Package org.apache.cxf.ws.security.wss4j.policyhandlers

Class AbstractBindingBuilder

    • Field Detail

      • LOG

        protected static final Logger LOG

      • protectionOrder

        protected org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder

      • wssConfig

        protected final org.apache.wss4j.dom.engine.WSSConfig wssConfig

      • saaj

        protected javax.xml.soap.SOAPMessage saaj

      • secHeader

        protected org.apache.wss4j.dom.message.WSSecHeader secHeader

      • aim

        protected org.apache.cxf.ws.policy.AssertionInfoMap aim

      • binding

        protected org.apache.wss4j.policy.model.AbstractBinding binding

      • timestampEl

        protected org.apache.wss4j.dom.message.WSSecTimestamp timestampEl

      • mainSigId

        protected String mainSigId

      • sigConfList

        protected List<org.apache.wss4j.common.WSEncryptionPart> sigConfList

      • encryptedTokensList

        protected Set<org.apache.wss4j.common.WSEncryptionPart> encryptedTokensList

      • bottomUpElement

        protected Element bottomUpElement

      • topDownElement

        protected Element topDownElement

      • bstElement

        protected Element bstElement

      • lastEncryptedKeyElement

        protected Element lastEncryptedKeyElement

      • callbackLookup

        protected final org.apache.wss4j.dom.callback.CallbackLookup callbackLookup

      • storeBytesInAttachment

        protected boolean storeBytesInAttachment

      • wsDocInfo

        protected org.apache.wss4j.dom.WSDocInfo wsDocInfo

    • Constructor Detail

      • AbstractBindingBuilder

        public AbstractBindingBuilder​(org.apache.wss4j.dom.engine.WSSConfig config,
                              org.apache.wss4j.policy.model.AbstractBinding binding,
                              javax.xml.soap.SOAPMessage saaj,
                              org.apache.wss4j.dom.message.WSSecHeader secHeader,
                              org.apache.cxf.ws.policy.AssertionInfoMap aim,
                              org.apache.cxf.binding.soap.SoapMessage message)
                       throws javax.xml.soap.SOAPException
        Throws:
        javax.xml.soap.SOAPException

    • Method Detail

      • insertAfter

        protected void insertAfter​(Element child,
                           Element sib)

      • addDerivedKeyElement

        protected void addDerivedKeyElement​(Element el)

      • addEncryptedKeyElement

        protected void addEncryptedKeyElement​(Element el)

      • addSupportingElement

        protected void addSupportingElement​(Element el)

      • insertBeforeBottomUp

        protected void insertBeforeBottomUp​(Element el)

      • addTopDownElement

        protected void addTopDownElement​(Element el)

      • getCryptoCache

        protected final Map<Object,​org.apache.wss4j.common.crypto.Crypto> getCryptoCache()

      • createTimestamp

        protected org.apache.wss4j.dom.message.WSSecTimestamp createTimestamp()

      • handleLayout

        protected org.apache.wss4j.dom.message.WSSecTimestamp handleLayout​(org.apache.wss4j.dom.message.WSSecTimestamp timestamp)

      • reshuffleTimestamp

        protected void reshuffleTimestamp()

      • handleSupportingTokens

        protected List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> handleSupportingTokens​(org.apache.wss4j.policy.model.SupportingTokens suppTokens,
                                                                                                                              boolean endorse,
                                                                                                                              List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret)
                                                                                                                       throws org.apache.wss4j.common.ext.WSSecurityException,
                                                                                                                              javax.xml.soap.SOAPException,
                                                                                                                              TokenStoreException
        Throws:
        org.apache.wss4j.common.ext.WSSecurityException
        javax.xml.soap.SOAPException
        TokenStoreException

      • handleUsernameTokenSupportingToken

        protected void handleUsernameTokenSupportingToken​(org.apache.wss4j.policy.model.UsernameToken token,
                                                  boolean endorse,
                                                  boolean encryptedToken,
                                                  List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret)
                                           throws org.apache.wss4j.common.ext.WSSecurityException
        Throws:
        org.apache.wss4j.common.ext.WSSecurityException

      • addSignatureParts

        protected void addSignatureParts​(List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> tokenList,
                                 List<org.apache.wss4j.common.WSEncryptionPart> sigParts)

      • addUsernameToken

        protected org.apache.wss4j.dom.message.WSSecUsernameToken addUsernameToken​(org.apache.wss4j.policy.model.UsernameToken token)

      • addDKUsernameToken

        protected org.apache.wss4j.dom.message.WSSecUsernameToken addDKUsernameToken​(org.apache.wss4j.policy.model.UsernameToken token,
                                                                             byte[] salt,
                                                                             boolean useMac)

