View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.stax.impl.processor.input;
20  
21  import org.apache.wss4j.binding.wss11.SignatureConfirmationType;
22  import org.apache.wss4j.common.ext.WSSecurityException;
23  import org.apache.wss4j.stax.ext.WSSConstants;
24  import org.apache.wss4j.stax.ext.WSSSecurityProperties;
25  import org.apache.xml.security.exceptions.XMLSecurityException;
26  import org.apache.xml.security.stax.ext.AbstractInputProcessor;
27  import org.apache.xml.security.stax.ext.InputProcessorChain;
28  import org.apache.xml.security.stax.ext.stax.XMLSecEndElement;
29  import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
30  import org.apache.xml.security.stax.securityEvent.SecurityEvent;
31  import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
32  
33  import javax.xml.stream.XMLStreamConstants;
34  import javax.xml.stream.XMLStreamException;
35  import java.util.Arrays;
36  import java.util.List;
37  
38  public class SignatureConfirmationInputProcessor extends AbstractInputProcessor {
39  
40      public SignatureConfirmationInputProcessor(WSSSecurityProperties securityProperties) {
41          super(securityProperties);
42      }
43  
44      @Override
45      public XMLSecEvent processHeaderEvent(InputProcessorChain inputProcessorChain)
46              throws XMLStreamException, XMLSecurityException {
47  
48          XMLSecEvent xmlSecEvent = inputProcessorChain.processHeaderEvent();
49          if (xmlSecEvent.getEventType() == XMLStreamConstants.END_ELEMENT) {
50              XMLSecEndElement xmlSecEndElement = xmlSecEvent.asEndElement();
51              if (xmlSecEndElement.getName().equals(WSSConstants.TAG_WSSE_SECURITY)) {
52                  inputProcessorChain.removeProcessor(this);
53  
54                  List<SignatureValueSecurityEvent> signatureValueSecurityEventList =
55                          inputProcessorChain.getSecurityContext().getAsList(SecurityEvent.class);
56                  List<SignatureConfirmationType> signatureConfirmationTypeList =
57                          inputProcessorChain.getSecurityContext().getAsList(SignatureConfirmationType.class);
58  
59                  //when no signature was sent, we expect an empty SignatureConfirmation in the response
60                  if (signatureValueSecurityEventList == null || signatureValueSecurityEventList.isEmpty()) {
61                      if (signatureConfirmationTypeList == null || signatureConfirmationTypeList.size() != 1) {
62                          throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
63                      } else if (signatureConfirmationTypeList.get(0).getValue() != null) {
64                          throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
65                      }
66                  }
67  
68                  if (signatureConfirmationTypeList == null) {
69                      throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
70                  }
71  
72                  if (signatureValueSecurityEventList != null) {
73                      for (int i = 0; i < signatureValueSecurityEventList.size(); i++) {
74                          SignatureValueSecurityEvent signatureValueSecurityEvent = signatureValueSecurityEventList.get(i);
75                          byte[] signatureValue = signatureValueSecurityEvent.getSignatureValue();
76  
77                          boolean found = false;
78  
79                          for (int j = 0; j < signatureConfirmationTypeList.size(); j++) {
80                              SignatureConfirmationType signatureConfirmationType = signatureConfirmationTypeList.get(j);
81                              byte[] sigConfValue = signatureConfirmationType.getValue();
82                              if (Arrays.equals(signatureValue, sigConfValue)) {
83                                  found = true;
84                              }
85                          }
86  
87                          if (!found) {
88                              throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
89                          }
90                      }
91                  }
92              }
93          }
94          return xmlSecEvent;
95      }
96  
97      @Override
98      public XMLSecEvent processEvent(InputProcessorChain inputProcessorChain)
99              throws XMLStreamException, XMLSecurityException {
100         //should never be called
101         return null;
102     }
103 }