001: /*
002: * $Id: URIResolver.java,v 1.6 2007/08/01 11:05:54 ashutoshshahi Exp $
003: */
004:
005: /*
006: * The contents of this file are subject to the terms
007: * of the Common Development and Distribution License
008: * (the License). You may not use this file except in
009: * compliance with the License.
010: *
011: * You can obtain a copy of the license at
012: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
013: * See the License for the specific language governing
014: * permissions and limitations under the License.
015: *
016: * When distributing Covered Code, include this CDDL
017: * Header Notice in each file and include the License file
018: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
019: * If applicable, add the following below the CDDL Header,
020: * with the fields enclosed by brackets [] replaced by
021: * you own identifying information:
022: * "Portions Copyrighted [year] [name of copyright owner]"
023: *
024: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
025: */
026:
027: package com.sun.xml.wss.impl.resolver;
028:
029: import java.util.Set;
030: import java.util.Vector;
031: import java.util.HashSet;
032: import java.util.logging.Level;
033: import java.util.logging.Logger;
034:
035: import org.w3c.dom.Attr;
036: import org.w3c.dom.Node;
037: import org.w3c.dom.Element;
038: import org.w3c.dom.Document;
039: import org.w3c.dom.NodeList;
040: import org.w3c.dom.NamedNodeMap;
041:
042: import javax.xml.soap.SOAPMessage;
043: import javax.xml.soap.SOAPException;
044: import javax.xml.soap.AttachmentPart;
045:
046: import com.sun.xml.wss.impl.MessageConstants;
047: import com.sun.xml.wss.logging.LogDomainConstants;
048: import com.sun.xml.wss.impl.SecurableSoapMessage;
049: import com.sun.xml.wss.XWSSecurityException;
050:
051: import javax.xml.transform.TransformerException;
052:
053: import com.sun.xml.wss.swa.MimeConstants;
054: import com.sun.org.apache.xml.internal.utils.URI;
055: import com.sun.org.apache.xpath.internal.XPathAPI;
056: import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
057: import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
058: import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver;
059: import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi;
060: import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException;
061:
062: /**
063: * This resolver is used for resolving URIs.
064: *
065: * Resolves URLs that refers to attachments that has a (1) Content-ID
066: * or a (2) Content-Location MIME header.
067: *
068: * In case of Content-Location, the URL may require resolution to determine
069: * the referenced attachment [RFC2557].
070: *
071: * Also resolves (3) URL's that are Ids on XML elements within the
072: * SOAPMessage.
073: *
074: * @author XWS-Security Team
075: *
076: */
077: public class URIResolver extends ResourceResolverSpi {
078:
079: int referenceType = -1;
080:
081: private SOAPMessage soapMsg = null;
082:
083: private static String implementationClassName = URIResolver.class
084: .getName();
085:
086: protected static final Logger log = Logger.getLogger(
087: LogDomainConstants.IMPL_DOMAIN,
088: LogDomainConstants.IMPL_DOMAIN_BUNDLE);
089:
090: public URIResolver() {
091: }
092:
093: public URIResolver(SOAPMessage soapMsg) {
094: this .soapMsg = soapMsg;
095: }
096:
097: public void setSOAPMessage(SOAPMessage soapMsg) {
098: this .soapMsg = soapMsg;
099: }
100:
101: /**
102: * Method getResolverName
103: *
104: * @return The resolver implementation class name
105: */
106: public static String getResolverName() {
107: return implementationClassName;
108: }
109:
110: /**
111: * Method engineResolve
