View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.wss4j.dom.message;
21  
22  import org.apache.wss4j.common.WSEncryptionPart;
23  import org.apache.wss4j.common.util.XMLUtils;
24  import org.apache.wss4j.dom.WSConstants;
25  import org.apache.wss4j.dom.WSDocInfo;
26  import org.apache.wss4j.dom.WsuIdAllocator;
27  import org.apache.wss4j.dom.callback.CallbackLookup;
28  import org.apache.wss4j.dom.callback.DOMCallbackLookup;
29  import org.apache.wss4j.dom.engine.WSSConfig;
30  import org.w3c.dom.Document;
31  import org.w3c.dom.Element;
32  
33  import javax.security.auth.callback.CallbackHandler;
34  
35  import java.util.ArrayList;
36  import java.util.List;
37  
38  /**
39   * This is the base class for WS Security messages. It provides common functions
40   * and fields used by the specific message classes such as sign, encrypt, and
41   * username token.
42   */
43  public class WSSecBase {
44      protected String user;
45      protected String password;
46      protected int keyIdentifierType = WSConstants.ISSUER_SERIAL;
47      protected CallbackLookup callbackLookup;
48      protected CallbackHandler attachmentCallbackHandler;
49      protected boolean storeBytesInAttachment;
50      protected boolean expandXopInclude;
51      protected boolean addWSUNamespace;
52  
53      private WsuIdAllocator idAllocator;
54      private final List<WSEncryptionPart> parts = new ArrayList<>();
55      private final WSSecHeader securityHeader;
56      private final Document doc;
57      private WSDocInfo wsDocInfo;
58  
59      public WSSecBase(WSSecHeader securityHeader) {
60          this.securityHeader = securityHeader;
61          if (securityHeader != null && securityHeader.getSecurityHeaderElement() != null) {
62              doc = securityHeader.getSecurityHeaderElement().getOwnerDocument();
63          } else {
64              doc = null;
65          }
66  
67          // Explicitly add the WSU Namespace if we already have a different prefix
68          addWSUNamespace = securityHeader != null && securityHeader.getWsuPrefix() != null
69              && !WSConstants.WSU_PREFIX.equals(securityHeader.getWsuPrefix());
70      }
71  
72      public WSSecBase(Document doc) {
73          this.doc = doc;
74          securityHeader = new WSSecHeader(doc);
75      }
76  
77      protected Document getDocument() {
78          return doc;
79      }
80  
81      public WSSecHeader getSecurityHeader() {
82          return securityHeader;
83      }
84  
85      /**
86       * @param callbackLookup The CallbackLookup object to retrieve elements
87       */
88      public void setCallbackLookup(CallbackLookup callbackLookup) {
89          this.callbackLookup = callbackLookup;
90      }
91  
92      /**
93       * Get which parts of the message to encrypt/sign.
94       */
95      public List<WSEncryptionPart> getParts() {
96          return parts;
97      }
98  
99      /**
100      * Sets which key identifier to use.
101      *
102      * <p/>
103      *
104      * Defines the key identifier type to
105      * use in the {@link WSSecSignature#prepare(Document, Crypto, WSSecHeader) method} or
106      * the {@link WSSecEncrypt#prepare(Document, Crypto) method} function to
107      * set up the key identification elements.
108      *
109      * @param keyIdType
110      * @see WSConstants#ISSUER_SERIAL
111      * @see WSConstants#ISSUER_SERIAL_QUOTE_FORMAT
112      * @see WSConstants#BST_DIRECT_REFERENCE
113      * @see WSConstants#X509_KEY_IDENTIFIER
114      * @see WSConstants#THUMBPRINT_IDENTIFIER
115      * @see WSConstants#SKI_KEY_IDENTIFIER
116      * @see WSConstants#KEY_VALUE
117      */
118     public void setKeyIdentifierType(int keyIdType) {
119         keyIdentifierType = keyIdType;
120     }
121 
122     /**
123      * Gets the value of the <code>keyIdentifierType</code>.
124      *
125      * @return The <code>keyIdentifyerType</code>.
