com.sun.xml.ws.security.impl.policy.PolicyUtil Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of wsit-impl Show documentation
Show all versions of wsit-impl Show documentation
This module contains the Metro WSIT runtime code.
The newest version!
/*
* Copyright (c) 1997, 2022 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0, which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
package com.sun.xml.ws.security.impl.policy;
import com.sun.xml.ws.api.addressing.AddressingVersion;
import com.sun.xml.ws.api.policy.ModelGenerator;
import com.sun.xml.ws.policy.AssertionSet;
import com.sun.xml.ws.policy.Policy;
import com.sun.xml.ws.policy.PolicyAssertion;
import com.sun.xml.ws.policy.sourcemodel.PolicyModelMarshaller;
import com.sun.xml.ws.policy.sourcemodel.PolicySourceModel;
import com.sun.xml.ws.security.policy.AlgorithmSuiteValue;
import com.sun.xml.ws.security.policy.SecurityPolicyVersion;
import com.sun.xml.wss.WSITXMLFactory;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.util.List;
import java.util.UUID;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamWriter;
import jakarta.xml.ws.WebServiceException;
import org.w3c.dom.Document;
/**
*
* @author [email protected] [email protected]
*/
public class PolicyUtil {
/** Creates a new instance of PolicyUtil */
public PolicyUtil() {
}
public static boolean isSecurityPolicyNS(PolicyAssertion pa, SecurityPolicyVersion spVersion) {
return spVersion.namespaceUri.equals(pa.getName().getNamespaceURI()) ||
Constants.MS_SP_NS.equalsIgnoreCase(pa.getName().getNamespaceURI());
}
public static boolean isSunPolicyNS(PolicyAssertion pa) {
return Constants.SUN_WSS_SECURITY_SERVER_POLICY_NS.equals(pa.getName().getNamespaceURI()) ||
Constants.SUN_WSS_SECURITY_CLIENT_POLICY_NS.equals(pa.getName().getNamespaceURI());
}
public static boolean isAddressingNS(PolicyAssertion pa) {
if ( AddressingVersion.MEMBER.nsUri.equals(pa.getName().getNamespaceURI()) ) {
return true;
}
return AddressingVersion.W3C.nsUri.equals(pa.getName().getNamespaceURI());
}
public static boolean isTrustNS(PolicyAssertion pa) {
return Constants.TRUST_NS.equals(pa.getName().getNamespaceURI()) ||
Constants.TRUST13_NS.equals(pa.getName().getNamespaceURI());
}
public static boolean isMEXNS(final PolicyAssertion assertion) {
return Constants.MEX_NS.equals(assertion.getName().getNamespaceURI());
}
public static boolean isUtilityNS(PolicyAssertion pa) {
return Constants.UTILITY_NS.equals(pa.getName().getNamespaceURI());
}
public static boolean isXpathNS(PolicyAssertion pa) {
return Constants.XPATH_NS.equals(pa.getName().getNamespaceURI());
}
public static boolean isAlgorithmAssertion(PolicyAssertion pa, SecurityPolicyVersion spVersion){
if ( isSecurityPolicyNS(pa, spVersion) ) {
return pa.getName().getLocalPart().equals(Constants.AlgorithmSuite);
}
return false;
}
public static boolean isToken(PolicyAssertion pa, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(pa, spVersion)) {
return false;
}
if(pa.getName().getLocalPart().equals(Constants.EncryptionToken) ) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.SignatureToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.InitiatorToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.InitiatorSignatureToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.InitiatorEncryptionToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.HttpsToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.IssuedToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.KerberosToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.ProtectionToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.RecipientToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.RecipientSignatureToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.RecipientEncryptionToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.SupportingTokens)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.SC10SecurityContextToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.SamlToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.UsernameToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.X509Token)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.SecureConversationToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.TransportToken)) {
return true;
}else if(pa.getName().getLocalPart().equals(Constants.RsaToken)){
return true;
}else return pa.getName().getLocalPart().equals(Constants.KeyValueToken);
}
public static boolean isBootstrapPolicy(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion) ) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.BootstrapPolicy);
}
public static boolean isTarget(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion) ) {
return false;
}
String name = assertion.getName().getLocalPart();
return name.equals(Constants.EncryptedParts) ||
name.equals(Constants.SignedParts) ||
name.equals(Constants.SignedElements) ||
name.equals(Constants.EncryptedElements);
