1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.impl.processor.input;
20
21 import org.apache.wss4j.binding.wss11.SignatureConfirmationType;
22 import org.apache.wss4j.common.ext.WSSecurityException;
23 import org.apache.wss4j.stax.ext.WSSConstants;
24 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
25 import org.apache.xml.security.exceptions.XMLSecurityException;
26 import org.apache.xml.security.stax.ext.AbstractInputProcessor;
27 import org.apache.xml.security.stax.ext.InputProcessorChain;
28 import org.apache.xml.security.stax.ext.stax.XMLSecEndElement;
29 import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
30 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
31 import org.apache.xml.security.stax.securityEvent.SignatureValueSecurityEvent;
32
33 import javax.xml.stream.XMLStreamConstants;
34 import javax.xml.stream.XMLStreamException;
35 import java.util.Arrays;
36 import java.util.List;
37
38 public class SignatureConfirmationInputProcessor extends AbstractInputProcessor {
39
40 public SignatureConfirmationInputProcessor(WSSSecurityProperties securityProperties) {
41 super(securityProperties);
42 }
43
44 @Override
45 public XMLSecEvent processHeaderEvent(InputProcessorChain inputProcessorChain)
46 throws XMLStreamException, XMLSecurityException {
47
48 XMLSecEvent xmlSecEvent = inputProcessorChain.processHeaderEvent();
49 if (xmlSecEvent.getEventType() == XMLStreamConstants.END_ELEMENT) {
50 XMLSecEndElement xmlSecEndElement = xmlSecEvent.asEndElement();
51 if (xmlSecEndElement.getName().equals(WSSConstants.TAG_WSSE_SECURITY)) {
52 inputProcessorChain.removeProcessor(this);
53
54 List<SignatureValueSecurityEvent> signatureValueSecurityEventList =
55 inputProcessorChain.getSecurityContext().getAsList(SecurityEvent.class);
56 List<SignatureConfirmationType> signatureConfirmationTypeList =
57 inputProcessorChain.getSecurityContext().getAsList(SignatureConfirmationType.class);
58
59
60 if (signatureValueSecurityEventList == null || signatureValueSecurityEventList.isEmpty()) {
61 if (signatureConfirmationTypeList == null || signatureConfirmationTypeList.size() != 1) {
62 throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
63 } else if (signatureConfirmationTypeList.get(0).getValue() != null) {
64 throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
65 }
66 }
67
68 if (signatureConfirmationTypeList == null) {
69 throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
70 }
71
72 if (signatureValueSecurityEventList != null) {
73 for (int i = 0; i < signatureValueSecurityEventList.size(); i++) {
74 SignatureValueSecurityEvent signatureValueSecurityEvent = signatureValueSecurityEventList.get(i);
75 byte[] signatureValue = signatureValueSecurityEvent.getSignatureValue();
76
77 boolean found = false;
78
79 for (int j = 0; j < signatureConfirmationTypeList.size(); j++) {
80 SignatureConfirmationType signatureConfirmationType = signatureConfirmationTypeList.get(j);
81 byte[] sigConfValue = signatureConfirmationType.getValue();
82 if (Arrays.equals(signatureValue, sigConfValue)) {
83 found = true;
84 }
85 }
86
87 if (!found) {
88 throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
89 }
90 }
91 }
92 }
93 }
94 return xmlSecEvent;
95 }
96
97 @Override
98 public XMLSecEvent processEvent(InputProcessorChain inputProcessorChain)
99 throws XMLStreamException, XMLSecurityException {
100
101 return null;
102 }
103 }