Apache CXF API

org.apache.cxf.ws.security.wss4j
Class CryptoCoverageUtil

java.lang.Object
  extended by org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil

public final class CryptoCoverageUtil
extends Object

Utility to enable the checking of WS-Security signature / WS-Security encryption coverage based on the results of the WSS4J signature/encryption processor.


Nested Class Summary
static class CryptoCoverageUtil.CoverageScope
          Differentiates which part of an element to check for cryptographic coverage.
static class CryptoCoverageUtil.CoverageType
          Differentiates which type of cryptographic coverage to check for.
 
Method Summary
static void checkBodyCoverage(Element soapBody, Collection<org.apache.ws.security.WSDataRef> refs, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope)
          Checks that the references provided refer to the signed/encrypted SOAP body element.
static void checkCoverage(Element soapEnvelope, Collection<org.apache.ws.security.WSDataRef> refs, Map<String,String> namespaces, Collection<String> xPaths, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope)
          Checks that the references provided refer to the required signed/encrypted elements as defined by the XPath expressions in xPaths.
static void checkCoverage(Element soapEnvelope, Collection<org.apache.ws.security.WSDataRef> refs, Map<String,String> namespaces, String xPath, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope)
          Checks that the references provided refer to the required signed/encrypted elements as defined by the XPath expression in xPath.
static void checkHeaderCoverage(Element soapHeader, Collection<org.apache.ws.security.WSDataRef> refs, String namespace, String name, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope)
          Checks that the references provided refer to the required signed/encrypted SOAP header element(s) matching the provided name and namespace.
static void reconcileEncryptedSignedRefs(Collection<org.apache.ws.security.WSDataRef> signedRefs, Collection<org.apache.ws.security.WSDataRef> encryptedRefs)
          Inspects the signed and encrypted content in the message and accurately resolves encrypted and then signed elements in signedRefs.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

reconcileEncryptedSignedRefs

public static void reconcileEncryptedSignedRefs(Collection<org.apache.ws.security.WSDataRef> signedRefs,
                                                Collection<org.apache.ws.security.WSDataRef> encryptedRefs)
Inspects the signed and encrypted content in the message and accurately resolves encrypted and then signed elements in signedRefs. Entries in signedRefs that correspond to an encrypted element are resolved to the decrypted element and added to signedRefs. The original reference to the encrypted content remains unaltered in the list to allow for matching against a requirement that xenc:EncryptedData and xenc:EncryptedKey elements be signed.

Parameters:
signedRefs - references to the signed content in the message
encryptedRefs - references to the encrypted content in the message

checkBodyCoverage

public static void checkBodyCoverage(Element soapBody,
                                     Collection<org.apache.ws.security.WSDataRef> refs,
                                     CryptoCoverageUtil.CoverageType type,
                                     CryptoCoverageUtil.CoverageScope scope)
                              throws org.apache.ws.security.WSSecurityException
Checks that the references provided refer to the signed/encrypted SOAP body element.

Parameters:
soapBody - the SOAP body element
refs - the refs to the data extracted from the signature/encryption
type - the type of cryptographic coverage to check for
scope - the scope of the cryptographic coverage to check for, defaults to element
Throws:
org.apache.ws.security.WSSecurityException - if there is an error evaluating the coverage or the body is not covered by the signature/encryption.

checkHeaderCoverage

public static void checkHeaderCoverage(Element soapHeader,
                                       Collection<org.apache.ws.security.WSDataRef> refs,
                                       String namespace,
                                       String name,
                                       CryptoCoverageUtil.CoverageType type,
                                       CryptoCoverageUtil.CoverageScope scope)
                                throws org.apache.ws.security.WSSecurityException
Checks that the references provided refer to the required signed/encrypted SOAP header element(s) matching the provided name and namespace. If name is null, all headers from namespace are inspected for coverage.

Parameters:
soapHeader - the SOAP header element
refs - the refs to the data extracted from the signature/encryption
namespaces - the namespace of the header(s) to check for coverage
name - the local part of the header name to check for coverage, may be null
type - the type of cryptographic coverage to check for
scope - the scope of the cryptographic coverage to check for, defaults to element
Throws:
org.apache.ws.security.WSSecurityException - if there is an error evaluating the coverage or a header is not covered by the signature/encryption.

checkCoverage

public static void checkCoverage(Element soapEnvelope,
                                 Collection<org.apache.ws.security.WSDataRef> refs,
                                 Map<String,String> namespaces,
                                 String xPath,
                                 CryptoCoverageUtil.CoverageType type,
                                 CryptoCoverageUtil.CoverageScope scope)
                          throws org.apache.ws.security.WSSecurityException
Checks that the references provided refer to the required signed/encrypted elements as defined by the XPath expression in xPath.

Parameters:
soapEnvelope - the SOAP Envelope element
refs - the refs to the data extracted from the signature/encryption
namespaces - the prefix to namespace mapping, may be null
xPath - the XPath expression
type - the type of cryptographic coverage to check for
scope - the scope of the cryptographic coverage to check for, defaults to element
Throws:
org.apache.ws.security.WSSecurityException - if there is an error evaluating an XPath or an element is not covered by the signature/encryption.

checkCoverage

public static void checkCoverage(Element soapEnvelope,
                                 Collection<org.apache.ws.security.WSDataRef> refs,
                                 Map<String,String> namespaces,
                                 Collection<String> xPaths,
                                 CryptoCoverageUtil.CoverageType type,
                                 CryptoCoverageUtil.CoverageScope scope)
                          throws org.apache.ws.security.WSSecurityException
Checks that the references provided refer to the required signed/encrypted elements as defined by the XPath expressions in xPaths.

Parameters:
soapEnvelope - the SOAP Envelope element
refs - the refs to the data extracted from the signature/encryption
namespaces - the prefix to namespace mapping, may be null
xPaths - the collection of XPath expressions
type - the type of cryptographic coverage to check for
scope - the scope of the cryptographic coverage to check for, defaults to element
Throws:
org.apache.ws.security.WSSecurityException - if there is an error evaluating an XPath or an element is not covered by the signature/encryption.

Apache CXF API

Apache CXF