1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.stax.assertionStates;
20
21 import org.apache.wss4j.policy.AssertionState;
22 import org.apache.wss4j.common.WSSPolicyException;
23 import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
24 import org.apache.wss4j.policy.model.EncryptedElements;
25 import org.apache.wss4j.policy.model.XPath;
26 import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent;
27 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
28 import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
29 import org.apache.wss4j.policy.stax.Assertable;
30 import org.apache.wss4j.policy.stax.DummyPolicyAsserter;
31 import org.apache.wss4j.policy.stax.PolicyAsserter;
32 import org.apache.wss4j.policy.stax.PolicyUtils;
33 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
34 import org.apache.wss4j.stax.utils.WSSUtils;
35
36 import javax.xml.namespace.QName;
37
38 import java.util.ArrayList;
39 import java.util.Iterator;
40 import java.util.List;
41
42
43
44
45 public class EncryptedElementsAssertionState extends AssertionState implements Assertable {
46
47 private final List<List<QName>> pathElements = new ArrayList<>();
48 private PolicyAsserter policyAsserter;
49
50 public EncryptedElementsAssertionState(AbstractSecurityAssertion assertion,
51 PolicyAsserter policyAsserter,
52 boolean asserted) {
53 super(assertion, asserted);
54
55 EncryptedElements encryptedElements = (EncryptedElements) assertion;
56 for (int i = 0; i < encryptedElements.getXPaths().size(); i++) {
57 XPath xPath = encryptedElements.getXPaths().get(i);
58 List<QName> elements = PolicyUtils.getElementPath(xPath);
59 pathElements.add(elements);
60 }
61
62 this.policyAsserter = policyAsserter;
63 if (this.policyAsserter == null) {
64 this.policyAsserter = new DummyPolicyAsserter();
65 }
66
67 if (asserted) {
68 policyAsserter.assertPolicy(getAssertion());
69 }
70 }
71
72 @Override
73 public SecurityEventConstants.Event[] getSecurityEventType() {
74 return new SecurityEventConstants.Event[]{
75 WSSecurityEventConstants.EncryptedElement,
76 WSSecurityEventConstants.ENCRYPTED_PART
77 };
78 }
79
80 @Override
81 public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
82 AbstractSecuredElementSecurityEvent encryptedElementSecurityEvent =
83 (AbstractSecuredElementSecurityEvent) securityEvent;
84
85 Iterator<List<QName>> pathElementIterator = pathElements.iterator();
86 while (pathElementIterator.hasNext()) {
87 List<QName> pathElements = pathElementIterator.next();
88 if (WSSUtils.pathMatches(pathElements, encryptedElementSecurityEvent.getElementPath())) {
89 if (encryptedElementSecurityEvent.isEncrypted()) {
90 setAsserted(true);
91 policyAsserter.assertPolicy(getAssertion());
92 return true;
93 } else {
94
95 setAsserted(false);
96 setErrorMessage("Element " + WSSUtils.pathAsString(encryptedElementSecurityEvent.getElementPath())
97 + " must be encrypted");
98 policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
99 return false;
100 }
101 }
102 }
103
104 policyAsserter.assertPolicy(getAssertion());
105 return true;
106 }
107 }