}
public static boolean isXPath(PolicyAssertion assertion, SecurityPolicyVersion spVersion ) {
if ( !isSecurityPolicyNS(assertion, spVersion) ) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.XPath);
}
public static boolean isXPathFilter20(PolicyAssertion assertion) {
if ( !isXpathNS(assertion) ) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.XPathFilter20);
}
public static boolean isRequiredKey(PolicyAssertion assertion) {
return false;
}
public static boolean isTokenType(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
if ( assertion.getName().getLocalPart().equals(Constants.WssX509V1Token10)) {
return true;
} else if ( assertion.getName().getLocalPart().equals(Constants.WssX509V3Token10)) {
return true;
} else if ( assertion.getName().getLocalPart().equals(Constants.WssX509Pkcs7Token10)) {
return true;
} else if ( assertion.getName().getLocalPart().equals(Constants.WssX509PkiPathV1Token10)) {
return true;
} else if ( assertion.getName().getLocalPart().equals(Constants.WssX509V1Token11)) {
return true;
} else if ( assertion.getName().getLocalPart().equals(Constants.WssX509V3Token11)) {
return true;
} else if ( assertion.getName().getLocalPart().equals(Constants.WssX509Pkcs7Token11)) {
return true;
} else return assertion.getName().getLocalPart().equals(Constants.WssX509PkiPathV1Token11);
}
public static boolean isTokenReferenceType(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
if ( assertion.getName().getLocalPart().equals(Constants.RequireKeyIdentifierReference)) {
return true;
} else if ( assertion.getName().getLocalPart().equals(Constants.RequireThumbprintReference)) {
return true;
} else if ( assertion.getName().getLocalPart().equals(Constants.RequireEmbeddedTokenReference)) {
return true;
} else return assertion.getName().getLocalPart().equals(Constants.RequireIssuerSerialReference);
}
public static boolean isUsernameTokenType(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.WssUsernameToken10) ||
assertion.getName().getLocalPart().equals(Constants.WssUsernameToken11);
}
public static boolean useCreated(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
/*&& spVersion.namespaceUri.equals(SP13_NS)*/
return assertion.getName().getLocalPart().equals(Constants.Created);
}
public static boolean useNonce(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
/*&&
spVersion.namespaceUri.equals(SP13_NS)*/
return assertion.getName().getLocalPart().equals(Constants.Nonce);
}
public static boolean isHttpsToken(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.HttpsToken);
}
public static boolean isSecurityContextToken(PolicyAssertion token, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(token, spVersion)) {
return false;
}
return token.getName().getLocalPart().equals(Constants.SecurityContextToken);
}
public static boolean isSecurityContextTokenType(PolicyAssertion token, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(token, spVersion)) {
return false;
}
String localPart = token.getName().getLocalPart();
return localPart.equals(Constants.SC10SecurityContextToken);
}
public static boolean isKerberosToken(PolicyAssertion token, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(token, spVersion)) {
return false;
}
return token.getName().getLocalPart().equals(Constants.KerberosToken);
}
public static boolean isKerberosTokenType(PolicyAssertion token, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(token, spVersion)) {
return false;
}
String localPart = token.getName().getLocalPart();
if(localPart.equals(Constants.WssKerberosV5ApReqToken11)) {
return true;
}else return localPart.equals(Constants.WssGssKerberosV5ApReqToken11);
}
public static boolean isKeyValueTokenType(PolicyAssertion token, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(token, spVersion)) {
return false;
}
String localPart = token.getName().getLocalPart();
return localPart.equals(Constants.RsaKeyValue) && SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri.equals(
spVersion.namespaceUri);
}
public static boolean isRelToken(PolicyAssertion token, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(token, spVersion)) {
return false;
}
return token.getName().getLocalPart().equals(Constants.RelToken);
}
public static boolean isRelTokenType(PolicyAssertion token, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(token, spVersion)) {
return false;
}
String localPart = token.getName().getLocalPart();
switch (localPart) {
case Constants.WssRelV10Token10:
return true;
case Constants.WssRelV10Token11:
return true;
case Constants.WssRelV20Token10:
return true;
case Constants.WssRelV20Token11:
return true;
}
return false;
}
public static boolean isIncludeTimestamp(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.IncludeTimestamp);
}
public static boolean disableTimestampSigning(PolicyAssertion assertion) {
if ( !isSunPolicyNS(assertion )) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.DisableTimestampSigning);