112: *
113: * @param uri
114: * @param BaseURI
115: *
116: * @return XMLSignatureInput
117: *
118: * @throws ResourceResolverException
119: */
120: public XMLSignatureInput engineResolve(Attr uri, String baseURI)
121: throws ResourceResolverException {
122:
123: XMLSignatureInput result = null;
124:
125: if (referenceType == -1)
126: if (!engineCanResolve(uri, baseURI))
127: throw generateException(uri, baseURI, errors[0]);
128:
129: switch (referenceType) {
130: case ID_REFERENCE:
131: result = _resolveId(uri, baseURI);
132: break;
133: case CID_REFERENCE:
134: result = _resolveCid(uri, baseURI);
135: break;
136: case CLOCATION_REFERENCE:
137: try {
138: result = _resolveClocation(uri, baseURI);
139: } catch (URIResolverException ure) {
140: result = ResourceResolver.getInstance(uri, baseURI)
141: .resolve(uri, baseURI);
142: }
143: break;
144: default:
145: }
146:
147: referenceType = -1;
148: return result;
149: }
150:
151: private XMLSignatureInput _resolveId(Attr uri, String baseUri)
152: throws ResourceResolverException {
153:
154: XMLSignatureInput result = null;
155:
156: String uriNodeValue = uri.getNodeValue();
157: Document doc = uri.getOwnerDocument();
158:
159: XMLUtils.circumventBug2650(doc);
160:
161: Element selectedElem = null;
162: if (uriNodeValue.equals("")) {
163: selectedElem = doc.getDocumentElement();
164: } else {
165: String id = uriNodeValue.substring(1);
166: try {
167: selectedElem = getElementById(doc, id);
168: } catch (TransformerException e) {
169: log.log(Level.SEVERE,
170: "WSS0603.xpathapi.transformer.exception", e
171: .getMessage());
172: throw new ResourceResolverException("empty", e, uri,
173: baseUri);
174: }
175: }
176:
177: if (selectedElem == null) {
178: log.log(Level.SEVERE, "WSS0604.cannot.find.element");
179: throw new ResourceResolverException("empty", uri, baseUri);
180: }
181:
182: Set resultSet = prepareNodeSet(selectedElem);
183: result = new XMLSignatureInput(resultSet);
184: result.setMIMEType(MimeConstants.TEXT_XML_TYPE);
185:
186: try {
187: URI uriNew = new URI(new URI(baseUri), uriNodeValue);
188: result.setSourceURI(uriNew.toString());
189: } catch (URI.MalformedURIException ex) {
190: result.setSourceURI(baseUri);
191: }
192: return result;
193: }
194:
195: /*
196: * Resolver for content-ID.
197: *
198: * A content-ID MIME header value corresponding to the URL scheme
199: * is defined in RFC 2392.
200: *
201: * For example, content-ID of "foo" may be specified with Content-ID:<foo>
202: * and be references with a CID schema URL cid:foo.
203: *
204: */
205: private XMLSignatureInput _resolveCid(Attr uri, String baseUri)
206: throws ResourceResolverException {
207:
208: XMLSignatureInput result = null;
209: String uriNodeValue = uri.getNodeValue();
210:
211: if (soapMsg == null)
212: throw generateException(uri, baseUri, errors[1]);
213:
214: try {
215: AttachmentPart _part = ((SecurableSoapMessage) soapMsg)
216: .getAttachmentPart(uriNodeValue);
217: if (_part == null) {
218: // log
219: throw new ResourceResolverException("empty", uri,
220: baseUri);
221: }
222: Object[] obj = AttachmentSignatureInput
223: ._getSignatureInput(_part);
224: result = new AttachmentSignatureInput((byte[]) obj[1]);
225: ((AttachmentSignatureInput) result)
226: .setMimeHeaders((Vector) obj[0]);
227: ((AttachmentSignatureInput) result).setContentType(_part
228: .getContentType());
229: } catch (Exception e) {
230: // log
231: throw new ResourceResolverException("empty", e, uri,
232: baseUri);
233: }
234:
235: try {
236: URI uriNew = new URI(new URI(baseUri), uriNodeValue);
237: result.setSourceURI(uriNew.toString());
238: } catch (URI.MalformedURIException ex) {
239: result.setSourceURI(baseUri);
240: }
241: return result;
242: }
243:
244: private XMLSignatureInput _resolveClocation(Attr uri, String baseUri)
245: throws ResourceResolverException, URIResolverException {
246: URI uriNew = null;
247: XMLSignatureInput result = null;
248: try {
249: uriNew = getNewURI(uri.getNodeValue(), baseUri);
250: } catch (URI.MalformedURIException ex) {
251: // log
252: throw new ResourceResolverException("empty", ex, uri,
253: baseUri);
254: }
255:
256: if (soapMsg == null)
257: throw generateException(uri, baseUri, errors[1]);
258:
259: try {
260: AttachmentPart _part = ((SecurableSoapMessage) soapMsg)
261: .getAttachmentPart(uriNew.toString());
262: if (_part == null) {
263: // log
264: throw new URIResolverException();
265: }
266: Object[] obj = AttachmentSignatureInput
267: ._getSignatureInput(_part);
268: result = new AttachmentSignatureInput((byte[]) obj[1]);
269: ((AttachmentSignatureInput) result)
270: .setMimeHeaders((Vector) obj[0]);
271: ((AttachmentSignatureInput) result).setContentType(_part
272: .getContentType());
273: } catch (XWSSecurityException e) {
274: throw new ResourceResolverException("empty", e, uri,
275: baseUri);
276: } catch (SOAPException spe) {
277: // log
278: throw new ResourceResolverException("empty", spe, uri,
279: baseUri);
280: } catch (java.io.IOException ioe) {
281: // log
282: throw new ResourceResolverException("empty", ioe, uri,
283: baseUri);
284: }
285:
286: result.setSourceURI(uriNew.toString());
287: return result;
288: }
289:
290: /**
291: * Method engineCanResolve
292: *
293: * @param uri
294: * @param BaseURI
295: *
296: * @return true if uri node can be resolved, false otherwise
297: */
298: public boolean engineCanResolve(Attr uri, String baseURI) {
299: if (uri == null)
300: return false;
301:
302: String uriNodeValue = uri.getNodeValue();
303:
304: /* #Id, #wsu:Id */
305: if (uriNodeValue.startsWith("#")) {
306: referenceType = ID_REFERENCE;
307: return true;
308: }
309:
310: /* cid:xxx */
311: if (uriNodeValue.startsWith("cid:")) {
312: referenceType = CID_REFERENCE;
313: return true;
314: }
315:
316: /* attachmentRef:xxx */
317: if (uriNodeValue.startsWith("attachmentRef:")) {
318: referenceType = CID_REFERENCE;
319: return true;
320: }
321:
322: URI uriNew = null;
323: try {
324: uriNew = getNewURI(uriNodeValue, baseURI);
325: } catch (URI.MalformedURIException ex) {
326: // log
327: return false;
328: }
329:
330: /* content-location of the type http:// (for now) */
331: if ((uriNew != null)
332: && uriNew.getScheme().equals("http")
333: || uriNodeValue.startsWith("thismessage:/")
334: || !(uriNew.getScheme().equals("ftp")
335: || uriNew.getScheme().equals("telnet")
336: || uriNew.getScheme().equals("gopher")
337: || uriNew.getScheme().equals("news")
338: || uriNew.getScheme().equals("mailto") || uriNew
339: .getScheme().equals("file"))) {
340: // log
341: referenceType = CLOCATION_REFERENCE;
342: return true;
343: }
344:
345: return false;
346: }
347:
348: /**
349: * Looks up elements with wsu:Id or Id in xenc or dsig namespace
350: *
351: * @param doc
352: * @param id
353: *
354: * @return element
355: *
356: * @throws TransformerException
357: */
358: private Element getElementById(Document doc, String id)
359: throws TransformerException {
360:
361: Element selement = doc.getElementById(id);
362: if (selement != null) {
363: if (MessageConstants.debug) {
364: log.log(Level.FINEST,
365: "Document.getElementById() returned "
366: + selement);
367: }
368: return selement;
369: }
370:
371: if (MessageConstants.debug) {
372: log.log(Level.FINEST,
373: "Document.getElementById() FAILED......'" + id
374: + "'");
