All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.sun.xml.ws.security.opt.impl.incoming.TargetResolverImpl Maven / Gradle / Ivy

There is a newer version: 4.0.3
Show newest version
/*
 * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Distribution License v. 1.0, which is available at
 * http://www.eclipse.org/org/documents/edl-v10.php.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

package com.sun.xml.ws.security.opt.impl.incoming;

import com.sun.xml.ws.api.message.Header;
import com.sun.xml.ws.api.message.HeaderList;
import com.sun.xml.ws.api.message.MessageHeaders;
import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.wss.ProcessingContext;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.impl.policy.mls.SignatureTarget;
import com.sun.xml.wss.impl.policy.mls.SignatureTarget.Transform;
import com.sun.xml.wss.impl.policy.mls.Target;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import com.sun.xml.wss.impl.policy.verifier.TargetResolver;
import com.sun.xml.wss.logging.LogDomainConstants;
import com.sun.xml.wss.logging.LogStringsMessages;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;

/**
 *
 * @author [email protected]
 */
public class TargetResolverImpl implements TargetResolver {

    private ProcessingContext ctx = null;
    private StringBuffer tokenList = new StringBuffer();
    private static Logger log = Logger.getLogger(
            LogDomainConstants.WSS_API_DOMAIN,
            LogDomainConstants.WSS_API_DOMAIN_BUNDLE);

    /** Creates a new instance of TargetResolverImpl */
    public TargetResolverImpl(ProcessingContext ctx) {
        this.ctx = ctx;
    }

    public void resolveAndVerifyTargets(
            List actualTargets, List inferredTargets, WSSPolicy actualPolicy)
            throws XWSSecurityException {

        String policyType = PolicyTypeUtil.signaturePolicy(actualPolicy) ? "Signature" : "Encryption";
        boolean isEndorsing = false;

        if (PolicyTypeUtil.signaturePolicy(actualPolicy)) {
            SignaturePolicy.FeatureBinding fp = (SignaturePolicy.FeatureBinding) actualPolicy.getFeatureBinding();
            if (fp.isEndorsingSignature()) {
                isEndorsing = true;
            }
        }

        for (Target actualTarget : actualTargets) {
            if("Signature".equals(policyType) && ((SignatureTarget)actualTarget).isITNever() == true){
                //ignore resolving the target when the target is S.S or S.E.S.Token target because this breaks oracle interop
                //need to refine it later if something goes wrong 
                continue;
            }
            boolean found = false;
            String targetInPolicy = getTargetValue(actualTarget);
            for (Target inferredTarget : inferredTargets) {
                String targetInMessage = getTargetValue(inferredTarget);
                if (targetInPolicy != null && targetInPolicy.equals(targetInMessage)) {
                    found = true;
                    break;
                }
            }
            if (targetInPolicy != null && targetInPolicy.equals("BinarySecurityToken") && !found) {
                if (!containsSTRTransform(actualTarget, inferredTargets)) {
                     log.log(Level.SEVERE, LogStringsMessages.WSS_0206_POLICY_VIOLATION_EXCEPTION());
                     log.log(Level.SEVERE, LogStringsMessages.WSS_0814_POLICY_VERIFICATION_ERROR_MISSING_TARGET(targetInPolicy, policyType));
                     throw new XWSSecurityException("Policy verification error:" +
                            "Missing target " + targetInPolicy + " for " + policyType);
                }
                continue;
            }
            if (!found && targetInPolicy != null) {
                //check if message has the target
                //check if the message has the element

                if (presentInMessage(targetInPolicy)) {
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0206_POLICY_VIOLATION_EXCEPTION());
                    log.log(Level.SEVERE, LogStringsMessages.WSS_0814_POLICY_VERIFICATION_ERROR_MISSING_TARGET(targetInPolicy, policyType));
                    if (isEndorsing) {
                        throw new XWSSecurityException("Policy verification error:" +
                                "Missing target " + targetInPolicy + " for Endorsing " + policyType);
                    } else {
                        throw new XWSSecurityException("Policy verification error:" +
                                "Missing target " + targetInPolicy + " for " + policyType);
                    }

                }
            }
        }
        if ("Signature".equals(policyType)) {
            if (countSTRTransforms(actualTargets,true) != countSTRTransforms(inferredTargets, false)) {
                if (isEndorsing) {
                    throw new XWSSecurityException("Policy verification error:" +
                            "Missing reference for one of { "+ tokenList.toString() + "} for Endorsing " + policyType);
                } else {
                    tokenList.delete(tokenList.lastIndexOf(","),tokenList.length());
                    throw new XWSSecurityException("Policy verification error:" +
                            "Missing reference for one of { "+ tokenList.toString() + "}  for " + policyType);
                }
            }
        }
    }

