org.apache.cxf.ws.security.wss4j.policyhandlers

Class AbstractBindingBuilder

java.lang.Object

org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler

org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder

Direct Known Subclasses:

AsymmetricBindingHandler, SymmetricBindingHandler, TransportBindingHandler

public abstract class AbstractBindingBuilder
extends AbstractCommonBindingHandler

Field Summary

Fields

Modifier and Type	Field and Description
protected AssertionInfoMap	aim
protected org.apache.wss4j.policy.model.AbstractBinding	binding
protected Element	bottomUpElement
protected Element	bstElement
protected org.apache.wss4j.dom.callback.CallbackLookup	callbackLookup
static String	CRYPTO_CACHE
protected Set<org.apache.wss4j.common.WSEncryptionPart>	encryptedTokensList
protected Element	lastEncryptedKeyElement
protected static Logger	LOG
protected String	mainSigId
protected org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding.ProtectionOrder	protectionOrder
protected SOAPMessage	saaj
protected org.apache.wss4j.dom.message.WSSecHeader	secHeader
protected List<org.apache.wss4j.common.WSEncryptionPart>	sigConfList
protected Set<Integer>	signatures
protected boolean	storeBytesInAttachment
protected org.apache.wss4j.dom.message.WSSecTimestamp	timestampEl
protected Element	topDownElement
protected org.apache.wss4j.dom.WSDocInfo	wsDocInfo
protected org.apache.wss4j.dom.engine.WSSConfig	wssConfig

Fields inherited from class org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler

message

Constructor Summary

Constructors

Constructor and Description
AbstractBindingBuilder(org.apache.wss4j.dom.engine.WSSConfig config, org.apache.wss4j.policy.model.AbstractBinding binding, SOAPMessage saaj, org.apache.wss4j.dom.message.WSSecHeader secHeader, AssertionInfoMap aim, SoapMessage message)

Method Summary

Modifier and Type	Method and Description
protected void	addDerivedKeyElement(Element el)
protected org.apache.wss4j.dom.message.WSSecUsernameToken	addDKUsernameToken(org.apache.wss4j.policy.model.UsernameToken token, byte[] salt, boolean useMac)
protected void	addEncryptedKeyElement(Element el)
protected org.apache.wss4j.common.saml.SamlAssertionWrapper	addSamlToken(org.apache.wss4j.policy.model.SamlToken token)
protected void	addSig(byte[] val)
protected void	addSignatureConfirmation(List<org.apache.wss4j.common.WSEncryptionPart> sigParts)
protected void	addSignatureParts(List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> tokenList, List<org.apache.wss4j.common.WSEncryptionPart> sigParts)
protected void	addSupportingElement(Element el)
protected void	addSupportingTokens(List<org.apache.wss4j.common.WSEncryptionPart> sigs)
protected void	addTopDownElement(Element el)
protected org.apache.wss4j.dom.message.WSSecUsernameToken	addUsernameToken(org.apache.wss4j.policy.model.UsernameToken token)
String	addWsuIdToElement(Element element) Generates a wsu:Id attribute for the provided Element and returns the attribute value or finds and returns the value of the attribute if it already exists.
protected Element	cloneElement(Element el)
org.apache.wss4j.common.WSEncryptionPart	convertToEncryptionPart(Element element) Convert a DOM Element into a WSEncryptionPart, adding a (wsu:)Id if there is not one already.
protected org.apache.wss4j.dom.message.WSSecTimestamp	createTimestamp()
protected void	doEndorse()
protected void	doEndorsedSignatures(List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> tokenList, boolean isTokenProtection, boolean isSigProtect)
protected String	findIDFromSamlToken(Element samlToken)
protected org.apache.wss4j.common.crypto.Crypto	getCrypto(String cryptoKey, String propKey)
protected Map<Object,org.apache.wss4j.common.crypto.Crypto>	getCryptoCache()
protected List<org.apache.wss4j.common.WSEncryptionPart>	getElements(String encryptionModifier, List<org.apache.wss4j.policy.model.XPath> xpaths, List<Element> found, boolean forceId) Identifies the portions of the message to be signed/encrypted.
protected org.apache.wss4j.dom.message.WSSecEncryptedKey	getEncryptedKeyBuilder(org.apache.wss4j.policy.model.AbstractToken token, SecretKey symmetricKey)
protected org.apache.wss4j.dom.engine.WSSecurityEngineResult	getEncryptedKeyResult()
List<org.apache.wss4j.common.WSEncryptionPart>	getEncryptedParts()
org.apache.wss4j.common.crypto.Crypto	getEncryptionCrypto()
protected List<org.apache.wss4j.common.WSEncryptionPart>	getParts(boolean sign, boolean includeBody, List<org.apache.wss4j.common.WSEncryptionPart> parts, List<Element> found) Identifies the portions of the message to be signed/encrypted.
List<org.apache.wss4j.common.WSEncryptionPart>	getPartsAndElements(boolean sign, boolean includeBody, List<org.apache.wss4j.common.WSEncryptionPart> parts, List<org.apache.wss4j.policy.model.XPath> xpaths, List<org.apache.wss4j.policy.model.XPath> contentXpaths) Identifies the portions of the message to be signed/encrypted.
protected String	getPassword(String userName, org.apache.neethi.Assertion info, int usage)
protected org.apache.wss4j.dom.message.WSSecSignature	getSignatureBuilder(org.apache.wss4j.policy.model.AbstractToken token, boolean attached, boolean endorse)
org.apache.wss4j.common.crypto.Crypto	getSignatureCrypto()
List<org.apache.wss4j.common.WSEncryptionPart>	getSignedParts(org.apache.wss4j.policy.model.SupportingTokens supportingToken)
protected TokenStore	getTokenStore()
static String	getUsername(List<org.apache.wss4j.dom.handler.WSHandlerResult> results) Scan through WSHandlerResult list for a Username token and return the username if a Username Token found
void	handleEncryptedSignedHeaders(List<org.apache.wss4j.common.WSEncryptionPart> encryptedParts, List<org.apache.wss4j.common.WSEncryptionPart> signedParts) Processes the parts to be signed and reconfigures those parts that have already been encrypted.
protected org.apache.wss4j.dom.message.WSSecTimestamp	handleLayout(org.apache.wss4j.dom.message.WSSecTimestamp timestamp)
protected List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken>	handleSupportingTokens(org.apache.wss4j.policy.model.SupportingTokens suppTokens, boolean endorse, List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret)
protected void	handleUsernameTokenSupportingToken(org.apache.wss4j.policy.model.UsernameToken token, boolean endorse, boolean encryptedToken, List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret)
protected void	insertAfter(Element child, Element sib)
protected void	insertBeforeBottomUp(Element el)
boolean	isExpandXopInclude()
protected void	reshuffleTimestamp()
String	setEncryptionUser(org.apache.wss4j.dom.message.WSSecEncryptedKey encrKeyBuilder, org.apache.wss4j.policy.model.AbstractToken token, boolean sign, org.apache.wss4j.common.crypto.Crypto crypto)
void	setKeyIdentifierType(org.apache.wss4j.dom.message.WSSecBase secBase, org.apache.wss4j.policy.model.AbstractToken token)
protected void	storeAssertionAsSecurityToken(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion) Store a SAML Assertion as a SecurityToken

Methods inherited from class org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler

assertAlgorithmSuite, assertPolicy, assertPolicy, assertToken, assertTokenWrapper, assertTrustProperties, assertWSSProperties, getAllAssertionsByLocalname, getMessage, getSecurityToken, getWss10, isRequestor, isTokenRequired, unassertPolicy, unassertPolicy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CRYPTO_CACHE

public static final String CRYPTO_CACHE

See Also:

Constant Field Values

LOG

protected static final Logger LOG

protectionOrder

protected org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder

wssConfig

protected final org.apache.wss4j.dom.engine.WSSConfig wssConfig

saaj

protected SOAPMessage saaj

secHeader

protected org.apache.wss4j.dom.message.WSSecHeader secHeader

aim

protected AssertionInfoMap aim

binding

protected org.apache.wss4j.policy.model.AbstractBinding binding

timestampEl

protected org.apache.wss4j.dom.message.WSSecTimestamp timestampEl

mainSigId

protected String mainSigId

sigConfList

protected List<org.apache.wss4j.common.WSEncryptionPart> sigConfList

encryptedTokensList

protected Set<org.apache.wss4j.common.WSEncryptionPart> encryptedTokensList

signatures

protected Set<Integer> signatures

bottomUpElement

protected Element bottomUpElement

topDownElement

protected Element topDownElement

bstElement

protected Element bstElement

lastEncryptedKeyElement

protected Element lastEncryptedKeyElement

callbackLookup

protected final org.apache.wss4j.dom.callback.CallbackLookup callbackLookup

storeBytesInAttachment

protected boolean storeBytesInAttachment

wsDocInfo

protected org.apache.wss4j.dom.WSDocInfo wsDocInfo

Constructor Detail

AbstractBindingBuilder

public AbstractBindingBuilder(org.apache.wss4j.dom.engine.WSSConfig config,
                              org.apache.wss4j.policy.model.AbstractBinding binding,
                              SOAPMessage saaj,
                              org.apache.wss4j.dom.message.WSSecHeader secHeader,
                              AssertionInfoMap aim,
                              SoapMessage message)
                       throws SOAPException

Throws:

SOAPException

Method Detail

insertAfter

protected void insertAfter(Element child,
                           Element sib)

addDerivedKeyElement

protected void addDerivedKeyElement(Element el)

addEncryptedKeyElement

protected void addEncryptedKeyElement(Element el)

addSupportingElement

protected void addSupportingElement(Element el)

insertBeforeBottomUp

protected void insertBeforeBottomUp(Element el)

addTopDownElement

protected void addTopDownElement(Element el)

getCryptoCache

protected final Map<Object,org.apache.wss4j.common.crypto.Crypto> getCryptoCache()

getTokenStore

protected final TokenStore getTokenStore()
                                  throws TokenStoreException

Throws:

TokenStoreException

createTimestamp

protected org.apache.wss4j.dom.message.WSSecTimestamp createTimestamp()

handleLayout

protected org.apache.wss4j.dom.message.WSSecTimestamp handleLayout(org.apache.wss4j.dom.message.WSSecTimestamp timestamp)

reshuffleTimestamp

protected void reshuffleTimestamp()

handleSupportingTokens

protected List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> handleSupportingTokens(org.apache.wss4j.policy.model.SupportingTokens suppTokens,
                                                                                                                              boolean endorse,
                                                                                                                              List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret)
                                                                                                                       throws org.apache.wss4j.common.ext.WSSecurityException,
                                                                                                                              SOAPException,
                                                                                                                              TokenStoreException

Throws:

org.apache.wss4j.common.ext.WSSecurityException

SOAPException

TokenStoreException

handleUsernameTokenSupportingToken

protected void handleUsernameTokenSupportingToken(org.apache.wss4j.policy.model.UsernameToken token,
                                                  boolean endorse,
                                                  boolean encryptedToken,
                                                  List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret)
                                           throws org.apache.wss4j.common.ext.WSSecurityException

Throws:

org.apache.wss4j.common.ext.WSSecurityException

cloneElement

protected Element cloneElement(Element el)

addSignatureParts

protected void addSignatureParts(List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> tokenList,
                                 List<org.apache.wss4j.common.WSEncryptionPart> sigParts)

addUsernameToken

protected org.apache.wss4j.dom.message.WSSecUsernameToken addUsernameToken(org.apache.wss4j.policy.model.UsernameToken token)

addDKUsernameToken

protected org.apache.wss4j.dom.message.WSSecUsernameToken addDKUsernameToken(org.apache.wss4j.policy.model.UsernameToken token,
                                                                             byte[] salt,
                                                                             boolean useMac)

addSamlToken

protected org.apache.wss4j.common.saml.SamlAssertionWrapper addSamlToken(org.apache.wss4j.policy.model.SamlToken token)
                                                                  throws org.apache.wss4j.common.ext.WSSecurityException,
                                                                         TokenStoreException