      • addSamlToken

        protected org.apache.wss4j.common.saml.SamlAssertionWrapper addSamlToken​(org.apache.wss4j.policy.model.SamlToken token)
                                                                  throws org.apache.wss4j.common.ext.WSSecurityException,
                                                                         TokenStoreException
        Throws:
        org.apache.wss4j.common.ext.WSSecurityException
        TokenStoreException

      • storeAssertionAsSecurityToken

        protected void storeAssertionAsSecurityToken​(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion)
                                      throws TokenStoreException
        Store a SAML Assertion as a SecurityToken
        Throws:
        TokenStoreException

      • findIDFromSamlToken

        protected String findIDFromSamlToken​(Element samlToken)

      • getPassword

        protected String getPassword​(String userName,
                             org.apache.neethi.Assertion info,
                             int usage)

      • addWsuIdToElement

        public String addWsuIdToElement​(Element element)
        Generates a wsu:Id attribute for the provided Element and returns the attribute value or finds and returns the value of the attribute if it already exists.
        Parameters:
        element - the Element to check/create the attribute on
        Returns:
        the generated or discovered wsu:Id attribute value

      • getEncryptedParts

        public List<org.apache.wss4j.common.WSEncryptionPart> getEncryptedParts()
                                                                 throws javax.xml.soap.SOAPException
        Throws:
        javax.xml.soap.SOAPException

      • getSignedParts

        public List<org.apache.wss4j.common.WSEncryptionPart> getSignedParts​(org.apache.wss4j.policy.model.SupportingTokens supportingToken)
                                                              throws javax.xml.soap.SOAPException
        Throws:
        javax.xml.soap.SOAPException

      • getPartsAndElements

        public List<org.apache.wss4j.common.WSEncryptionPart> getPartsAndElements​(boolean sign,
                                                                          boolean includeBody,
                                                                          List<org.apache.wss4j.common.WSEncryptionPart> parts,
                                                                          List<org.apache.wss4j.policy.model.XPath> xpaths,
                                                                          List<org.apache.wss4j.policy.model.XPath> contentXpaths)
                                                                   throws javax.xml.soap.SOAPException
        Identifies the portions of the message to be signed/encrypted.
        Parameters:
        sign - whether the matches are to be signed or encrypted
        includeBody - if the body should be included in the signature/encryption
        parts - any WSEncryptionParts to match for signature or encryption as specified by WS-SP signed parts or encrypted parts. Parts without a name match all elements with the provided namespace.
        xpaths - any XPath expressions to sign/encrypt matches
        contentXpaths - any XPath expressions to content encrypt
        Returns:
        a configured list of WSEncryptionParts suitable for processing by WSS4J
        Throws:
        javax.xml.soap.SOAPException - if there is an error extracting SOAP content from the SAAJ model

      • getParts

        protected List<org.apache.wss4j.common.WSEncryptionPart> getParts​(boolean sign,
                                                                  boolean includeBody,
                                                                  List<org.apache.wss4j.common.WSEncryptionPart> parts,
                                                                  List<Element> found)
                                                           throws javax.xml.soap.SOAPException
        Identifies the portions of the message to be signed/encrypted.
        Parameters:
        sign - whether the matches are to be signed or encrypted
        includeBody - if the body should be included in the signature/encryption
        parts - any WSEncryptionParts to match for signature or encryption as specified by WS-SP signed parts or encrypted parts. Parts without a name match all elements with the provided namespace.
        found - a list of elements that have previously been tagged for signing/encryption. Populated with additional matches found by this method and used to prevent including the same element twice under the same operation.
        Returns:
        a configured list of WSEncryptionParts suitable for processing by WSS4J
        Throws:
        javax.xml.soap.SOAPException - if there is an error extracting SOAP content from the SAAJ model

      • getElements

        protected List<org.apache.wss4j.common.WSEncryptionPart> getElements​(String encryptionModifier,
                                                                     List<org.apache.wss4j.policy.model.XPath> xpaths,
                                                                     List<Element> found,
                                                                     boolean forceId)
                                                              throws javax.xml.soap.SOAPException
        Identifies the portions of the message to be signed/encrypted.
        Parameters:
        encryptionModifier - indicates the scope of the crypto operation over matched elements. Either "Content" or "Element".
        xpaths - any XPath expressions to sign/encrypt matches
        found - a list of elements that have previously been tagged for signing/encryption. Populated with additional matches found by this method and used to prevent including the same element twice under the same operation.
        forceId - force adding a wsu:Id onto the elements. Recommended for signatures.
        Returns:
        a configured list of WSEncryptionParts suitable for processing by WSS4J
        Throws:
        javax.xml.soap.SOAPException - if there is an error extracting SOAP content from the SAAJ model

