Apache CXF API

org.apache.cxf.ws.security.wss4j.policyhandlers
Class AbstractBindingBuilder

java.lang.Object
  extended by org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder
Direct Known Subclasses:
AsymmetricBindingHandler, SymmetricBindingHandler, TransportBindingHandler

public abstract class AbstractBindingBuilder
extends Object


Field Summary
protected  AssertionInfoMap aim
           
protected  Binding binding
           
static String CRYPTO_CACHE
           
protected  Set<org.apache.ws.security.WSEncryptionPart> encryptedTokensList
           
protected  Map<Token,Object> endEncSuppTokMap
           
protected  Map<Token,Object> endSuppTokMap
           
protected static Logger LOG
           
protected  String mainSigId
           
protected  SoapMessage message
           
protected  SPConstants.ProtectionOrder protectionOrder
           
protected  javax.xml.soap.SOAPMessage saaj
           
protected  org.apache.ws.security.message.WSSecHeader secHeader
           
protected  Map<Token,Object> sgndEndEncSuppTokMap
           
protected  Map<Token,Object> sgndEndSuppTokMap
           
protected  List<org.apache.ws.security.WSEncryptionPart> sigConfList
           
protected  List<byte[]> signatures
           
protected  org.apache.ws.security.message.WSSecTimestamp timestampEl
           
protected  org.apache.ws.security.WSSConfig wssConfig
           
 
Constructor Summary
AbstractBindingBuilder(org.apache.ws.security.WSSConfig config, Binding binding, javax.xml.soap.SOAPMessage saaj, org.apache.ws.security.message.WSSecHeader secHeader, AssertionInfoMap aim, SoapMessage message)
           
 
Method Summary
protected  void addDerivedKeyElement(Element el)
           
protected  org.apache.ws.security.message.WSSecUsernameToken addDKUsernameToken(UsernameToken token, boolean useMac)
           
protected  void addEncryptedKeyElement(Element el)
           
protected  org.apache.ws.security.saml.ext.AssertionWrapper addSamlToken(SamlToken token)
           
protected  void addSignatureConfirmation(List<org.apache.ws.security.WSEncryptionPart> sigParts)
           
protected  void addSignatureParts(Map<Token,Object> tokenMap, List<org.apache.ws.security.WSEncryptionPart> sigParts)
           
protected  void addSupportingElement(Element el)
           
protected  void addSupportingTokens(List<org.apache.ws.security.WSEncryptionPart> sigs)
           
protected  void addTopDownElement(Element el)
           
protected  org.apache.ws.security.message.WSSecUsernameToken addUsernameToken(UsernameToken token)
           
 String addWsuIdToElement(Element elem)
          Generates a wsu:Id attribute for the provided Element and returns the attribute value or finds and returns the value of the attribute if it already exists.
protected  void assertSupportingTokens(Collection<org.apache.neethi.Assertion> suppTokens)
           
protected  void assertSupportingTokens(List<org.apache.ws.security.WSEncryptionPart> sigs)
           
protected  Element cloneElement(Element el)
           
 org.apache.ws.security.WSEncryptionPart convertToEncryptionPart(Element element)
          Convert a DOM Element into a WSEncryptionPart, adding a (wsu:)Id if there is not one already.
protected  org.apache.ws.security.message.WSSecTimestamp createTimestamp()
           
protected  void doEndorse()
           
protected  void doEndorsedSignatures(Map<Token,Object> tokenMap, boolean isTokenProtection, boolean isSigProtect)
           
protected  Collection<org.apache.neethi.Assertion> findAndAssertPolicy(QName n)
           
protected  String findIDFromSamlToken(Element samlToken)
           
protected  CallbackHandler getCallbackHandler()
           
 org.apache.ws.security.components.crypto.Crypto getCrypto(TokenWrapper wrapper, String cryptoKey, String propKey)
           
protected  Map<Object,org.apache.ws.security.components.crypto.Crypto> getCryptoCache()
           
protected  List<org.apache.ws.security.WSEncryptionPart> getElements(String encryptionModifier, List<String> xpaths, Map<String,String> namespaces, List<Element> found)
          Identifies the portions of the message to be signed/encrypted.
protected  org.apache.ws.security.message.WSSecEncryptedKey getEncryptedKeyBuilder(TokenWrapper wrapper, Token token)
           
