1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.stax.assertionStates;
20
21 import org.apache.wss4j.policy.AssertionState;
22 import org.apache.wss4j.common.WSSPolicyException;
23 import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
24 import org.apache.wss4j.policy.model.SignedElements;
25 import org.apache.wss4j.policy.model.XPath;
26 import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent;
27 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
28 import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
29 import org.apache.wss4j.policy.stax.Assertable;
30 import org.apache.wss4j.policy.stax.DummyPolicyAsserter;
31 import org.apache.wss4j.policy.stax.PolicyAsserter;
32 import org.apache.wss4j.policy.stax.PolicyUtils;
33 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
34 import org.apache.wss4j.stax.utils.WSSUtils;
35
36 import javax.xml.namespace.QName;
37
38 import java.util.ArrayList;
39 import java.util.Iterator;
40 import java.util.List;
41
42
43
44
45 public class SignedElementsAssertionState extends AssertionState implements Assertable {
46
47 private final List<List<QName>> pathElements = new ArrayList<>();
48 private PolicyAsserter policyAsserter;
49
50 public SignedElementsAssertionState(AbstractSecurityAssertion assertion,
51 PolicyAsserter policyAsserter,
52 boolean asserted) {
53 super(assertion, asserted);
54
55 if (assertion instanceof SignedElements) {
56 SignedElements signedElements = (SignedElements) assertion;
57 for (int i = 0; i < signedElements.getXPaths().size(); i++) {
58 XPath xPath = signedElements.getXPaths().get(i);
59 List<QName> elements = PolicyUtils.getElementPath(xPath);
60 pathElements.add(elements);
61 }
62 }
63
64 this.policyAsserter = policyAsserter;
65 if (this.policyAsserter == null) {
66 this.policyAsserter = new DummyPolicyAsserter();
67 }
68
69 if (asserted) {
70 policyAsserter.assertPolicy(getAssertion());
71 }
72 }
73
74 @Override
75 public SecurityEventConstants.Event[] getSecurityEventType() {
76 return new SecurityEventConstants.Event[]{
77 SecurityEventConstants.SignedElement,
78 WSSecurityEventConstants.SIGNED_PART
79 };
80 }
81
82 public void addElement(List<QName> pathElement) {
83 this.pathElements.add(pathElement);
84 }
85
86 @Override
87 public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
88 AbstractSecuredElementSecurityEvent signedSecurityEvent = (AbstractSecuredElementSecurityEvent) securityEvent;
89
90 Iterator<List<QName>> pathElementIterator = pathElements.iterator();
91 while (pathElementIterator.hasNext()) {
92 List<QName> pathElements = pathElementIterator.next();
93 if (WSSUtils.pathMatches(pathElements, signedSecurityEvent.getElementPath())) {
94 if (signedSecurityEvent.isSigned()) {
95 setAsserted(true);
96 policyAsserter.assertPolicy(getAssertion());
97 return true;
98 } else {
99
100 setAsserted(false);
101 setErrorMessage("Element " + WSSUtils.pathAsString(signedSecurityEvent.getElementPath()) + " must be signed");
102 policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
103 return false;
104 }
105 }
106 }
107
108 policyAsserter.assertPolicy(getAssertion());
109 return true;
110 }
111 }