}
public static boolean isEncryptBeforeSign(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.EncryptBeforeSigning);
}
public static boolean isSignBeforeEncrypt(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.SignBeforeEncrypting);
}
public static boolean isContentOnlyAssertion(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.OnlySignEntireHeadersAndBody);
}
public static boolean isMessageLayout(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Layout);
}
public static boolean isEncryptParts(PolicyAssertion assertion, SecurityPolicyVersion spVersion ){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.EncryptedParts);
}
public static boolean isEncryptedElements(PolicyAssertion assertion, SecurityPolicyVersion spVersion ){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.EncryptedElements);
}
public static boolean isSignedParts(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.SignedParts);
}
public static boolean isSignedElements(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.SignedElements);
}
public static boolean isSignedSupportingToken(PolicyAssertion policyAssertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(policyAssertion, spVersion)) {
return false;
}
return policyAssertion.getName().getLocalPart().equals(Constants.SignedSupportingTokens);
}
public static boolean isEndorsedSupportingToken(PolicyAssertion policyAssertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(policyAssertion, spVersion)) {
return false;
}
return policyAssertion.getName().getLocalPart().equals(Constants.EndorsingSupportingTokens);
}
public static boolean isSignedEndorsingSupportingToken(PolicyAssertion policyAssertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(policyAssertion, spVersion)) {
return false;
}
return policyAssertion.getName().getLocalPart().equals(Constants.SignedEndorsingSupportingTokens);
}
public static boolean isSignedEncryptedSupportingToken(PolicyAssertion policyAssertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(policyAssertion, spVersion)) {
return false;
}
// SignedEncryptedSupportingTokens in only supported in SecurityPolicy 1.2 namespace
return policyAssertion.getName().getLocalPart().equals(Constants.SignedEncryptedSupportingTokens) &&
policyAssertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isEncryptedSupportingToken(PolicyAssertion policyAssertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(policyAssertion, spVersion)) {
return false;
}
// EncryptedSupportingTokens in only supported in SecurityPolicy 1.2 namespace
return policyAssertion.getName().getLocalPart().equals(Constants.EncryptedSupportingTokens) &&
policyAssertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isEndorsingEncryptedSupportingToken(PolicyAssertion policyAssertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(policyAssertion, spVersion)) {
return false;
}
// EndorsingEncryptedSupportingTokens in only supported in SecurityPolicy 1.2 namespace
return policyAssertion.getName().getLocalPart().equals(Constants.EndorsingEncryptedSupportingTokens) &&
policyAssertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isSignedEndorsingEncryptedSupportingToken(PolicyAssertion policyAssertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(policyAssertion, spVersion)) {
return false;
}
// SignedEndorsingEncryptedSupportingTokens in only supported in SecurityPolicy 1.2 namespace
return policyAssertion.getName().getLocalPart().equals(Constants.SignedEndorsingEncryptedSupportingTokens) &&
policyAssertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isBinding(PolicyAssertion policyAssertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(policyAssertion, spVersion)) {
return false;
}
String name = policyAssertion.getName().getLocalPart();
return name.equals(Constants.SymmetricBinding) ||
name.equals(Constants.AsymmetricBinding) ||
name.equals(Constants.TransportBinding);
}
public static boolean isUsernameToken(PolicyAssertion token, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(token, spVersion)) {
return false;
}
return token.getName().getLocalPart().equals(Constants.UsernameToken);
}
public static boolean isSamlToken(PolicyAssertion token, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(token, spVersion)) {
return false;
}
return token.getName().getLocalPart().equals(Constants.SamlToken);
}
public static boolean isSamlTokenType(PolicyAssertion token, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(token, spVersion)) {
return false;
}
String localPart = token.getName().getLocalPart();
switch (localPart) {
case Constants.WssSamlV10Token10:
return true;
case Constants.WssSamlV10Token11:
return true;
case Constants.WssSamlV11Token10:
return true;
case Constants.WssSamlV20Token11:
return true;
case Constants.WssSamlV11Token11:
return true;
}
return false;
}
public static boolean isIssuedToken(PolicyAssertion token, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(token, spVersion)) {
