xml.wss.impl.PolicyTypeUtil;
0065:        import com.sun.xml.wss.core.Timestamp;
0066:
0067:        import com.sun.xml.wss.impl.policy.mls.SignatureTarget;
0068:        import com.sun.xml.wss.impl.policy.mls.EncryptionTarget;
0069:        import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
0070:        import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
0071:        import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
0072:        import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
0073:        import com.sun.xml.wss.impl.policy.mls.TimestampPolicy;
0074:        import com.sun.xml.wss.impl.policy.SecurityPolicy;
0075:        import com.sun.xml.wss.impl.policy.PolicyGenerationException;
0076:
0077:        import javax.xml.crypto.dsig.CanonicalizationMethod;
0078:        import javax.xml.crypto.dsig.DigestMethod;
0079:
0080:        import com.sun.xml.wss.impl.configuration.*;
0081:        import com.sun.xml.wss.impl.policy.mls.DynamicSecurityPolicy;
0082:        import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
0083:
0084:        /* TODO: add logging */
0085:
0086:        /**
0087:         * Represents a Parser for reading an XWS-Security configuration and creating an
0088:         * appropriate XWS-Security configuration object.
0089:         * The parser expects the root element of an XWS-Security configuration
0090:         * to be either a <code>xwss:JAXRPCSecurity</code> or a <code>xwss:SecurityConfiguration</code>.
0091:         *
0092:         * @see xwssconfig.xsd (the XWS-Security configuration schema)
0093:         */
0094:
0095:        public class SecurityConfigurationXmlReader implements 
0096:                ConfigurationConstants {
0097:
0098:            protected static final Logger log = Logger.getLogger(
0099:                    LogDomainConstants.CONFIGURATION_DOMAIN,
0100:                    LogDomainConstants.CONFIGURATION_DOMAIN_BUNDLE);
0101:
0102:            static Random rnd = new Random();
0103:
0104:            private static Document parseXmlString(String sourceXml)
0105:                    throws Exception {
0106:                return parseXmlStream(new ByteArrayInputStream(sourceXml
0107:                        .getBytes()));
0108:            }
0109:
0110:            //Note: Assumes the passed element is a <SecurityConfiguration> element
0111:            private static void validateConfiguration(Element element)
0112:                    throws Exception {
0113:
0114:                // Check if more than one xwss:Timestamp element exists
0115:                NodeList timestamps = element.getElementsByTagNameNS(
0116:                        CONFIGURATION_URL, TIMESTAMP_ELEMENT_NAME);
0117:
0118:                if (timestamps.getLength() > 1) {
0119:                    // log
0120:                    throw new IllegalStateException(
0121:                            "More than one xwss:Timestamp element "
0122:                                    + "in security configuration file");
0123:                }
0124:
0125:                // Check if more than one xwss:RequireTimestamp element exists
0126:                NodeList requireTimestamps = element.getElementsByTagNameNS(
0127:                        CONFIGURATION_URL, TIMESTAMP_REQUIREMENT_ELEMENT_NAME);
0128:
0129:                if (requireTimestamps.getLength() > 1) {
0130:                    // log
0131:                    throw new IllegalStateException(
0132:                            "More than one xwss:RequireTimestamp element "
0133:                                    + "in security configuration file");
0134:                }
0135:
0136:                // Check if more than one xwss:UsernameAndPassword element exists
0137:                NodeList usernamePasswords = element.getElementsByTagNameNS(
0138:                        CONFIGURATION_URL,
0139:                        USERNAME_PASSWORD_AUTHENTICATION_ELEMENT_NAME);
0140:
0141:                if (usernamePasswords.getLength() > 1) {
0142:                    // log
0143:                    throw new IllegalStateException(
0144:                            "More than one xwss:UsernameToken element "
0145:                                    + "in security configuration file");
0146:                }
0147:
0148:                // Check if more than one xwss:RequireUsernameAndPassword element exists
0149:                NodeList requireUsernamePasswords = element
0150:                        .getElementsByTagNameNS(CONFIGURATION_URL,
0151:                                USERNAMETOKEN_REQUIREMENT_ELEMENT_NAME);
0152:
0153:                if (requireUsernamePasswords.getLength() > 1) {
0154:                    // log
0155:                    throw new IllegalStateException(
0156:                            "More than one xwss:RequireUsernameToken element "
0157:                                    + "in security configuration file");
0158:                }
0159:
0160:                // Check if more than one xwss:OptionalTargets element exists
0161:                NodeList optionalTargets = element.getElementsByTagNameNS(
0162:                        CONFIGURATION_URL, OPTIONAL_TARGETS_ELEMENT_NAME);
0163:
0164:                if (optionalTargets.getLength() > 1) {
0165:                    // log
0166:                    throw new IllegalStateException(
0167:                            "More than one xwss:OptionalTargets element "
0168:                                    + "in security configuration file");
0169:                }
0170:
0171:                // Check if more than one xwss:SAMLASSERTION elements exist
0172:                NodeList samlAssertions = element.getElementsByTagNameNS(
0173:                        CONFIGURATION_URL, SAML_ASSERTION_ELEMENT_NAME);
0174:
0175:                if (samlAssertions.getLength() > 1) {
0176:                    // log
0177:                    throw new IllegalStateException(
0178:                            "More than one xwss:SAMLAssertion element "
0179:                                    + "in security configuration file");
0180:                }
0181:
0182:                checkIdUniqueness(element);
0183:            }
0184:
0185:            /**
0186:             * read an XWS-Security configuration String representing an <code>xwss:JAXRPCSecurity</code> element
0187:             * and return an ApplicationSecurityConfiguration instance.
0188:             * @param sourceXml the configuration String
0189:             * @return  an <code>ApplicationSecurityConfiguration</code> corresponding to the configuration
0190:             * @exception Exception if there was an error in creating the configuration
0191:             */
0192:            public static ApplicationSecurityConfiguration readApplicationSecurityConfigurationString(
0193:                    String sourceXml) throws Exception {
0194:                return (ApplicationSecurityConfiguration) createSecurityConfiguration(parseXmlString(
0195:                        sourceXml).getDocumentElement());
0196:            }
0197:
0198:            private static Document parseXmlStream(InputStream xmlStream)
0199:                    throws Exception {
0200:                return parseXmlStream(xmlStream, null);
0201:            }
0202:
0203:            private static Document parseXmlStream(InputStream xmlStream,
0204:                    PrintStream out) throws Exception {
0205:
0206:                DocumentBuilderFactory factory = new com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl();
0207:                factory.setAttribute(
0208:                        "http://apache.org/xml/features/validation/dynamic",
0209:                        Boolean.FALSE);
0210:                factory
0211:                        .setAttribute(
0212:                                "http://java.sun.com/xml/jaxp/properties/schemaLanguage",
0213:                                "http://www.w3.org/2001/XMLSchema");
0214:                InputStream is = SecurityConfigurationXmlReader.class
0215:                        .getResourceAsStream("xwssconfig.xsd");
0216:                factory.setAttribute(
0217:                        "http://java.sun.com/xml/jaxp/properties/schemaSource",
0218:                        is);
0219:                factory.setValidating(true);
0220:                factory.setIgnoringComments(true);
0221:                factory.setNamespaceAware(true);
0222:                DocumentBuilder builder = factory.newDocumentBuilder();
0223:                builder.setErrorHandler(new ErrorHandler(out));
0224:                Document configurationDocument = builder.parse(xmlStream);
0225:
0226:                // not very efficient, can we do it as part of regular parsing
0227:                NodeList nodeList = configurationDocument
0228:                        .getElementsByTagNameNS(CONFIGURATION_URL,
0229:                                DECLARATIVE_CONFIGURATION_ELEMENT_NAME);
0230:                for (int i = 0; i < nodeList.getLength(); i++) {
0231:                    validateConfiguration((Element) nodeList.item(i));
0232:                }
0233:                return configurationDocument;
0234:            }
0235:
0236:            /**
0237:             * Parse and validate an XWS-Security configuration
0238:             * @param xmlStream the InputStream representing the configuration
0239:             * @param out the PrintStream to which Errors messages should be logged
0240:             * @exception Exception if there was an error while validating the configuration
0241:             */
0242:            public static void validate(InputStream xmlStream, PrintStream out)
0243:                    throws Exception {
0244:                parseXmlStream(xmlStream, out);
0245:            }
0246:
0247:            /**
0248:             * read an XWS-Security configuration representing a <code>xwss:SecurityConfiguration</code> element
0249:             * and return a DeclarativeSecurityConfiguration instance.
0250:             * @param xmlStream the InputStream for the configuration
0251:             * @return  a <code>DeclarativeSecurityConfiguration</code> corresponding to the configuration
0252:             * @exception Exception if there was an error in creating the configuration
0253:             */
0254:            public static DeclarativeSecurityConfiguration createDeclarativeConfiguration(
0255:                    InputStream xmlStream) throws Exception {
0256:                return readContainerForBaseConfigurationData(parseXmlStream(
0257:                        xmlStream).getDocumentElement(),
0258:                        new DeclarativeSecurityConfiguration());
0259:            }
0260:
0261:            /**
0262:             * read an XWS-Security configuration  representing an <code>xwss:JAXRPCSecurity</code> element
0263:             * and return an ApplicationSecurityConfiguration instance.
0264:             * @param xmlStream the InputStream for the configuration
0265:             * @return  an <code>ApplicationSecurityConfiguration</code> corresponding to the configuration
0266:             * @exception Exception if there was an error in creating the configuration
0267:             */
0268:            public static ApplicationSecurityConfiguration createApplicationSecurityConfiguration(
0269:                    InputStream xmlStream) throws Exception {
0270:                ApplicationSecurityConfiguration config = (ApplicationSecurityConfiguration) createSecurityConfiguration(parseXmlStream(
0271:                        xmlStream).getDocumentElement());
0272:                config.init();
0273:                return config;
0274:            }
0275:
0276:            private static DeclarativeSecurityConfiguration createDeclarativeConfiguration(
0277:                    Element configData) throws Exception {
0278:                DeclarativeSecurityConfiguration declarations = new DeclarativeSecurityConfiguration();
0279:                readContainerForBaseConfigurationData(configData, declarations);
0280:                return declarations;
0281:            }
0282:
0283:            private static SecurityPolicy createSecurityConfiguration(
0284:                    Element configData) throws Exception {
0285:
0286:                QName qname = getQName(configData);
0287:
0288:                if (JAXRPC_SECURITY_ELEMENT_QNAME.equals(qname)) {
0289:                    ApplicationSecurityConfiguration declarations = new ApplicationSecurityConfiguration();
0290:
0291:                    String secEnvHandler = getSecurityEnvironmentHandler(configData);
0292:                    if (secEnvHandler != null)
0293:                        declarations
0294:                                .setSecurityEnvironmentHandler(secEnvHandler);
0295:
0296:                    if (!configHasSingleService(configData)) {
0297:                        throw new IllegalStateException(
0298:                                "Single <xwss:Service> element expected under <xwss:JAXRPCSecurity> element");
0299:                    }
0300:
0301:                    String optimize = configData
0302:                            .getAttribute(OPTIMIZE_ATTRIBUTE_NAME);
0303:
0304:                    boolean opt = Boolean.valueOf(optimize);
0305:
0306:                    declarations.isOptimized(opt);
0307:
0308:                    String retainSecHeader = configData
0309:                            .getAttribute(RETAIN_SEC_HEADER);
0310:                    declarations.retainSecurityHeader(Boolean
0311:                            .valueOf(retainSecHeader));
0312:
0313:                    Element previousDefinitionElement = null;
0314:                    Element eachDefinitionElement = getFirstChildElement(configData);
0315:                    int secEnvTagCount = 0;
0316:                    HashMap serviceNameMap = new HashMap();
0317:
0318:                    // we should encounter a single Sec-Env-Handler and one or more Services
0319:                    while (eachDefinitionElement != null) {
0320:                        QName definitionType = getQName(eachDefinitionElement);
0321:
0322:                        if (SERVICE_ELEMENT_QNAME.equals(definitionType)) {
0323:                            StaticApplicationContext jaxrpcSContext = new StaticApplicationContext();
0324:
0325:                            // when there are multiple services the name has to be unique
0326:                            String name = eachDefinitionElement
0327:                                    .getAttribute(NAME_ATTRIBUTE_NAME);
0328:                            if (serviceNameMap.containsKey(name)) {
0329:                                //log
0330:                                throw new IllegalStateException("Service Name "
0331:                                        + name
0332:                                        + " Already in use for another Service");
0333:                            } else {
0334:                                serviceNameMap.put(name, null);
0335:                            }
0336:
0337:                            readApplicationSecurityConfiguration(
0338:                                    eachDefinitionElement, declarations, null,
0339:                                    jaxrpcSContext);
0340:
0341:                        } else if (SECURITY_ENVIRONMENT_HANDLER_ELEMENT_QNAME
0342:                                .equals(definitionType)) {
0343:
0344:                            if (secEnvTagCount == 1) {
0345:                                // log
0346:                                throw new IllegalStateException(
0347:                                        "More than one xwss:SecurityEnvironmentHandler "
0348:                                                + "element in security configuration file");
0349:                            }
0350:                            secEnvTagCount++;
0351:
0352:                        } else {
0353:                            log.log(Level.SEVERE,
0354:                                    "WSS0413.illegal.configuration.element",
0355:                                    eachDefinitionElement.getTagName());
0356:                            throw new IllegalStateException(
0357:                                    eachDefinitionElement.getTagName()
0358:                                            + " is not a recognized definition type");
0359:                        }
0360:
0361:                        previousDefinitionElement = eachDefinitionElement;
0362:                        eachDefinitionElement = getNextElement(eachDefinitionElement);
0363:                    }
0364:
0365:                    // check that the SecurityEnvironmentHandler was the last one
0366:                    // TODO: not sure if this check is required/enforced by schema
0367:                    QName definitionType = getQName(previousDefinitionElement);
0368:                    if (!SECURITY_ENVIRONMENT_HANDLER_ELEMENT_QNAME
0369:                            .equals(definitionType)) {
0370:                        // log
0371:                        throw new IllegalStateException(
0372:                                "The SecurityEnvironmentHandler must appear as "
0373:                                        + "the last Element inside a <xwss:JAXRPCSecurity>");
0374:                    }
0375:                    // implementation optimization for most common case
0376:                    //declarations.configurationHasPorts(configHasPorts(configData));
0377:                    declarations
0378:                            .singleServiceNoPorts(configHasSingleServiceAndNoPorts(configData));
0379:                    declarations
0380:                            .hasOperationPolicies(configHasOperations(configData));
0381:
0382:                    return declarations;
0383:
0384:                } else if (DECLARATIVE_CONFIGURATION_ELEMENT_QNAME
0385:                        .equals(qname)) {
0386:                    if (dynamicPolicy(configData)) {
0387:                        SecurityPolicy declarations = new DynamicSecurityPolicy();
0388:                        return declarations;
0389:                    }
0390:                    DeclarativeSecurityConfiguration declarations = new DeclarativeSecurityConfiguration();
0391:                    readContainerForBaseConfigurationData(configData,
0392:                            declarations);
0393:                    return declarations;
0394:                } else {
0395:                    log.log(Level.SEVERE,
0396:                            "WSS0413.illegal.configuration.element", configData
0397:                                    .getTagName());
0398:                    throw new IllegalStateException(configData.getTagName()
0399:                            + " is not a recognized definition type");
0400:                }
0401:            }
0402:
0403:            /*
0404:             * Need to be coupled with schema checks
0405:             */
0406:            private static void readApplicationSecurityConfiguration(
0407:                    Element configData, SecurityPolicy declarations,
0408:                    SecurityPolicy subDeclarations,
0409:                    StaticApplicationContext iContext) throws Exception {
0410:
0411:                QName qname = getQName(configData);
0412:
0413:                if (SERVICE_ELEMENT_QNAME.equals(qname)) {
0414:
0415:                    String id = getIdAttribute(configData);
0416:                    String name = configData.getAttribute(NAME_ATTRIBUTE_NAME);
0417:                    String useCache = configData
0418:                            .getAttribute(USECACHE_ATTRIBUTE_NAME);
0419:
0420:                    boolean isBSP = getBSPAttribute(configData, null);
0421:
0422:                    iContext.isService(true);
0423:                    iContext.setUUID(id);
0424:                    iContext.setServiceIdentifier(name);
0425:
0426:                    // temporary work-around for applicationId
0427:                    if (!"".equals(name)) {
0428:                        iContext.setApplicationContextRoot(name);
0429:                    } else if (!"".equals(id)) {
0430:                        iContext.setApplicationContextRoot(id);
0431:                    } else {
0432:                        iContext.setApplicationContextRoot(generateUUID());
0433:                    }
0434:
0435:                    ApplicationSecurityConfiguration innerDeclarations = new ApplicationSecurityConfiguration();
0436:
0437:                    innerDeclarations.isBSP(isBSP);
0438:                    innerDeclarations.useCache(parseBoolean(
0439:                            USECACHE_ATTRIBUTE_NAME, useCache));
0440:
0441:                    ((ApplicationSecurityConfiguration) declarations)
0442:                            .setSecurityPolicy(iContext, innerDeclarations);
0443:
0444:                    String secEnvHandler = getSecurityEnvironmentHandler(configData);
0445:                    if (secEnvHandler != null) {
0446:                        innerDeclarations
0447:                                .setSecurityEnvironmentHandler(secEnvHandler);
0448:                    } else if (((ApplicationSecurityConfiguration) declarations)
0449:                            .getSecurityEnvironmentHandler() != null) {
0450:                        innerDeclarations
0451:                                .setSecurityEnvironmentHandler(((ApplicationSecurityConfiguration) declarations)
0452:                                        .getSecurityEnvironmentHandler());
0453:                    } else {
0454:                        throw new IllegalStateException(
0455:                                "Missing <xwss:SecurityEnvironmentHandler> element for "
0456:                                        + qname.getLocalPart());
0457:                    }
0458:
0459:                    NodeList nl = configData.getChildNodes();
0460:                    for (int i = 0; i < nl.getLength(); i++) {
0461:                        // assuming all element nodes
0462:                        Node child = (Node) nl.item(i);
