cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1455556 [3/3] - in /cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/ policy/builders/ policy/interceptors/ policy/model/ wss4j/ wss4j/policyhandlers/ wss4j/policyvalidators/
Date Tue, 12 Mar 2013 14:44:33 GMT
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
Tue Mar 12 14:44:31 2013
@@ -29,8 +29,7 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.SymmetricBinding;
 
 /**
@@ -46,13 +45,8 @@ public class SymmetricBindingPolicyValid
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
-        if (ais != null && !ais.isEmpty()) {                       
-            parsePolicies(aim, ais, message, soapBody, results, signedResults, encryptedResults);
-        }
-        
-        ais = aim.get(SP11Constants.SYMMETRIC_BINDING);
-        if (ais != null && !ais.isEmpty()) {                       
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+        if (!ais.isEmpty()) {                       
             parsePolicies(aim, ais, message, soapBody, results, signedResults, encryptedResults);
         }
         
@@ -117,6 +111,9 @@ public class SymmetricBindingPolicyValid
                 ai.setNotAsserted("Message fails the DerivedKeys requirement");
                 return false;
             }
+            assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS);
+            assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS);
+            assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS);
         }
         
         if (binding.getSignatureToken() != null) {
@@ -127,6 +124,9 @@ public class SymmetricBindingPolicyValid
                 ai.setNotAsserted("Message fails the DerivedKeys requirement");
                 return false;
             }
+            assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS);
+            assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS);
+            assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS);
         }
         
         if (binding.getProtectionToken() != null) {
@@ -137,6 +137,9 @@ public class SymmetricBindingPolicyValid
                 ai.setNotAsserted("Message fails the DerivedKeys requirement");
                 return false;
             }
+            assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS);
+            assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS);
+            assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS);
         }
         
         return true;

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
Tue Mar 12 14:44:31 2013
@@ -34,6 +34,7 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.Layout;
 import org.apache.wss4j.policy.model.Layout.LayoutType;
 import org.apache.wss4j.policy.model.TransportBinding;
@@ -51,21 +52,11 @@ public class TransportBindingPolicyValid
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
-        boolean policyFound = false;
-        if (ais != null && !ais.isEmpty()) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+        if (!ais.isEmpty()) {
             parsePolicies(aim, ais, message, results, signedResults);
-            policyFound = true;
-        }
-        
-        ais = aim.get(SP11Constants.TRANSPORT_BINDING);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(aim, ais, message, results, signedResults);
-            policyFound = true;
-        }
-        
-        // We don't need to check these policies for the Transport binding
-        if (policyFound) {
+            
+            // We don't need to check these policies for the Transport binding
             assertPolicy(aim, SP12Constants.ENCRYPTED_PARTS);
             assertPolicy(aim, SP11Constants.ENCRYPTED_PARTS);
             assertPolicy(aim, SP12Constants.SIGNED_PARTS);

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
Tue Mar 12 14:44:31 2013
@@ -34,7 +34,6 @@ import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.message.token.UsernameToken;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SP13Constants;
 import org.apache.wss4j.policy.SPConstants;
@@ -55,23 +54,18 @@ public class UsernameTokenPolicyValidato
         List<WSSecurityEngineResult> results,
         List<WSSecurityEngineResult> signedResults
     ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.USERNAME_TOKEN);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(ais, message, results);
-        }
-        
-        ais = aim.get(SP11Constants.USERNAME_TOKEN);
-        if (ais != null && !ais.isEmpty()) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
+        if (!ais.isEmpty()) {
             parsePolicies(ais, message, results);
+            
+            assertPolicy(aim, new QName(SP13Constants.SP_NS, SP12Constants.CREATED));
+            assertPolicy(aim, new QName(SP13Constants.SP_NS, SP12Constants.NONCE));
+            assertPolicy(aim, SPConstants.NO_PASSWORD);
+            assertPolicy(aim, SPConstants.HASH_PASSWORD);
+            assertPolicy(aim, SP12Constants.WSS_USERNAME_TOKEN10);
+            assertPolicy(aim, SP12Constants.WSS_USERNAME_TOKEN11);
         }
         