return false;
}
return token.getName().getLocalPart().equals(Constants.IssuedToken);
}
public static boolean isSecureConversationToken(PolicyAssertion token, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(token, spVersion)) {
return false;
}
return token.getName().getLocalPart().equals(Constants.SecureConversationToken);
}
public static boolean isX509Token(PolicyAssertion policyAssertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(policyAssertion, spVersion)) {
return false;
}
return policyAssertion.getName().getLocalPart().equals(Constants.X509Token);
}
public static boolean isKeyValueToken(PolicyAssertion policyAssertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(policyAssertion, spVersion)) {
return false;
}
return policyAssertion.getName().getLocalPart().equals(Constants.KeyValueToken) && SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri.equals(
spVersion.namespaceUri);
}
// RsaToken is Microsoft's proprietary assertion
public static boolean isRsaToken(PolicyAssertion policyAssertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(policyAssertion, spVersion)) {
return false;
}
return policyAssertion.getName().getLocalPart().equals(Constants.RsaToken) && SecurityPolicyVersion.MS_SECURITYPOLICY200507.namespaceUri.equals(
spVersion.namespaceUri);
}
public static boolean isAsymmetricBinding(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.AsymmetricBinding);
}
public static boolean isAsymmetricBinding(QName assertion, SecurityPolicyVersion spVersion){
return assertion.getLocalPart().equals(Constants.AsymmetricBinding) &&
assertion.getNamespaceURI().equals(spVersion.namespaceUri);
}
public static boolean isTransportBinding(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.TransportBinding);
}
public static boolean isTransportBinding(QName assertion, SecurityPolicyVersion spVersion){
return assertion.getLocalPart().equals(Constants.TransportBinding) &&
assertion.getNamespaceURI().equals(spVersion.namespaceUri);
}
public static boolean isSymmetricBinding(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.SymmetricBinding);
}
public static boolean isSymmetricBinding(QName assertion, SecurityPolicyVersion spVersion){
return assertion.getLocalPart().equals(Constants.SymmetricBinding) &&
assertion.getNamespaceURI().equals(spVersion.namespaceUri);
}
public static boolean isSupportingTokens(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return isSignedSupportingToken(assertion, spVersion) || isEndorsedSupportingToken(assertion, spVersion) ||
isSignedEndorsingSupportingToken(assertion, spVersion) || isSupportingToken(assertion, spVersion) ||
isSignedEncryptedSupportingToken(assertion, spVersion) || isEncryptedSupportingToken(assertion, spVersion) ||
isEndorsingEncryptedSupportingToken(assertion, spVersion) || isSignedEndorsingEncryptedSupportingToken(assertion, spVersion);
}
public static boolean isSupportingToken(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion )) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.SupportingTokens);
}
public static boolean isSupportClientChallenge(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.MustSupportClientChallenge);
}
public static boolean isSupportServerChallenge(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.MustSupportServerChallenge);
}
public static boolean isWSS10PolicyContent(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
if(assertion.getName().getLocalPart().equals(Constants.MustSupportRefKeyIdentifier)) {
return true;
}else if( assertion.getName().getLocalPart().equals(Constants.MustSupportRefIssuerSerial)) {
return true;
}else if(assertion.getName().getLocalPart().equals(Constants.RequireExternalUriReference)) {
return true;
}else return assertion.getName().getLocalPart().equals(Constants.RequireEmbeddedTokenReference);
}
public static boolean isWSS11PolicyContent(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
if(assertion.getName().getLocalPart().equals(Constants.MustSupportRefKeyIdentifier)) {
return true;
}else if( assertion.getName().getLocalPart().equals(Constants.MustSupportRefIssuerSerial)) {
return true;
}else if(assertion.getName().getLocalPart().equals(Constants.MustSupportRefThumbprint)) {
return true;
}else if(assertion.getName().getLocalPart().equals(Constants.MustSupportRefEncryptedKey)) {
return true;
}else if(assertion.getName().getLocalPart().equals(Constants.RequireSignatureConfirmation)) {
return true;
}else if(assertion.getName().getLocalPart().equals(Constants.RequireExternalUriReference)) {
return true;
}else return assertion.getName().getLocalPart().equals(Constants.RequireEmbeddedTokenReference);
}
/**
* introduced for SecurityPolicy 1.2
*/
public static boolean isRequireClientCertificate(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
// RequireClientCertificate as a policy assertion is only supported in SP 1.2 namespace
return assertion.getName().getLocalPart().equals(Constants.RequireClientCertificate) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
/**
* introduced for SecurityPolicy 1.2
*/
public static boolean isHttpBasicAuthentication(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
// HttpBasicAuthentication as a policy assertion is only supported in SP 1.2 namespace
return assertion.getName().getLocalPart().equals(Constants.HttpBasicAuthentication) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
/**
* introduced for SecurityPolicy 1.2
*/
public static boolean isHttpDigestAuthentication(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
// HttpDigestAuthentication as a policy assertion is only supported in SP 1.2 namespace
return assertion.getName().getLocalPart().equals(Constants.HttpDigestAuthentication) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isRequireClientEntropy(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.RequireClientEntropy);
}
public static boolean isRequireServerEntropy(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.RequireServerEntropy);
}
public static boolean isSupportIssuedTokens(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.MustSupportIssuedTokens);
}
public static boolean isRequestSecurityTokenCollection(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.RequireRequestSecurityTokenCollection) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isAppliesTo(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.RequireAppliesTo) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isIssuer(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Issuer);
}
public static boolean isIssuerName(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
// Issuer Name only supported for 1.2 namespace
return assertion.getName().getLocalPart().equals(Constants.IssuerName) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isWSS10(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Wss10);
}
public static boolean isWSS11(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Wss11);
}
public static boolean isTrust10(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
// Trust10 assertion is allowed only in 2005/07 namespace
return assertion.getName().getLocalPart().equals(Constants.Trust10) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY200507.namespaceUri);
}
public static boolean isTrust13(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
// Trust13 assertion is allowed only in 1.2 namespace
return assertion.getName().getLocalPart().equals(Constants.Trust13) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isMustNotSendCancel(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
// MustNotSendCancel assertion is allowed only in 1.2 namespace
return assertion.getName().getLocalPart().equals(Constants.MustNotSendCancel) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isMustNotSendRenew(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
// MustNotSendCancel assertion is allowed only in 1.2 namespace
return assertion.getName().getLocalPart().equals(Constants.MustNotSendRenew) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isBody(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Body);
}
public static boolean isAttachments(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
// sp:Attachments assertion is allowed only in 1.2 namespace
return assertion.getName().getLocalPart().equals(Constants.Attachments) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isAttachmentCompleteTransform(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
// sp:AttachmentCompleteSignatureTransform assertion is allowed only in 1.2 namespace
return assertion.getName().getLocalPart().equals(Constants.AttachmentCompleteSignatureTransform) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isAttachmentContentTransform(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
// sp:ContentSignatureTransform assertion is allowed only in 1.2 namespace
return assertion.getName().getLocalPart().equals(Constants.ContentSignatureTransform) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static boolean isRequireDerivedKeys(PolicyAssertion assertion, SecurityPolicyVersion spVersion ) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return Constants.RequireDerivedKeys.equals(assertion.getName().getLocalPart());
}
public static AlgorithmSuiteValue isValidAlgorithmSuiteValue(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return null;
}
if ( assertion.getName().getLocalPart().equals(Constants.Basic256) ) {
return AlgorithmSuiteValue.Basic256;
} else if ( assertion.getName().getLocalPart().equals(Constants.Basic192)) {
return AlgorithmSuiteValue.Basic192;
} else if ( assertion.getName().getLocalPart().equals(Constants.Basic128)) {
return AlgorithmSuiteValue.Basic128;
} else if ( assertion.getName().getLocalPart().equals(Constants.TripleDes)) {
return AlgorithmSuiteValue.TripleDes;
} else if ( assertion.getName().getLocalPart().equals(Constants.Basic256Rsa15)) {