    private boolean containsSTRTransform(Target actualTarget, List inferredTargets) {
        for (Target inferredTarget : inferredTargets) {
            SignatureTarget st = (SignatureTarget) inferredTarget;
            ArrayList ar = st.getTransforms();
            Iterator it = ar.iterator();
            while (it.hasNext()) {
                SignatureTarget.Transform str = (Transform) it.next();
                if (str.getTransform().equals(MessageConstants.STR_TRANSFORM_URI)) {
                    //if(actualTarget.getValue().equals(st.getValue())){
                    return true;
                //}
                }
            }
        }
        return false;
    }
    @SuppressWarnings("unchecked")
    private int countSTRTransforms(List targets, boolean isActualTarget) {
        int strTransformCount = 0;
        for (Target target : targets) {
            if (target instanceof SignatureTarget) {
                SignatureTarget st = (SignatureTarget) target;
                ArrayList ar = st.getTransforms();
                Iterator it = ar.iterator();
                while (it.hasNext()) {
                    SignatureTarget.Transform str = (Transform) it.next();
                    if (str.getTransform().equals(MessageConstants.STR_TRANSFORM_URI)) {
                        strTransformCount++;
                        if(isActualTarget){
                            String localPart = (st.getPolicyQName() != null)?st.getPolicyQName().getLocalPart():"";
                            tokenList.append(localPart);tokenList.append(", ");
                        }
                    }
                }
            }
        }
        return strTransformCount;
    }

    private String getTargetValue(Target target) {
        String targetInPolicy = null;
        if (Target.TARGET_TYPE_VALUE_QNAME.equals(target.getType())) {
            targetInPolicy = target.getQName().getLocalPart();
        } else if (Target.TARGET_TYPE_VALUE_URI.equals(target.getType())) {
            if (target.getPolicyQName() != null) {
                targetInPolicy = target.getPolicyQName().getLocalPart();
            } else {
                String val = target.getValue();
                String id = null;
                if (val.charAt(0) == '#') {
                    id = val.substring(1, val.length());
                } else {
                    id = val;
                }
                targetInPolicy = getElementById(id);
                if (targetInPolicy == null && id.startsWith("SAML")) {
                    return "Assertion";
                }
            }
        }

        return targetInPolicy;
    }

    private String getElementById(String id) {
        SecurityContext sc = ((JAXBFilterProcessingContext) ctx).getSecurityContext();

        MessageHeaders headers = sc.getNonSecurityHeaders();
        // look in non-security headers
        // FIXME: RJE -- remove cast when MessageContext support hasHeaders
        if (headers != null && ((HeaderList) headers).size() > 0) {
            Iterator
listItr = headers.getHeaders(); while (listItr.hasNext()) { GenericSecuredHeader header = (GenericSecuredHeader) listItr.next(); if (header.hasID(id)) { return header.getLocalPart(); } } } // look in processed headers ArrayList processedHeaders = sc.getProcessedSecurityHeaders(); for (int j = 0; j < processedHeaders.size(); j++) { SecurityHeaderElement header = (SecurityHeaderElement) processedHeaders.get(j); if (id.equals(header.getId())) { return header.getLocalPart(); } } // look in buffered headers ArrayList bufferedHeaders = sc.getBufferedSecurityHeaders(); for (int j = 0; j < bufferedHeaders.size(); j++) { SecurityHeaderElement header = (SecurityHeaderElement) bufferedHeaders.get(j); if (id.equals(header.getId())) { return header.getLocalPart(); } } return null; } private boolean presentInMessage(String targetInPolicy) { if (MessageConstants.SOAP_BODY_LNAME.equals(targetInPolicy)) { return true; } SecurityContext sc = ((JAXBFilterProcessingContext) ctx).getSecurityContext(); // FIXME: RJE - Remove cast once MessageContext supports asList(), hasHeaders() HeaderList headers = (HeaderList) sc.getNonSecurityHeaders(); // look in non-security headers if (headers != null && headers.size() > 0) { Iterator
listItr = headers.listIterator(); while (listItr.hasNext()) { GenericSecuredHeader header = (GenericSecuredHeader) listItr.next(); if (header != null && header.getLocalPart().equals(targetInPolicy)) { return true; } } } // look in processed headers ArrayList processedHeaders = sc.getProcessedSecurityHeaders(); for (int j = 0; j < processedHeaders.size(); j++) { SecurityHeaderElement header = (SecurityHeaderElement) processedHeaders.get(j); if (header != null && header.getLocalPart().equals(targetInPolicy)) { return true; } } // look in buffered headers ArrayList bufferedHeaders = sc.getBufferedSecurityHeaders(); for (int j = 0; j < bufferedHeaders.size(); j++) { SecurityHeaderElement header = (SecurityHeaderElement) bufferedHeaders.get(j); if (header != null && header.getLocalPart().equals(targetInPolicy)) { return true; } } return false; } public boolean isTargetPresent(List actualTargets) throws XWSSecurityException { for (Target actualTarget : actualTargets) { String targetInPolicy = getTargetValue(actualTarget); if (presentInMessage(targetInPolicy)) { return true; } } return false; } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy