org.apache.cxf.ws.security.wss4j
Class CryptoCoverageUtil

java.lang.Object
  org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil

public final class CryptoCoverageUtil
extends Object

Utility to enable the checking of WS-Security signature / WS-Security encryption coverage based on the results of the WSS4J signature/encryption processor.

Nested Class Summary

static class	CryptoCoverageUtil.CoverageScope Differentiates which part of an element to check for cryptographic coverage.
static class	CryptoCoverageUtil.CoverageType Differentiates which type of cryptographic coverage to check for.

Method Summary

static void	checkBodyCoverage(javax.xml.soap.SOAPMessage message, Collection<org.apache.ws.security.WSDataRef> refs, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope) Checks that the references provided refer to the signed/encrypted SOAP body element.
static void	checkCoverage(javax.xml.soap.SOAPMessage message, Collection<org.apache.ws.security.WSDataRef> refs, Map<String,String> namespaces, Collection<String> xPaths, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope) Checks that the references provided refer to the required signed/encrypted elements as defined by the XPath expressions in xPaths.
static void	checkCoverage(javax.xml.soap.SOAPMessage message, Collection<org.apache.ws.security.WSDataRef> refs, Map<String,String> namespaces, String xPath, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope) Checks that the references provided refer to the required signed/encrypted elements as defined by the XPath expression in xPath.
static void	checkHeaderCoverage(javax.xml.soap.SOAPMessage message, Collection<org.apache.ws.security.WSDataRef> refs, String namespace, String name, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope) Checks that the references provided refer to the required signed/encrypted SOAP header element(s) matching the provided name and namespace.
static void	reconcileEncryptedSignedRefs(Collection<org.apache.ws.security.WSDataRef> signedRefs, Collection<org.apache.ws.security.WSDataRef> encryptedRefs) Inspects the signed and encrypted content in the message and accurately resolves encrypted and then signed elements in signedRefs.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

reconcileEncryptedSignedRefs

public static void reconcileEncryptedSignedRefs(Collection<org.apache.ws.security.WSDataRef> signedRefs,
                                                Collection<org.apache.ws.security.WSDataRef> encryptedRefs)

Inspects the signed and encrypted content in the message and accurately resolves encrypted and then signed elements in signedRefs. Entries in signedRefs that correspond to an encrypted element are resolved to the decrypted element and added to signedRefs. The original reference to the encrypted content remains unaltered in the list to allow for matching against a requirement that xenc:EncryptedData and xenc:EncryptedKey elements be signed.

Parameters:

signedRefs - references to the signed content in the message

encryptedRefs - references to the encrypted content in the message

checkBodyCoverage

public static void checkBodyCoverage(javax.xml.soap.SOAPMessage message,
                                     Collection<org.apache.ws.security.WSDataRef> refs,
                                     CryptoCoverageUtil.CoverageType type,
                                     CryptoCoverageUtil.CoverageScope scope)
                              throws org.apache.ws.security.WSSecurityException

Checks that the references provided refer to the signed/encrypted SOAP body element.

Parameters:

message - the soap message containing the signature/encryption and content

refs - the refs to the data extracted from the signature/encryption

type - the type of cryptographic coverage to check for

scope - the scope of the cryptographic coverage to check for, defaults to element

Throws:

org.apache.ws.security.WSSecurityException - if there is an error evaluating the coverage or the body is not covered by the signature/encryption.

checkHeaderCoverage

public static void checkHeaderCoverage(javax.xml.soap.SOAPMessage message,
                                       Collection<org.apache.ws.security.WSDataRef> refs,
                                       String namespace,
                                       String name,
                                       CryptoCoverageUtil.CoverageType type,
                                       CryptoCoverageUtil.CoverageScope scope)
                                throws org.apache.ws.security.WSSecurityException

Checks that the references provided refer to the required signed/encrypted SOAP header element(s) matching the provided name and namespace. If name is null, all headers from namespace are inspected for coverage.

Parameters:

message - the soap message containing the signature/encryption and content

refs - the refs to the data extracted from the signature/encryption

namespaces - the namespace of the header(s) to check for coverage

name - the local part of the header name to check for coverage, may be null

type - the type of cryptographic coverage to check for

scope - the scope of the cryptographic coverage to check for, defaults to element

Throws:

org.apache.ws.security.WSSecurityException - if there is an error evaluating the coverage or a header is not covered by the signature/encryption.

checkCoverage

public static void checkCoverage(javax.xml.soap.SOAPMessage message,
                                 Collection<org.apache.ws.security.WSDataRef> refs,
                                 Map<String,String> namespaces,
                                 String xPath,
                                 CryptoCoverageUtil.CoverageType type,
                                 CryptoCoverageUtil.CoverageScope scope)
                          throws org.apache.ws.security.WSSecurityException

Checks that the references provided refer to the required signed/encrypted elements as defined by the XPath expression in xPath.

Parameters:

message - the soap message containing the signature/encryption and content

refs - the refs to the data extracted from the signature/encryption

namespaces - the prefix to namespace mapping, may be null

xPath - the XPath expression

type - the type of cryptographic coverage to check for

scope - the scope of the cryptographic coverage to check for, defaults to element

Throws:

org.apache.ws.security.WSSecurityException - if there is an error evaluating an XPath or an element is not covered by the signature/encryption.

checkCoverage

public static void checkCoverage(javax.xml.soap.SOAPMessage message,
                                 Collection<org.apache.ws.security.WSDataRef> refs,
                                 Map<String,String> namespaces,
                                 Collection<String> xPaths,
                                 CryptoCoverageUtil.CoverageType type,
                                 CryptoCoverageUtil.CoverageScope scope)
                          throws org.apache.ws.security.WSSecurityException

Checks that the references provided refer to the required signed/encrypted elements as defined by the XPath expressions in xPaths.

Parameters:

message - the soap message containing the signature/encryption and content

refs - the refs to the data extracted from the signature/encryption

namespaces - the prefix to namespace mapping, may be null

xPaths - the collection of XPath expressions

type - the type of cryptographic coverage to check for

scope - the scope of the cryptographic coverage to check for, defaults to element

Throws:

org.apache.ws.security.WSSecurityException - if there is an error evaluating an XPath or an element is not covered by the signature/encryption.