375: }
376:
377: Element nscontext = XMLUtils.createDSctx(doc, "wsu",
378: MessageConstants.WSU_NS);
379: Element element = (Element) XPathAPI.selectSingleNode(doc,
380: "//*[@wsu:Id='" + id + "']", nscontext);
381:
382: if (element == null) {
383: NodeList elems = XPathAPI.selectNodeList(doc, "//*[@Id='"
384: + id + "']", nscontext);
385:
386: for (int i = 0; i < elems.getLength(); i++) {
387: Element elem = (Element) elems.item(i);
388: String namespace = elem.getNamespaceURI();
389: if (namespace.equals(MessageConstants.DSIG_NS)
390: || namespace.equals(MessageConstants.XENC_NS)) {
391: element = elem;
392: break;
393: }
394: }
395: }
396:
397: if (element == null) {
398:
399: NodeList assertions = doc.getElementsByTagNameNS(
400: MessageConstants.SAML_v1_0_NS,
401: MessageConstants.SAML_ASSERTION_LNAME);
402: int len = assertions.getLength();
403: if (len > 0) {
404: for (int i = 0; i < len; i++) {
405: Element elem = (Element) assertions.item(i);
406: String assertionId = elem
407: .getAttribute(MessageConstants.SAML_ASSERTIONID_LNAME);
408: if (id.equals(assertionId)) {
409: element = elem;
410: break;
411: }
412: }
413: }
414: }
415:
416: return element;
417: }
418:
419: private ResourceResolverException generateException(Attr uri,
420: String baseUri, String error) {
421: XWSSecurityException xwssE = new XWSSecurityException(error);
422: return new ResourceResolverException("empty", xwssE, uri,
423: baseUri);
424: }
425:
426: /**
427: * prepareNodeSet
428: *
429: * @param node the node referenced by the -
430: * URI fragment. If null, returns -
431: * an empty set.
432: * @return
433: */
434: private Set prepareNodeSet(Node node) {
435: Set nodeSet = new HashSet();
436: if (node != null) {
437: nodeSetMinusCommentNodes(node, nodeSet, null);
438: }
439: return nodeSet;
440: }
441:
442: /**
443: * Method nodeSetMinusCommentNodes
444: *
445: * @param node the node to traverse
446: * @param nodeSet the set of nodes traversed so far
447: * @param the previous sibling node
448: */
449: private void nodeSetMinusCommentNodes(Node node, Set nodeSet,
450: Node prevSibling) {
451: switch (node.getNodeType()) {
452: case Node.ELEMENT_NODE:
453: NamedNodeMap attrs = node.getAttributes();
454: if (attrs != null) {
455: for (int i = 0; i < attrs.getLength(); i++) {
456: nodeSet.add(attrs.item(i));
457: }
458: }
459: nodeSet.add(node);
460: Node pSibling = null;
461: for (Node child = node.getFirstChild(); child != null; child = child
462: .getNextSibling()) {
463: nodeSetMinusCommentNodes(child, nodeSet, pSibling);
464: pSibling = child;
465: }
466: break;
467: case Node.TEXT_NODE:
468: case Node.CDATA_SECTION_NODE:
469: // emulate XPath which only returns the first node in
470: // contiguous text/cdata nodes
471: if (prevSibling != null
472: && (prevSibling.getNodeType() == Node.TEXT_NODE || prevSibling
473: .getNodeType() == Node.CDATA_SECTION_NODE)) {
474: return;
475: }
476: case Node.PROCESSING_INSTRUCTION_NODE:
477: nodeSet.add(node);
478: }
479: }
480:
481: private URI getNewURI(String uri, String baseUri)
482: throws URI.MalformedURIException {
483: if ((baseUri == null) || "".equals(baseUri)) {
484: return new URI(uri);
485: } else {
486: return new URI(new URI(baseUri), uri);
487: }
488: }
489:
490: private static final class URIResolverException extends Exception {
491: };
492:
493: private static final int ID_REFERENCE = 0;
494: private static final int CID_REFERENCE = 1;
495: private static final int CLOCATION_REFERENCE = 2;
496:
497: private final String[] errors = new String[] {
498: "Can not resolve reference type",
499: "Required SOAPMessage instance to resolve reference" };
500: }
|