0463:                        if (child instanceof  Element) {
0464:                            readApplicationSecurityConfiguration(
0465:                                    (Element) child, declarations,
0466:                                    innerDeclarations, iContext);
0467:                        }
0468:                    }
0469:
0470:                } else if (PORT_ELEMENT_QNAME.equals(qname)) {
0471:
0472:                    if (subDeclarations == null) {
0473:                        throw new Exception(
0474:                                "Unexpected <xwss:Port> element without a parent "
0475:                                        + "<xwss:Service> encountered");
0476:                    }
0477:
0478:                    String port = configData.getAttribute(NAME_ATTRIBUTE_NAME);
0479:
0480:                    StaticApplicationContext jContext = new StaticApplicationContext();
0481:                    jContext.copy(iContext);
0482:                    jContext.isPort(true);
0483:                    jContext.isService(false);
0484:                    jContext.setPortIdentifier(port);
0485:
0486:                    ApplicationSecurityConfiguration innerDeclarations = new ApplicationSecurityConfiguration();
0487:
0488:                    boolean isBSP = getBSPAttribute(configData,
0489:                            (ApplicationSecurityConfiguration) subDeclarations);
0490:
0491:                    innerDeclarations.isBSP(isBSP);
0492:                    innerDeclarations
0493:                            .setSecurityEnvironmentHandler(((ApplicationSecurityConfiguration) subDeclarations)
0494:                                    .getSecurityEnvironmentHandler());
0495:
0496:                    ((ApplicationSecurityConfiguration) declarations)
0497:                            .setSecurityPolicy(jContext, innerDeclarations);
0498:                    ((ApplicationSecurityConfiguration) subDeclarations)
0499:                            .setSecurityPolicy(jContext, innerDeclarations);
0500:
0501:                    NodeList nl = configData.getChildNodes();
0502:                    for (int i = 0; i < nl.getLength(); i++) {
0503:                        // assuming all element nodes
0504:                        Node child = (Node) nl.item(i);
0505:                        if (child instanceof  Element) {
0506:                            readApplicationSecurityConfiguration(
0507:                                    (Element) child, declarations,
0508:                                    innerDeclarations, jContext);
0509:                        }
0510:                    }
0511:
0512:                } else if (OPERATION_ELEMENT_QNAME.equals(qname)) {
0513:
0514:                    String operation = configData
0515:                            .getAttribute(NAME_ATTRIBUTE_NAME);
0516:
0517:                    StaticApplicationContext kContext = new StaticApplicationContext();
0518:
0519:                    kContext.copy(iContext);
0520:                    kContext.isOperation(true);
0521:                    kContext.isPort(false);
0522:                    kContext.setOperationIdentifier(operation);
0523:
0524:                    ApplicationSecurityConfiguration innerDeclarations = new ApplicationSecurityConfiguration();
0525:
0526:                    ((ApplicationSecurityConfiguration) declarations)
0527:                            .setSecurityPolicy(kContext, innerDeclarations);
0528:                    ((ApplicationSecurityConfiguration) subDeclarations)
0529:                            .setSecurityPolicy(kContext, innerDeclarations);
0530:
0531:                    boolean isBSP = getBSPAttribute(configData,
0532:                            (ApplicationSecurityConfiguration) subDeclarations);
0533:                    innerDeclarations.isBSP(isBSP);
0534:                    innerDeclarations
0535:                            .setSecurityEnvironmentHandler(((ApplicationSecurityConfiguration) subDeclarations)
0536:                                    .getSecurityEnvironmentHandler());
0537:
0538:                    NodeList nl = configData.getChildNodes();
0539:                    for (int i = 0; i < nl.getLength(); i++) {
0540:                        // assuming all element nodes
0541:                        Node child = (Node) nl.item(i);
0542:                        if (child instanceof  Element) {
0543:                            readApplicationSecurityConfiguration(
0544:                                    (Element) child, declarations,
0545:                                    innerDeclarations, kContext);
0546:                        }
0547:                    }
0548:
0549:                } else if (DECLARATIVE_CONFIGURATION_ELEMENT_QNAME
0550:                        .equals(qname)) {
0551:
0552:                    if (dynamicPolicy(configData)) {
0553:                        ((ApplicationSecurityConfiguration) subDeclarations)
0554:                                .setSecurityPolicy(iContext,
0555:                                        new DynamicSecurityPolicy());
0556:                    }
0557:
0558:                    DeclarativeSecurityConfiguration innerDeclarations = new DeclarativeSecurityConfiguration();
0559:
0560:                    boolean isBSP = getBSPAttribute(configData,
0561:                            (ApplicationSecurityConfiguration) subDeclarations);
0562:                    innerDeclarations.isBSP(isBSP);
0563:
0564:                    ((ApplicationSecurityConfiguration) subDeclarations)
0565:                            .setSecurityPolicy(iContext, innerDeclarations);
0566:
0567:                    readContainerForBaseConfigurationData(
0568:                            configData,
0569:                            innerDeclarations,
0570:                            ((ApplicationSecurityConfiguration) subDeclarations)
0571:                                    .getSecurityEnvironmentHandler());
0572:
0573:                } else if (SECURITY_ENVIRONMENT_HANDLER_ELEMENT_QNAME
0574:                        .equals(qname)) {
0575:
0576:                    //TODO: check here that number of handler specified is not > 1
0577:                    if (!iContext.isService()) {
0578:                        // log
0579:                        throw new IllegalStateException(
0580:                                "An <xwss:SecurityEnvironmentHandler> can only appear"
0581:                                        + "under a <xwss:Service>/<xwss:JAXRPCSecurity> element");
0582:                    }
0583:                }
0584:            }
0585:
0586:            private static DeclarativeSecurityConfiguration readContainerForBaseConfigurationData(
0587:                    Element configData,
0588:                    DeclarativeSecurityConfiguration declarations)
0589:                    throws Exception {
0590:                return readContainerForBaseConfigurationData(configData,
0591:                        declarations, null);
0592:            }
0593:
0594:            private static DeclarativeSecurityConfiguration readContainerForBaseConfigurationData(
0595:                    Element configData,
0596:                    DeclarativeSecurityConfiguration declarations,
0597:                    String securityHandlerClass) throws Exception {
0598:
0599:                QName qname = getQName(configData);
0600:
0601:                if (DECLARATIVE_CONFIGURATION_ELEMENT_QNAME.equals(qname)) {
0602:
0603:                    NamedNodeMap configurationAttributes = configData
0604:                            .getAttributes();
0605:                    int attributeCount = configurationAttributes.getLength();
0606:                    String attributeName = null;
0607:
0608:                    for (int index = 0; index < attributeCount; index++) {
0609:                        Attr configurationAttribute = (Attr) configurationAttributes
0610:                                .item(index);
0611:                        attributeName = configurationAttribute.getName();
0612:
0613:                        if (DUMP_MESSAGES_ATTRIBUTE_NAME
0614:                                .equalsIgnoreCase(attributeName)) {
0615:                            declarations.setDumpMessages(parseBoolean(
0616:                                    DUMP_MESSAGES_ATTRIBUTE_NAME,
0617:                                    configurationAttribute.getValue()));
0618:
0619:                        } else if (MessageConstants.NAMESPACES_NS
0620:                                .equals(configurationAttribute
0621:                                        .getNamespaceURI())) {
0622:                            // Ignore namespace declaration
0623:                        } else if (ENABLE_DYNAMIC_POLICY_ATTRIBUTE_NAME
0624:                                .equalsIgnoreCase(attributeName)) {
0625:                            declarations.enableDynamicPolicy(parseBoolean(
0626:                                    ENABLE_DYNAMIC_POLICY_ATTRIBUTE_NAME,
0627:                                    configurationAttribute.getValue()));
0628:                        } else if (ENABLE_WSS11_POLICY_ATTRIBUTE_NAME
0629:                                .equalsIgnoreCase(attributeName)) {
0630:                            boolean wss11Enabled = parseBoolean(
0631:                                    ENABLE_WSS11_POLICY_ATTRIBUTE_NAME,
0632:                                    configurationAttribute.getValue());
0633:                            declarations.senderSettings().enableWSS11Policy(
0634:                                    wss11Enabled);
0635:                            declarations.receiverSettings().enableWSS11Policy(
0636:                                    wss11Enabled);
0637:                        } else if (RETAIN_SEC_HEADER
0638:                                .equalsIgnoreCase(attributeName)) {
0639:                            String retainSecHeader = configurationAttribute
0640:                                    .getValue();
0641:                            declarations.retainSecurityHeader(Boolean
0642:                                    .valueOf(retainSecHeader));
0643:                        } else {
0644:                            log.log(Level.SEVERE,
0645:                                    "WSS0412.illegal.attribute.name",
0646:                                    new Object[] { attributeName,
0647:                                            configData.getTagName() });
0648:                            throw new IllegalStateException(
0649:                                    attributeName
0650:                                            + " is not a recognized attribute of SecurityConfiguration");
0651:                        }
0652:                    }
0653:                    readBaseConfigurationData(configData, declarations,
0654:                            securityHandlerClass);
0655:                } else {
0656:                    log.log(Level.SEVERE,
0657:                            "WSS0413.illegal.configuration.element", configData
0658:                                    .getTagName());
0659:                    throw new IllegalStateException(configData.getTagName()
0660:                            + " is not a recognized definition type");
0661:                }
0662:                return declarations;
0663:            }
0664:
0665:            private static void readBaseConfigurationData(Element configData,
0666:                    DeclarativeSecurityConfiguration declarations,
0667:                    String securityHandlerClass)
0668:                    throws PolicyGenerationException, XWSSecurityException {
0669:
0670:                Element eachDefinitionElement = getFirstChildElement(configData);
0671:                boolean timestampFound = false;
0672:
0673:                boolean senderEnableDynamicPolicy = declarations
0674:                        .senderSettings().enableDynamicPolicy();
0675:                boolean receiverEnableDynamicPolicy = declarations
0676:                        .receiverSettings().enableDynamicPolicy();
0677:                boolean receiverBSPFlag = declarations.receiverSettings()
0678:                        .isBSP();
0679:                //added for BackwardCompatibility with XWSS1.1, the xmlsec in XWSS11 cannot
0680:                //accept PrefixList in CanonicalizationMethod parameters
0681:                boolean senderBSPFlag = declarations.senderSettings().isBSP();
0682:
0683:                while (eachDefinitionElement != null) {
0684:                    QName definitionType = getQName(eachDefinitionElement);
0685:
0686:                    if (TIMESTAMP_ELEMENT_QNAME.equals(definitionType)) {
0687:
0688:                        if (!timestampFound) {
0689:                            TimestampPolicy timestampPolicy = new TimestampPolicy();
0690:                            readTimestampSettings(timestampPolicy,
0691:                                    eachDefinitionElement);
0692:                            applyDefaults(timestampPolicy,
0693:                                    senderEnableDynamicPolicy);
0694:                            declarations.senderSettings().append(
0695:                                    timestampPolicy);
0696:                            timestampFound = true;
0697:                        } else {
0698:                            log.log(Level.SEVERE,
0699:                                    "WSS0516.duplicate.configuration.element",
0700:                                    new Object[] { definitionType,
0701:                                            configData.getLocalName() });
0702:                            throw new IllegalStateException(
0703:                                    "Duplicate Timestamp element");
0704:                        }
0705:
0706:                    } else if (ENCRYPT_OPERATION_ELEMENT_QNAME
0707:                            .equals(definitionType)) {
0708:
0709:                        EncryptionPolicy encryptionPolicy = new EncryptionPolicy();
0710:                        readEncryptionSettings(encryptionPolicy,
0711:                                eachDefinitionElement);
0712:                        applyDefaults(encryptionPolicy,
0713:                                senderEnableDynamicPolicy);
0714:                        declarations.senderSettings().append(encryptionPolicy);
0715:
0716:                    } else if (SIGN_OPERATION_ELEMENT_QNAME
0717:                            .equals(definitionType)) {
0718:                        SignaturePolicy signaturePolicy = new SignaturePolicy();
0719:                        readSigningSettings(signaturePolicy,
0720:                                eachDefinitionElement,
0721:                                senderEnableDynamicPolicy);
0722:                        //declarations.senderSettings().append(signaturePolicy);
0723:                        //added for BackwardCompatibility with XWSS1.1, the xmlsec in XWSS11 cannot
0724:                        //accept PrefixList in CanonicalizationMethod parameters
0725:                        SignaturePolicy.FeatureBinding fb = (SignaturePolicy.FeatureBinding) signaturePolicy
0726:                                .getFeatureBinding();
0727:                        if (fb != null) {
0728:                            fb.isBSP(senderBSPFlag);
0729:                        }
0730:                        //end of XWSS11 BC fix
0731:
0732:                        String includeTimeStamp = eachDefinitionElement
0733:                                .getAttribute(INCLUDE_TIMESTAMP_ATTRIBUTE_NAME);
0734:                        boolean timeStamp = getBooleanValue(includeTimeStamp);
0735:
0736:                        if (timeStamp
0737:                                && !hasTimestampSiblingPolicy(eachDefinitionElement)) {
0738:                            //System.out.println("Adding from SIGN");
0739:                            TimestampPolicy t = new TimestampPolicy();
0740:                            t.setMaxClockSkew(Timestamp.MAX_CLOCK_SKEW);
0741:                            t
0742:                                    .setTimestampFreshness(Timestamp.TIMESTAMP_FRESHNESS_LIMIT);
0743:                            applyDefaults(t, senderEnableDynamicPolicy);
0744:                            declarations.senderSettings().append(t);
0745:                        }
0746:
0747:                        declarations.senderSettings().append(signaturePolicy);
0748:
0749:                    } else if (USERNAME_PASSWORD_AUTHENTICATION_ELEMENT_QNAME
0750:                            .equals(definitionType)) {
0751:
0752:                        try {
0753:                            AuthenticationTokenPolicy utBinding = new AuthenticationTokenPolicy();
0754:                            AuthenticationTokenPolicy.UsernameTokenBinding featureBinding = (AuthenticationTokenPolicy.UsernameTokenBinding) utBinding
0755:                                    .newUsernameTokenFeatureBinding();
0756:                            featureBinding.newTimestampFeatureBinding();
0757:                            readUsernamePasswordSettings(featureBinding,
0758:                                    eachDefinitionElement);
0759:                            applyDefaults(featureBinding,
0760:                                    senderEnableDynamicPolicy);
0761:                            declarations.senderSettings().append(utBinding);
0762:                        } catch (PolicyGenerationException pge) {
0763:                            // log
0764:                            throw new IllegalStateException(pge.getMessage());
0765:                        }
0766:
0767:                    } else if (SAML_ELEMENT_QNAME.equals(definitionType)) {
0768:
0769:                        try {
0770:                            AuthenticationTokenPolicy samlBinding = new AuthenticationTokenPolicy();
0771:                            AuthenticationTokenPolicy.SAMLAssertionBinding featureBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) samlBinding
0772:                                    .newSAMLAssertionFeatureBinding();
0773:                            readSAMLTokenSettings(featureBinding,
0774:                                    eachDefinitionElement);
0775:                            applyDefaults(featureBinding,
0776:                                    senderEnableDynamicPolicy);
0777:                            declarations.senderSettings().append(samlBinding);
0778:                        } catch (PolicyGenerationException pge) {
0779:                            // log
0780:                            throw new IllegalStateException(pge.getMessage());
0781:                        }
0782:                    } else if (SIGNATURE_REQUIREMENT_ELEMENT_QNAME
0783:                            .equals(definitionType)) {
0784:                        SignaturePolicy signaturePolicy = new SignaturePolicy();
0785:                        readVerifySettings(signaturePolicy,
0786:                                eachDefinitionElement, receiverBSPFlag,
0787:                                receiverEnableDynamicPolicy);
0788:                        declarations.receiverSettings().append(signaturePolicy);
0789:
0790:                        String requireTimeStamp = eachDefinitionElement
0791:                                .getAttribute(TIMESTAMP_REQUIRED_ATTRIBUTE_NAME);
0792:                        boolean timeStamp = getBooleanValue(requireTimeStamp);
0793:
0794:                        if (timeStamp
0795:                                && !hasTimestampSiblingPolicy(eachDefinitionElement)) {
0796:                            //System.out.println("Adding from RequireSignature");
0797:                            TimestampPolicy t = new TimestampPolicy();
0798:                            //t.setMaxClockSkew(Timestamp.MAX_CLOCK_SKEW);
0799:                            //t.setTimestampFreshness(Timestamp.TIMESTAMP_FRESHNESS_LIMIT);
0800:                            applyReceiverDefaults(t, receiverBSPFlag,
0801:                                    securityHandlerClass,
0802:                                    receiverEnableDynamicPolicy);
0803:                            declarations.receiverSettings().append(t);
0804:                        }
0805:
0806:                    } else if (ENCRYPTION_REQUIREMENT_ELEMENT_QNAME
0807:                            .equals(definitionType)) {
0808:                        EncryptionPolicy encryptionPolicy = new EncryptionPolicy();
0809:                        readDecryptionSettings(encryptionPolicy,
0810:                                eachDefinitionElement);
0811:                        applyReceiverDefaults(encryptionPolicy,
0812:                                receiverBSPFlag, receiverEnableDynamicPolicy);
0813:                        declarations.receiverSettings()
0814:                                .append(encryptionPolicy);
0815:
0816:                    } else if (USERNAMETOKEN_REQUIREMENT_ELEMENT_QNAME
0817:                            .equals(definitionType)) {
0818:                        try {
0819:                            AuthenticationTokenPolicy utBinding = new AuthenticationTokenPolicy();
0820:                            AuthenticationTokenPolicy.UsernameTokenBinding featureBinding = (AuthenticationTokenPolicy.UsernameTokenBinding) utBinding
0821:                                    .newUsernameTokenFeatureBinding();
0822:                            featureBinding.newTimestampFeatureBinding();
0823:                            readUsernamePasswordRequirementSettings(
0824:                                    featureBinding, eachDefinitionElement);
0825:                            applyReceiverDefaults(featureBinding,
0826:                                    receiverBSPFlag, securityHandlerClass,
0827:                                    receiverEnableDynamicPolicy);
0828:                            declarations.receiverSettings().append(utBinding);
0829:                            if (MessageConstants.debug) {
0830:                                log.log(Level.FINEST,
0831:                                        "Added usernameToken Requirement ...."
