Constructor Detail

• RampartUtil

  public RampartUtil()

Method Detail

• getPasswordCB

  public static CallbackHandler getPasswordCB(RampartMessageData rmd)
                                       throws RampartException

  Throws:

  RampartException

• getPasswordCB

  public static CallbackHandler getPasswordCB(org.apache.axis2.context.MessageContext msgContext,
                              RampartPolicyData rpd)
                                       throws RampartException

  Parameters:

  msgContext -

  rpd -

  Returns:

  The CallbackHandler instance

  Throws:

  RampartException

• getPolicyValidatorCB

  public static PolicyValidatorCallbackHandler getPolicyValidatorCB(org.apache.axis2.context.MessageContext msgContext,
                                                    RampartPolicyData rpd)
                                                             throws RampartException

  Returns an instance of PolicyValidatorCallbackHandler to be used to validate ws-security results.

  Parameters:

  msgContext - MessageContext

  rpd - RampartPolicyData

  Returns:

  PolicyValidatorCallbackHandler

  Throws:

  RampartException - RampartException

• getRampartConfigCallbackHandler

  public static RampartConfigCallbackHandler getRampartConfigCallbackHandler(org.apache.axis2.context.MessageContext msgContext,
                                                             RampartPolicyData rpd)
                                                                      throws RampartException

  Throws:

  RampartException

• performCallback

  public static org.apache.ws.security.WSPasswordCallback performCallback(CallbackHandler cbHandler,
                                                          String username,
                                                          int doAction)
                                                                   throws RampartException

  Perform a callback to get a password.

  The called back function gets an indication why to provide a password: to produce a UsernameToken, Signature, or a password (key) for a given name.

  Throws:

  RampartException

• getEncryptionCrypto

  public static org.apache.ws.security.components.crypto.Crypto getEncryptionCrypto(RampartConfig config,
                                                                    ClassLoader loader)
                                                                             throws RampartException

  Create the Crypto instance for encryption using information from the rampart configuration assertion

  Parameters:

  config -

  Returns:

  The Crypto instance to be used for encryption

  Throws:

  RampartException

• getSignatureCrypto

  public static org.apache.ws.security.components.crypto.Crypto getSignatureCrypto(RampartConfig config,
                                                                   ClassLoader loader)
                                                                            throws RampartException

  Create the Crypto instance for signature using information from the rampart configuration assertion

  Parameters:

  config -

  Returns:

  The Crypto instance to be used for signature

  Throws:

  RampartException

• getKeyIdentifier

  public static int getKeyIdentifier(X509Token token)
                              throws RampartException

  figureout the key identifier of a give X509Token

  Parameters:

  token -

  Returns:

  The key identifier of a give X509Token

  Throws:

  RampartException

• processIssuerAddress

  public static String processIssuerAddress(org.apache.axiom.om.OMElement issuerAddress)
                                     throws RampartException

  Process a give issuer address element and return the address.

  Parameters:

  issuerAddress -

  Returns:

  The address of an issuer address element

  Throws:

  RampartException - If the issuer address element is malformed.

• getPolicyFromMetadataRef

  public static org.apache.neethi.Policy getPolicyFromMetadataRef(org.apache.axiom.om.OMElement mex)
                                                           throws RampartException

  Retrieve policy using metadata reference

   <wsa:Metadata xmlns:wsa="http://www.w3.org/2005/08/addressing">
    <mex:Metadata
         xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
             <mex:MetadataSection>
                    <mex:MetadataReference>
                        <wsa:Address>http://address/of/mex/service</wsa:Address>
                    </mex:MetadataReference>
             </mex:MetadataSection>
    </mex:Metadata>
   </wsa:Metadata>

  Parameters:

  mex - Metadata element

  Returns:

  Policy from the mex service

  Throws:

  RampartException

• addRampartConfig

  public static org.apache.neethi.Policy addRampartConfig(RampartMessageData rmd,
                                          org.apache.neethi.Policy policy)

• createRSTTempalteForSCT

  public static org.apache.axiom.om.OMElement createRSTTempalteForSCT(int conversationVersion,
                                                      int wstVersion)
                                                               throws RampartException

  Throws:

  RampartException

• getTimeToLive

  public static int getTimeToLive(RampartMessageData messageData)

• getTimestampMaxSkew

  public static int getTimestampMaxSkew(RampartMessageData messageData)

• getSecConvToken

  public static String getSecConvToken(RampartMessageData rmd,
                       SecureConversationToken secConvTok)
                                throws TrustException,
                                       RampartException

  Obtain a security context token.