 List<org.apache.ws.security.WSEncryptionPart> getEncryptedParts()
           
 org.apache.ws.security.components.crypto.Crypto getEncryptionCrypto(TokenWrapper wrapper)
           
protected  List<org.apache.ws.security.WSEncryptionPart> getParts(boolean sign, boolean includeBody, List<org.apache.ws.security.WSEncryptionPart> parts, List<Element> found)
          Identifies the portions of the message to be signed/encrypted.
 List<org.apache.ws.security.WSEncryptionPart> getPartsAndElements(boolean sign, boolean includeBody, List<org.apache.ws.security.WSEncryptionPart> parts, List<String> xpaths, Map<String,String> namespaces, List<String> contentXpaths, Map<String,String> cnamespaces)
          Deprecated. Use getSignedParts() and getEncryptedParts() instead.
 String getPassword(String userName, org.apache.neethi.Assertion info, int type)
           
protected  SecurityToken getSecurityToken()
           
protected  org.apache.ws.security.message.WSSecSignature getSignatureBuilder(TokenWrapper wrapper, Token token, boolean endorse)
           
protected  org.apache.ws.security.message.WSSecSignature getSignatureBuilder(TokenWrapper wrapper, Token token, boolean attached, boolean endorse)
           
 org.apache.ws.security.components.crypto.Crypto getSignatureCrypto(TokenWrapper wrapper)
           
 List<org.apache.ws.security.WSEncryptionPart> getSignedParts()
           
protected  TokenStore getTokenStore()
           
static String getUsername(List<org.apache.ws.security.handler.WSHandlerResult> results)
          Scan through WSHandlerResult list for a Username token and return the username if a Username Token found
protected  Wss10 getWss10()
           
 void handleEncryptedSignedHeaders(List<org.apache.ws.security.WSEncryptionPart> encryptedParts, List<org.apache.ws.security.WSEncryptionPart> signedParts)
          Processes the parts to be signed and reconfigures those parts that have already been encrypted.
protected  org.apache.ws.security.message.WSSecTimestamp handleLayout(org.apache.ws.security.message.WSSecTimestamp timestamp)
           
protected  Map<Token,Object> handleSupportingTokens(Collection<org.apache.neethi.Assertion> tokens, boolean endorse)
           
protected  Map<Token,Object> handleSupportingTokens(SupportingToken suppTokens, boolean endorse)
           
protected  Map<Token,Object> handleSupportingTokens(SupportingToken suppTokens, boolean endorse, Map<Token,Object> ret)
           
protected  void handleUsernameTokenSupportingToken(UsernameToken token, boolean endorse, boolean encryptedToken, Map<Token,Object> ret)
           
protected  boolean includeToken(SPConstants.IncludeTokenType inclusion)
           
protected  void insertBeforeBottomUp(Element el)
           
protected  boolean isRequestor()
           
protected  void policyAsserted(org.apache.neethi.Assertion assertion)
           
protected  void policyAsserted(QName n)
           
protected  void policyNotAsserted(org.apache.neethi.Assertion assertion, Exception reason)
           
protected  void policyNotAsserted(org.apache.neethi.Assertion assertion, String reason)
           
 String setEncryptionUser(org.apache.ws.security.message.WSSecEncryptedKey encrKeyBuilder, TokenWrapper token, boolean sign, org.apache.ws.security.components.crypto.Crypto crypto)
           
 void setKeyIdentifierType(org.apache.ws.security.message.WSSecBase secBase, TokenWrapper wrapper, Token token)
           
protected  void storeAssertionAsSecurityToken(org.apache.ws.security.saml.ext.AssertionWrapper assertion)
          Store a SAML Assertion as a SecurityToken
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CRYPTO_CACHE