0832:                                                + featureBinding);
0833:                            }
0834:                        } catch (PolicyGenerationException pge) {
0835:                            // log
0836:                            throw new IllegalStateException(pge.getMessage());
0837:                        }
0838:                    } else if (TIMESTAMP_REQUIREMENT_ELEMENT_QNAME
0839:                            .equals(definitionType)) {
0840:
0841:                        TimestampPolicy timestampPolicy = new TimestampPolicy();
0842:                        readTimestampRequirementSettings(timestampPolicy,
0843:                                eachDefinitionElement);
0844:                        applyReceiverDefaults(timestampPolicy, receiverBSPFlag,
0845:                                securityHandlerClass,
0846:                                receiverEnableDynamicPolicy);
0847:                        declarations.receiverSettings().append(timestampPolicy);
0848:
0849:                    } else if (SAML_REQUIREMENT_ELEMENT_QNAME
0850:                            .equals(definitionType)) {
0851:
0852:                        // read SAML requirement element
0853:                        try {
0854:                            AuthenticationTokenPolicy samlBinding = new AuthenticationTokenPolicy();
0855:                            AuthenticationTokenPolicy.SAMLAssertionBinding featureBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) samlBinding
0856:                                    .newSAMLAssertionFeatureBinding();
0857:                            readRequireSAMLTokenSettings(featureBinding,
0858:                                    eachDefinitionElement);
0859:                            applyReceiverDefaults(featureBinding,
0860:                                    receiverBSPFlag,
0861:                                    receiverEnableDynamicPolicy);
0862:                            declarations.receiverSettings().append(samlBinding);
0863:                        } catch (PolicyGenerationException pge) {
0864:                            // log
0865:                            throw new IllegalStateException(pge.getMessage());
0866:                        }
0867:
0868:                    } else if (OPTIONAL_TARGETS_ELEMENT_QNAME
0869:                            .equals(definitionType)) {
0870:                        readOptionalTargetSettings(declarations
0871:                                .receiverSettings(), eachDefinitionElement);
0872:                    } else {
0873:                        log.log(Level.SEVERE,
0874:                                "WSS0513.illegal.configuration.element",
0875:                                definitionType.toString());
0876:                        throw new IllegalStateException(definitionType
0877:                                + " is not a recognized definition type");
0878:                    }
0879:
0880:                    eachDefinitionElement = getNextElement(eachDefinitionElement);
0881:                }
0882:            }
0883:
0884:            private static void readVerifySettings(
0885:                    SignaturePolicy signaturePolicy, Element signingSettings,
0886:                    boolean bsp, boolean dp) {
0887:                readVerifySettings(signaturePolicy, signingSettings);
0888:                applyReceiverDefaults(signaturePolicy, bsp, dp);
0889:                String includeTimeStamp = signingSettings
0890:                        .getAttribute(TIMESTAMP_REQUIRED_ATTRIBUTE_NAME);
0891:                boolean timeStamp = getBooleanValue(includeTimeStamp);
0892:                if (timeStamp) {
0893:                    /*if (!hasTimestampSiblingPolicy(signingSettings)) {
0894:                        ((SignaturePolicy.FeatureBinding)signaturePolicy.getFeatureBinding())
0895:                        .includeTimestamp(timeStamp);
0896:                    } else {*/
0897:                    // add an Xpath target to existing singular timestamp
0898:                    SignatureTarget st = new SignatureTarget();
0899:                    st.setType("qname");
0900:                    st.setValue(MessageConstants.TIMESTAMP_QNAME);
0901:                    st.setDigestAlgorithm(DigestMethod.SHA1); //SHA1
0902:                    ((SignaturePolicy.FeatureBinding) signaturePolicy
0903:                            .getFeatureBinding()).addTargetBinding(st);
0904:
0905:                    //}
0906:                }
0907:                signaturePolicy.isBSP(bsp);
0908:            }
0909:
0910:            private static void readVerifySettings(
0911:                    SignaturePolicy signaturePolicy, Element signingSettings) {
0912:                readSigningSettings(signaturePolicy, signingSettings);
0913:            }
0914:
0915:            private static void readSigningSettings(
0916:                    SignaturePolicy signaturePolicy, Element signingSettings,
0917:                    boolean enableDynamicPolicy) {
0918:                readSigningSettings(signaturePolicy, signingSettings);
0919:                applyDefaults(signaturePolicy, enableDynamicPolicy);
0920:
0921:                String includeTimeStamp = signingSettings
0922:                        .getAttribute(INCLUDE_TIMESTAMP_ATTRIBUTE_NAME);
0923:                boolean timeStamp = getBooleanValue(includeTimeStamp);
0924:
0925:                if (timeStamp) {
0926:                    /*if (!hasTimestampSiblingPolicy(signingSettings)) {
0927:                        ((SignaturePolicy.FeatureBinding)signaturePolicy.getFeatureBinding())
0928:                        .includeTimestamp(timeStamp);
0929:                    } else {*/
0930:                    // add an Xpath target to existing singular timestamp
0931:                    SignatureTarget st = new SignatureTarget();
0932:                    st.setType("qname");
0933:                    st.setDigestAlgorithm(DigestMethod.SHA1); //SHA1
0934:                    st.setValue(MessageConstants.TIMESTAMP_QNAME);
0935:                    ((SignaturePolicy.FeatureBinding) signaturePolicy
0936:                            .getFeatureBinding()).addTargetBinding(st);
0937:
0938:                    //}
0939:                }
0940:            }
0941:
0942:            private static boolean hasTimestampSiblingPolicy(Element signElement) {
0943:                if (SIGN_OPERATION_ELEMENT_NAME.equals(signElement
0944:                        .getLocalName())) {
0945:                    Element signParent = (Element) signElement.getParentNode();
0946:                    NodeList timeStampNodes = signParent
0947:                            .getElementsByTagNameNS(
0948:                                    ConfigurationConstants.CONFIGURATION_URL,
0949:                                    TIMESTAMP_ELEMENT_NAME);
0950:                    if (timeStampNodes.getLength() > 0) {
0951:                        return true;
0952:                    }
0953:                } else {
0954:                    Element signParent = (Element) signElement.getParentNode();
0955:                    NodeList timeStampNodes = signParent
0956:                            .getElementsByTagNameNS(
0957:                                    ConfigurationConstants.CONFIGURATION_URL,
0958:                                    TIMESTAMP_REQUIREMENT_ELEMENT_NAME);
0959:                    if (timeStampNodes.getLength() > 0) {
0960:                        return true;
0961:                    }
0962:                    NamedNodeMap requireTimestampAttrNode = null;
0963:                    Node requireSignatureNode = signElement
0964:                            .getPreviousSibling();
0965:                    while (requireSignatureNode != null) {
0966:                        if (SIGNATURE_REQUIREMENT_ELEMENT_NAME
0967:                                .equals(requireSignatureNode.getLocalName())) {
0968:                            requireTimestampAttrNode = requireSignatureNode
0969:                                    .getAttributes();
0970:                            //If there is no requireTimestamp attrbute then the defaultvalue is true
0971:                            //System.out.println(requireTimestampAttrNode.getNamedItem(TIMESTAMP_REQUIRED_ATTRIBUTE_NAME));
0972:                            if ("true"
0973:                                    .equalsIgnoreCase(requireTimestampAttrNode
0974:                                            .getNamedItem(
0975:                                                    TIMESTAMP_REQUIRED_ATTRIBUTE_NAME)
0976:                                            .getLocalName())) {
0977:                                return true;
0978:                            }
0979:                        }
0980:                        requireSignatureNode = requireSignatureNode
0981:                                .getPreviousSibling();
0982:                    }
0983:
0984:                }
0985:                return false;
0986:            }
0987:
0988:            /*
0989:             */
0990:            private static void readSigningSettings(
0991:                    SignaturePolicy signaturePolicy, Element signingSettings) {
0992:
0993:                String id = getIdAttribute(signingSettings);
0994:                signaturePolicy.setUUID(id);
0995:                // Read sign attributes
0996:                NamedNodeMap signingAttributes = signingSettings
0997:                        .getAttributes();
0998:                int attributeCount = signingAttributes.getLength();
0999:                String attributeName = null;
1000:
1001:                for (int index = 0; index < attributeCount; index++) {
1002:                    Attr signingAttribute = (Attr) signingAttributes
1003:                            .item(index);
1004:                    attributeName = signingAttribute.getName();
1005:                    if (ID_ATTRIBUTE_NAME.equalsIgnoreCase(attributeName)) {
1006:                        // do nothing
1007:                    } else if (INCLUDE_TIMESTAMP_ATTRIBUTE_NAME
1008:                            .equalsIgnoreCase(attributeName)
1009:                            && (SIGN_OPERATION_ELEMENT_NAME
1010:                                    .equals(signingSettings.getLocalName()))) {
1011:                        /*((SignaturePolicy.FeatureBinding)signaturePolicy.getFeatureBinding())
1012:                        .includeTimestamp(getBooleanValue
1013:                        (signingAttribute.getValue()));*/
1014:                    } else if (TIMESTAMP_REQUIRED_ATTRIBUTE_NAME
1015:                            .equalsIgnoreCase(attributeName)
1016:                            && (SIGNATURE_REQUIREMENT_ELEMENT_NAME
1017:                                    .equals(signingSettings.getLocalName()))) {
1018:                        /*((SignaturePolicy.FeatureBinding)signaturePolicy.getFeatureBinding())
1019:                        .includeTimestamp(getBooleanValue
1020:                        (signingAttribute.getValue()));*/
1021:                    } else {
1022:                        log.log(Level.SEVERE, "WSS0512.illegal.attribute.name",
1023:                                new Object[] { attributeName,
1024:                                        signingSettings.getTagName() });
1025:                        throw new IllegalStateException(attributeName
1026:                                + " is not a recognized attribute of "
1027:                                + signingSettings.getTagName());
1028:                    }
1029:                }
1030:
1031:                Element eachSubElement = getFirstChildElement(signingSettings);
1032:                int keyBearingTokensSeen = 0;
1033:
1034:                while (eachSubElement != null) {
1035:                    QName subElementQName = getQName(eachSubElement);
1036:
1037:                    if (TARGET_QNAME.equals(subElementQName)) {
1038:                        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) signaturePolicy
1039:                                .getFeatureBinding();
1040:                        featureBinding.addTargetBinding(readTargetSettings(
1041:                                eachSubElement, true));
1042:                    } else if (X509TOKEN_ELEMENT_QNAME.equals(subElementQName)) {
1043:                        if (keyBearingTokensSeen > 0) {
1044:                            log.log(Level.SEVERE,
1045:                                    "WSS0520.illegal.configuration.state");
1046:                            throw new IllegalStateException(
1047:                                    "Atmost one of X509token/SymmetricKey/SAMLAssertion "
1048:                                            + " key bindings can be configured "
1049:                                            + "for an Sign/RequireSignature operation");
1050:                        }
1051:                        keyBearingTokensSeen++;
1052:                        readX509TokenSettings(
1053:                                (AuthenticationTokenPolicy.X509CertificateBinding) signaturePolicy
1054:                                        .newX509CertificateKeyBinding(),
1055:                                eachSubElement);
1056:                    } else if (SYMMETRIC_KEY_ELEMENT_QNAME
1057:                            .equals(subElementQName)) {
1058:                        if (keyBearingTokensSeen > 0) {
1059:                            log.log(Level.SEVERE,
1060:                                    "WSS0520.illegal.configuration.state");
1061:                            throw new IllegalStateException(
1062:                                    "Atmost one of X509token/SymmetricKey/SAMLAssertion "
1063:                                            + " key bindings can be configured "
1064:                                            + "for an Sign/RequireSignature operation");
1065:                        }
1066:                        keyBearingTokensSeen++;
1067:                        readSymmetricKeySettings(
1068:                                (SymmetricKeyBinding) signaturePolicy
1069:                                        .newSymmetricKeyBinding(),
1070:                                eachSubElement);
1071:                    } else if (SAML_ELEMENT_QNAME.equals(subElementQName)) {
1072:                        if (keyBearingTokensSeen > 0) {
1073:                            log.log(Level.SEVERE,
1074:                                    "WSS0520.illegal.configuration.state");
1075:                            throw new IllegalStateException(
1076:                                    "Atmost one of X509token/SymmetricKey/SAMLAssertion "
1077:                                            + " key bindings can be configured "
1078:                                            + "for an Sign/RequireSignature operation");
1079:                        }
1080:                        keyBearingTokensSeen++;
1081:                        readSAMLTokenSettings(
1082:                                (AuthenticationTokenPolicy.SAMLAssertionBinding) signaturePolicy
1083:                                        .newSAMLAssertionKeyBinding(),
1084:                                eachSubElement);
1085:                    } else if (SIGNATURE_TARGET_ELEMENT_QNAME
1086:                            .equals(subElementQName)) {
1087:                        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) signaturePolicy
1088:                                .getFeatureBinding();
1089:                        featureBinding
1090:                                .addTargetBinding(readSignatureTargetSettings(eachSubElement));
1091:                    } else if (CANONICALIZATION_METHOD_ELEMENT_QNAME
1092:                            .equals(subElementQName)) {
1093:                        readCanonMethodSettings(signaturePolicy, eachSubElement);
1094:                    } else if (SIGNATURE_METHOD_ELEMENT_QNAME
1095:                            .equals(subElementQName)) {
1096:                        readSigMethodSettings(signaturePolicy, eachSubElement);
1097:                    } else {
1098:                        log.log(Level.SEVERE,
1099:                                "WSS0513.illegal.configuration.element",
1100:                                subElementQName.toString());
1101:                        throw new IllegalStateException(
1102:                                subElementQName
1103:                                        + " is not a recognized sub-element of Sign/RequireSignature");
1104:                    }
1105:                    eachSubElement = getNextElement(eachSubElement);
1106:                }
1107:            }
1108:
1109:            /*
1110:             * TODO: was the keyAlias an optional attribute in last release
1111:             */
1112:            private static void readSymmetricKeySettings(
1113:                    SymmetricKeyBinding keyBinding, Element symmKeyElement) {
1114:
1115:                NamedNodeMap symmKeyAttributes = symmKeyElement.getAttributes();
1116:                int attributeCount = symmKeyAttributes.getLength();
1117:                String attributeName = null;
1118:
1119:                if (attributeCount == 0) {
1120:                    throw new IllegalStateException(
1121:                            "A SymmetricKey must specify keyAlias, certAlias or useReceivedSecret as an attribute");
1122:                }
1123:
1124:                for (int index = 0; index < attributeCount; index++) {
1125:                    Attr symmKeyAttribute = (Attr) symmKeyAttributes
1126:                            .item(index);
1127:                    attributeName = symmKeyAttribute.getName();
1128:
1129:                    if (SYMMETRIC_KEY_ALIAS_ATTRIBUTE_NAME
1130:                            .equalsIgnoreCase(attributeName)) {
1131:                        keyBinding
1132:                                .setKeyIdentifier(symmKeyAttribute.getValue());
1133:                    } else if ("certAlias".equalsIgnoreCase(attributeName)) {
1134:                        keyBinding.setCertAlias(symmKeyAttribute.getValue());
1135:                    } else if ("useReceivedSecret"
1136:                            .equalsIgnoreCase(attributeName)) {
1137:                        try {
1138:                            keyBinding
1139:                                    .setUseReceivedSecret(parseBoolean(
1140:                                            attributeName, symmKeyAttribute
1141:                                                    .getValue()));
1142:                        } catch (Exception e) {
1143:                            e.printStackTrace();
1144:                        }
1145:                    } else {
1146:                        log.log(Level.SEVERE, "WSS0512.illegal.attribute.name",
1147:                                new Object[] { attributeName,
1148:                                        "xwss:SymmetricKey" });