  Parameters:

  rmd -

  secConvTok -

  Returns:

  Return the SecurityContextidentifier of the token

  Throws:

  TrustException

  RampartException

• getIssuedToken

  public static String getIssuedToken(RampartMessageData rmd,
                      IssuedToken issuedToken)
                               throws RampartException

  Obtain an issued token.

  Parameters:

  rmd -

  issuedToken -

  Returns:

  The identifier of the issued token

  Throws:

  RampartException

• getToken

  public static String getToken(RampartMessageData rmd,
                org.apache.axiom.om.OMElement rstTemplate,
                String issuerEpr,
                String action,
                org.apache.neethi.Policy issuerPolicy)
                         throws RampartException

  Request a token.

  Parameters:

  rmd -

  rstTemplate -

  issuerEpr -

  action -

  issuerPolicy -

  Returns:

  Return the identifier of the obtained token

  Throws:

  RampartException

• getSoapBodyId

  public static String getSoapBodyId(org.apache.axiom.soap.SOAPEnvelope env)

• addWsuIdToElement

  public static String addWsuIdToElement(org.apache.axiom.om.OMElement elem)

• adoptNode

  public static Node adoptNode(Document targetDocument,
               Node node)

  Change the owner document of the given node. The method first attempts to move the node using Document.adoptNode(Node). If that fails, it will import the node into the target document using Document.importNode(Node, boolean).

  Parameters:

  targetDocument - the target document

  node - the node to adopt or import

  Returns:

  the adopted or imported node

• appendChildToSecHeader

  public static Element appendChildToSecHeader(RampartMessageData rmd,
                               org.apache.axiom.om.OMElement elem)

• appendChildToSecHeader

  public static Element appendChildToSecHeader(RampartMessageData rmd,
                               Element elem)

• insertSiblingAfter

  public static Element insertSiblingAfter(RampartMessageData rmd,
                           Element child,
                           Element sibling)

• insertSiblingBefore

  public static Element insertSiblingBefore(RampartMessageData rmd,
                            Element child,
                            Element sibling)

• getEncryptedParts

  public static List<org.apache.ws.security.WSEncryptionPart> getEncryptedParts(RampartMessageData rmd)

• getSignedParts

  public static List<org.apache.ws.security.WSEncryptionPart> getSignedParts(RampartMessageData rmd)

• getSupportingEncryptedParts

  public static List<org.apache.ws.security.WSEncryptionPart> getSupportingEncryptedParts(RampartMessageData rmd,
                                                                          SupportingPolicyData rpd)

• getSupportingSignedParts

  public static List<org.apache.ws.security.WSEncryptionPart> getSupportingSignedParts(RampartMessageData rmd,
                                                                       SupportingPolicyData rpd)

• findAllPrefixNamespaces

  public static Set findAllPrefixNamespaces(org.apache.axiom.om.OMElement currentElement,
                            HashMap decNamespacess)

• getContentEncryptedElements

  public static List<org.apache.ws.security.WSEncryptionPart> getContentEncryptedElements(List<org.apache.ws.security.WSEncryptionPart> encryptedPartsElements,
                                                                          org.apache.axiom.soap.SOAPEnvelope envelope,
                                                                          List<String> elements,
                                                                          HashMap decNamespaces)

• createEncryptionPart

  public static org.apache.ws.security.WSEncryptionPart createEncryptionPart(String name,
                                                             String id)

  Creates an Encryption or Signature paert with given name and id. Name must not be null.

  Parameters:

  name - The name of the part

  id - The id of the part.

  Returns:

  WSEncryptionPart.