public static final String CRYPTO_CACHE
See Also:
Constant Field Values

LOG

protected static final Logger LOG

protectionOrder

protected SPConstants.ProtectionOrder protectionOrder

wssConfig

protected final org.apache.ws.security.WSSConfig wssConfig

saaj

protected javax.xml.soap.SOAPMessage saaj

secHeader

protected org.apache.ws.security.message.WSSecHeader secHeader

aim

protected AssertionInfoMap aim

binding

protected Binding binding

message

protected SoapMessage message

timestampEl

protected org.apache.ws.security.message.WSSecTimestamp timestampEl

mainSigId

protected String mainSigId

sigConfList

protected List<org.apache.ws.security.WSEncryptionPart> sigConfList

encryptedTokensList

protected Set<org.apache.ws.security.WSEncryptionPart> encryptedTokensList

endEncSuppTokMap

protected Map<Token,Object> endEncSuppTokMap

endSuppTokMap

protected Map<Token,Object> endSuppTokMap

sgndEndEncSuppTokMap

protected Map<Token,Object> sgndEndEncSuppTokMap

sgndEndSuppTokMap

protected Map<Token,Object> sgndEndSuppTokMap

signatures

protected List<byte[]> signatures
Constructor Detail

AbstractBindingBuilder

public AbstractBindingBuilder(org.apache.ws.security.WSSConfig config,
                              Binding binding,
                              javax.xml.soap.SOAPMessage saaj,
                              org.apache.ws.security.message.WSSecHeader secHeader,
                              AssertionInfoMap aim,
                              SoapMessage message)
Method Detail

addDerivedKeyElement

protected void addDerivedKeyElement(Element el)

addEncryptedKeyElement

protected void addEncryptedKeyElement(Element el)

addSupportingElement

protected void addSupportingElement(Element el)

insertBeforeBottomUp

protected void insertBeforeBottomUp(Element el)

addTopDownElement

protected void addTopDownElement(Element el)

isRequestor

protected boolean isRequestor()

policyNotAsserted

protected void policyNotAsserted(org.apache.neethi.Assertion assertion,
                                 Exception reason)

policyNotAsserted

protected void policyNotAsserted(org.apache.neethi.Assertion assertion,
                                 String reason)

policyAsserted

protected void policyAsserted(org.apache.neethi.Assertion assertion)

policyAsserted

protected void policyAsserted(QName n)

findAndAssertPolicy

protected Collection<org.apache.neethi.Assertion> findAndAssertPolicy(QName n)

getCryptoCache

protected final Map<Object,org.apache.ws.security.components.crypto.Crypto> getCryptoCache()

getTokenStore

protected final TokenStore getTokenStore()

createTimestamp

protected org.apache.ws.security.message.WSSecTimestamp createTimestamp()

handleLayout

protected org.apache.ws.security.message.WSSecTimestamp handleLayout(org.apache.ws.security.message.WSSecTimestamp timestamp)

assertSupportingTokens

protected void assertSupportingTokens(Collection<org.apache.neethi.Assertion> suppTokens)

handleSupportingTokens

protected Map<Token,Object> handleSupportingTokens(Collection<org.apache.neethi.Assertion> tokens,
                                                   boolean endorse)
                                            throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

handleSupportingTokens

protected Map<Token,Object> handleSupportingTokens(SupportingToken suppTokens,
                                                   boolean endorse)
                                            throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

handleSupportingTokens

protected Map<Token,Object> handleSupportingTokens(SupportingToken suppTokens,
                                                   boolean endorse,
                                                   Map<Token,Object> ret)
                                            throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

handleUsernameTokenSupportingToken

protected void handleUsernameTokenSupportingToken(UsernameToken token,
                                                  boolean endorse,
                                                  boolean encryptedToken,
                                                  Map<Token,Object> ret)
                                           throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

cloneElement

protected Element cloneElement(Element el)

getSecurityToken

protected SecurityToken getSecurityToken()

addSignatureParts

protected void addSignatureParts(Map<Token,Object> tokenMap,
                                 List<org.apache.ws.security.WSEncryptionPart> sigParts)

addUsernameToken

protected org.apache.ws.security.message.WSSecUsernameToken addUsernameToken(UsernameToken token)

addDKUsernameToken

protected org.apache.ws.security.message.WSSecUsernameToken addDKUsernameToken(UsernameToken token,
                                                                               boolean useMac)