1149:                        throw new IllegalStateException(
1150:                                attributeName
1151:                                        + " is not a recognized attribute of SymmetricKey");
1152:                    }
1153:                }
1154:            }
1155:
1156:            /*
1157:             * TODO: Make use of MessageConstants.<appropriateStrategyConstant>
1158:             */
1159:            private static void readX509TokenSettings(
1160:                    AuthenticationTokenPolicy.X509CertificateBinding keyBinding,
1161:                    Element token) {
1162:                keyBinding.newPrivateKeyBinding();
1163:                String id = getIdAttribute(token);
1164:                keyBinding.setUUID(id);
1165:
1166:                NamedNodeMap tokenAttributes = token.getAttributes();
1167:                int attributeCount = tokenAttributes.getLength();
1168:                String attributeName = null;
1169:                for (int index = 0; index < attributeCount; index++) {
1170:                    Attr tokenAttribute = (Attr) tokenAttributes.item(index);
1171:                    attributeName = tokenAttribute.getName();
1172:
1173:                    if (ID_ATTRIBUTE_NAME.equalsIgnoreCase(attributeName)) {
1174:                        //do nothing
1175:                    } else if (KEY_REFERENCE_TYPE_ATTRIBUTE_NAME
1176:                            .equalsIgnoreCase(attributeName)) {
1177:                        String keyReferenceStrategy = tokenAttribute.getValue();
1178:                        keyBinding.setReferenceType(keyReferenceStrategy);
1179:
1180:                    } else if (CERTIFICATE_ALIAS_ATTRIBUTE_NAME
1181:                            .equalsIgnoreCase(attributeName)) {
1182:                        String certificateAlias = tokenAttribute.getValue();
1183:                        keyBinding.setCertificateIdentifier(certificateAlias);
1184:                    } else if (ENCODING_TYPE_ATTRIBUTE_NAME
1185:                            .equalsIgnoreCase(attributeName)) {
1186:                        String encodingType = tokenAttribute.getValue();
1187:                        keyBinding.setEncodingType(encodingType);
1188:                    } else if (VALUE_TYPE_ATTRIBUTE_NAME
1189:                            .equalsIgnoreCase(attributeName)) {
1190:                        String valueType = tokenAttribute.getValue();
1191:                        keyBinding.setValueType(valueType);
1192:                    } else if (STRID.equalsIgnoreCase(attributeName)) {
1193:                        String strid = tokenAttribute.getValue();
1194:                        keyBinding.setSTRID(strid);
1195:                    } else {
1196:                        log
1197:                                .log(Level.SEVERE,
1198:                                        "WSS0512.illegal.attribute.name",
1199:                                        new Object[] { attributeName,
1200:                                                "xwss:X509Token" });
1201:                        throw new IllegalStateException(attributeName
1202:                                + " is not a recognized attribute of X509Token");
1203:                    }
1204:                }
1205:            }
1206:
1207:            /*
1208:             */
1209:            private static void readOptionalTargetSettings(
1210:                    MessagePolicy requirements, Element optionalTargetSettings)
1211:                    throws XWSSecurityException {
1212:                ArrayList targets = new ArrayList();
1213:                Element eachSubElement = getFirstChildElement(optionalTargetSettings);
1214:                while (eachSubElement != null) {
1215:                    QName subElementQName = getQName(eachSubElement);
1216:
1217:                    if (TARGET_QNAME.equals(subElementQName)) {
1218:                        Target t = new Target();
1219:                        t.setEnforce(false);
1220:                        Target t1 = readTargetSettings(eachSubElement, t);
1221:                        targets.add(t1);
1222:                    } else {
1223:                        log.log(Level.SEVERE,
1224:                                "WSS0513.illegal.configuration.element",
1225:                                subElementQName.toString());
1226:                        throw new IllegalStateException(
1227:                                subElementQName
1228:                                        + " is not a recognized sub-element of OptionalTargets");
1229:                    }
1230:                    eachSubElement = getNextElement(eachSubElement);
1231:                }
1232:
1233:                requirements.addOptionalTargets(targets);
1234:                //call iterator once to update the optional targets into policies
1235:                requirements.iterator();
1236:            }
1237:
1238:            private static void readDecryptionSettings(
1239:                    EncryptionPolicy encryptionPolicy,
1240:                    Element encryptionSettings) {
1241:                readEncryptionSettings(encryptionPolicy, encryptionSettings);
1242:            }
1243:
1244:            /*
1245:             */
1246:            private static void readEncryptionSettings(
1247:                    EncryptionPolicy encryptionPolicy,
1248:                    Element encryptionSettings) {
1249:
1250:                String id = getIdAttribute(encryptionSettings);
1251:                encryptionPolicy.setUUID(id);
1252:
1253:                // read attributes
1254:                NamedNodeMap encryptAttributes = encryptionSettings
1255:                        .getAttributes();
1256:                int attributeCount = encryptAttributes.getLength();
1257:
1258:                String attributeName = null;
1259:
1260:                for (int index = 0; index < attributeCount; index++) {
1261:                    Attr encAttr = (Attr) encryptAttributes.item(index);
1262:                    attributeName = encAttr.getName();
1263:
1264:                    if (ID_ATTRIBUTE_NAME.equalsIgnoreCase(attributeName)) {
1265:                        //do nothing
1266:                    } else {
1267:                        log.log(Level.SEVERE, "WSS0512.illegal.attribute.name",
1268:                                new Object[] { attributeName,
1269:                                        encryptionSettings.getTagName() });
1270:                        throw new IllegalStateException(attributeName
1271:                                + " is not a recognized attribute of "
1272:                                + encryptionSettings.getTagName());
1273:                    }
1274:                }
1275:
1276:                // read sub-elements
1277:                int keyBearingTokensSeen = 0;
1278:
1279:                Element eachSubElement = getFirstChildElement(encryptionSettings);
1280:                while (eachSubElement != null) {
1281:                    QName subElementQName = getQName(eachSubElement);
1282:
1283:                    if (TARGET_QNAME.equals(subElementQName)) {
1284:                        EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) encryptionPolicy
1285:                                .getFeatureBinding();
1286:                        featureBinding.addTargetBinding(readTargetSettings(
1287:                                eachSubElement, false));
1288:                    } else if (X509TOKEN_ELEMENT_QNAME.equals(subElementQName)) {
1289:                        if (keyBearingTokensSeen > 0) {
1290:                            log.log(Level.SEVERE,
1291:                                    "WSS0520.illegal.configuration.state");
1292:                            throw new IllegalStateException(
1293:                                    "Atmost one of X509token/SymmetricKey/SAMLAssertion "
1294:                                            + " key bindings can be configured "
1295:                                            + "for an Encrypt/RequireEncryption operation");
1296:                        }
1297:                        keyBearingTokensSeen++;
1298:                        readX509TokenSettings(
1299:                                (AuthenticationTokenPolicy.X509CertificateBinding) encryptionPolicy
1300:                                        .newX509CertificateKeyBinding(),
1301:                                eachSubElement);
1302:                    } else if (SYMMETRIC_KEY_ELEMENT_QNAME
1303:                            .equals(subElementQName)) {
1304:                        if (keyBearingTokensSeen > 0) {
1305:                            log.log(Level.SEVERE,
1306:                                    "WSS0520.illegal.configuration.state");
1307:                            throw new IllegalStateException(
1308:                                    "Atmost one of X509token/SymmetricKey/SAMLAssertion "
1309:                                            + " key bindings can be configured "
1310:                                            + "for an Encrypt/RequireEncryption operation");
1311:                        }
1312:                        keyBearingTokensSeen++;
1313:                        readSymmetricKeySettings(
1314:                                (SymmetricKeyBinding) encryptionPolicy
1315:                                        .newSymmetricKeyBinding(),
1316:                                eachSubElement);
1317:                    } else if (SAML_ELEMENT_QNAME.equals(subElementQName)) {
1318:                        if (keyBearingTokensSeen > 0) {
1319:                            log.log(Level.SEVERE,
1320:                                    "WSS0520.illegal.configuration.state");
1321:                            throw new IllegalStateException(
1322:                                    "Atmost one of X509token/SymmetricKey/SAMLAssertion "
1323:                                            + " key bindings can be configured "
1324:                                            + "for an Encrypt/RequireEncryption operation");
1325:                        }
1326:                        keyBearingTokensSeen++;
1327:                        readSAMLTokenSettings(
1328:                                (AuthenticationTokenPolicy.SAMLAssertionBinding) encryptionPolicy
1329:                                        .newSAMLAssertionKeyBinding(),
1330:                                eachSubElement);
1331:                    } else if (ENCRYPTION_TARGET_ELEMENT_QNAME
1332:                            .equals(subElementQName)) {
1333:                        EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) encryptionPolicy
1334:                                .getFeatureBinding();
1335:                        featureBinding
1336:                                .addTargetBinding(readEncryptionTargetSettings(eachSubElement));
1337:                    } else if (KEY_ENCRYPTION_METHOD_ELEMENT_QNAME
1338:                            .equals(subElementQName)) {
1339:                        readKeyEncMethodSettings(encryptionPolicy,
1340:                                eachSubElement);
1341:                    } else if (DATA_ENCRYPTION_METHOD_ELEMENT_QNAME
1342:                            .equals(subElementQName)) {
1343:                        readDataEncMethodSettings(encryptionPolicy,
1344:                                eachSubElement);
1345:                    } else {
1346:                        log.log(Level.SEVERE,
1347:                                "WSS0513.illegal.configuration.element",
1348:                                subElementQName.toString());
1349:                        throw new IllegalStateException(
1350:                                subElementQName
1351:                                        + " is not a recognized sub-element of Encrypt/RequireEncryption");
1352:                    }
1353:                    eachSubElement = getNextElement(eachSubElement);
1354:                }
1355:
1356:            }
1357:
1358:            private static void readKeyEncMethodSettings(
1359:                    EncryptionPolicy encryptionPolicy, Element keyEncSettings) {
1360:                String algorithm = keyEncSettings
1361:                        .getAttribute(ALGORITHM_ATTRIBUTE_NAME);
1362:                if ("".equals(algorithm)) {
1363:                    throw new IllegalArgumentException(
1364:                            "Empty/Missing algorithm attribute on "
1365:                                    + keyEncSettings.getTagName());
1366:
1367:                }
1368:                checkCompatibility(algorithm, keyEncSettings);
1369:                SecurityPolicy keyBinding = encryptionPolicy.getKeyBinding();
1370:                if (keyBinding == null) {
1371:                    keyBinding = encryptionPolicy
1372:                            .newX509CertificateKeyBinding();
1373:                    ((AuthenticationTokenPolicy.X509CertificateBinding) keyBinding)
1374:                            .setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
1375:                }
1376:                setKeyAlgorithm(keyBinding, algorithm);
1377:            }
1378:
1379:            private static void checkCompatibility(String keyEncAlgo,
1380:                    Element keyEncSettings) {
1381:                if (MessageConstants.RSA_OAEP_KEY_TRANSPORT.equals(keyEncAlgo)
1382:                        || MessageConstants.RSA_15_KEY_TRANSPORT
1383:                                .equals(keyEncAlgo)) {
1384:                    /* if (!hasX509Sibling(keyEncSettings)) {
1385:                         // log
1386:                         throw new IllegalStateException("Missing X509Token/SAML key association for " +
1387:                         KEY_ENCRYPTION_METHOD_ELEMENT_NAME + " " + keyEncAlgo);
1388:                     }*/
1389:                    if (hasSymmetricKeySibling(keyEncSettings)) {
1390:                        // log
1391:                        throw new IllegalStateException(
1392:                                "Invalid SymmetricKey association specified for "
1393:                                        + KEY_ENCRYPTION_METHOD_ELEMENT_NAME
1394:                                        + " "
1395:                                        + keyEncAlgo
1396:                                        + ", required X509Token/SAML key association");
1397:                    }
1398:                } else if (MessageConstants.TRIPLE_DES_KEY_WRAP
1399:                        .equals(keyEncAlgo)
1400:                        || keyEncAlgo
1401:                                .startsWith("http://www.w3.org/2001/04/xmlenc#kw-aes")) {
1402:
1403:                    if (!hasSymmetricKeySibling(keyEncSettings)) {
1404:                        // log
1405:                        throw new IllegalStateException(
1406:                                "Missing SymmetricKey association  for "
1407:                                        + KEY_ENCRYPTION_METHOD_ELEMENT_NAME
1408:                                        + " " + keyEncAlgo);
1409:                    }
1410:
1411:                    if (hasX509Sibling(keyEncSettings)) {
1412:                        // log
1413:                        throw new IllegalStateException(
1414:                                "Invalid X509Token/SAML key association specified for "
1415:                                        + KEY_ENCRYPTION_METHOD_ELEMENT_NAME
1416:                                        + " "
1417:                                        + keyEncAlgo
1418:                                        + ",  required SymmetricKey association");
1419:                    }
1420:                } else {
1421:                    throw new IllegalArgumentException(
1422:                            "Invalid/Unsupported Algorithm " + keyEncAlgo
1423:                                    + " specified for "
1424:                                    + KEY_ENCRYPTION_METHOD_ELEMENT_NAME);
1425:                }
1426:            }
1427:
1428:            //TODO : Add SAML support here later. An HOK assertion here can serve the same purpose
1429:            private static boolean hasX509Sibling(Element keyEncSettings) {
1430:                Element parent = (Element) keyEncSettings.getParentNode();
1431:                NodeList x509Nodes = parent.getElementsByTagNameNS(
1432:                        ConfigurationConstants.CONFIGURATION_URL,
1433:                        X509TOKEN_ELEMENT_NAME);
1434:                if (x509Nodes.getLength() > 0) {
1435:                    return true;
1436:                }
1437:                return false;
1438:            }
1439:
1440:            private static boolean hasSymmetricKeySibling(Element keyEncSettings) {
1441:                Element parent = (Element) keyEncSettings.getParentNode();
1442:                NodeList symKeyNodes = parent.getElementsByTagNameNS(
1443:                        ConfigurationConstants.CONFIGURATION_URL,
1444:                        SYMMETRIC_KEY_ELEMENT_NAME);
1445:                if (symKeyNodes.getLength() > 0) {
1446:                    return true;
1447:                }
1448:                return false;
1449:            }
1450:
1451:            private static void setDefaultKeyAlgorithm(
1452:                    SecurityPolicy keyBinding, String algorithm) {
1453:
1454:                if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
1455:                    AuthenticationTokenPolicy.SAMLAssertionBinding samlBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding;
1456:                    if ("".equals(samlBinding.getKeyAlgorithm()))
1457:                        samlBinding.setKeyAlgorithm(algorithm);
1458:                } else if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
1459:                    AuthenticationTokenPolicy.X509CertificateBinding x509Binding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
1460:                    if ("".equals(x509Binding.getKeyAlgorithm()))
1461:                        x509Binding.setKeyAlgorithm(algorithm);
1462:                } else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
1463:                    SymmetricKeyBinding symBinding = (SymmetricKeyBinding) keyBinding;
1464:                    if ("".equals(symBinding.getKeyAlgorithm()))
1465:                        symBinding.setKeyAlgorithm(algorithm);
1466:                } else {
1467:                    throw new IllegalArgumentException("Unknown Key Type "
1468:                            + keyBinding.getClass().getName());
1469:                }
1470:            }
1471:
1472:            private static void setKeyAlgorithm(SecurityPolicy keyBinding,
1473:                    String algorithm) {
1474:
1475:                if (PolicyTypeUtil.samlTokenPolicy(keyBinding)) {
1476:                    AuthenticationTokenPolicy.SAMLAssertionBinding samlBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) keyBinding;
