Apache CXF API

org.apache.cxf.ws.security.wss4j.policyhandlers
Class AbstractBindingBuilder

java.lang.Object
  extended by org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler
      extended by org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder
Direct Known Subclasses:
AsymmetricBindingHandler, SymmetricBindingHandler, TransportBindingHandler

public abstract class AbstractBindingBuilder
extends AbstractCommonBindingHandler


Field Summary
protected  AssertionInfoMap aim
           
protected  org.apache.wss4j.policy.model.AbstractBinding binding
           
protected  Element bottomUpElement
           
protected  Element bstElement
           
static String CRYPTO_CACHE
           
protected  Set<org.apache.wss4j.common.WSEncryptionPart> encryptedTokensList
           
protected  List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> endEncSuppTokList
           
protected  List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> endSuppTokList
           
protected  Element lastEncryptedKeyElement
           
protected static Logger LOG
           
protected  String mainSigId
           
protected  org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder
           
protected  SOAPMessage saaj
           
protected  org.apache.wss4j.dom.message.WSSecHeader secHeader
           
protected  List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> sgndEndEncSuppTokList
           
protected  List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> sgndEndSuppTokList
           
protected  List<org.apache.wss4j.common.WSEncryptionPart> sigConfList
           
protected  List<byte[]> signatures
           
protected  org.apache.wss4j.dom.message.WSSecTimestamp timestampEl
           
protected  Element topDownElement
           
protected  org.apache.wss4j.dom.WSSConfig wssConfig
           
 
Fields inherited from class org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler
message
 
Constructor Summary
AbstractBindingBuilder(org.apache.wss4j.dom.WSSConfig config, org.apache.wss4j.policy.model.AbstractBinding binding, SOAPMessage saaj, org.apache.wss4j.dom.message.WSSecHeader secHeader, AssertionInfoMap aim, SoapMessage message)
           
 
Method Summary
protected  void addDerivedKeyElement(Element el)
           
protected  org.apache.wss4j.dom.message.WSSecUsernameToken addDKUsernameToken(org.apache.wss4j.policy.model.UsernameToken token, boolean useMac)
           
protected  void addEncryptedKeyElement(Element el)
           
protected  org.apache.wss4j.common.saml.SamlAssertionWrapper addSamlToken(org.apache.wss4j.policy.model.SamlToken token)
           
protected  void addSignatureConfirmation(List<org.apache.wss4j.common.WSEncryptionPart> sigParts)
           
protected  void addSignatureParts(List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> tokenList, List<org.apache.wss4j.common.WSEncryptionPart> sigParts)
           
protected  void addSupportingElement(Element el)
           
protected  void addSupportingTokens(List<org.apache.wss4j.common.WSEncryptionPart> sigs)
           
protected  void addTopDownElement(Element el)
           
protected  org.apache.wss4j.dom.message.WSSecUsernameToken addUsernameToken(org.apache.wss4j.policy.model.UsernameToken token)
           
 String addWsuIdToElement(Element elem)
          Generates a wsu:Id attribute for the provided Element and returns the attribute value or finds and returns the value of the attribute if it already exists.
protected  Element cloneElement(Element el)
           
 org.apache.wss4j.common.WSEncryptionPart convertToEncryptionPart(Element element)
          Convert a DOM Element into a WSEncryptionPart, adding a (wsu:)Id if there is not one already.
protected  org.apache.wss4j.dom.message.WSSecTimestamp createTimestamp()
           
protected  void doEndorse()
           
protected  void doEndorsedSignatures(List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> tokenList, boolean isTokenProtection, boolean isSigProtect)
           
protected  String findIDFromSamlToken(Element samlToken)
           
protected  CallbackHandler getCallbackHandler()
           
 org.apache.wss4j.common.crypto.Crypto getCrypto(org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper, String cryptoKey, String propKey)
           
protected  Map<Object,org.apache.wss4j.common.crypto.Crypto> getCryptoCache()
           
protected  List<org.apache.wss4j.common.WSEncryptionPart> getElements(String encryptionModifier, List<org.apache.wss4j.policy.model.XPath> xpaths, List<Element> found, boolean forceId)
          Identifies the portions of the message to be signed/encrypted.
protected  org.apache.wss4j.dom.message.WSSecEncryptedKey getEncryptedKeyBuilder(org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper, org.apache.wss4j.policy.model.AbstractToken token)
           
