cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Minor refactor
Date Wed, 07 Oct 2015 10:04:33 GMT
Repository: cxf
Updated Branches:
  refs/heads/master bdad3fe6b -> 8bd6dd23e


Minor refactor


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8bd6dd23
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8bd6dd23
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8bd6dd23

Branch: refs/heads/master
Commit: 8bd6dd23e162946fff6596948129a7cfba6aa753
Parents: bdad3fe
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Oct 7 11:04:23 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Oct 7 11:04:23 2015 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/policy/PolicyUtils.java     | 151 -----------------
 .../IssuedTokenInterceptorProvider.java         |   3 +-
 .../KerberosTokenInterceptorProvider.java       |   3 +-
 .../wss4j/PolicyBasedWSS4JInInterceptor.java    |   3 +-
 .../wss4j/policyvalidators/ValidatorUtils.java  | 162 +++++++++++++++++++
 5 files changed, 168 insertions(+), 154 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/8bd6dd23/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
index 495a1ef..4c34d50 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
@@ -20,44 +20,12 @@ package org.apache.cxf.ws.security.policy;
 
 import java.util.Collection;
 import java.util.Collections;
-import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Map;
 
 import javax.xml.namespace.QName;
 
-import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
-import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
-import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.AlgorithmSuitePolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.AsymmetricBindingPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.ConcreteSupportingTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.EncryptedTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.EndorsingEncryptedTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.EndorsingTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.IssuedTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.KerberosTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.LayoutPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.RequiredElementsPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.RequiredPartsPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SamlTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SecuredElementsPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SecuredPartsPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityContextTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEncryptedTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEndorsingEncryptedTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedEndorsingTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SignedTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.SymmetricBindingPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.TransportBindingPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.UsernameTokenPolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.WSS11PolicyValidator;
-import org.apache.cxf.ws.security.wss4j.policyvalidators.X509TokenPolicyValidator;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
@@ -68,117 +36,10 @@ import org.apache.wss4j.policy.model.AbstractBinding;
  */
 public final class PolicyUtils {
     
-    // The default security policy validators
-    private static final Map<QName, SecurityPolicyValidator> DEFAULT_SECURITY_POLICY_VALIDATORS
=
-        new HashMap<>();
-    
-    static {
-        configureTokenValidators();
-        configureBindingValidators();
-        configureSupportingTokenValidators();
-        configurePartsValidators();
-    }
-    
     private PolicyUtils() {
         // complete
     }
     
-    private static void configureTokenValidators() {
-        SecurityPolicyValidator validator = new X509TokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.X509_TOKEN, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.X509_TOKEN, validator);
-        validator = new UsernameTokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.USERNAME_TOKEN, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.USERNAME_TOKEN, validator);
-        validator = new SamlTokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SAML_TOKEN, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SAML_TOKEN, validator);
-        validator = new SecurityContextTokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SECURITY_CONTEXT_TOKEN, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SECURITY_CONTEXT_TOKEN, validator);
-        validator = new WSS11PolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.WSS11, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.WSS11, validator);
-        validator = new IssuedTokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ISSUED_TOKEN, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ISSUED_TOKEN, validator);
-        validator = new KerberosTokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.KERBEROS_TOKEN, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.KERBEROS_TOKEN, validator);
-    }
-    
-    private static void configureBindingValidators() {
-        SecurityPolicyValidator validator = new TransportBindingPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.TRANSPORT_BINDING, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.TRANSPORT_BINDING, validator);
-        validator = new SymmetricBindingPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SYMMETRIC_BINDING, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SYMMETRIC_BINDING, validator);
-        validator = new AsymmetricBindingPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ASYMMETRIC_BINDING, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ASYMMETRIC_BINDING, validator);
-        validator = new AlgorithmSuitePolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ALGORITHM_SUITE, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ALGORITHM_SUITE, validator);
-        validator = new LayoutPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.LAYOUT, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.LAYOUT, validator);
-    }
-    
-    private static void configureSupportingTokenValidators() {
-        SecurityPolicyValidator validator = new ConcreteSupportingTokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SUPPORTING_TOKENS, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SUPPORTING_TOKENS, validator);
-        validator = new SignedTokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_SUPPORTING_TOKENS, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SIGNED_SUPPORTING_TOKENS, validator);
-        validator = new EndorsingTokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ENDORSING_SUPPORTING_TOKENS,
validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ENDORSING_SUPPORTING_TOKENS,
validator);
-        validator = new SignedEndorsingTokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS,
validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS,
validator);
-        validator = new EncryptedTokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS,
validator);
-        validator = new SignedEncryptedTokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS,
validator);
-        validator = new EndorsingEncryptedTokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS,
validator);
-        validator = new SignedEndorsingEncryptedTokenPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS,
validator);
-    }
-    
-    private static void configurePartsValidators() {
-        SecurityPolicyValidator validator = new SecuredPartsPolicyValidator();
-        ((SecuredPartsPolicyValidator)validator).setCoverageType(CoverageType.SIGNED);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_PARTS, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SIGNED_PARTS, validator);
-        validator = new SecuredPartsPolicyValidator();
-        ((SecuredPartsPolicyValidator)validator).setCoverageType(CoverageType.ENCRYPTED);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ENCRYPTED_PARTS, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ENCRYPTED_PARTS, validator);
-        validator = new SecuredElementsPolicyValidator();
-        ((SecuredElementsPolicyValidator)validator).setCoverageType(CoverageType.SIGNED);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_ELEMENTS, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SIGNED_ELEMENTS, validator);
-        validator = new SecuredElementsPolicyValidator();
-        ((SecuredElementsPolicyValidator)validator).setCoverageType(CoverageType.ENCRYPTED);
-        ((SecuredElementsPolicyValidator)validator).setCoverageScope(CoverageScope.ELEMENT);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ENCRYPTED_ELEMENTS, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ENCRYPTED_ELEMENTS, validator);
-        validator = new SecuredElementsPolicyValidator();
-        ((SecuredElementsPolicyValidator)validator).setCoverageType(CoverageType.ENCRYPTED);
-        ((SecuredElementsPolicyValidator)validator).setCoverageScope(CoverageScope.CONTENT);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS,
validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.CONTENT_ENCRYPTED_ELEMENTS,
validator);
-        validator = new RequiredPartsPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.REQUIRED_PARTS, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.REQUIRED_PARTS, validator);
-        validator = new RequiredElementsPolicyValidator();
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.REQUIRED_ELEMENTS, validator);
-        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.REQUIRED_ELEMENTS, validator);
-    }
-    
     public static Collection<AssertionInfo> getAllAssertionsByLocalname(
         AssertionInfoMap aim, String localname
     ) {
@@ -269,16 +130,4 @@ public final class PolicyUtils {
         return null;
     }
 
-    public static Map<QName, SecurityPolicyValidator> getSecurityPolicyValidators(Message
message) {
-        Map<QName, SecurityPolicyValidator> mapToReturn = new HashMap<>(DEFAULT_SECURITY_POLICY_VALIDATORS);

-        Map<QName, SecurityPolicyValidator> policyMap = 
-            CastUtils.cast((Map<?, ?>)message.getContextualProperty(SecurityConstants.POLICY_VALIDATOR_MAP));
-        
-        // Allow overriding the default policies
-        if (policyMap != null && !policyMap.isEmpty()) {
-            mapToReturn.putAll(policyMap);
-        }
-        
-        return mapToReturn;
-    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8bd6dd23/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
index f8a4475..73095f9 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
@@ -47,6 +47,7 @@ import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxOutInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.PolicyValidatorParameters;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.ValidatorUtils;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
@@ -207,7 +208,7 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro
             
             QName qName = issuedAis.iterator().next().getAssertion().getName();
             Map<QName, SecurityPolicyValidator> validators = 
-                PolicyUtils.getSecurityPolicyValidators(message);
+                ValidatorUtils.getSecurityPolicyValidators(message);
             if (validators.containsKey(qName)) {
                 validators.get(qName).validatePolicies(parameters, issuedAis);
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8bd6dd23/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
index 7d93cb3..823c4be 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
@@ -53,6 +53,7 @@ import org.apache.cxf.ws.security.wss4j.StaxSecurityContextInInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.PolicyValidatorParameters;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.ValidatorUtils;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
@@ -201,7 +202,7 @@ public class KerberosTokenInterceptorProvider extends AbstractPolicyInterceptorP
             
             QName qName = ais.iterator().next().getAssertion().getName();
             Map<QName, SecurityPolicyValidator> validators = 
-                PolicyUtils.getSecurityPolicyValidators(message);
+                ValidatorUtils.getSecurityPolicyValidators(message);
             if (validators.containsKey(qName)) {
                 validators.get(qName).validatePolicies(parameters, ais);
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/8bd6dd23/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index 5cc1886..b18857f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -41,6 +41,7 @@ import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.PolicyValidatorParameters;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.ValidatorUtils;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -571,7 +572,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         parameters.setTimestampElement(timestamp);
         