1477:                    samlBinding.setKeyAlgorithm(algorithm);
1478:                } else if (PolicyTypeUtil.x509CertificateBinding(keyBinding)) {
1479:                    AuthenticationTokenPolicy.X509CertificateBinding x509Binding = (AuthenticationTokenPolicy.X509CertificateBinding) keyBinding;
1480:                    x509Binding.setKeyAlgorithm(algorithm);
1481:                    if (MessageConstants.HMAC_SHA1_SIGMETHOD.equals(algorithm)) {
1482:                        String certAlias = x509Binding
1483:                                .getCertificateIdentifier();
1484:                        if (certAlias == null || certAlias.equals("")) {
1485:                            throw new IllegalArgumentException(
1486:                                    "The certificate Alias should be set when algorithm is:"
1487:                                            + algorithm);
1488:                        }
1489:                    }
1490:                } else if (PolicyTypeUtil.symmetricKeyBinding(keyBinding)) {
1491:                    SymmetricKeyBinding symBinding = (SymmetricKeyBinding) keyBinding;
1492:                    symBinding.setKeyAlgorithm(algorithm);
1493:                } else {
1494:                    throw new IllegalArgumentException("Unknown Key Type "
1495:                            + keyBinding.getClass().getName());
1496:                }
1497:            }
1498:
1499:            private static void readDataEncMethodSettings(
1500:                    EncryptionPolicy encryptionPolicy, Element dataEncSettings) {
1501:                String algorithm = dataEncSettings
1502:                        .getAttribute(ALGORITHM_ATTRIBUTE_NAME);
1503:                if ("".equals(algorithm)) {
1504:                    throw new IllegalArgumentException(
1505:                            "Empty/Missing algorithm attribute on "
1506:                                    + dataEncSettings.getTagName());
1507:
1508:                }
1509:                EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) encryptionPolicy
1510:                        .getFeatureBinding();
1511:                featureBinding.setDataEncryptionAlgorithm(algorithm);
1512:            }
1513:
1514:            private static void readCanonMethodSettings(
1515:                    SignaturePolicy signaturePolicy, Element canonSettings) {
1516:                String algorithm = canonSettings
1517:                        .getAttribute(ALGORITHM_ATTRIBUTE_NAME);
1518:                boolean disableInclusivePrefix = false;
1519:                try {
1520:                    disableInclusivePrefix = parseBoolean(
1521:                            DISABLE_INCLUSIVE_PREFIX, canonSettings
1522:                                    .getAttribute(DISABLE_INCLUSIVE_PREFIX));
1523:                } catch (Exception e) {
1524:                    e.printStackTrace();
1525:                }
1526:                if ("".equals(algorithm)) {
1527:                    throw new IllegalArgumentException(
1528:                            "Empty/Missing algorithm attribute on "
1529:                                    + canonSettings.getTagName());
1530:
1531:                }
1532:                SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) signaturePolicy
1533:                        .getFeatureBinding();
1534:                featureBinding.setCanonicalizationAlgorithm(algorithm);
1535:                featureBinding
1536:                        .setDisbaleInclusivePrefix(disableInclusivePrefix);
1537:            }
1538:
1539:            private static void readSigMethodSettings(
1540:                    SignaturePolicy signaturePolicy, Element sigMethodSettings) {
1541:                String algorithm = sigMethodSettings
1542:                        .getAttribute(ALGORITHM_ATTRIBUTE_NAME);
1543:                if ("".equals(algorithm)) {
1544:                    throw new IllegalArgumentException(
1545:                            "Empty/Missing algorithm attribute on "
1546:                                    + sigMethodSettings.getTagName());
1547:
1548:                }
1549:
1550:                SecurityPolicy keyBinding = signaturePolicy.getKeyBinding();
1551:                if (keyBinding == null) {
1552:                    keyBinding = signaturePolicy.newX509CertificateKeyBinding();
1553:                    ((AuthenticationTokenPolicy.X509CertificateBinding) keyBinding)
1554:                            .setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
1555:                }
1556:                setKeyAlgorithm(keyBinding, algorithm);
1557:            }
1558:
1559:            private static QName getQName(Node element) {
1560:                return new QName(element.getNamespaceURI(), element
1561:                        .getLocalName());
1562:            }
1563:
1564:            private static Element getFirstChildElement(Node node) {
1565:                Node nextSibling = node.getFirstChild();
1566:                while (nextSibling != null) {
1567:                    if (nextSibling instanceof  Element) {
1568:                        break;
1569:                    }
1570:                    nextSibling = nextSibling.getNextSibling();
1571:                }
1572:                return (Element) nextSibling;
1573:            }
1574:
1575:            private static Element getNextElement(Node node) {
1576:                Node nextSibling = node;
1577:                while (nextSibling != null) {
1578:                    nextSibling = nextSibling.getNextSibling();
1579:                    if (nextSibling instanceof  Element) {
1580:                        break;
1581:                    }
1582:                }
1583:                return (Element) nextSibling;
1584:            }
1585:
1586:            private static class ErrorHandler extends DefaultHandler {
1587:                PrintStream out;
1588:
1589:                public ErrorHandler(PrintStream out) {
1590:                    this .out = out;
1591:                }
1592:
1593:                public void error(SAXParseException e) throws SAXException {
1594:                    if (out != null)
1595:                        out.println(e);
1596:                    throw e;
1597:                }
1598:
1599:                public void warning(SAXParseException e) throws SAXException {
1600:                    if (out != null)
1601:                        out.println(e);
1602:                    else
1603:                        ;// log
1604:                }
1605:
1606:                public void fatalError(SAXParseException e) throws SAXException {
1607:                    if (out != null)
1608:                        out.println(e);
1609:                    throw e;
1610:                }
1611:            }
1612:
1613:            private static boolean parseBoolean(String attr, String value)
1614:                    throws Exception {
1615:                if ("1".equals(value) || "true".equalsIgnoreCase(value)) {
1616:                    return true;
1617:                } else if ("0".equals(value) || "false".equalsIgnoreCase(value)) {
1618:                    return false;
1619:                } else {
1620:                    log.log(Level.SEVERE, "WSS0511.illegal.boolean.value",
1621:                            value);
1622:                    throw new Exception("Boolean attribute " + attr
1623:                            + " has value other than 'true' or 'false'");
1624:                }
1625:            }
1626:
1627:            private static long parseLong(String str) {
1628:                if (!"".equals(str)) {
1629:                    String ret = str;
1630:                    int idx = str.indexOf(".");
1631:                    if (idx > 0) {
1632:                        ret = str.substring(0, idx);
1633:                    }
1634:                    return Long.parseLong(ret);
1635:                }
1636:                return 0;
1637:            }
1638:
1639:            private static void readTimestampSettings(TimestampPolicy policy,
1640:                    Element timestampSettings) {
1641:                String id = getIdAttribute(timestampSettings);
1642:                policy.setUUID(id);
1643:                String timeout = timestampSettings
1644:                        .getAttribute(TIMEOUT_ATTRIBUTE_NAME);
1645:                policy.setTimeout(parseLong(timeout) * 1000);
1646:
1647:                Element someElement = getFirstChildElement(timestampSettings);
1648:                if (someElement != null) {
1649:                    log.log(Level.SEVERE,
1650:                            "WSS0513.illegal.configuration.element",
1651:                            getQName(someElement));
1652:                    throw new IllegalStateException(getQName(someElement)
1653:                            + " is not a recognized sub-element of Timestamp");
1654:                }
1655:            }
1656:
1657:            private static void readTimestampRequirementSettings(
1658:                    TimestampPolicy policy, Element timestampSettings) {
1659:                String id = getIdAttribute(timestampSettings);
1660:                policy.setUUID(id);
1661:
1662:                String maxClockSkew = timestampSettings
1663:                        .getAttribute(MAX_CLOCK_SKEW);
1664:                String timestampFreshness = timestampSettings
1665:                        .getAttribute(TIMESTAMP_FRESHNESS_LIMIT);
1666:
1667:                //set them on the policy
1668:                policy.setMaxClockSkew(parseLong(maxClockSkew) * 1000);
1669:                policy
1670:                        .setTimestampFreshness(parseLong(timestampFreshness) * 1000);
1671:
1672:                Element someElement = getFirstChildElement(timestampSettings);
1673:                if (someElement != null) {
1674:                    log.log(Level.SEVERE,
1675:                            "WSS0513.illegal.configuration.element",
1676:                            getQName(someElement));
1677:                    throw new IllegalStateException(
1678:                            getQName(someElement)
1679:                                    + " is not a recognized sub-element of RequireTimestamp");
1680:                }
1681:            }
1682:
1683:            /*
1684:             */
1685:            private static void readUsernamePasswordSettings(
1686:                    AuthenticationTokenPolicy.UsernameTokenBinding utBinding,
1687:                    Element usernamePasswordSettings) {
1688:
1689:                String id = getIdAttribute(usernamePasswordSettings);
1690:                utBinding.setUUID(id);
1691:
1692:                NamedNodeMap usernameAttributes = usernamePasswordSettings
1693:                        .getAttributes();
1694:                int attributeCount = usernameAttributes.getLength();
1695:
1696:                String attributeName = null;
1697:
1698:                for (int index = 0; index < attributeCount; index++) {
1699:                    Attr usernamePasswordAttribute = (Attr) usernameAttributes
1700:                            .item(index);
1701:
1702:                    attributeName = usernamePasswordAttribute.getName();
1703:                    if (ID_ATTRIBUTE_NAME.equalsIgnoreCase(attributeName)) {
1704:                        utBinding.setUUID(usernamePasswordAttribute.getValue());
1705:                    } else if (USERNAME_ATTRIBUTE_NAME
1706:                            .equalsIgnoreCase(attributeName)) {
1707:                        utBinding.setUsername(usernamePasswordAttribute
1708:                                .getValue());
1709:                    } else if (PASSWORD_ATTRIBUTE_NAME
1710:                            .equalsIgnoreCase(attributeName)) {
1711:                        utBinding.setPassword(usernamePasswordAttribute
1712:                                .getValue());
1713:                    } else if (USE_NONCE_ATTRIBUTE_NAME
1714:                            .equalsIgnoreCase(attributeName)) {
1715:                        utBinding
1716:                                .setUseNonce(getBooleanValue(usernamePasswordAttribute
1717:                                        .getValue()));
1718:                    } else if (DIGEST_PASSWORD_ATTRIBUTE_NAME
1719:                            .equalsIgnoreCase(attributeName)) {
1720:                        utBinding
1721:                                .setDigestOn(getBooleanValue(usernamePasswordAttribute
1722:                                        .getValue()));
1723:                    } else {
1724:                        log
1725:                                .log(Level.SEVERE,
1726:                                        "WSS0512.illegal.attribute.name",
1727:                                        new Object[] {
1728:                                                attributeName,
1729:                                                usernamePasswordSettings
1730:                                                        .getTagName() });
1731:                        throw new IllegalStateException(
1732:                                attributeName
1733:                                        + " is not a recognized attribute of UsernameToken");
1734:                    }
1735:
1736:                }
1737:                if (utBinding.getDigestOn() && !utBinding.getUseNonce()) {
1738:                    throw new IllegalStateException(
1739:                            "useNonce attribute must be true if digestPassword is true");
1740:                }
1741:
1742:                Element someElement = getFirstChildElement(usernamePasswordSettings);
1743:                if (someElement != null) {
1744:                    log.log(Level.SEVERE,
1745:                            "WSS0513.illegal.configuration.element",
1746:                            getQName(someElement));
1747:                    throw new IllegalStateException(
1748:                            getQName(someElement)
1749:                                    + " is not a recognized sub-element of UsernameToken");
1750:                }
1751:            }
1752:
1753:            /*
1754:             */
1755:            private static void readUsernamePasswordRequirementSettings(
1756:                    AuthenticationTokenPolicy.UsernameTokenBinding utBinding,
1757:                    Element authenticateUserSettings) {
1758:
1759:                String id = getIdAttribute(authenticateUserSettings);
1760:                utBinding.setUUID(id);
1761:
1762:                //set them on the policy
1763:                TimestampPolicy tPolicy = null;
1764:                try {
1765:                    tPolicy = (TimestampPolicy) utBinding
1766:                            .newTimestampFeatureBinding();
1767:                } catch (Exception e) {
1768:                    //log
1769:                    throw new IllegalStateException(e.getMessage());
1770:                }
1771:
1772:                NamedNodeMap authenticateUserAttributes = authenticateUserSettings
1773:                        .getAttributes();
1774:                int attributeCount = authenticateUserAttributes.getLength();
1775:                String attributeName = null;
1776:
1777:                for (int index = 0; index < attributeCount; index++) {
1778:                    Attr authenticateUserAttribute = (Attr) authenticateUserAttributes
1779:                            .item(index);
1780:                    attributeName = authenticateUserAttribute.getName();
1781:
1782:                    if (ID_ATTRIBUTE_NAME.equalsIgnoreCase(attributeName)) {
1783:                        // do nothing
1784:                    } else if (NONCE_REQUIRED_ATTRIBUTE_NAME
1785:                            .equalsIgnoreCase(attributeName)) {
1786:                        utBinding
1787:                                .setUseNonce(getBooleanValue(authenticateUserAttribute
1788:                                        .getValue()));
1789:                    } else if (PASSWORD_DIGEST_REQUIRED_ATTRIBUTE_NAME
1790:                            .equalsIgnoreCase(attributeName)) {
1791:                        utBinding
1792:                                .setDigestOn(getBooleanValue(authenticateUserAttribute
1793:                                        .getValue()));
1794:                    } else if (MAX_CLOCK_SKEW.equalsIgnoreCase(attributeName)) {
1795:                        tPolicy
1796:                                .setMaxClockSkew(parseLong(authenticateUserAttribute
1797:                                        .getValue()) * 1000);
1798:                    } else if (TIMESTAMP_FRESHNESS_LIMIT
1799:                            .equalsIgnoreCase(attributeName)) {
1800:                        tPolicy
1801:                                .setTimestampFreshness(parseLong(authenticateUserAttribute
1802:                                        .getValue()) * 1000);
1803:                    } else if (MAX_NONCE_AGE.equalsIgnoreCase(attributeName)) {
1804:                        utBinding
1805:                                .setMaxNonceAge(parseLong(authenticateUserAttribute
1806:                                        .getValue()) * 1000);
1807:                    } else {
1808:                        log.log(Level.SEVERE, "WSS0512.illegal.attribute.name",
1809:                                new Object[] { attributeName,
1810:                                        "xwss:RequireUsernameToken" });
1811:                        throw new IllegalStateException(
1812:                                attributeName
1813:                                        + " is not a recognized attribute of RequireUsernameToken");
1814:                    }
1815:                }
1816:
1817:                Element someElement = getFirstChildElement(authenticateUserSettings);
1818:                if (someElement != null) {
1819:                    log.log(Level.SEVERE,
1820:                            "WSS0513.illegal.configuration.element",
1821:                            getQName(someElement));
1822:                    throw new IllegalStateException(
1823:                            getQName(someElement)
1824:                                    + " is not a recognized sub-element of RequireUsernameToken");
1825:                }
1826:
1827:                if (utBinding.getDigestOn() && !utBinding.getUseNonce()) {
1828:                    throw new IllegalStateException(
1829:                            "nonceRequired attribute must be true if passwordDigestRequired is true");
1830:                }
1831:            }
1832:
1833:            private static void readSAMLTokenSettings(
1834:                    AuthenticationTokenPolicy.SAMLAssertionBinding samlBinding,
1835:                    Element samlTokenSettings) {
1836:
1837:                String id = getIdAttribute(samlTokenSettings);