 List<org.apache.wss4j.common.WSEncryptionPart> getEncryptedParts()
           
 org.apache.wss4j.common.crypto.Crypto getEncryptionCrypto(org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper)
           
protected  List<org.apache.wss4j.common.WSEncryptionPart> getParts(boolean sign, boolean includeBody, List<org.apache.wss4j.common.WSEncryptionPart> parts, List<Element> found)
          Identifies the portions of the message to be signed/encrypted.
 List<org.apache.wss4j.common.WSEncryptionPart> getPartsAndElements(boolean sign, boolean includeBody, List<org.apache.wss4j.common.WSEncryptionPart> parts, List<org.apache.wss4j.policy.model.XPath> xpaths, List<org.apache.wss4j.policy.model.XPath> contentXpaths)
          Deprecated. Use getSignedParts() and getEncryptedParts() instead.
 String getPassword(String userName, org.apache.neethi.Assertion info, int usage)
           
protected  org.apache.wss4j.common.crypto.PasswordEncryptor getPasswordEncryptor()
           
protected  org.apache.wss4j.dom.message.WSSecSignature getSignatureBuilder(org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper, org.apache.wss4j.policy.model.AbstractToken token, boolean endorse)
           
protected  org.apache.wss4j.dom.message.WSSecSignature getSignatureBuilder(org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper, org.apache.wss4j.policy.model.AbstractToken token, boolean attached, boolean endorse)
           
 org.apache.wss4j.common.crypto.Crypto getSignatureCrypto(org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper)
           
 List<org.apache.wss4j.common.WSEncryptionPart> getSignedParts()
           
protected  TokenStore getTokenStore()
           
static String getUsername(List<org.apache.wss4j.dom.handler.WSHandlerResult> results)
          Scan through WSHandlerResult list for a Username token and return the username if a Username Token found
 void handleEncryptedSignedHeaders(List<org.apache.wss4j.common.WSEncryptionPart> encryptedParts, List<org.apache.wss4j.common.WSEncryptionPart> signedParts)
          Processes the parts to be signed and reconfigures those parts that have already been encrypted.
protected  org.apache.wss4j.dom.message.WSSecTimestamp handleLayout(org.apache.wss4j.dom.message.WSSecTimestamp timestamp)
           
protected  List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> handleSupportingTokens(org.apache.wss4j.policy.model.SupportingTokens suppTokens, boolean endorse, List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret)
           
protected  void handleUsernameTokenSupportingToken(org.apache.wss4j.policy.model.UsernameToken token, boolean endorse, boolean encryptedToken, List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret)
           
protected  void insertAfter(Element child, Element sib)
           
protected  void insertBeforeBottomUp(Element el)
           
protected  void reshuffleTimestamp()
           
 String setEncryptionUser(org.apache.wss4j.dom.message.WSSecEncryptedKey encrKeyBuilder, org.apache.wss4j.policy.model.AbstractTokenWrapper token, boolean sign, org.apache.wss4j.common.crypto.Crypto crypto)
           
 void setKeyIdentifierType(org.apache.wss4j.dom.message.WSSecBase secBase, org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper, org.apache.wss4j.policy.model.AbstractToken token)
           
protected  void storeAssertionAsSecurityToken(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)
          Store a SAML Assertion as a SecurityToken
 
Methods inherited from class org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler
assertAlgorithmSuite, assertPolicy, assertPolicy, assertToken, assertTokenWrapper, assertTrustProperties, assertWSSProperties, getAllAssertionsByLocalname, getAllAssertionsByLocalname, getFirstAssertionByLocalname, getMessage, getSecurityToken, getSHA1, getWss10, isRequestor, isTokenRequired, policyNotAsserted, policyNotAsserted
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CRYPTO_CACHE

public static final String CRYPTO_CACHE
See Also:
Constant Field Values

LOG

protected static final Logger LOG

protectionOrder

protected org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder

wssConfig

protected final org.apache.wss4j.dom.WSSConfig wssConfig

saaj

protected SOAPMessage saaj

secHeader

protected org.apache.wss4j.dom.message.WSSecHeader secHeader

aim

protected AssertionInfoMap aim

binding

protected org.apache.wss4j.policy.model.AbstractBinding binding

timestampEl

protected org.apache.wss4j.dom.message.WSSecTimestamp timestampEl

mainSigId

protected String mainSigId

sigConfList

protected List<org.apache.wss4j.common.WSEncryptionPart> sigConfList

encryptedTokensList

protected Set<org.apache.wss4j.common.WSEncryptionPart> encryptedTokensList

endEncSuppTokList

protected List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> endEncSuppTokList

endSuppTokList

protected List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> endSuppTokList

sgndEndEncSuppTokList

protected List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> sgndEndEncSuppTokList

sgndEndSuppTokList

protected List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> sgndEndSuppTokList

signatures

protected List<byte[]> signatures

bottomUpElement

protected Element bottomUpElement

topDownElement

protected Element topDownElement

bstElement

protected Element bstElement

lastEncryptedKeyElement

protected Element lastEncryptedKeyElement
Constructor Detail

AbstractBindingBuilder

public AbstractBindingBuilder(org.apache.wss4j.dom.WSSConfig config,
                              org.apache.wss4j.policy.model.AbstractBinding binding,
                              SOAPMessage saaj,
                              org.apache.wss4j.dom.message.WSSecHeader secHeader,
                              AssertionInfoMap aim,
                              SoapMessage message)
Method Detail

insertAfter

protected void insertAfter(Element child,
                           Element sib)

addDerivedKeyElement

protected void addDerivedKeyElement(Element el)

addEncryptedKeyElement

protected void addEncryptedKeyElement(Element el)

addSupportingElement

protected void addSupportingElement(Element el)

insertBeforeBottomUp

protected void insertBeforeBottomUp(Element el)

addTopDownElement

protected void addTopDownElement(Element el)

getCryptoCache

protected final Map<Object,org.apache.wss4j.common.crypto.Crypto> getCryptoCache()

getTokenStore

protected final TokenStore getTokenStore()

createTimestamp

protected org.apache.wss4j.dom.message.WSSecTimestamp createTimestamp()

handleLayout

protected org.apache.wss4j.dom.message.WSSecTimestamp handleLayout(org.apache.wss4j.dom.message.WSSecTimestamp timestamp)

reshuffleTimestamp

protected void reshuffleTimestamp()

handleSupportingTokens

protected List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> handleSupportingTokens(org.apache.wss4j.policy.model.SupportingTokens suppTokens,
                                                                                                                              boolean endorse,
                                                                                                                              List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret)
                                                                                                                       throws org.apache.wss4j.common.ext.WSSecurityException
Throws:
org.apache.wss4j.common.ext.WSSecurityException

handleUsernameTokenSupportingToken

protected void handleUsernameTokenSupportingToken(org.apache.wss4j.policy.model.UsernameToken token,
                                                  boolean endorse,
                                                  boolean encryptedToken,
                                                  List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret)
                                           throws org.apache.wss4j.common.ext.WSSecurityException
Throws:
org.apache.wss4j.common.ext.WSSecurityException

cloneElement

protected Element cloneElement(Element el)

addSignatureParts

protected void addSignatureParts(List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> tokenList,
                                 List<org.apache.wss4j.common.WSEncryptionPart> sigParts)

addUsernameToken

protected org.apache.wss4j.dom.message.WSSecUsernameToken addUsernameToken(org.apache.wss4j.policy.model.UsernameToken token)

addDKUsernameToken

protected org.apache.wss4j.dom.message.WSSecUsernameToken addDKUsernameToken(org.apache.wss4j.policy.model.UsernameToken token,
                                                                             boolean useMac)

addSamlToken

protected org.apache.wss4j.common.saml.SamlAssertionWrapper addSamlToken(org.apache.wss4j.policy.model.SamlToken token)
                                                                  throws org.apache.wss4j.common.ext.WSSecurityException
Throws:
org.apache.wss4j.common.ext.WSSecurityException

storeAssertionAsSecurityToken

protected void storeAssertionAsSecurityToken(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)
Store a SAML Assertion as a SecurityToken


findIDFromSamlToken

protected String findIDFromSamlToken(Element samlToken)

getPassword

public String getPassword(String userName,
                          org.apache.neethi.Assertion info,
                          int usage)

getCallbackHandler

protected CallbackHandler getCallbackHandler()

addWsuIdToElement

public String addWsuIdToElement(Element elem)
Generates a wsu:Id attribute for the provided Element and returns the attribute value or finds and returns the value of the attribute if it already exists.

Parameters:
element - the Element to check/create the attribute on
Returns:
the generated or discovered wsu:Id attribute value

getEncryptedParts

public List<org.apache.wss4j.common.WSEncryptionPart> getEncryptedParts()
                                                                 throws SOAPException
Throws:
SOAPException

getSignedParts

public List<org.apache.wss4j.common.WSEncryptionPart> getSignedParts()
                                                              throws SOAPException
Throws:
SOAPException

getPartsAndElements

public List<org.apache.wss4j.common.WSEncryptionPart> getPartsAndElements(boolean sign,
                                                                          boolean includeBody,
                                                                          List<org.apache.wss4j.common.WSEncryptionPart> parts,
                                                                          List<org.apache.wss4j.policy.model.XPath> xpaths,
                                                                          List<org.apache.wss4j.policy.model.XPath> contentXpaths)
                                                                   throws SOAPException
Deprecated. Use getSignedParts() and getEncryptedParts() instead.

Identifies the portions of the message to be signed/encrypted.

Parameters:
sign - whether the matches are to be signed or encrypted
includeBody - if the body should be included in the signature/encryption
parts - any WSEncryptionParts to match for signature or encryption as specified by WS-SP signed parts or encrypted parts. Parts without a name match all elements with the provided namespace.
xpaths - any XPath expressions to sign/encrypt matches
contentXpaths - any XPath expressions to content encrypt
Returns:
a configured list of WSEncryptionParts suitable for processing by WSS4J
Throws:
SOAPException - if there is an error extracting SOAP content from the SAAJ model

getParts

protected List<org.apache.wss4j.common.WSEncryptionPart> getParts(boolean sign,
                                                                  boolean includeBody,
                                                                  List<org.apache.wss4j.common.WSEncryptionPart> parts,
                                                                  List<Element> found)
                                                           throws SOAPException
Identifies the portions of the message to be signed/encrypted.

Parameters:
sign - whether the matches are to be signed or encrypted
includeBody - if the body should be included in the signature/encryption
parts - any WSEncryptionParts to match for signature or encryption as specified by WS-SP signed parts or encrypted parts. Parts without a name match all elements with the provided namespace.
found - a list of elements that have previously been tagged for signing/encryption. Populated with additional matches found by this method and used to prevent including the same element twice under the same operation.
Returns:
a configured list of WSEncryptionParts suitable for processing by WSS4J
Throws:
SOAPException - if there is an error extracting SOAP content from the SAAJ model

getElements

protected List<org.apache.wss4j.common.WSEncryptionPart> getElements(String encryptionModifier,
                                                                     List<org.apache.wss4j.policy.model.XPath> xpaths,
                                                                     List<Element> found,
                                                                     boolean forceId)
                                                              throws XPathExpressionException,
                                                                     SOAPException
Identifies the portions of the message to be signed/encrypted.

Parameters:
encryptionModifier - indicates the scope of the crypto operation over matched elements. Either "Content" or "Element".
xpaths - any XPath expressions to sign/encrypt matches
found - a list of elements that have previously been tagged for signing/encryption. Populated with additional matches found by this method and used to prevent including the same element twice under the same operation.
forceId - force adding a wsu:Id onto the elements. Recommended for signatures.
Returns:
a configured list of WSEncryptionParts suitable for processing by WSS4J
Throws:
XPathExpressionException - if a provided XPath is invalid
SOAPException - if there is an error extracting SOAP content from the SAAJ model

getEncryptedKeyBuilder

protected org.apache.wss4j.dom.message.WSSecEncryptedKey getEncryptedKeyBuilder(org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper,
                                                                                org.apache.wss4j.policy.model.AbstractToken token)
                                                                         throws org.apache.wss4j.common.ext.WSSecurityException
Throws:
org.apache.wss4j.common.ext.WSSecurityException

getSignatureCrypto

public org.apache.wss4j.common.crypto.Crypto getSignatureCrypto(org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper)
                                                         throws org.apache.wss4j.common.ext.WSSecurityException
Throws:
org.apache.wss4j.common.ext.WSSecurityException

getEncryptionCrypto

public org.apache.wss4j.common.crypto.Crypto getEncryptionCrypto(org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper)
                                                          throws org.apache.wss4j.common.ext.WSSecurityException
Throws:
org.apache.wss4j.common.ext.WSSecurityException

getCrypto

public org.apache.wss4j.common.crypto.Crypto getCrypto(org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper,
                                                       String cryptoKey,
                                                       String propKey)
                                                throws org.apache.wss4j.common.ext.WSSecurityException
Throws:
org.apache.wss4j.common.ext.WSSecurityException

getPasswordEncryptor

protected org.apache.wss4j.common.crypto.PasswordEncryptor getPasswordEncryptor()

setKeyIdentifierType

public void setKeyIdentifierType(org.apache.wss4j.dom.message.WSSecBase secBase,
                                 org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper,
                                 org.apache.wss4j.policy.model.AbstractToken token)

setEncryptionUser

public String setEncryptionUser(org.apache.wss4j.dom.message.WSSecEncryptedKey encrKeyBuilder,
                                org.apache.wss4j.policy.model.AbstractTokenWrapper token,
                                boolean sign,
                                org.apache.wss4j.common.crypto.Crypto crypto)

getUsername

public static String getUsername(List<org.apache.wss4j.dom.handler.WSHandlerResult> results)
Scan through WSHandlerResult list for a Username token and return the username if a Username Token found

Parameters:
results -
Returns:

getSignatureBuilder

protected org.apache.wss4j.dom.message.WSSecSignature getSignatureBuilder(org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper,
                                                                          org.apache.wss4j.policy.model.AbstractToken token,
                                                                          boolean endorse)
                                                                   throws org.apache.wss4j.common.ext.WSSecurityException
Throws:
org.apache.wss4j.common.ext.WSSecurityException

getSignatureBuilder

protected org.apache.wss4j.dom.message.WSSecSignature getSignatureBuilder(org.apache.wss4j.policy.model.AbstractTokenWrapper wrapper,
                                                                          org.apache.wss4j.policy.model.AbstractToken token,
                                                                          boolean attached,
                                                                          boolean endorse)
                                                                   throws org.apache.wss4j.common.ext.WSSecurityException
Throws:
org.apache.wss4j.common.ext.WSSecurityException

doEndorsedSignatures

protected void doEndorsedSignatures(List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> tokenList,
                                    boolean isTokenProtection,
                                    boolean isSigProtect)

addSupportingTokens

protected void addSupportingTokens(List<org.apache.wss4j.common.WSEncryptionPart> sigs)
                            throws org.apache.wss4j.common.ext.WSSecurityException
Throws:
org.apache.wss4j.common.ext.WSSecurityException

doEndorse

protected void doEndorse()

addSignatureConfirmation

protected void addSignatureConfirmation(List<org.apache.wss4j.common.WSEncryptionPart> sigParts)

handleEncryptedSignedHeaders

public void handleEncryptedSignedHeaders(List<org.apache.wss4j.common.WSEncryptionPart> encryptedParts,
                                         List<org.apache.wss4j.common.WSEncryptionPart> signedParts)
Processes the parts to be signed and reconfigures those parts that have already been encrypted.

Parameters:
encryptedParts - the parts that have been encrypted
signedParts - the parts that are to be signed
Throws:
IllegalArgumentException - if an element in signedParts contains a WSEncryptionPart with a null id value and the WSEncryptionPart name value is not "Token"

convertToEncryptionPart

public org.apache.wss4j.common.WSEncryptionPart convertToEncryptionPart(Element element)
Convert a DOM Element into a WSEncryptionPart, adding a (wsu:)Id if there is not one already.

Parameters:
element - The DOM Element to convert
Returns:
The WSEncryptionPart representing the DOM Element argument

Apache CXF API

Apache CXF