-        assertPolicy(aim, new QName(SP13Constants.SP_NS, SP12Constants.CREATED));
-        assertPolicy(aim, new QName(SP13Constants.SP_NS, SP12Constants.NONCE));
-        assertPolicy(aim, SP12Constants.NO_PASSWORD);
-        assertPolicy(aim, SP12Constants.HASH_PASSWORD);
-        assertPolicy(aim, SP12Constants.WSS_USERNAME_TOKEN10);
-        assertPolicy(aim, SP12Constants.WSS_USERNAME_TOKEN11);
-        
         return true;
     }
     

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
Tue Mar 12 14:44:31 2013
@@ -32,14 +32,14 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.Wss11;
 
 /**
  * Validate a WSS11 policy.
  */
-public class WSS11PolicyValidator implements TokenPolicyValidator {
+public class WSS11PolicyValidator 
+    extends AbstractTokenPolicyValidator implements TokenPolicyValidator {
     
     public boolean validatePolicy(
         AssertionInfoMap aim,
@@ -48,14 +48,13 @@ public class WSS11PolicyValidator implem
         List<WSSecurityEngineResult> results,
         List<WSSecurityEngineResult> signedResults
     ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.WSS11);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(ais, message, results);
-        }
-        
-        ais = aim.get(SP11Constants.WSS11);
-        if (ais != null && !ais.isEmpty()) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.WSS11);
+        if (!ais.isEmpty()) {
             parsePolicies(ais, message, results);
+            
+            assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_THUMBPRINT);
+            assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY);
+            assertPolicy(aim, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION);
         }
         
         return true;

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
Tue Mar 12 14:44:31 2013
@@ -32,8 +32,7 @@ import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.message.token.BinarySecurity;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.X509Token;
 import org.apache.wss4j.policy.model.X509Token.TokenType;
 
@@ -52,29 +51,18 @@ public class X509TokenPolicyValidator ex
         List<WSSecurityEngineResult> results,
         List<WSSecurityEngineResult> signedResults
     ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.X509_TOKEN);
-        if (ais != null && !ais.isEmpty()) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.X509_TOKEN);
+        if (!ais.isEmpty()) {
             parsePolicies(ais, message, results);
+            
+            assertPolicy(aim, SPConstants.WSS_X509_PKI_PATH_V1_TOKEN10);
+            assertPolicy(aim, SPConstants.WSS_X509_PKI_PATH_V1_TOKEN11);
+            assertPolicy(aim, SPConstants.WSS_X509_V1_TOKEN10);
+            assertPolicy(aim, SPConstants.WSS_X509_V1_TOKEN11);
+            assertPolicy(aim, SPConstants.WSS_X509_V3_TOKEN10);
+            assertPolicy(aim, SPConstants.WSS_X509_V3_TOKEN11);
         }
         
-        ais = aim.get(SP11Constants.X509_TOKEN);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(ais, message, results);
-        }
-        
-        assertPolicy(aim, SP12Constants.WSS_X509_PKI_PATH_V1_TOKEN_10);
-        assertPolicy(aim, SP11Constants.WSS_X509_PKI_PATH_V1_TOKEN_10);
-        assertPolicy(aim, SP12Constants.WSS_X509_PKI_PATH_V1_TOKEN_11);
-        assertPolicy(aim, SP11Constants.WSS_X509_PKI_PATH_V1_TOKEN_11);
-        assertPolicy(aim, SP12Constants.WSS_X509_V1_TOKEN_10);
-        assertPolicy(aim, SP11Constants.WSS_X509_V1_TOKEN_10);
-        assertPolicy(aim, SP12Constants.WSS_X509_V1_TOKEN_11);
-        assertPolicy(aim, SP11Constants.WSS_X509_V1_TOKEN_11);
-        assertPolicy(aim, SP12Constants.WSS_X509_V3_TOKEN_10);
-        assertPolicy(aim, SP11Constants.WSS_X509_V3_TOKEN_10);
-        assertPolicy(aim, SP12Constants.WSS_X509_V3_TOKEN_11);
-        assertPolicy(aim, SP11Constants.WSS_X509_V3_TOKEN_11);
-        
         return true;
     }
     



Mime
View raw message