• createEncryptionPart

  public static org.apache.ws.security.WSEncryptionPart createEncryptionPart(String name,
                                                             String id,
                                                             String namespace,
                                                             String modifier)

  Creates an encryption part. Could be a part or could be an element pointed through xpath expression.

  Parameters:

  name - Name of the element.

  id - The id of the element

  namespace - Namespace of the element.

  modifier - Modifier "Content" or "Element"

  Returns:

  A WSEncryptionPart

• createEncryptionPart

  public static org.apache.ws.security.WSEncryptionPart createEncryptionPart(String name,
                                                             String id,
                                                             String namespace,
                                                             String modifier,
                                                             String xPath)

  Creates an encryption part. Could be a part or could be an element pointed through xpath expression.

  Parameters:

  name - Name of the element.

  id - The id of the element

  namespace - Namespace of the element.

  modifier - Modifier "Content" or "Element"

  xPath - The xPath expression

  Returns:

  A WSEncryptionPart

• getPartsAndElements

  public static List<org.apache.ws.security.WSEncryptionPart> getPartsAndElements(boolean sign,
                                                                  org.apache.axiom.soap.SOAPEnvelope envelope,
                                                                  boolean includeBody,
                                                                  List<org.apache.ws.security.WSEncryptionPart> parts,
                                                                  List<String> elements,
                                                                  HashMap decNamespaces)

• checkRequiredElements

  public static boolean checkRequiredElements(org.apache.axiom.soap.SOAPEnvelope envelope,
                              HashMap decNamespaces,
                              String expression)

  Get a element for SOAP

  Parameters:

  envelope - SOAP Envelope of which we should check required elements

  decNamespaces - Declared namespaces in RequiredElements assertion

  expression - XPATH expression of required elements

  Returns:

• getEncryptionKeyGenerator

  public static KeyGenerator getEncryptionKeyGenerator(String symEncrAlgo)
                                                throws org.apache.ws.security.WSSecurityException

  Throws:

  org.apache.ws.security.WSSecurityException

• getContextIdentifierKey

  public static String getContextIdentifierKey(org.apache.axis2.context.MessageContext msgContext)

  Creates the unique (reproducible) id for to hold the context identifier of the message exchange.

  Returns:

  Id to hold the context identifier in the message context

• getContextMap

  public static Hashtable getContextMap(org.apache.axis2.context.MessageContext msgContext)

  Returns the map of security context token identifiers

  Returns:

  the map of security context token identifiers

• isTokenValid

  public static boolean isTokenValid(RampartMessageData rmd,
                     String id)
                              throws RampartException

  Throws:

  RampartException

• setEncryptionUser

  public static void setEncryptionUser(RampartMessageData rmd,
                       org.apache.ws.security.message.WSSecEncryptedKey encrKeyBuilder)
                                throws RampartException

  Throws:

  RampartException

• setEncryptionUser

  public static void setEncryptionUser(RampartMessageData rmd,
                       org.apache.ws.security.message.WSSecEncryptedKey encrKeyBuilder,
                       String encrUser)
                                throws RampartException

  Throws:

  RampartException

• setKeyIdentifierType

  public static void setKeyIdentifierType(RampartMessageData rmd,
                          org.apache.ws.security.message.WSSecBase secBase,
                          Token token)

  Sets the keyIdentifierType of WSSecSignature or WSSecEncryptedKey according to the given Token and RampartPolicyData First check the requirements specified under Token Assertion and if not found check the WSS11 and WSS10 assertions

• getUsername

  public static String getUsername(List<org.apache.ws.security.handler.WSHandlerResult> results)

  Scan through WSHandlerResult list for a Username token and return the username if a Username Token found

  Parameters:

  results -

  Returns:

• getRequestEncryptedKeyId

  public static String getRequestEncryptedKeyId(List<org.apache.ws.security.handler.WSHandlerResult> results)

• getRequestEncryptedKeyValue

  public static byte[] getRequestEncryptedKeyValue(List<org.apache.ws.security.handler.WSHandlerResult> results)

• insertSiblingAfterOrPrepend

  public static Element insertSiblingAfterOrPrepend(RampartMessageData rmd,
                                    Element child,
                                    Element elem)

  If the child is present insert the element as a sibling after him. If the child is null, then prepend the element.