1838:                samlBinding.setUUID(id);
1839:
1840:                String type = samlTokenSettings
1841:                        .getAttribute(SAML_ASSERTION_TYPE_ATTRIBUTE_NAME);
1842:                validateSAMLType(type, samlTokenSettings);
1843:
1844:                NamedNodeMap samlAttributes = samlTokenSettings.getAttributes();
1845:                int attributeCount = samlAttributes.getLength();
1846:                String attributeName = null;
1847:
1848:                for (int index = 0; index < attributeCount; index++) {
1849:                    Attr samlAttribute = (Attr) samlAttributes.item(index);
1850:
1851:                    attributeName = samlAttribute.getName();
1852:
1853:                    if (ID_ATTRIBUTE_NAME.equalsIgnoreCase(attributeName)) {
1854:                        // do nothing
1855:                    } else if (SAML_ASSERTION_TYPE_ATTRIBUTE_NAME
1856:                            .equalsIgnoreCase(attributeName)) {
1857:                        samlBinding.setAssertionType(samlAttribute.getValue());
1858:                    } else if (SAML_AUTHORITY_ID_ATTRIBUTE_NAME
1859:                            .equalsIgnoreCase(attributeName)) {
1860:                        samlBinding.setAuthorityIdentifier(samlAttribute
1861:                                .getValue());
1862:                    } else if (SAML_KEYIDENTIFIER_ATTRIBUTE_NAME
1863:                            .equalsIgnoreCase(attributeName)) {
1864:                        samlBinding.setKeyIdentifier(samlAttribute.getValue());
1865:                    } else if (KEY_REFERENCE_TYPE_ATTRIBUTE_NAME
1866:                            .equalsIgnoreCase(attributeName)) {
1867:                        String attributeValue = samlAttribute.getValue();
1868:                        validateSAMLKeyReferenceType(attributeValue);
1869:                        samlBinding.setReferenceType(attributeValue);
1870:                    } else if (STRID.equalsIgnoreCase(attributeName)) {
1871:                        String strid = samlAttribute.getValue();
1872:                        samlBinding.setSTRID(strid);
1873:                    } else {
1874:                        log.log(Level.SEVERE, "WSS0512.illegal.attribute.name",
1875:                                new Object[] { attributeName,
1876:                                        "xwss:SAMLAssertion" });
1877:                        throw new IllegalStateException(
1878:                                attributeName
1879:                                        + " is not a recognized attribute of SAMLAssertion");
1880:                    }
1881:                }
1882:            }
1883:
1884:            private static void readRequireSAMLTokenSettings(
1885:                    AuthenticationTokenPolicy.SAMLAssertionBinding samlBinding,
1886:                    Element samlTokenSettings) {
1887:
1888:                String id = getIdAttribute(samlTokenSettings);
1889:                samlBinding.setUUID(id);
1890:
1891:                String type = samlTokenSettings
1892:                        .getAttribute(SAML_ASSERTION_TYPE_ATTRIBUTE_NAME);
1893:                validateRequireSAMLType(type, samlTokenSettings);
1894:
1895:                NamedNodeMap samlAttributes = samlTokenSettings.getAttributes();
1896:                int attributeCount = samlAttributes.getLength();
1897:                String attributeName = null;
1898:
1899:                for (int index = 0; index < attributeCount; index++) {
1900:                    Attr samlAttribute = (Attr) samlAttributes.item(index);
1901:
1902:                    attributeName = samlAttribute.getName();
1903:
1904:                    if (ID_ATTRIBUTE_NAME.equalsIgnoreCase(attributeName)) {
1905:                        // do nothing
1906:                    } else if (SAML_ASSERTION_TYPE_ATTRIBUTE_NAME
1907:                            .equalsIgnoreCase(attributeName)) {
1908:                        samlBinding.setAssertionType(samlAttribute.getValue());
1909:                    } else if (SAML_AUTHORITY_ID_ATTRIBUTE_NAME
1910:                            .equalsIgnoreCase(attributeName)) {
1911:                        samlBinding.setAuthorityIdentifier(samlAttribute
1912:                                .getValue());
1913:                    } else if (KEY_REFERENCE_TYPE_ATTRIBUTE_NAME
1914:                            .equalsIgnoreCase(attributeName)) {
1915:                        String attributeValue = samlAttribute.getValue();
1916:                        validateSAMLKeyReferenceType(attributeValue);
1917:                        samlBinding.setReferenceType(attributeValue);
1918:                    } else if (STRID.equalsIgnoreCase(attributeName)) {
1919:                        String strid = samlAttribute.getValue();
1920:                        samlBinding.setSTRID(strid);
1921:                    } else {
1922:                        log.log(Level.SEVERE, "WSS0512.illegal.attribute.name",
1923:                                new Object[] { attributeName,
1924:                                        "xwss:RequireSAMLAssertion" });
1925:                        throw new IllegalStateException(
1926:                                attributeName
1927:                                        + " is not a recognized attribute of RequireSAMLAssertion");
1928:                    }
1929:                }
1930:            }
1931:
1932:            /*
1933:             */
1934:            private static EncryptionTarget readEncryptionTargetSettings(
1935:                    Element targetSettings) {
1936:                EncryptionTarget target = new EncryptionTarget();
1937:
1938:                // Read-in the target type attribute
1939:                NamedNodeMap targetAttributes = targetSettings.getAttributes();
1940:                int attributeCount = targetAttributes.getLength();
1941:                String attributeName = null;
1942:                for (int index = 0; index < attributeCount; index++) {
1943:                    Attr targetAttribute = (Attr) targetAttributes.item(index);
1944:                    attributeName = targetAttribute.getName();
1945:
1946:                    if (TARGET_TYPE_ATTRIBUTE_NAME
1947:                            .equalsIgnoreCase(attributeName)) {
1948:                        String targetType = targetAttribute.getValue();
1949:                        // valid values of targetType are xpath, qname, id
1950:                        if (Target.TARGET_TYPE_VALUE_QNAME
1951:                                .equalsIgnoreCase(targetType)) {
1952:                            target.setType(Target.TARGET_TYPE_VALUE_QNAME);
1953:                        } else if (Target.TARGET_TYPE_VALUE_XPATH
1954:                                .equalsIgnoreCase(targetType)) {
1955:                            target.setType(Target.TARGET_TYPE_VALUE_XPATH);
1956:                        } else if (Target.TARGET_TYPE_VALUE_URI
1957:                                .equalsIgnoreCase(targetType)) {
1958:                            target.setType(Target.TARGET_TYPE_VALUE_URI);
1959:                        } else {
1960:                            log.log(Level.SEVERE,
1961:                                    "WSS0519.illegal.attribute.value",
1962:                                    "xwss:Target@Type");
1963:                            throw new IllegalStateException(targetType
1964:                                    + " is not a recognized type of Target");
1965:                        }
1966:                    } else if (CONTENT_ONLY_ATTRIBUTE_NAME
1967:                            .equalsIgnoreCase(attributeName)) {
1968:
1969:                        String contentOnly = targetAttribute.getValue();
1970:                        target.setContentOnly(getBooleanValue(contentOnly));
1971:
1972:                    } else if (ENFORCE_ATTRIBUTE_NAME
1973:                            .equalsIgnoreCase(attributeName)) {
1974:                        String enforce_S = targetAttribute.getValue();
1975:                        boolean enforce = Boolean.valueOf(enforce_S);
1976:                        target.setEnforce(enforce);
1977:                    } else if (VALUE_ATTRIBUTE_NAME
1978:                            .equalsIgnoreCase(attributeName)) {
1979:
1980:                    } else {
1981:                        log.log(Level.SEVERE, "WSS0512.illegal.attribute.name",
1982:                                new Object[] { attributeName, "xwss:Target" });
1983:                        throw new IllegalStateException(attributeName
1984:                                + " is not a recognized attribute of Target");
1985:                    }
1986:                }
1987:
1988:                // Read-in the target type attribute
1989:                //read value attribute
1990:                String targetValue = targetSettings
1991:                        .getAttribute(VALUE_ATTRIBUTE_NAME);
1992:                if (targetValue == null) {
1993:                    //|| targetValue.equals("")) {
1994:                    // log
1995:                    throw new IllegalStateException(
1996:                            "value attribute of the EncryptionTarget element missing/empty");
1997:                }
1998:
1999:                if (targetValue.startsWith("#"))
2000:                    targetValue = targetValue.substring(1);
2001:
2002:                target.setValue(targetValue);
2003:
2004:                //read any transform child elements
2005:                Element eachDefinitionElement = getFirstChildElement(targetSettings);
2006:                while (eachDefinitionElement != null) {
2007:                    QName definitionType = getQName(eachDefinitionElement);
2008:                    if (TRANSFORM_ELEMENT_QNAME.equals(definitionType)) {
2009:                        EncryptionTarget.Transform transform = readEncTransform(eachDefinitionElement);
2010:                        target.addCipherReferenceTransform(transform);
2011:                    } else {
2012:                        log.log(Level.SEVERE,
2013:                                "WSS0513.illegal.configuration.element",
2014:                                definitionType.toString());
2015:                        throw new IllegalStateException(
2016:                                definitionType
2017:                                        + " is not a recognized sub-element of EncryptionTarget");
2018:                    }
2019:                    eachDefinitionElement = getNextElement(eachDefinitionElement);
2020:                }
2021:
2022:                return target;
2023:            }
2024:
2025:            private static Target readTargetSettings(Element targetSettings,
2026:                    boolean signature) {
2027:                if (signature) {
2028:                    SignatureTarget target = new SignatureTarget();
2029:                    target.setDigestAlgorithm(DigestMethod.SHA1); //SHA1
2030:                    return readTargetSettings(targetSettings, target);
2031:                } else {
2032:                    EncryptionTarget target = new EncryptionTarget();
2033:                    return readTargetSettings(targetSettings, target);
2034:                }
2035:            }
2036:
2037:            /*
2038:             */
2039:            private static Target readTargetSettings(Element targetSettings,
2040:                    Target target) {
2041:
2042:                // Read-in the target type attribute
2043:                NamedNodeMap targetAttributes = targetSettings.getAttributes();
2044:                int attributeCount = targetAttributes.getLength();
2045:                String attributeName = null;
2046:                for (int index = 0; index < attributeCount; index++) {
2047:                    Attr targetAttribute = (Attr) targetAttributes.item(index);
2048:                    attributeName = targetAttribute.getName();
2049:
2050:                    if (TARGET_TYPE_ATTRIBUTE_NAME
2051:                            .equalsIgnoreCase(attributeName)) {
2052:                        String targetType = targetAttribute.getValue();
2053:                        // valid values of targetType are xpath, qname, id
2054:                        if (Target.TARGET_TYPE_VALUE_QNAME
2055:                                .equalsIgnoreCase(targetType)) {
2056:                            target.setType(Target.TARGET_TYPE_VALUE_QNAME);
2057:                        } else if (Target.TARGET_TYPE_VALUE_XPATH
2058:                                .equalsIgnoreCase(targetType)) {
2059:                            target.setType(Target.TARGET_TYPE_VALUE_XPATH);
2060:                        } else if (Target.TARGET_TYPE_VALUE_URI
2061:                                .equalsIgnoreCase(targetType)) {
2062:                            target.setType(Target.TARGET_TYPE_VALUE_URI);
2063:                        } else {
2064:                            log.log(Level.SEVERE,
2065:                                    "WSS0519.illegal.attribute.value",
2066:                                    "xwss:Target@Type");
2067:                            throw new IllegalStateException(targetType
2068:                                    + " is not a recognized type of Target");
2069:                        }
2070:                    } else if (CONTENT_ONLY_ATTRIBUTE_NAME
2071:                            .equalsIgnoreCase(attributeName)) {
2072:                        if (targetAttribute.getSpecified()) {
2073:                            validateTargetContentOnly(targetSettings);
2074:                        }
2075:                        String contentOnly = targetAttribute.getValue();
2076:                        target.setContentOnly(getBooleanValue(contentOnly));
2077:                    } else if (ENFORCE_ATTRIBUTE_NAME
2078:                            .equalsIgnoreCase(attributeName)) {
2079:                        String enforce_S = targetAttribute.getValue();
2080:                        boolean enforce = getBooleanValue(enforce_S);
2081:                        Node parent = targetSettings.getParentNode();
2082:                        if (OPTIONAL_TARGETS_ELEMENT_NAME.equals(parent
2083:                                .getLocalName())) {
2084:                            if (targetAttribute.getSpecified() && enforce) {
2085:                                log
2086:                                        .warning("WSS0760.warning.optionaltarget.enforce.ignored");
2087:                            }
2088:                        } else {
2089:                            target.setEnforce(enforce);
2090:                        }
2091:                    } else {
2092:                        log.log(Level.SEVERE, "WSS0512.illegal.attribute.name",
2093:                                new Object[] { attributeName, "xwss:Target" });
2094:                        throw new IllegalStateException(attributeName
2095:                                + " is not a recognized attribute of Target");
2096:                    }
2097:                }
2098:
2099:                // Read-in the target value
2100:                String targetValue = XMLUtil
2101:                        .getFullTextFromChildren(targetSettings);
2102:
2103:                if (targetValue == null || targetValue.equals("")) {
2104:                    // log
2105:                    throw new IllegalStateException(
2106:                            "Value of the Target element is required to be specified");
2107:                }
2108:
2109:                // ignore the proceeding # in case this is a xpointer uri
2110:                if (targetValue.startsWith("#")) {
2111:                    targetValue = targetValue.substring(1);
2112:                }
2113:
2114:                target.setValue(targetValue);
2115:
2116:                return target;
2117:            }
2118:
2119:            /*
2120:             */
2121:            private static SignatureTarget readSignatureTargetSettings(
2122:                    Element targetSettings) {
2123:                SignatureTarget target = new SignatureTarget();
2124:
2125:                // Read-in the target type attribute
2126:                NamedNodeMap targetAttributes = targetSettings.getAttributes();
2127:                int attributeCount = targetAttributes.getLength();
2128:                String attributeName = null;
2129:                for (int index = 0; index < attributeCount; index++) {
2130:                    Attr targetAttribute = (Attr) targetAttributes.item(index);
2131:                    attributeName = targetAttribute.getName();
2132:
2133:                    if (TARGET_TYPE_ATTRIBUTE_NAME
2134:                            .equalsIgnoreCase(attributeName)) {
2135:                        String targetType = targetAttribute.getValue();
2136:                        // valid values of targetType are xpath, qname, id
2137:                        if (Target.TARGET_TYPE_VALUE_QNAME
2138:                                .equalsIgnoreCase(targetType)) {
2139:                            target.setType(Target.TARGET_TYPE_VALUE_QNAME);
2140:                        } else if (Target.TARGET_TYPE_VALUE_XPATH
2141:                                .equalsIgnoreCase(targetType)) {
2142:                            target.setType(Target.TARGET_TYPE_VALUE_XPATH);
2143:                        } else if (Target.TARGET_TYPE_VALUE_URI
2144:                                .equalsIgnoreCase(targetType)) {
2145:                            target.setType(Target.TARGET_TYPE_VALUE_URI);
2146:                        } else {
2147:                            log.log(Level.SEVERE,
2148:                                    "WSS0519.illegal.attribute.value",
2149:                                    "xwss:Target@Type");
2150:                            throw new IllegalStateException(targetType
2151:                                    + " is not a recognized type of Target");
2152:                        }
2153:                    } else if (CONTENT_ONLY_ATTRIBUTE_NAME
2154:                            .equalsIgnoreCase(attributeName)) {
2155:                        if (targetAttribute.getSpecified()) {
2156:                            throw new IllegalStateException(
2157:                                    "invalid contentOnly attribute in a xwss:SignatureTarget");
2158:                        }
2159:
2160:                        /* we could check if the reference is to an attachement
2161:                         * and add a Transform
2162:                        String contentOnly = targetAttribute.getValue();
2163:                        validateContentOnly(targetSettings);
2164:                        boolean contentValue = getBooleanValue(contentOnly);
2165:                        SignatureTarget.Transform transform =  null;
2166:                        if (contentValue) {