126      * @see WSConstants#ISSUER_SERIAL
127      * @see WSConstants#ISSUER_SERIAL_QUOTE_FORMAT
128      * @see WSConstants#BST_DIRECT_REFERENCE
129      * @see WSConstants#X509_KEY_IDENTIFIER
130      * @see WSConstants#SKI_KEY_IDENTIFIER
131      */
132     public int getKeyIdentifierType() {
133         return keyIdentifierType;
134     }
135 
136     public void setAttachmentCallbackHandler(CallbackHandler attachmentCallbackHandler) {
137         this.attachmentCallbackHandler = attachmentCallbackHandler;
138     }
139 
140     public void setStoreBytesInAttachment(boolean storeBytesInAttachment) {
141         this.storeBytesInAttachment = storeBytesInAttachment;
142     }
143 
144     /**
145      * Looks up or adds a body id. <p/> First try to locate the
146      * <code>wsu:Id</code> in the SOAP body element. If one is found, the
147      * value of the <code>wsu:Id</code> attribute is returned. Otherwise the
148      * method generates a new <code>wsu:Id</code> and an appropriate value.
149      *
150      * @param doc The SOAP envelope as <code>Document</code>
151      * @return The value of the <code>wsu:Id</code> attribute of the SOAP body
152      * @throws Exception
153      */
154     protected String setBodyID(Document doc) throws Exception {
155         if (callbackLookup == null) {
156             callbackLookup = new DOMCallbackLookup(doc);
157         }
158         Element bodyElement = callbackLookup.getSOAPBody();
159         if (bodyElement == null) {
160             throw new Exception("SOAP Body Element node not found");
161         }
162         return setWsuId(bodyElement);
163     }
164 
165     protected String setWsuId(Element bodyElement) {
166         String id = bodyElement.getAttributeNS(WSConstants.WSU_NS, "Id");
167 
168         String newAttrNs = WSConstants.WSU_NS;
169         String newAttrPrefix = WSConstants.WSU_PREFIX;
170 
171         if (id == null || id.length() == 0) {
172             if (WSConstants.ENC_NS.equals(bodyElement.getNamespaceURI())
173                 && (WSConstants.ENC_DATA_LN.equals(bodyElement.getLocalName())
174                     || WSConstants.ENC_KEY_LN.equals(bodyElement.getLocalName()))
175                 ) {
176                 // If it is an XML-Enc derived element, it may already have an ID,
177                 // plus it is not schema valid to add an additional ID.
178                 id = bodyElement.getAttributeNS(null, "Id");
179                 newAttrPrefix = WSConstants.ENC_PREFIX;
180                 newAttrNs = WSConstants.ENC_NS;
181             } else if (WSConstants.SAML_NS.equals(bodyElement.getNamespaceURI())
182                 && "Assertion".equals(bodyElement.getLocalName())) {
183                 id = bodyElement.getAttributeNS(null, "AssertionID");
184             } else if (WSConstants.SAML2_NS.equals(bodyElement.getNamespaceURI())
185                 && "Assertion".equals(bodyElement.getLocalName())) {
186                 id = bodyElement.getAttributeNS(null, "ID");
187             } else if (WSConstants.SIG_NS.equals(bodyElement.getNamespaceURI())
188                 && "KeyInfo".equals(bodyElement.getLocalName())) {
189                 id = bodyElement.getAttributeNS(null, "Id");
190             }
191         }
192 
193         if (id == null || id.length() == 0) {
194             id = getIdAllocator().createId("id-", bodyElement);
195             String prefix = XMLUtils.setNamespace(bodyElement, newAttrNs, newAttrPrefix);
196             bodyElement.setAttributeNS(newAttrNs, prefix + ":Id", id);
197         }
198         return id;
199     }
200 
201     /**
202      * Set the user and password info.
203      *
204      * Both information is used to get the user's private signing key.
205      *
206      * @param user
207      *            This is the user's alias name in the keystore that identifies
208      *            the private key to sign the document
209      * @param password
210      *            The user's password to get the private signing key from the
211      *            keystore
212      */
213     public void setUserInfo(String user, String password) {
214         this.user = user;
215         this.password = password;
216     }
217 
218     public WsuIdAllocator getIdAllocator() {
219         if (idAllocator != null) {
220             return idAllocator;
221         }
222         return WSSConfig.DEFAULT_ID_ALLOCATOR;
223     }
224 
225     public void setIdAllocator(WsuIdAllocator idAllocator) {
226         this.idAllocator = idAllocator;
227     }
228 
229     public boolean isExpandXopInclude() {
230         return expandXopInclude;
231     }
232 
233     public void setExpandXopInclude(boolean expandXopInclude) {
234         this.expandXopInclude = expandXopInclude;
235     }
236 
237     public WSDocInfo getWsDocInfo() {
238         return wsDocInfo;
239     }
240 
241     public void setWsDocInfo(WSDocInfo wsDocInfo) {
242         this.wsDocInfo = wsDocInfo;
243     }
244 
245     public void clean() {
246         user = null;
247         password = null;
248     }
249 }