  Parameters:

  rmd -

  child -

  elem - - element mentioned above

  Returns:

• insertSiblingBeforeOrPrepend

  public static Element insertSiblingBeforeOrPrepend(RampartMessageData rmd,
                                     Element child,
                                     Element elem)

• isSecHeaderRequired

  public static boolean isSecHeaderRequired(RampartPolicyData rpd,
                            boolean initiator,
                            boolean inflow)

  Method to check whether security header is required in incoming message

  Parameters:

  rpd -

  Returns:

  true if a security header is required in the incoming message

• handleEncryptedSignedHeaders

  public static void handleEncryptedSignedHeaders(List<org.apache.ws.security.WSEncryptionPart> encryptedParts,
                                  List<org.apache.ws.security.WSEncryptionPart> signedParts,
                                  Document doc)

• getSigElementId

  public static String getSigElementId(RampartMessageData rmd)

• getWSSConfigInstance

  public static org.apache.ws.security.WSSConfig getWSSConfigInstance()

  We use this method to prevent the singleton behavior of WSSConfig

  Returns:

  WSSConfig object with the latest settings.

• validateTransport

  public static void validateTransport(RampartMessageData rmd)
                                throws RampartException

  Throws:

  RampartException

• getSAML10AssertionNamespace

  public static String getSAML10AssertionNamespace()

  Returns SAML10 Assertion namespace. As follows, http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID

  Returns:

  SAML10 assertion namespace.

• setEncryptionCrypto

  public static void setEncryptionCrypto(org.apache.axis2.context.MessageContext msgContext)

  Sets encryption crypto file or crypto reference key to signature crypto file or signature crypto reference.

  Parameters:

  msgContext - The message context to get signature crypto properties and encryption properties will be set to same message context.

• setDecryptionCrypto

  public static void setDecryptionCrypto(org.apache.axis2.context.MessageContext msgContext)

  Sets decryption crypto file or crypto reference key to signature crypto file or signature crypto reference.

  Parameters:

  msgContext - The message context to get signature crypto properties and decryption properties will be set to same message context.

• encryptFirst

  public static boolean encryptFirst(RampartPolicyData rpd)

  Returns true if needed to encrypt first.

  Parameters:

  rpd - Rampart policy data

  Returns:

  true if policy says we need to encrypt first else false.

• isSecurityFault

  public static boolean isSecurityFault(org.apache.axiom.soap.SOAPFault fault)

  Check if the given SOAP fault reports a security fault.

  Parameters:

  fault - the SOAP fault; must not be null

  Returns:

  true if the fault is a security fault; false otherwise

• getUsernameTokens

  public static Collection<UsernameToken> getUsernameTokens(RampartPolicyData rpd)

  Parameters:

  rpd - Rampart policy data instance. Must not be null.

  Returns:

  A collection of all UsernameToken supporting token assertions in the specified Rampart policy instance. The method will check the following lists:

  • RampartPolicyData.getSupportingTokensList()
  • RampartPolicyData.getSignedSupportingTokens()
  • RampartPolicyData.getSignedEndorsingSupportingTokens()
  • RampartPolicyData.getEndorsingSupportingTokens()
  • RampartPolicyData.getEncryptedSupportingTokens()
  • RampartPolicyData.getSignedEncryptedSupportingTokens()
  • RampartPolicyData.getEndorsingEncryptedSupportingTokens()
  • RampartPolicyData.getSignedEndorsingEncryptedSupportingTokens()

• getUsernameTokens

  public static Collection<UsernameToken> getUsernameTokens(SupportingToken suppTok)

  Parameters:

  suppTok - The SupportingToken assertion to check for username tokens.

  Returns:

  A collection of all tokens in the specified suppTok SupportingToken assertion which are instances of UsernameToken. If the specified suppTok SupportingToken assertion is null, an empty collection will be returned.