      • getEncryptedKeyBuilder

        protected org.apache.wss4j.dom.message.WSSecEncryptedKey getEncryptedKeyBuilder​(org.apache.wss4j.policy.model.AbstractToken token,
                                                                                SecretKey symmetricKey)
                                                                         throws org.apache.wss4j.common.ext.WSSecurityException
        Throws:
        org.apache.wss4j.common.ext.WSSecurityException

      • getSignatureCrypto

        public org.apache.wss4j.common.crypto.Crypto getSignatureCrypto()
                                                         throws org.apache.wss4j.common.ext.WSSecurityException
        Throws:
        org.apache.wss4j.common.ext.WSSecurityException

      • getEncryptionCrypto

        public org.apache.wss4j.common.crypto.Crypto getEncryptionCrypto()
                                                          throws org.apache.wss4j.common.ext.WSSecurityException
        Throws:
        org.apache.wss4j.common.ext.WSSecurityException

      • getCrypto

        protected org.apache.wss4j.common.crypto.Crypto getCrypto​(String cryptoKey,
                                                          String propKey)
                                                   throws org.apache.wss4j.common.ext.WSSecurityException
        Throws:
        org.apache.wss4j.common.ext.WSSecurityException

      • setKeyIdentifierType

        public void setKeyIdentifierType​(org.apache.wss4j.dom.message.WSSecBase secBase,
                                 org.apache.wss4j.policy.model.AbstractToken token)

      • setEncryptionUser

        public String setEncryptionUser​(org.apache.wss4j.dom.message.WSSecEncryptedKey encrKeyBuilder,
                                org.apache.wss4j.policy.model.AbstractToken token,
                                boolean sign,
                                org.apache.wss4j.common.crypto.Crypto crypto)

      • getUsername

        public static String getUsername​(List<org.apache.wss4j.dom.handler.WSHandlerResult> results)
        Scan through WSHandlerResult list for a Username token and return the username if a Username Token found
        Parameters:
        results -
        Returns:

      • getEncryptedKeyResult

        protected org.apache.wss4j.dom.engine.WSSecurityEngineResult getEncryptedKeyResult()

      • getSignatureBuilder

        protected org.apache.wss4j.dom.message.WSSecSignature getSignatureBuilder​(org.apache.wss4j.policy.model.AbstractToken token,
                                                                          boolean attached,
                                                                          boolean endorse)
                                                                   throws org.apache.wss4j.common.ext.WSSecurityException,
                                                                          TokenStoreException
        Throws:
        org.apache.wss4j.common.ext.WSSecurityException
        TokenStoreException

      • doEndorsedSignatures

        protected void doEndorsedSignatures​(List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> tokenList,
                                    boolean isTokenProtection,
                                    boolean isSigProtect)

      • addSupportingTokens

        protected void addSupportingTokens​(List<org.apache.wss4j.common.WSEncryptionPart> sigs)
                            throws org.apache.wss4j.common.ext.WSSecurityException
        Throws:
        org.apache.wss4j.common.ext.WSSecurityException

      • doEndorse

        protected void doEndorse()

      • addSignatureConfirmation

        protected void addSignatureConfirmation​(List<org.apache.wss4j.common.WSEncryptionPart> sigParts)

      • handleEncryptedSignedHeaders

        public void handleEncryptedSignedHeaders​(List<org.apache.wss4j.common.WSEncryptionPart> encryptedParts,
                                         List<org.apache.wss4j.common.WSEncryptionPart> signedParts)
        Processes the parts to be signed and reconfigures those parts that have already been encrypted.
        Parameters:
        encryptedParts - the parts that have been encrypted
        signedParts - the parts that are to be signed
        Throws:
        IllegalArgumentException - if an element in signedParts contains a WSEncryptionPart with a null id value and the WSEncryptionPart name value is not "Token"

      • convertToEncryptionPart

        public org.apache.wss4j.common.WSEncryptionPart convertToEncryptionPart​(Element element)
        Convert a DOM Element into a WSEncryptionPart, adding a (wsu:)Id if there is not one already.
        Parameters:
        element - The DOM Element to convert
        Returns:
        The WSEncryptionPart representing the DOM Element argument

      • addSig

        protected void addSig​(byte[] val)

      • isExpandXopInclude

        public boolean isExpandXopInclude()