return AlgorithmSuiteValue.Basic256Rsa15;
} else if ( assertion.getName().getLocalPart().equals(Constants.Basic192Rsa15)) {
return AlgorithmSuiteValue.Basic192Rsa15;
} else if ( assertion.getName().getLocalPart().equals(Constants.Basic128Rsa15)) {
return AlgorithmSuiteValue.Basic128Rsa15;
} else if ( assertion.getName().getLocalPart().equals(Constants.TripleDesRsa15)) {
return AlgorithmSuiteValue.TripleDesRsa15;
} else if ( assertion.getName().getLocalPart().equals(Constants.Basic256Sha256)) {
return AlgorithmSuiteValue.Basic256Sha256;
} else if ( assertion.getName().getLocalPart().equals(Constants.Basic192Sha256)) {
return AlgorithmSuiteValue.Basic192Sha256;
} else if ( assertion.getName().getLocalPart().equals(Constants.Basic128Sha256)) {
return AlgorithmSuiteValue.Basic128Sha256;
} else if ( assertion.getName().getLocalPart().equals(Constants.TripleDesSha256)) {
return AlgorithmSuiteValue.TripleDesSha256;
} else if ( assertion.getName().getLocalPart().equals(Constants.Basic256Sha256Rsa15)) {
return AlgorithmSuiteValue.Basic256Sha256Rsa15;
} else if ( assertion.getName().getLocalPart().equals(Constants.Basic192Sha256Rsa15)) {
return AlgorithmSuiteValue.Basic192Sha256Rsa15;
} else if ( assertion.getName().getLocalPart().equals(Constants.Basic128Sha256Rsa15)) {
return AlgorithmSuiteValue.Basic128Sha256Rsa15;
} else if ( assertion.getName().getLocalPart().equals(Constants.TripleDesSha256Rsa15)) {
return AlgorithmSuiteValue.TripleDesSha256Rsa15;
}
return null;
}
public static boolean isInclusiveC14N(PolicyAssertion assertion, SecurityPolicyVersion spVersion ) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.InclusiveC14N);
}
public static boolean isInclusiveC14NWithComments(PolicyAssertion assertion ) {
if(!isSunPolicyNS(assertion)){
return false;
}
return assertion.getName().getLocalPart().equals(Constants.InclusiveC14NWithComments);
}
public static boolean isInclusiveC14NWithCommentsForTransforms(PolicyAssertion assertion ) {
if(!isSunPolicyNS(assertion)){
return false;
}
if ( assertion.getName().getLocalPart().equals(Constants.InclusiveC14NWithComments)) {
return "true".equals(assertion.getAttributeValue(new QName(Constants.SUN_WSS_SECURITY_SERVER_POLICY_NS, "forTransforms")));
}
return false;
}
public static boolean isInclusiveC14NWithCommentsForCm(PolicyAssertion assertion ) {
if(!isSunPolicyNS(assertion)){
return false;
}
if ( assertion.getName().getLocalPart().equals(Constants.InclusiveC14NWithComments)) {
return "true".equals(assertion.getAttributeValue(new QName(Constants.SUN_WSS_SECURITY_SERVER_POLICY_NS, "forCm")));
}
return false;
}
public static boolean isExclusiveC14NWithComments(PolicyAssertion assertion ) {
if(!isSunPolicyNS(assertion)){
return false;
}
return assertion.getName().getLocalPart().equals(Constants.ExclusiveC14NWithComments);
}
public static boolean isExclusiveC14NWithCommentsForTransforms(PolicyAssertion assertion ) {
if(!isSunPolicyNS(assertion)){
return false;
}
if ( assertion.getName().getLocalPart().equals(Constants.ExclusiveC14NWithComments)) {
return "true".equals(assertion.getAttributeValue(new QName(Constants.SUN_WSS_SECURITY_SERVER_POLICY_NS, "forTransforms")));
}
return false;
}
public static boolean isExclusiveC14NWithCommentsForCm(PolicyAssertion assertion ) {
if(!isSunPolicyNS(assertion)){
return false;
}
if ( assertion.getName().getLocalPart().equals(Constants.ExclusiveC14NWithComments)) {
return "true".equals(assertion.getAttributeValue(new QName(Constants.SUN_WSS_SECURITY_SERVER_POLICY_NS, "forCm")));
}
return false;
}
public static boolean isSTRTransform10(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.STRTransform10);
}
public static boolean isInitiatorToken(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.InitiatorToken);
}
public static boolean isInitiatorEncryptionToken(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.InitiatorEncryptionToken);
}
public static boolean isInitiatorSignatureToken(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.InitiatorSignatureToken);
}
public static boolean isRecipientToken(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.RecipientToken);
}
public static boolean isRecipientSignatureToken(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.RecipientSignatureToken);
}
public static boolean isRecipientEncryptionToken(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.RecipientEncryptionToken);
}
public static boolean isProtectTokens(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.ProtectTokens);
}
public static boolean isEncryptSignature(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.EncryptSignature);
}
public static boolean isCreated(PolicyAssertion assertion) {
if ( !isUtilityNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Created);
}
public static boolean isExpires(PolicyAssertion assertion) {
if (!isUtilityNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Expires);
