1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.stax.assertionStates;
20
21 import javax.xml.namespace.QName;
22
23 import org.apache.wss4j.common.WSSPolicyException;
24 import org.apache.wss4j.policy.SPConstants;
25 import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
26 import org.apache.wss4j.policy.model.AbstractToken;
27 import org.apache.wss4j.policy.model.SecurityContextToken;
28 import org.apache.wss4j.policy.stax.PolicyAsserter;
29 import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
30 import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
31 import org.apache.xml.security.stax.securityToken.SecurityToken;
32 import org.apache.wss4j.stax.securityEvent.SecurityContextTokenSecurityEvent;
33 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
34
35
36
37
38
39 public class SecurityContextTokenAssertionState extends TokenAssertionState {
40
41 public SecurityContextTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted,
42 PolicyAsserter policyAsserter, boolean initiator) {
43 super(assertion, asserted, policyAsserter, initiator);
44
45 if (asserted) {
46 SecurityContextToken token = (SecurityContextToken) getAssertion();
47 String namespace = token.getName().getNamespaceURI();
48 if (token.isRequireExternalUriReference()) {
49 getPolicyAsserter().assertPolicy(new QName(namespace, SPConstants.REQUIRE_EXTERNAL_URI_REFERENCE));
50 }
51 if (token.isSc10SecurityContextToken()) {
52 getPolicyAsserter().assertPolicy(new QName(namespace, SPConstants.SC10_SECURITY_CONTEXT_TOKEN));
53 }
54 if (token.isSc13SecurityContextToken()) {
55 getPolicyAsserter().assertPolicy(new QName(namespace, SPConstants.SC13_SECURITY_CONTEXT_TOKEN));
56 }
57 }
58 }
59
60 @Override
61 public SecurityEventConstants.Event[] getSecurityEventType() {
62 return new SecurityEventConstants.Event[]{
63 WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN
64 };
65 }
66
67 @Override
68 public boolean assertToken(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent,
69 AbstractToken abstractToken) throws WSSPolicyException {
70 if (!(tokenSecurityEvent instanceof SecurityContextTokenSecurityEvent)) {
71 throw new WSSPolicyException("Expected a SecurityContextTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
72 }
73 SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = (SecurityContextTokenSecurityEvent) tokenSecurityEvent;
74 SecurityContextToken securityContextToken = (SecurityContextToken) abstractToken;
75
76 if (securityContextToken.getIssuerName() != null
77 && !securityContextToken.getIssuerName().equals(securityContextTokenSecurityEvent.getIssuerName())) {
78 setErrorMessage("IssuerName in Policy (" + securityContextToken.getIssuerName()
79 + ") didn't match with the one in the SecurityContextToken (" + securityContextTokenSecurityEvent.getIssuerName() + ")");
80 getPolicyAsserter().unassertPolicy(getAssertion(), getErrorMessage());
81 return false;
82 }
83
84 String namespace = getAssertion().getName().getNamespaceURI();
85 if (securityContextToken.isRequireExternalUriReference()) {
86 if (!securityContextTokenSecurityEvent.isExternalUriRef()) {
87 setErrorMessage("Policy enforces externalUriRef but we didn't got one");
88 getPolicyAsserter().unassertPolicy(new QName(namespace, SPConstants.REQUIRE_EXTERNAL_URI_REFERENCE),
89 getErrorMessage());
90 return false;
91 } else {
92 getPolicyAsserter().assertPolicy(new QName(namespace, SPConstants.REQUIRE_EXTERNAL_URI_REFERENCE));
93 }
94 }
95
96
97
98 if (securityContextToken.isSc10SecurityContextToken()) {
99 getPolicyAsserter().assertPolicy(new QName(namespace, SPConstants.SC10_SECURITY_CONTEXT_TOKEN));
100 }
101 if (securityContextToken.isSc13SecurityContextToken()) {
102 getPolicyAsserter().assertPolicy(new QName(namespace, SPConstants.SC13_SECURITY_CONTEXT_TOKEN));
103 }
104
105 getPolicyAsserter().assertPolicy(getAssertion());
106 return true;
107 }
108 }