addSamlToken

protected org.apache.ws.security.saml.ext.AssertionWrapper addSamlToken(SamlToken token)
                                                                 throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

storeAssertionAsSecurityToken

protected void storeAssertionAsSecurityToken(org.apache.ws.security.saml.ext.AssertionWrapper assertion)
Store a SAML Assertion as a SecurityToken


findIDFromSamlToken

protected String findIDFromSamlToken(Element samlToken)

getPassword

public String getPassword(String userName,
                          org.apache.neethi.Assertion info,
                          int type)

getCallbackHandler

protected CallbackHandler getCallbackHandler()

addWsuIdToElement

public String addWsuIdToElement(Element elem)
Generates a wsu:Id attribute for the provided Element and returns the attribute value or finds and returns the value of the attribute if it already exists.

Parameters:
element - the Element to check/create the attribute on
Returns:
the generated or discovered wsu:Id attribute value

getEncryptedParts

public List<org.apache.ws.security.WSEncryptionPart> getEncryptedParts()
                                                                throws javax.xml.soap.SOAPException
Throws:
javax.xml.soap.SOAPException

getSignedParts

public List<org.apache.ws.security.WSEncryptionPart> getSignedParts()
                                                             throws javax.xml.soap.SOAPException
Throws:
javax.xml.soap.SOAPException

getPartsAndElements

public List<org.apache.ws.security.WSEncryptionPart> getPartsAndElements(boolean sign,
                                                                         boolean includeBody,
                                                                         List<org.apache.ws.security.WSEncryptionPart> parts,
                                                                         List<String> xpaths,
                                                                         Map<String,String> namespaces,
                                                                         List<String> contentXpaths,
                                                                         Map<String,String> cnamespaces)
                                                                  throws javax.xml.soap.SOAPException
Deprecated. Use getSignedParts() and getEncryptedParts() instead.

Identifies the portions of the message to be signed/encrypted.

Parameters:
sign - whether the matches are to be signed or encrypted
includeBody - if the body should be included in the signature/encryption
parts - any WSEncryptionParts to match for signature or encryption as specified by WS-SP signed parts or encrypted parts. Parts without a name match all elements with the provided namespace.
xpaths - any XPath expressions to sign/encrypt matches
namespaces - namespace prefix to namespace mappings for XPath expressions in xpaths
contentXpaths - any XPath expressions to content encrypt
cnamespaces - namespace prefix to namespace mappings for XPath expressions in contentXpaths
Returns:
a configured list of WSEncryptionParts suitable for processing by WSS4J
Throws:
javax.xml.soap.SOAPException - if there is an error extracting SOAP content from the SAAJ model

getParts

protected List<org.apache.ws.security.WSEncryptionPart> getParts(boolean sign,
                                                                 boolean includeBody,
                                                                 List<org.apache.ws.security.WSEncryptionPart> parts,
                                                                 List<Element> found)
                                                          throws javax.xml.soap.SOAPException
Identifies the portions of the message to be signed/encrypted.

Parameters:
sign - whether the matches are to be signed or encrypted
includeBody - if the body should be included in the signature/encryption
parts - any WSEncryptionParts to match for signature or encryption as specified by WS-SP signed parts or encrypted parts. Parts without a name match all elements with the provided namespace.
found - a list of elements that have previously been tagged for signing/encryption. Populated with additional matches found by this method and used to prevent including the same element twice under the same operation.
Returns:
a configured list of WSEncryptionParts suitable for processing by WSS4J
Throws:
javax.xml.soap.SOAPException - if there is an error extracting SOAP content from the SAAJ model

getElements

protected List<org.apache.ws.security.WSEncryptionPart> getElements(String encryptionModifier,
                                                                    List<String> xpaths,
                                                                    Map<String,String> namespaces,
                                                                    List<Element> found)
                                                             throws XPathExpressionException,
                                                                    javax.xml.soap.SOAPException
Identifies the portions of the message to be signed/encrypted.

Parameters:
encryptionModifier - indicates the scope of the crypto operation over matched elements. Either "Content" or "Element".
xpaths - any XPath expressions to sign/encrypt matches
namespaces - namespace prefix to namespace mappings for XPath expressions in xpaths
found - a list of elements that have previously been tagged for signing/encryption. Populated with additional matches found by this method and used to prevent including the same element twice under the same operation.
Returns:
a configured list of WSEncryptionParts suitable for processing by WSS4J
Throws:
XPathExpressionException - if a provided XPath is invalid
javax.xml.soap.SOAPException - if there is an error extracting SOAP content from the SAAJ model

getEncryptedKeyBuilder

protected org.apache.ws.security.message.WSSecEncryptedKey getEncryptedKeyBuilder(TokenWrapper wrapper,
                                                                                  Token token)
                                                                           throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

getSignatureCrypto

public org.apache.ws.security.components.crypto.Crypto getSignatureCrypto(TokenWrapper wrapper)
                                                                   throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

getEncryptionCrypto

public org.apache.ws.security.components.crypto.Crypto getEncryptionCrypto(TokenWrapper wrapper)
                                                                    throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

getCrypto

public org.apache.ws.security.components.crypto.Crypto getCrypto(TokenWrapper wrapper,
                                                                 String cryptoKey,
                                                                 String propKey)
                                                          throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

setKeyIdentifierType

public void setKeyIdentifierType(org.apache.ws.security.message.WSSecBase secBase,
                                 TokenWrapper wrapper,
                                 Token token)

setEncryptionUser

public String setEncryptionUser(org.apache.ws.security.message.WSSecEncryptedKey encrKeyBuilder,
                                TokenWrapper token,
                                boolean sign,
                                org.apache.ws.security.components.crypto.Crypto crypto)

getUsername

public static String getUsername(List<org.apache.ws.security.handler.WSHandlerResult> results)
Scan through WSHandlerResult list for a Username token and return the username if a Username Token found

Parameters:
results -
Returns:

getWss10

protected Wss10 getWss10()

getSignatureBuilder

protected org.apache.ws.security.message.WSSecSignature getSignatureBuilder(TokenWrapper wrapper,
                                                                            Token token,
                                                                            boolean endorse)
                                                                     throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

getSignatureBuilder

protected org.apache.ws.security.message.WSSecSignature getSignatureBuilder(TokenWrapper wrapper,
                                                                            Token token,
                                                                            boolean attached,
                                                                            boolean endorse)
                                                                     throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

doEndorsedSignatures

protected void doEndorsedSignatures(Map<Token,Object> tokenMap,
                                    boolean isTokenProtection,
                                    boolean isSigProtect)

assertSupportingTokens

protected void assertSupportingTokens(List<org.apache.ws.security.WSEncryptionPart> sigs)

addSupportingTokens

protected void addSupportingTokens(List<org.apache.ws.security.WSEncryptionPart> sigs)
                            throws org.apache.ws.security.WSSecurityException
Throws:
org.apache.ws.security.WSSecurityException

doEndorse

protected void doEndorse()

addSignatureConfirmation

protected void addSignatureConfirmation(List<org.apache.ws.security.WSEncryptionPart> sigParts)

handleEncryptedSignedHeaders

public void handleEncryptedSignedHeaders(List<org.apache.ws.security.WSEncryptionPart> encryptedParts,
                                         List<org.apache.ws.security.WSEncryptionPart> signedParts)
Processes the parts to be signed and reconfigures those parts that have already been encrypted.

Parameters:
encryptedParts - the parts that have been encrypted
signedParts - the parts that are to be signed
Throws:
IllegalArgumentException - if an element in signedParts contains a WSEncryptionPart with a null id value and the WSEncryptionPart name value is not "Token"

convertToEncryptionPart

public org.apache.ws.security.WSEncryptionPart convertToEncryptionPart(Element element)
Convert a DOM Element into a WSEncryptionPart, adding a (wsu:)Id if there is not one already.

Parameters:
element - The DOM Element to convert
Returns:
The WSEncryptionPart representing the DOM Element argument

includeToken

protected boolean includeToken(SPConstants.IncludeTokenType inclusion)

Apache CXF API

Apache CXF