}
public static boolean isSignatureToken(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.SignatureToken);
}
public static boolean isEncryptionToken(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.EncryptionToken);
}
public static boolean isProtectionToken(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.ProtectionToken);
}
public static boolean isAddress(PolicyAssertion assertion ) {
if ( !isAddressingNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Address);
}
public static boolean isAddressingMetadata(final PolicyAssertion assertion) {
if ( !PolicyUtil.isAddressingNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Metadata);
}
public static boolean isMetadata(final PolicyAssertion assertion ) {
if ( !isMEXNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Metadata);
}
public static boolean isMetadataSection(final PolicyAssertion assertion) {
if ( !isMEXNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.MetadataSection);
}
public static boolean isMetadataReference(final PolicyAssertion assertion) {
if ( !isMEXNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.MetadataReference);
}
public static boolean isRequestSecurityTokenTemplate(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.RequestSecurityTokenTemplate);
}
public static boolean isRequireExternalUriReference(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.RequireExternalUriReference);
}
public static boolean isRequireExternalReference(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.RequireExternalReference);
}
public static boolean isRequireInternalReference(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.RequireInternalReference);
}
public static boolean isEndpointReference(PolicyAssertion assertion) {
if ( !isAddressingNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.EndpointReference);
}
public static boolean isLax(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Lax);
}
public static boolean isLaxTsFirst(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.LaxTsFirst);
}
public static boolean isLaxTsLast(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.LaxTsLast);
}
public static boolean isStrict(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Strict);
}
public static boolean isKeyType(PolicyAssertion assertion) {
if ( !isTrustNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.KeyType);
}
public static boolean isKeySize(PolicyAssertion assertion) {
if ( !isTrustNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.KeySize);
}
public static boolean isUseKey(PolicyAssertion assertion) {
if ( !isTrustNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.UseKey);
}
public static boolean isEncryption(PolicyAssertion assertion) {
if ( !isTrustNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Encryption);
}
public static boolean isProofEncryption(PolicyAssertion assertion) {
if ( !isTrustNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.ProofEncryption);
}
public static boolean isLifeTime(PolicyAssertion assertion) {
if ( !isTrustNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.Lifetime);
}
public static boolean isHeader(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.HEADER);
}
public static boolean isRequireKeyIR(PolicyAssertion assertion, SecurityPolicyVersion spVersion) {
if (!isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.RequireKeyIdentifierReference);
}
public static boolean isSignWith(PolicyAssertion assertion) {
if(!isTrustNS(assertion)){
return false;
}
return Constants.SignWith.equals(assertion.getName().getLocalPart());
}
public static boolean isEncryptWith(PolicyAssertion assertion) {
if(!isTrustNS(assertion)){
return false;
}
return Constants.EncryptWith.equals(assertion.getName().getLocalPart());
}
public static boolean isRequestType(PolicyAssertion assertion) {
if(!isTrustNS(assertion)){
return false;
}
return Constants.RequestType.equals(assertion.getName().getLocalPart());
}
public static boolean isSignatureAlgorithm(PolicyAssertion assertion) {
if(!isTrustNS(assertion)){
return false;
}
return Constants.SignatureAlgorithm.equals(assertion.getName().getLocalPart());
}
public static boolean isComputedKeyAlgorithm(PolicyAssertion assertion) {
if(!isTrustNS(assertion)){
return false;
}
return Constants.ComputedKeyAlgorithm.equals(assertion.getName().getLocalPart());
}
public static boolean isCanonicalizationAlgorithm(PolicyAssertion assertion) {
if(!isTrustNS(assertion)){
return false;
}
return Constants.CanonicalizationAlgorithm.equals(assertion.getName().getLocalPart());
}
public static boolean isEncryptionAlgorithm(PolicyAssertion assertion) {
if(!isTrustNS(assertion)){
return false;
}
return Constants.EncryptionAlgorithm.equals(assertion.getName().getLocalPart());
}
public static boolean isAuthenticationType(PolicyAssertion assertion) {
if(!isTrustNS(assertion)){
return false;
}
return Constants.AuthenticationType.equals(assertion.getName().getLocalPart());