         // Validate security policies
-        Map<QName, SecurityPolicyValidator> validators = PolicyUtils.getSecurityPolicyValidators(msg);
+        Map<QName, SecurityPolicyValidator> validators = ValidatorUtils.getSecurityPolicyValidators(msg);
         for (Map.Entry<QName, Collection<AssertionInfo>> entry : aim.entrySet())
{
             // Check to see if we have a security policy + if we can validate it
             if (validators.containsKey(entry.getKey())) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/8bd6dd23/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ValidatorUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ValidatorUtils.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ValidatorUtils.java
new file mode 100644
index 0000000..f7dc679
--- /dev/null
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ValidatorUtils.java
@@ -0,0 +1,162 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j.policyvalidators;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
+
+/**
+ * Configure the Validators
+ */
+public final class ValidatorUtils {
+    
+    // The default security policy validators
+    private static final Map<QName, SecurityPolicyValidator> DEFAULT_SECURITY_POLICY_VALIDATORS
=
+        new HashMap<>();
+    
+    static {
+        configureTokenValidators();
+        configureBindingValidators();
+        configureSupportingTokenValidators();
+        configurePartsValidators();
+    }
+    
+    private ValidatorUtils() {
+        // complete
+    }
+    
+    private static void configureTokenValidators() {
+        SecurityPolicyValidator validator = new X509TokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.X509_TOKEN, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.X509_TOKEN, validator);
+        validator = new UsernameTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.USERNAME_TOKEN, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.USERNAME_TOKEN, validator);
+        validator = new SamlTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SAML_TOKEN, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SAML_TOKEN, validator);
+        validator = new SecurityContextTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SECURITY_CONTEXT_TOKEN, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SECURITY_CONTEXT_TOKEN, validator);
+        validator = new WSS11PolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.WSS11, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.WSS11, validator);
+        validator = new IssuedTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ISSUED_TOKEN, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ISSUED_TOKEN, validator);
+        validator = new KerberosTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.KERBEROS_TOKEN, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.KERBEROS_TOKEN, validator);
+    }
+    
+    private static void configureBindingValidators() {
+        SecurityPolicyValidator validator = new TransportBindingPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.TRANSPORT_BINDING, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.TRANSPORT_BINDING, validator);
+        validator = new SymmetricBindingPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SYMMETRIC_BINDING, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SYMMETRIC_BINDING, validator);
+        validator = new AsymmetricBindingPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ASYMMETRIC_BINDING, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ASYMMETRIC_BINDING, validator);
+        validator = new AlgorithmSuitePolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ALGORITHM_SUITE, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ALGORITHM_SUITE, validator);
+        validator = new LayoutPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.LAYOUT, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.LAYOUT, validator);
+    }
+    
+    private static void configureSupportingTokenValidators() {
+        SecurityPolicyValidator validator = new ConcreteSupportingTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SUPPORTING_TOKENS, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SUPPORTING_TOKENS, validator);
+        validator = new SignedTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_SUPPORTING_TOKENS, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SIGNED_SUPPORTING_TOKENS, validator);
+        validator = new EndorsingTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ENDORSING_SUPPORTING_TOKENS,
validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ENDORSING_SUPPORTING_TOKENS,
validator);
+        validator = new SignedEndorsingTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS,
validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS,
validator);
+        validator = new EncryptedTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS,
validator);
+        validator = new SignedEncryptedTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS,
validator);
+        validator = new EndorsingEncryptedTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS,
validator);
+        validator = new SignedEndorsingEncryptedTokenPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS,
validator);
+    }
+    
+    private static void configurePartsValidators() {
+        SecurityPolicyValidator validator = new SecuredPartsPolicyValidator();
+        ((SecuredPartsPolicyValidator)validator).setCoverageType(CoverageType.SIGNED);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_PARTS, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SIGNED_PARTS, validator);
+        validator = new SecuredPartsPolicyValidator();
+        ((SecuredPartsPolicyValidator)validator).setCoverageType(CoverageType.ENCRYPTED);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ENCRYPTED_PARTS, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ENCRYPTED_PARTS, validator);
+        validator = new SecuredElementsPolicyValidator();
+        ((SecuredElementsPolicyValidator)validator).setCoverageType(CoverageType.SIGNED);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.SIGNED_ELEMENTS, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.SIGNED_ELEMENTS, validator);
+        validator = new SecuredElementsPolicyValidator();
+        ((SecuredElementsPolicyValidator)validator).setCoverageType(CoverageType.ENCRYPTED);
+        ((SecuredElementsPolicyValidator)validator).setCoverageScope(CoverageScope.ELEMENT);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.ENCRYPTED_ELEMENTS, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.ENCRYPTED_ELEMENTS, validator);
+        validator = new SecuredElementsPolicyValidator();
+        ((SecuredElementsPolicyValidator)validator).setCoverageType(CoverageType.ENCRYPTED);
+        ((SecuredElementsPolicyValidator)validator).setCoverageScope(CoverageScope.CONTENT);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS,
validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.CONTENT_ENCRYPTED_ELEMENTS,
validator);
+        validator = new RequiredPartsPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.REQUIRED_PARTS, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.REQUIRED_PARTS, validator);
+        validator = new RequiredElementsPolicyValidator();
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP12Constants.REQUIRED_ELEMENTS, validator);
+        DEFAULT_SECURITY_POLICY_VALIDATORS.put(SP11Constants.REQUIRED_ELEMENTS, validator);
+    }
+    
+    public static Map<QName, SecurityPolicyValidator> getSecurityPolicyValidators(Message
message) {
+        Map<QName, SecurityPolicyValidator> mapToReturn = new HashMap<>(DEFAULT_SECURITY_POLICY_VALIDATORS);

+        Map<QName, SecurityPolicyValidator> policyMap = 
+            CastUtils.cast((Map<?, ?>)message.getContextualProperty(SecurityConstants.POLICY_VALIDATOR_MAP));
+        
+        // Allow overriding the default policies
+        if (policyMap != null && !policyMap.isEmpty()) {
+            mapToReturn.putAll(policyMap);
+        }
+        
+        return mapToReturn;
+    }
+}


Mime
View raw message