2167:                            transform = new SignatureTarget.Transform(
2168:                            MessageConstants.ATTACHMENT_CONTENT_ONLY_TRANSFORM_URI);
2169:                        } else {
2170:                            transform = new SignatureTarget.Transform(
2171:                            MessageConstants.ATTACHMENT_COMPLETE_TRANSFORM_URI);
2172:                        }
2173:                        target.addTransform(transform);
2174:                         */
2175:
2176:                    } else if (ENFORCE_ATTRIBUTE_NAME
2177:                            .equalsIgnoreCase(attributeName)) {
2178:                        String enforce_S = targetAttribute.getValue();
2179:                        boolean enforce = getBooleanValue(enforce_S);
2180:                        target.setEnforce(enforce);
2181:                    } else if (VALUE_ATTRIBUTE_NAME
2182:                            .equalsIgnoreCase(attributeName)) {
2183:
2184:                    } else {
2185:                        log.log(Level.SEVERE, "WSS0512.illegal.attribute.name",
2186:                                new Object[] { attributeName, "xwss:Target" });
2187:                        throw new IllegalStateException(attributeName
2188:                                + " is not a recognized attribute of Target");
2189:                    }
2190:                }
2191:                //read value attribute
2192:                String targetValue = targetSettings
2193:                        .getAttribute(VALUE_ATTRIBUTE_NAME);
2194:                if (targetValue == null) {
2195:                    //|| targetValue.equals("")) {
2196:                    // log
2197:                    throw new IllegalStateException(
2198:                            "value attribute of the SignatureTarget element missing/empty");
2199:                }
2200:                target.setValue(targetValue);
2201:
2202:                //read the DigestMethod child
2203:                boolean attachmentTxSeen = false;
2204:                Element eachDefinitionElement = getFirstChildElement(targetSettings);
2205:                while (eachDefinitionElement != null) {
2206:                    QName definitionType = getQName(eachDefinitionElement);
2207:                    if (DIGEST_METHOD_ELEMENT_QNAME.equals(definitionType)) {
2208:                        String algorithm = readDigestMethod(eachDefinitionElement);
2209:                        target.setDigestAlgorithm(algorithm);
2210:                    } else if (TRANSFORM_ELEMENT_QNAME.equals(definitionType)) {
2211:                        SignatureTarget.Transform transform = readSigTransform(eachDefinitionElement);
2212:                        if (transform
2213:                                .getTransform()
2214:                                .equals(
2215:                                        MessageConstants.ATTACHMENT_CONTENT_ONLY_TRANSFORM_URI)
2216:                                || transform
2217:                                        .getTransform()
2218:                                        .equals(
2219:                                                MessageConstants.ATTACHMENT_COMPLETE_TRANSFORM_URI)) {
2220:                            attachmentTxSeen = true;
2221:                        }
2222:                        target.addTransform(transform);
2223:                    } else {
2224:                        log.log(Level.SEVERE,
2225:                                "WSS0513.illegal.configuration.element",
2226:                                definitionType.toString());
2227:                        throw new IllegalStateException(
2228:                                definitionType
2229:                                        + " is not a recognized sub-element of SignatureTarget");
2230:                    }
2231:                    eachDefinitionElement = getNextElement(eachDefinitionElement);
2232:                }
2233:                if ("".equals(target.getDigestAlgorithm())) {
2234:                    target.setDigestAlgorithm(MessageConstants.SHA1_DIGEST);
2235:                }
2236:                if (target.getValue().startsWith("cid")
2237:                        || target.getValue().startsWith("CID")
2238:                        || target.getValue().startsWith(
2239:                                MessageConstants.ATTACHMENTREF)) {
2240:                    if (!attachmentTxSeen) {
2241:                        throw new IllegalStateException(
2242:                                "Missing Transform specification for Attachment Target "
2243:                                        + target.getValue());
2244:                    }
2245:                }
2246:
2247:                return target;
2248:            }
2249:
2250:            private static String readDigestMethod(Element digestMethod) {
2251:                String algorithm = digestMethod
2252:                        .getAttribute(ALGORITHM_ATTRIBUTE_NAME);
2253:                if ("".equals(algorithm)) {
2254:                    throw new IllegalArgumentException(
2255:                            "Empty/missing algorithm attribute on SignatureTarget");
2256:                }
2257:                return algorithm;
2258:            }
2259:
2260:            private static SignatureTarget.Transform readSigTransform(
2261:                    Element transform) {
2262:
2263:                String algorithm = transform
2264:                        .getAttribute(ALGORITHM_ATTRIBUTE_NAME);
2265:                boolean disableInclusivePrefix = false;
2266:                try {
2267:                    disableInclusivePrefix = parseBoolean(
2268:                            DISABLE_INCLUSIVE_PREFIX, transform
2269:                                    .getAttribute(DISABLE_INCLUSIVE_PREFIX));
2270:                } catch (Exception e) {
2271:                    e.printStackTrace();
2272:                }
2273:                if ("".equals(algorithm)) {
2274:                    // log
2275:                    throw new IllegalStateException(
2276:                            " Empty/Missing algorithm attribute on xwss:Transform element");
2277:                }
2278:
2279:                Element eachDefinitionElement = getFirstChildElement(transform);
2280:                //HashMap props = new HashMap();
2281:                SignatureTarget.Transform trans = new SignatureTarget.Transform();
2282:                trans.setTransform(algorithm);
2283:                trans.setDisbaleInclusivePrefix(disableInclusivePrefix);
2284:
2285:                if (algorithm.equals(Transform.XPATH)) {
2286:                    fillXPATHTransformParams(eachDefinitionElement, trans);
2287:                } else if (algorithm.equals(Transform.XPATH2)) {
2288:                    fillXPATH2TransformParams(eachDefinitionElement, trans);
2289:                } else if (algorithm.equals(MessageConstants.STR_TRANSFORM_URI)) {
2290:                    fillSTRTransformParams(eachDefinitionElement, trans);
2291:                } else {
2292:                    if (log.getLevel() == Level.FINE) {
2293:                        log.log(Level.FINE,
2294:                                "Algorithm Parameters not supported"
2295:                                        + "for transform", algorithm);
2296:                    }
2297:                }
2298:
2299:                return trans;
2300:            }
2301:
2302:            private static void fillXPATHTransformParams(Element algoElement,
2303:                    SignatureTarget.Transform transform) {
2304:                QName definitionType = getQName(algoElement);
2305:                if (ALGORITHM_PARAMETER_ELEMENT_QNAME.equals(definitionType)) {
2306:                    String name = algoElement.getAttribute(NAME_ATTRIBUTE_NAME);
2307:                    String value = algoElement
2308:                            .getAttribute(VALUE_ATTRIBUTE_NAME);
2309:
2310:                    if (name.equals("XPATH")) {
2311:                        transform
2312:                                .setAlgorithmParameters(new XPathFilterParameterSpec(
2313:                                        value));
2314:                    } else {
2315:                        throw new IllegalStateException(
2316:                                "XPATH Transform must have XPATH attribute"
2317:                                        + " name and an XPATH Expression as value");
2318:                    }
2319:                } else {
2320:                    log.log(Level.SEVERE,
2321:                            "WSS0513.illegal.configuration.element",
2322:                            definitionType.toString());
2323:                    throw new IllegalStateException(definitionType
2324:                            + " is not a recognized sub-element of Transform");
2325:                }
2326:                return;
2327:            }
2328:
2329:            private static void fillXPATH2TransformParams(Element algoElement,
2330:                    SignatureTarget.Transform transform) {
2331:
2332:                ArrayList xpathTypeList = new ArrayList();
2333:                while (algoElement != null) {
2334:                    QName definitionType = getQName(algoElement);
2335:                    if (ALGORITHM_PARAMETER_ELEMENT_QNAME
2336:                            .equals(definitionType)) {
2337:
2338:                        String name = algoElement
2339:                                .getAttribute(NAME_ATTRIBUTE_NAME);
2340:                        String value = algoElement
2341:                                .getAttribute(VALUE_ATTRIBUTE_NAME);
2342:                        if (name.equalsIgnoreCase("UNION")) {
2343:                            xpathTypeList.add(new XPathType(value,
2344:                                    XPathType.Filter.UNION));
2345:                        } else if (name.equalsIgnoreCase("INTERSECT")) {
2346:                            xpathTypeList.add(new XPathType(value,
2347:                                    XPathType.Filter.INTERSECT));
2348:                        } else if (name.equalsIgnoreCase("SUBTRACT")) {
2349:                            xpathTypeList.add(new XPathType(value,
2350:                                    XPathType.Filter.SUBTRACT));
2351:                        } else {
2352:                            throw new IllegalStateException(
2353:                                    "XPATH2 Transform AlgorithmParameter name attribute"
2354:                                            + " should be one of UNION,INTERSECT,SUBTRACT");
2355:                        }
2356:
2357:                    } else {
2358:                        log.log(Level.SEVERE,
2359:                                "WSS0513.illegal.configuration.element",
2360:                                definitionType.toString());
2361:                        throw new IllegalStateException(
2362:                                definitionType
2363:                                        + " is not a recognized sub-element of Transform");
2364:                    }
2365:                    algoElement = getNextElement(algoElement);
2366:
2367:                }
2368:                transform.setAlgorithmParameters(new XPathFilter2ParameterSpec(
2369:                        xpathTypeList));
2370:                return;
2371:            }
2372:
2373:            private static void fillSTRTransformParams(Element algoElement,
2374:                    SignatureTarget.Transform transform) {
2375:                QName definitionType = getQName(algoElement);
2376:                if (ALGORITHM_PARAMETER_ELEMENT_QNAME.equals(definitionType)) {
2377:                    String name = algoElement.getAttribute(NAME_ATTRIBUTE_NAME);
2378:                    String value = algoElement
2379:                            .getAttribute(VALUE_ATTRIBUTE_NAME);
2380:                    transform
2381:                            .setAlgorithmParameters(new Parameter(name, value));
2382:                } else {
2383:                    log.log(Level.SEVERE,
2384:                            "WSS0513.illegal.configuration.element",
2385:                            definitionType.toString());
2386:                    throw new IllegalStateException(definitionType
2387:                            + " is not a recognized sub-element of Transform");
2388:                }
2389:                return;
2390:            }
2391:
2392:            private static EncryptionTarget.Transform readEncTransform(
2393:                    Element transform) {
2394:
2395:                String algorithm = transform
2396:                        .getAttribute(ALGORITHM_ATTRIBUTE_NAME);
2397:                if ("".equals(algorithm)) {
2398:                    // log
2399:                    throw new IllegalStateException(
2400:                            " Empty/Missing algorithm attribute on xwss:Transform element");
2401:                }
2402:
2403:                //Element eachDefinitionElement = getFirstChildElement(transform);
2404:                /* HashMap props = new HashMap();
2405:                 while (eachDefinitionElement != null) {
2406:                     QName definitionType = getQName(eachDefinitionElement);
2407:                     if (ALGORITHM_PARAMETER_ELEMENT_QNAME.equals(definitionType)) {
2408:                         readAlgorithmProperties(props, eachDefinitionElement);
2409:                     } else {
2410:                         log.log(
2411:                                 Level.SEVERE,
2412:                                 "WSS0513.illegal.configuration.element",
2413:                                 definitionType.toString());
2414:                         throw new IllegalStateException(definitionType +
2415:                                 " is not a recognized sub-element of Transform");
2416:                     }
2417:                     eachDefinitionElement = getNextElement(eachDefinitionElement);
2418:                 }
2419:                 */
2420:                EncryptionTarget.Transform trans = new EncryptionTarget.Transform();
2421:                trans.setTransform(algorithm);
2422:                //trans.setAlgorithmParameters(props);
2423:                return trans;
2424:            }
2425:
2426:            private static void validateContentOnly(Element target) {
2427:
2428:                Node parent = target.getParentNode();
2429:                String parentName = parent.getLocalName();
2430:
2431:                if (SIGNATURE_REQUIREMENT_ELEMENT_NAME
2432:                        .equalsIgnoreCase(parentName)
2433:                        || SIGN_OPERATION_ELEMENT_NAME
2434:                                .equalsIgnoreCase(parentName)) {
2435:                    String targetValue = target
2436:                            .getAttribute(VALUE_ATTRIBUTE_NAME);
2437:                    String targetType = target
2438:                            .getAttribute(TARGET_TYPE_ATTRIBUTE_NAME);
2439:                    if (URI_TARGET.equalsIgnoreCase(targetType)) {
2440:                        if (!targetValue.startsWith("cid")
2441:                                && !targetValue.startsWith("CID")) {
2442:                            throw new IllegalStateException(
2443:                                    "invalid contentOnly attribute on a non-attachment "
2444:                                            + "SignatureTarget");
2445:                        }
2446:                    } else {
2447:                        throw new IllegalStateException(
2448:                                "invalid contentOnly attribute in a SignatureTarget");
2449:                    }
2450:                }
2451:
2452:                if (!ENCRYPT_OPERATION_ELEMENT_NAME
2453:                        .equalsIgnoreCase(parentName)
2454:                        && !ENCRYPTION_REQUIREMENT_ELEMENT_NAME
2455:                                .equalsIgnoreCase(parentName)) {
2456:                    throw new IllegalStateException(
2457:                            "contentOnly attribute not allowed on Targets under element "
2458:                                    + parentName);
2459:                }
2460:            }
2461:
2462:            private static void validateSAMLKeyReferenceType(String typeName) {
2463:                if (!MessageConstants.KEY_INDETIFIER_TYPE
2464:                        .equalsIgnoreCase(typeName)
2465:                        && !MessageConstants.EMBEDDED_REFERENCE_TYPE
2466:                                .equalsIgnoreCase(typeName)) {
2467:                    throw new IllegalStateException("Reference Type "
2468:                            + typeName
2469:                            + " not allowed for SAMLAssertion References");
2470:                }
2471:
2472:            }
2473:
2474:            private static void validateRequireSAMLType(String type,
2475:                    Element samlTokenSettings) {
2476:                if (!SV_SAML_TYPE.equals(type)) {
2477:                    throw new IllegalStateException(
2478:                            "Allowed Assertion Types for <xwss:RequireSAMLAssertion> is SV only");
2479:                }
2480:
2481:                // the parent node should be a <SecurityConfiguration> if the type = SV
2482:                Node parent = samlTokenSettings.getParentNode();
2483:                if (parent == null) {
2484:                    //should never happen
2485:                    throw new IllegalStateException(
2486:                            "<xwss:RequireSAMLAssertion> cannot occur at this position");
2487:                }
2488:
2489:                String parentName = parent.getLocalName();
2490:                if (!DECLARATIVE_CONFIGURATION_ELEMENT_NAME.equals(parentName)) {
2491:                    throw new IllegalStateException(
2492:                            "<xwss:RequireSAMLAssertion> of Type=SV cannot occur as child of "
2493:                                    + parentName);
2494:                }
2495:            }
2496:
2497:            private static void validateSAMLType(String type,
2498:                    Element samlTokenSettings) {
2499:                if (!SV_SAML_TYPE.equals(type) && !HOK_SAML_TYPE.equals(type)) {
2500:                    throw new IllegalStateException(
2501:                            type
2502:                                    + " not a valid SAML Assertion Type, require one of HOK|SV");
2503:                }
2504:
2505:                // the parent node should be a <SecurityConfiguration> if the type = SV
2506:                if (SV_SAML_TYPE.equals(type)) {
2507:
2508:                    Node parent = samlTokenSettings.getParentNode();
2509:                    if (parent == null) {
2510:                        //should never happen
2511:                        throw new IllegalStateException(
2512:                                "SAML Assertion cannot occur at this position");
2513:                    }
2514:
2515:                    String parentName = parent.getLocalName();
2516:                    if (!DECLARATIVE_CONFIGURATION_ELEMENT_NAME
2517:                            .equals(parentName)) {
2518:                        throw new IllegalStateException(
2519:                                "SAML Assertion of Type=SV cannot occur as child of "
2520:                                        + parentName);
2521:                    }
2522:                }
2523:            }
2524:
2525:            private static boolean dynamicPolicy(Element configData) {
2526:                String dynamicFlag = configData
2527:                        .getAttribute(ENABLE_DYNAMIC_POLICY_ATTRIBUTE_NAME);
2528:                NodeList nl = configData.getElementsByTagName("*");
2529:
2530:                if ("".equals(dynamicFlag) || "false".equals(dynamicFlag)
2531:                        || "0".equals(dynamicFlag))
2532:                    return false;
2533:
2534:                if ("true".equals(dynamicFlag) || "1".equals(dynamicFlag)) {
2535:                    if (nl.getLength() == 0) {
2536:                        return true;
2537:                    }
2538:                }
2539:                return false;
2540:            }
2541:
2542:            private static boolean getBSPAttribute(Element configData,
2543:                    ApplicationSecurityConfiguration parent) {
2544:                String conformanceValue = configData
2545:                        .getAttribute(CONFORMANCE_ATTRIBUTE_NAME);
2546:                if (BSP_CONFORMANCE.equals(conformanceValue)) {
2547:                    return true;
2548:                } else if ("".equals(conformanceValue) && (parent != null)) {
2549:                    return parent.isBSP();
2550:                }
2551:                return false;
2552:            }
2553:
2554:            private static String getIdAttribute(Element configData) {
2555:                String id = configData.getAttribute(ID_ATTRIBUTE_NAME);
2556:
2557:                if (id.startsWith("#")) {
2558:                    throw new IllegalArgumentException(
2559:                            "Illegal id attribute "
2560:                                    + id
2561:                                    + ", id attributes on policy elements cannot begin with a '#' character");
2562:                }
2563:
2564:                if ("".equals(id)) {
2565:                    id = generateUUID();
2566:                }
2567:                return id;
2568:            }
2569:
2570:            //TODO: rewrite this
2571:            private static String generateUUID() {
2572:                //Random rnd = new Random();
2573:                int intRandom = rnd.nextInt();
2574:                String id = "XWSSGID-"
2575:                        + String.valueOf(System.currentTimeMillis())
2576:                        + String.valueOf(intRandom);
2577:                return id;
2578:            }
2579:
2580:            private static void validateTargetContentOnly(Element target) {
2581:
2582:                Node parent = target.getParentNode();
2583:                String parentName = parent.getLocalName();
2584:                if (!ENCRYPT_OPERATION_ELEMENT_NAME
2585:                        .equalsIgnoreCase(parentName)
2586:                        && !ENCRYPTION_REQUIREMENT_ELEMENT_NAME
2587:                                .equalsIgnoreCase(parentName)) {
2588:                    throw new IllegalStateException(
2589:                            "contentOnly attribute not allowed on Targets under element "
2590:                                    + parentName);
2591:                }
2592:            }
2593:
2594:            private static String getSecurityEnvironmentHandler(Element element) {
2595:
2596:                int secEnvCount = 0;
2597:                Element eachDefinitionElement = getFirstChildElement(element);
2598:                String handlerClsName = null;
2599:
2600:                while (eachDefinitionElement != null) {
2601:                    QName definitionType = getQName(eachDefinitionElement);
2602:                    if (SECURITY_ENVIRONMENT_HANDLER_ELEMENT_QNAME
2603:                            .equals(definitionType)) {
2604:                        if (secEnvCount > 0) {
2605:                            // log
2606:                            throw new IllegalStateException(
2607:                                    "More than one <xwss:SecurityEnvironmentHandler> element "
2608:                                            + "under " + element.getTagName());
2609:                        }
2610:                        secEnvCount++;
2611:
2612:                        handlerClsName = XMLUtil
2613:                                .getFullTextFromChildren(eachDefinitionElement);
2614:                        if (handlerClsName == null || handlerClsName.equals("")) {
2615:                            // log
2616:                            throw new IllegalStateException(
2617:                                    "A Handler class name has to be specified "
2618:                                            + "in security configuration file");
2619:                        }
2620:                    }
2621:                    eachDefinitionElement = getNextElement(eachDefinitionElement);
2622:                }
2623:                return handlerClsName;
2624:            }
2625:
2626:            //TODO : might actually want to set XPath2ParameterSpec for XPATH2
2627:            private static void readAlgorithmProperties(HashMap props,
2628:                    Element eachDefinitionElement) {
2629:                String name = eachDefinitionElement
2630:                        .getAttribute(NAME_ATTRIBUTE_NAME);
2631:                String value = eachDefinitionElement
2632:                        .getAttribute(VALUE_ATTRIBUTE_NAME);
2633:                props.put(name, value);
2634:            }
2635:
2636:            private static boolean getBooleanValue(String valueString) {
2637:                if ("0".equals(valueString)
2638:                        || "false".equalsIgnoreCase(valueString)) {
2639:                    return false;
2640:                }
2641:                if ("1".equals(valueString)
2642:                        || "true".equalsIgnoreCase(valueString)) {
2643:                    return true;
2644:                }
2645:                log.log(Level.SEVERE, "WSS0511.illegal.boolean.value",
2646:                        valueString);
2647:                throw new IllegalArgumentException(valueString
2648:                        + " is not a valid boolean value");
2649:            }
2650:
2651:            private static void applyDefaults(TimestampPolicy policy, boolean dp) {
2652:                if (policy.getTimeout() == 0) {
2653:                    policy.setTimeout(5000);
2654:                }
2655:            }
2656:
2657:            private static void applyDefaults(EncryptionPolicy policy,
2658:                    boolean dp) {
2659:
2660:                // get the target list
2661:                EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) policy
2662:                        .getFeatureBinding();
2663:                boolean targetsEmpty = (featureBinding.getTargetBindings()
2664:                        .size() == 0);
2665:                if (!dp && targetsEmpty) {
2666:                    // this much will automatically set the SOAPBody as target and
2667:                    // contentOnly as TRUE.
2668:                    Target t = new EncryptionTarget();
2669:                    featureBinding.addTargetBinding(t);
2670:                }
2671:                if (policy.getKeyBinding() == null) {
2672:                    AuthenticationTokenPolicy.X509CertificateBinding x509Policy = (AuthenticationTokenPolicy.X509CertificateBinding) policy
2673:                            .newX509CertificateKeyBinding();
2674:                    x509Policy
2675:                            .setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
2676:                }
2677:
2678:            }
2679:
2680:            private static void applyDefaults(SignaturePolicy policy, boolean dp) {
2681:
2682:                // get the target list
2683:                SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) policy
2684:                        .getFeatureBinding();
2685:
2686:                boolean targetsEmpty = (featureBinding.getTargetBindings()
2687:                        .size() == 0);
2688:                if (MessageConstants.debug) {
2689:                    log.log(Level.FINEST, "In ApplyDefaults"
2690:                            + featureBinding.getTargetBindings().size());
2691:                }
2692:                if (!dp && targetsEmpty) {
2693:                    // this much will automatically set the SOAPBody as target
2694:                    SignatureTarget t = new SignatureTarget();
2695:                    t.setDigestAlgorithm(DigestMethod.SHA1); //SHA1
2696:                    featureBinding.addTargetBinding(t);
2697:                }
2698:                if (policy.getKeyBinding() == null) {
2699:                    AuthenticationTokenPolicy.X509CertificateBinding x509Binding = (AuthenticationTokenPolicy.X509CertificateBinding) policy
2700:                            .newX509CertificateKeyBinding();
2701:                    x509Binding.newPrivateKeyBinding();
2702:                    x509Binding
2703:                            .setReferenceType(MessageConstants.DIRECT_REFERENCE_TYPE);
2704:                }
2705:                //If symmetricKey Binding set default algorithm to HMAC-SHA1 else to RSA-SHA1
2706:                if (PolicyTypeUtil.symmetricKeyBinding(policy.getKeyBinding())) {
2707:                    setDefaultKeyAlgorithm(policy.getKeyBinding(),
2708:                            MessageConstants.HMAC_SHA1_SIGMETHOD);
2709:                } else {
2710:                    setDefaultKeyAlgorithm(policy.getKeyBinding(),
2711:                            javax.xml.crypto.dsig.SignatureMethod.RSA_SHA1);
2712:                }
2713:                if ("".equals(featureBinding.getCanonicalizationAlgorithm())) {
2714:                    featureBinding
2715:                            .setCanonicalizationAlgorithm(CanonicalizationMethod.EXCLUSIVE);
2716:                }
2717:
2718:            }
2719:
2720:            private static void applyDefaults(
2721:                    AuthenticationTokenPolicy.UsernameTokenBinding policy,
2722:                    boolean dp) {
2723:
2724:                // defaults are applied here which is useNonce = true, doDigest=true
2725:
2726:            }
2727:
2728:            private static void applyDefaults(
2729:                    AuthenticationTokenPolicy.SAMLAssertionBinding policy,
2730:                    boolean dp) {
2731:
2732:                if ("".equals(policy.getReferenceType())) {
2733:                    policy
2734:                            .setReferenceType(MessageConstants.KEY_INDETIFIER_TYPE);
2735:                }
2736:            }
2737:
2738:            private static void applyReceiverDefaults(SignaturePolicy policy,
2739:                    boolean bsp, boolean dp) {
2740:
2741:                // get the target list
2742:                SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) policy
2743:                        .getFeatureBinding();
2744:                boolean targetsEmpty = (featureBinding.getTargetBindings()
2745:                        .size() == 0);
2746:                if (!dp && targetsEmpty) {
2747:                    // this much will automatically set the SOAPBody as target
2748:                    SignatureTarget t = new SignatureTarget();
2749:                    //if (!bsp)
2750:                    t.setDigestAlgorithm(DigestMethod.SHA1); //SHA1
2751:                    featureBinding.addTargetBinding(t);
2752:                }
2753:
2754:                // if bsp is true the filters will actually have code to verify that the
2755:                // incoming algorithms (are BSP defined ones)
2756:                // so nothing todo here
2757:                //if (!bsp) {
2758:                //    if ("".equals(featureBinding.getCanonicalizationAlgorithm())) {
2759:                //        featureBinding.setCanonicalizationAlgorithm(CanonicalizationMethod.EXCLUSIVE);
2760:                //    }
2761:                //}
2762:                policy.isBSP(bsp);
2763:            }
2764:
2765:            private static void applyReceiverDefaults(EncryptionPolicy policy,
2766:                    boolean bsp, boolean dp) {
2767:
2768:                // get the target list
2769:                EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) policy
2770:                        .getFeatureBinding();
2771:                boolean targetsEmpty = (featureBinding.getTargetBindings()
2772:                        .size() == 0);
2773:                if (!dp && targetsEmpty) {
2774:                    // this much will automatically set the SOAPBody as target and
2775:                    // contentOnly as TRUE.
2776:                    Target t = new EncryptionTarget();
2777:                    featureBinding.addTargetBinding(t);
2778:                }
2779:
2780:                // if bsp is true the filters will actually have code to verify that the
2781:                // incoming algorithms (for key and data enc are BSP defined ones)
2782:                // so nothing todo here
2783:                //if (!bsp) {
2784:                //    if ("".equals(((EncryptionPolicy.FeatureBinding)
2785:                //    policy.getFeatureBinding()).getDataEncryptionAlgorithm())) {
2786:                //        ((EncryptionPolicy.FeatureBinding)
2787:                //        policy.getFeatureBinding()).
2788:                //                setDataEncryptionAlgorithm(DEFAULT_DATA_ENC_ALGO);
2789:                //    }
2790:                //}
2791:                policy.isBSP(bsp);
2792:            }
2793:
2794:            private static void applyReceiverDefaults(
2795:                    AuthenticationTokenPolicy.UsernameTokenBinding policy,
2796:                    boolean bsp, String securityHandlerClass, boolean dp)
2797:                    throws PolicyGenerationException {
2798:
2799:                // defaults are applied here which is RequireNonce = true, RequireDigest=true        
2800:                policy.isBSP(bsp);
2801:            }
2802:
2803:            private static void applyReceiverDefaults(
2804:                    TimestampPolicy timestampPolicy, boolean bsp,
2805:                    String securityHandlerClass, boolean dp) {
2806:                if (timestampPolicy.getMaxClockSkew() == 0) {
2807:                    timestampPolicy.setMaxClockSkew(Timestamp.MAX_CLOCK_SKEW);
2808:                }
2809:
2810:                if (timestampPolicy.getTimestampFreshness() == 0) {
2811:                    timestampPolicy
2812:                            .setTimestampFreshness(Timestamp.TIMESTAMP_FRESHNESS_LIMIT);
2813:                }
2814:
2815:                timestampPolicy.isBSP(bsp);
2816:            }
2817:
2818:            private static void applyReceiverDefaults(
2819:                    AuthenticationTokenPolicy.SAMLAssertionBinding policy,
2820:                    boolean bsp, boolean dp) {
2821:
2822:                if ("".equals(policy.getReferenceType())) {
2823:                    policy
2824:                            .setReferenceType(MessageConstants.KEY_INDETIFIER_TYPE);
2825:                }
2826:                policy.isBSP(bsp);
2827:            }
2828:
2829:            private static boolean configHasSingleService(Element config) {
2830:
2831:                NodeList services = config.getElementsByTagNameNS(
2832:                        CONFIGURATION_URL, SERVICE_ELEMENT_NAME);
2833:                if ((services.getLength() > 1) || (services.getLength() == 0)) {
2834:                    return false;
2835:                }
2836:                return true;
2837:            }
2838:
2839:            private static boolean configHasSingleServiceAndNoPorts(
2840:                    Element config) {
2841:
2842:                NodeList services = config.getElementsByTagNameNS(
2843:                        CONFIGURATION_URL, SERVICE_ELEMENT_NAME);
2844:                if ((services.getLength() > 1) || (services.getLength() == 0)) {
2845:                    return false;
2846:                }
2847:
2848:                NodeList ports = config.getElementsByTagNameNS(
2849:                        CONFIGURATION_URL, PORT_ELEMENT_NAME);
2850:
2851:                if (ports.getLength() == 0) {
2852:                    return true;
2853:                }
2854:                return false;
2855:            }
2856:
2857:            private static boolean configHasOperations(Element config) {
2858:                NodeList ops = config.getElementsByTagNameNS(CONFIGURATION_URL,
2859:                        OPERATION_ELEMENT_NAME);
2860:                if (ops.getLength() > 0) {
2861:                    return true;
2862:                }
2863:                return false;
2864:            }
2865:
2866:            private static void checkIdUniqueness(Element elem) {
2867:
2868:                NodeList nl = elem.getElementsByTagNameNS(CONFIGURATION_URL,
2869:                        "*");
2870:                int len = nl.getLength();
2871:                HashMap map = new HashMap();
2872:                for (int i = 0; i < len; i++) {
2873:                    Element subElem = (Element) nl.item(i);
2874:                    String idAttr = subElem.getAttribute(ID_ATTRIBUTE_NAME);
2875:                    if (!"".equals(idAttr)) {
2876:                        if (map.containsKey(idAttr)) {
2877:                            throw new IllegalArgumentException(
2878:                                    "id attribute value '" + idAttr
2879:                                            + "' not unique");
2880:                        } else {
2881:                            map.put(idAttr, idAttr);
2882:                        }
2883:                    }
2884:
2885:                    idAttr = subElem.getAttribute(STRID);
2886:                    if (!"".equals(idAttr)) {
2887:                        if (map.containsKey(idAttr)) {
2888:                            throw new IllegalArgumentException(
2889:                                    "strId/id attribute value '" + idAttr
2890:                                            + "' not unique");
2891:                        } else {
2892:                            map.put(idAttr, idAttr);
2893:                        }
2894:                    }
2895:                }
2896:
2897:            }
2898:
2899:        }
www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.