}
public static boolean isKeyWrapAlgorithm(PolicyAssertion assertion) {
if(!Constants.TRUST13_NS.equals(assertion.getName().getNamespaceURI())){
return false;
}
return Constants.KeyWrapAlgorithm.equals(assertion.getName().getLocalPart());
}
public static boolean isSC10SecurityContextToken(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if ( !isSecurityPolicyNS(assertion, spVersion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.SC10SecurityContextToken);
}
public static boolean isConfigPolicyAssertion(PolicyAssertion assertion){
String uri = assertion.getName().getNamespaceURI();
return Constants.SUN_SECURE_CLIENT_CONVERSATION_POLICY_NS.equals(uri) || Constants.SUN_TRUST_CLIENT_SECURITY_POLICY_NS.equals(uri) ||
Constants.SUN_SECURE_SERVER_CONVERSATION_POLICY_NS.equals(uri) || Constants.SUN_TRUST_SERVER_SECURITY_POLICY_NS.equals(uri) ||
Constants.SUN_WSS_SECURITY_CLIENT_POLICY_NS.equals(uri) || Constants.SUN_WSS_SECURITY_SERVER_POLICY_NS.equals(uri);
}
public static boolean isTrustTokenType(PolicyAssertion assertion) {
if(!isTrustNS(assertion)){
return false;
}
return Constants.TokenType.equals(assertion.getName().getLocalPart());
}
public static boolean isPortType(PolicyAssertion assertion) {
if ( !isAddressingNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.PortType);
}
public static boolean isReferenceParameters(PolicyAssertion assertion) {
if ( !isAddressingNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.ReferenceParameters);
}
public static boolean isReferenceProperties(PolicyAssertion assertion) {
if ( !isAddressingNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.ReferenceProperties);
}
public static boolean isServiceName(PolicyAssertion assertion) {
if ( !isAddressingNS(assertion)) {
return false;
}
return assertion.getName().getLocalPart().equals(Constants.ServiceName);
}
public static boolean isRequiredElements(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if(isSecurityPolicyNS(assertion, spVersion)){
return false;
}
return assertion.getName().getLocalPart().equals(Constants.RequiredElements);
}
public static boolean isClaimsElement(PolicyAssertion assertion){
if(!isTrustNS(assertion)){
return false;
}
return Constants.Claims.equals(assertion.getName().getLocalPart());
}
public static boolean isEntropyElement(PolicyAssertion assertion){
if(!isTrustNS(assertion)){
return false;
}
return Constants.Entropy.equals(assertion.getName().getLocalPart());
}
public static boolean hasPassword(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if(!isSecurityPolicyNS(assertion, spVersion)){
return false;
}
return assertion.getName().getLocalPart().equals(Constants.NoPassword);
}
public static boolean isHashPassword(PolicyAssertion assertion, SecurityPolicyVersion spVersion){
if(!isSecurityPolicyNS(assertion, spVersion)){
return false;
}
return assertion.getName().getLocalPart().equals(Constants.HashPassword) &&
assertion.getName().getNamespaceURI().equals(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri);
}
public static String randomUUID() {
UUID uid = UUID.randomUUID();
return "uuid_" + uid;
}
public static byte[] policyAssertionToBytes(final PolicyAssertion token){
try{
ByteArrayOutputStream baos = new ByteArrayOutputStream();
XMLOutputFactory xof = XMLOutputFactory.newInstance();
XMLStreamWriter writer = xof.createXMLStreamWriter(baos);
AssertionSet set = AssertionSet.createAssertionSet(List.of(token));
Policy policy = Policy.createPolicy(List.of(set));
PolicySourceModel sourceModel = ModelGenerator.getGenerator().translate(policy);
PolicyModelMarshaller pm = PolicyModelMarshaller.getXmlMarshaller(true);
pm.marshal(sourceModel, writer);
writer.close();
return baos.toByteArray();
}catch (Exception e){
throw new WebServiceException(e);
}
}
public static Document policyAssertionToDoc(final PolicyAssertion token){
try{
byte[] byteArray = policyAssertionToBytes(token);
DocumentBuilderFactory dbf = WSITXMLFactory.createDocumentBuilderFactory(WSITXMLFactory.DISABLE_SECURE_PROCESSING);
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
return db.parse(new ByteArrayInputStream(byteArray));
}catch (Exception e){
throw new WebServiceException(e);
}
}
public static SecurityPolicyVersion getSecurityPolicyVersion(String nsUri) {
SecurityPolicyVersion spVersion= null;
if(SecurityPolicyVersion.SECURITYPOLICY200507.namespaceUri.equals(nsUri)){
spVersion = SecurityPolicyVersion.SECURITYPOLICY200507;
} else if(SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri.equals(nsUri)){
spVersion = SecurityPolicyVersion.SECURITYPOLICY12NS;
} else if (SecurityPolicyVersion.SECURITYPOLICY200512.namespaceUri.equals(nsUri)) {
spVersion = SecurityPolicyVersion.SECURITYPOLICY200512;
}else if (SecurityPolicyVersion.MS_SECURITYPOLICY200507.namespaceUri.equals(nsUri)) {
spVersion = SecurityPolicyVersion.MS_SECURITYPOLICY200507;
}
return spVersion;
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy