PolicyBasedResultsValidator (Apache Rampart)

java.lang.Object
- org.apache.rampart.PolicyBasedResultsValidator

All Implemented Interfaces:: ExtendedPolicyValidatorCallbackHandler, PolicyValidatorCallbackHandler

public class PolicyBasedResultsValidator
extends Object
implements ExtendedPolicyValidatorCallbackHandler

Constructor Summary

Constructors
Constructor and Description

PolicyBasedResultsValidator()

Constructors
Constructor and Description
`PolicyBasedResultsValidator()`

Method Summary

Methods
Modifier and Type	Method and Description
`static org.apache.ws.security.WSSecurityEngineResult[]`	`fetchActionResults(List<org.apache.ws.security.WSSecurityEngineResult> wsSecurityEngineResults, int action)`
`protected ArrayList`	`getEncryptedReferences(List<org.apache.ws.security.WSSecurityEngineResult> results)`
`protected List<org.apache.ws.security.WSSecurityEngineResult>`	`getResults(List<org.apache.ws.security.WSSecurityEngineResult> results, int action)`
`protected List<Integer>`	`getSigEncrActions(List<org.apache.ws.security.WSSecurityEngineResult> results)`
`protected void`	`handleSupportingTokens(List<org.apache.ws.security.WSSecurityEngineResult> results, SupportingToken suppTok)`
`protected boolean`	`isCertificateInKeyStore(org.apache.ws.security.components.crypto.Crypto crypto, X509Certificate cert)` Check to see if the certificate argument is in the keystore TODO Directly copied from WSS4J (SignatureTrustValidator) - Optimize later
`protected boolean`	`isCertificateTrusted(X509Certificate cert, org.apache.ws.security.components.crypto.Crypto crypto)` TODO - This is directly copied from WSS4J (SignatureTrustValidator).
`protected boolean`	`isSignatureRequired(RampartMessageData rmd)`
`protected boolean`	`isUsernameTokenPresent(SupportingToken suppTok)`
`protected boolean`	`isUsernameTokenPresent(ValidatorData data)`
`void`	`validate(ValidatorData data, List<org.apache.ws.security.WSSecurityEngineResult> results)` Validate policy based results.
`void`	`validate(ValidatorData data, Vector results)` Validate policy based results.
`protected void`	`validateEncrSig(ValidatorData data, List<org.apache.ws.security.WSEncryptionPart> encryptedParts, List<org.apache.ws.security.WSEncryptionPart> signatureParts, List<org.apache.ws.security.WSSecurityEngineResult> results)`
`protected void`	`validateEncryptedParts(ValidatorData data, List<org.apache.ws.security.WSEncryptionPart> encryptedParts, List<org.apache.ws.security.WSSecurityEngineResult> results)`
`protected void`	`validateProtectionOrder(ValidatorData data, List<org.apache.ws.security.WSSecurityEngineResult> results)`
`void`	`validateRequiredElements(ValidatorData data)`
`protected void`	`validateSignedPartsHeaders(ValidatorData data, List<org.apache.ws.security.WSEncryptionPart> signatureParts, List<org.apache.ws.security.WSSecurityEngineResult> results)`
`protected void`	`validateSupportingTokens(ValidatorData data, List<org.apache.ws.security.WSSecurityEngineResult> results)`
`protected boolean`	`verifyTimestamp(org.apache.ws.security.message.token.Timestamp timestamp, RampartMessageData rmd)`
`protected boolean`	`verifyTrust(X509Certificate cert, RampartMessageData rmd)` Evaluate whether a given certificate should be trusted.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- PolicyBasedResultsValidator
```
public PolicyBasedResultsValidator()
```

Method Detail

validate
```
public void validate(ValidatorData data,
            Vector results)
              throws RampartException
```
Description copied from interface: PolicyValidatorCallbackHandler

Validate policy based results.

Specified by:

validate in interface PolicyValidatorCallbackHandler

Parameters:
data - validator data
results - policy based ws-security results

Throws:

RampartException - Rampart exception

validate
```
public void validate(ValidatorData data,
            List<org.apache.ws.security.WSSecurityEngineResult> results)
              throws RampartException
```
Validate policy based results.

Specified by:

validate in interface ExtendedPolicyValidatorCallbackHandler

Parameters:
data - validator data
results - policy based ws-security results

Throws:

RampartException - Rampart exception

validateEncrSig

protected void validateEncrSig(ValidatorData data,
                   List<org.apache.ws.security.WSEncryptionPart> encryptedParts,
                   List<org.apache.ws.security.WSEncryptionPart> signatureParts,
                   List<org.apache.ws.security.WSSecurityEngineResult> results)
                        throws RampartException

Parameters:: encryptedParts -; signatureParts -
Throws:: RampartException

validateSupportingTokens

protected void validateSupportingTokens(ValidatorData data,
                            List<org.apache.ws.security.WSSecurityEngineResult> results)
                                 throws RampartException

Parameters:: data -; results -
Throws:: RampartException

handleSupportingTokens

protected void handleSupportingTokens(List<org.apache.ws.security.WSSecurityEngineResult> results,
                          SupportingToken suppTok)
                               throws RampartException

Parameters:: results -; suppTok -
Throws:: RampartException

validateProtectionOrder

protected void validateProtectionOrder(ValidatorData data,
                           List<org.apache.ws.security.WSSecurityEngineResult> results)
                                throws RampartException

Parameters:: data -; results -
Throws:: RampartException

getSigEncrActions

protected List<Integer> getSigEncrActions(List<org.apache.ws.security.WSSecurityEngineResult> results)

validateEncryptedParts

protected void validateEncryptedParts(ValidatorData data,
                          List<org.apache.ws.security.WSEncryptionPart> encryptedParts,
                          List<org.apache.ws.security.WSSecurityEngineResult> results)
                               throws RampartException

Throws:: RampartException

validateRequiredElements

public void validateRequiredElements(ValidatorData data)
                              throws RampartException

Throws:: RampartException

validateSignedPartsHeaders

protected void validateSignedPartsHeaders(ValidatorData data,
                              List<org.apache.ws.security.WSEncryptionPart> signatureParts,
                              List<org.apache.ws.security.WSSecurityEngineResult> results)
                                   throws RampartException

Throws:: RampartException

isSignatureRequired

protected boolean isSignatureRequired(RampartMessageData rmd)

verifyTimestamp

protected boolean verifyTimestamp(org.apache.ws.security.message.token.Timestamp timestamp,
                      RampartMessageData rmd)
                           throws RampartException

Throws:: RampartException

verifyTrust
```
protected boolean verifyTrust(X509Certificate cert,
                  RampartMessageData rmd)
                       throws RampartException
```
Evaluate whether a given certificate should be trusted. Hook to allow subclasses to implement custom validation methods however they see fit.
Policy used in this implementation: 1. Search the keystore for the transmitted certificate 2. Search the keystore for a connection to the transmitted certificate (that is, search for certificate(s) of the issuer of the transmitted certificate 3. Verify the trust path for those certificates found because the search for the issuer might be fooled by a phony DN (String!)

Parameters:
cert - the certificate that should be validated against the keystore
rmd - To get signature keystore information.

Returns:
true if the certificate is trusted, false if not (AxisFault is thrown for exceptions during CertPathValidation)

Throws:

RampartException - If an error occurred during validation.

isCertificateTrusted
```
protected boolean isCertificateTrusted(X509Certificate cert,
                           org.apache.ws.security.components.crypto.Crypto crypto)
                                throws RampartException
```
TODO - This is directly copied from WSS4J (SignatureTrustValidator). We need to use to Validators instead of following code. REFACTOR later. Evaluate whether a given certificate should be trusted. Policy used in this implementation: 1. Search the keystore for the transmitted certificate 2. Search the keystore for a connection to the transmitted certificate (that is, search for certificate(s) of the issuer of the transmitted certificate 3. Verify the trust path for those certificates found because the search for the issuer might be fooled by a phony DN (String!)

Parameters:
cert - the certificate that should be validated against the keystore
crypto - A crypto instance to use for trust validation

Returns:
true if the certificate is trusted, false if not

Throws:

RampartException - If an error occurred during validation.

isCertificateInKeyStore
```
protected boolean isCertificateInKeyStore(org.apache.ws.security.components.crypto.Crypto crypto,
                              X509Certificate cert)
                                   throws RampartException
```
Check to see if the certificate argument is in the keystore TODO Directly copied from WSS4J (SignatureTrustValidator) - Optimize later

Parameters:
crypto - A Crypto instance to use for trust validation
cert - The certificate to check

Returns:
true if cert is in the keystore

Throws:

RampartException - If certificates are not found for given issuer and serial number.

getEncryptedReferences

protected ArrayList getEncryptedReferences(List<org.apache.ws.security.WSSecurityEngineResult> results)

getResults

protected List<org.apache.ws.security.WSSecurityEngineResult> getResults(List<org.apache.ws.security.WSSecurityEngineResult> results,
                                                             int action)

isUsernameTokenPresent

protected boolean isUsernameTokenPresent(ValidatorData data)

isUsernameTokenPresent

protected boolean isUsernameTokenPresent(SupportingToken suppTok)

fetchActionResults

public static org.apache.ws.security.WSSecurityEngineResult[] fetchActionResults(List<org.apache.ws.security.WSSecurityEngineResult> wsSecurityEngineResults,
                                                                 int action)

Class PolicyBasedResultsValidator

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

PolicyBasedResultsValidator

Method Detail

validate

validate

validateEncrSig

validateSupportingTokens

handleSupportingTokens

validateProtectionOrder

getSigEncrActions

validateEncryptedParts

validateRequiredElements

validateSignedPartsHeaders

isSignatureRequired

verifyTimestamp

verifyTrust

isCertificateTrusted

isCertificateInKeyStore

getEncryptedReferences

getResults

isUsernameTokenPresent

isUsernameTokenPresent

fetchActionResults