Throws:

org.apache.wss4j.common.ext.WSSecurityException

TokenStoreException

storeAssertionAsSecurityToken

protected void storeAssertionAsSecurityToken(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)
                                      throws TokenStoreException

Store a SAML Assertion as a SecurityToken

Throws:

TokenStoreException

findIDFromSamlToken

protected String findIDFromSamlToken(Element samlToken)

getPassword

protected String getPassword(String userName,
                             org.apache.neethi.Assertion info,
                             int usage)

addWsuIdToElement

public String addWsuIdToElement(Element element)

Generates a wsu:Id attribute for the provided Element and returns the attribute value or finds and returns the value of the attribute if it already exists.

Parameters:

element - the Element to check/create the attribute on

Returns:

the generated or discovered wsu:Id attribute value

getEncryptedParts

public List<org.apache.wss4j.common.WSEncryptionPart> getEncryptedParts()
                                                                 throws SOAPException

Throws:

SOAPException

getSignedParts

public List<org.apache.wss4j.common.WSEncryptionPart> getSignedParts(org.apache.wss4j.policy.model.SupportingTokens supportingToken)
                                                              throws SOAPException

Throws:

SOAPException

getPartsAndElements

public List<org.apache.wss4j.common.WSEncryptionPart> getPartsAndElements(boolean sign,
                                                                          boolean includeBody,
                                                                          List<org.apache.wss4j.common.WSEncryptionPart> parts,
                                                                          List<org.apache.wss4j.policy.model.XPath> xpaths,
                                                                          List<org.apache.wss4j.policy.model.XPath> contentXpaths)
                                                                   throws SOAPException

Identifies the portions of the message to be signed/encrypted.

Parameters:

sign - whether the matches are to be signed or encrypted

includeBody - if the body should be included in the signature/encryption

parts - any WSEncryptionParts to match for signature or encryption as specified by WS-SP signed parts or encrypted parts. Parts without a name match all elements with the provided namespace.

xpaths - any XPath expressions to sign/encrypt matches

contentXpaths - any XPath expressions to content encrypt

Returns:

a configured list of WSEncryptionParts suitable for processing by WSS4J

Throws:

SOAPException - if there is an error extracting SOAP content from the SAAJ model

getParts

protected List<org.apache.wss4j.common.WSEncryptionPart> getParts(boolean sign,
                                                                  boolean includeBody,
                                                                  List<org.apache.wss4j.common.WSEncryptionPart> parts,
                                                                  List<Element> found)
                                                           throws SOAPException

Identifies the portions of the message to be signed/encrypted.

Parameters:

sign - whether the matches are to be signed or encrypted

includeBody - if the body should be included in the signature/encryption

parts - any WSEncryptionParts to match for signature or encryption as specified by WS-SP signed parts or encrypted parts. Parts without a name match all elements with the provided namespace.

found - a list of elements that have previously been tagged for signing/encryption. Populated with additional matches found by this method and used to prevent including the same element twice under the same operation.

Returns:

a configured list of WSEncryptionParts suitable for processing by WSS4J

Throws:

SOAPException - if there is an error extracting SOAP content from the SAAJ model

getElements

protected List<org.apache.wss4j.common.WSEncryptionPart> getElements(String encryptionModifier,
                                                                     List<org.apache.wss4j.policy.model.XPath> xpaths,
                                                                     List<Element> found,
                                                                     boolean forceId)
                                                              throws SOAPException

Identifies the portions of the message to be signed/encrypted.

Parameters:

encryptionModifier - indicates the scope of the crypto operation over matched elements. Either "Content" or "Element".

xpaths - any XPath expressions to sign/encrypt matches

found - a list of elements that have previously been tagged for signing/encryption. Populated with additional matches found by this method and used to prevent including the same element twice under the same operation.

forceId - force adding a wsu:Id onto the elements. Recommended for signatures.

Returns:

a configured list of WSEncryptionParts suitable for processing by WSS4J

Throws:

SOAPException - if there is an error extracting SOAP content from the SAAJ model

getEncryptedKeyBuilder

protected org.apache.wss4j.dom.message.WSSecEncryptedKey getEncryptedKeyBuilder(org.apache.wss4j.policy.model.AbstractToken token,
                                                                                SecretKey symmetricKey)
                                                                         throws org.apache.wss4j.common.ext.WSSecurityException

Throws:

org.apache.wss4j.common.ext.WSSecurityException

getSignatureCrypto

public org.apache.wss4j.common.crypto.Crypto getSignatureCrypto()
                                                         throws org.apache.wss4j.common.ext.WSSecurityException

Throws:

org.apache.wss4j.common.ext.WSSecurityException

getEncryptionCrypto

public org.apache.wss4j.common.crypto.Crypto getEncryptionCrypto()
                                                          throws org.apache.wss4j.common.ext.WSSecurityException

Throws:

org.apache.wss4j.common.ext.WSSecurityException

getCrypto

protected org.apache.wss4j.common.crypto.Crypto getCrypto(String cryptoKey,
                                                          String propKey)
                                                   throws org.apache.wss4j.common.ext.WSSecurityException

Throws:

org.apache.wss4j.common.ext.WSSecurityException

setKeyIdentifierType

public void setKeyIdentifierType(org.apache.wss4j.dom.message.WSSecBase secBase,
                                 org.apache.wss4j.policy.model.AbstractToken token)

setEncryptionUser

public String setEncryptionUser(org.apache.wss4j.dom.message.WSSecEncryptedKey encrKeyBuilder,
                                org.apache.wss4j.policy.model.AbstractToken token,
                                boolean sign,
                                org.apache.wss4j.common.crypto.Crypto crypto)

getUsername

public static String getUsername(List<org.apache.wss4j.dom.handler.WSHandlerResult> results)

Scan through WSHandlerResult list for a Username token and return the username if a Username Token found

Parameters:

results -

Returns:

getEncryptedKeyResult

protected org.apache.wss4j.dom.engine.WSSecurityEngineResult getEncryptedKeyResult()

getSignatureBuilder

protected org.apache.wss4j.dom.message.WSSecSignature getSignatureBuilder(org.apache.wss4j.policy.model.AbstractToken token,
                                                                          boolean attached,
                                                                          boolean endorse)
                                                                   throws org.apache.wss4j.common.ext.WSSecurityException,
                                                                          TokenStoreException

Throws:

org.apache.wss4j.common.ext.WSSecurityException

TokenStoreException

doEndorsedSignatures

protected void doEndorsedSignatures(List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> tokenList,
                                    boolean isTokenProtection,
                                    boolean isSigProtect)

addSupportingTokens

protected void addSupportingTokens(List<org.apache.wss4j.common.WSEncryptionPart> sigs)
                            throws org.apache.wss4j.common.ext.WSSecurityException

Throws:

org.apache.wss4j.common.ext.WSSecurityException

doEndorse

protected void doEndorse()

addSignatureConfirmation

protected void addSignatureConfirmation(List<org.apache.wss4j.common.WSEncryptionPart> sigParts)

handleEncryptedSignedHeaders

public void handleEncryptedSignedHeaders(List<org.apache.wss4j.common.WSEncryptionPart> encryptedParts,
                                         List<org.apache.wss4j.common.WSEncryptionPart> signedParts)

Processes the parts to be signed and reconfigures those parts that have already been encrypted.

Parameters:

encryptedParts - the parts that have been encrypted

signedParts - the parts that are to be signed

Throws:

IllegalArgumentException - if an element in signedParts contains a WSEncryptionPart with a null id value and the WSEncryptionPart name value is not "Token"

convertToEncryptionPart

public org.apache.wss4j.common.WSEncryptionPart convertToEncryptionPart(Element element)

Convert a DOM Element into a WSEncryptionPart, adding a (wsu:)Id if there is not one already.

Parameters:

element - The DOM Element to convert

Returns:

The WSEncryptionPart representing the DOM Element argument

addSig

protected void addSig(byte[] val)

isExpandXopInclude

public boolean isExpandXopInclude()