1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.processor;
21
22 import java.util.Collections;
23 import java.util.LinkedList;
24 import java.util.List;
25
26 import javax.xml.namespace.QName;
27
28 import org.w3c.dom.Element;
29 import org.w3c.dom.Node;
30 import org.apache.wss4j.common.ext.WSSecurityException;
31 import org.apache.wss4j.common.util.XMLUtils;
32 import org.apache.wss4j.dom.WSConstants;
33 import org.apache.wss4j.dom.WSDataRef;
34 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
35 import org.apache.wss4j.dom.handler.RequestData;
36
37
38
39
40 public class EncryptedAssertionProcessor implements Processor {
41
42 private static final org.slf4j.Logger LOG =
43 org.slf4j.LoggerFactory.getLogger(EncryptedAssertionProcessor.class);
44
45 public List<WSSecurityEngineResult> handleToken(
46 Element elem,
47 RequestData request
48 ) throws WSSecurityException {
49 LOG.debug("Found EncryptedAssertion element");
50
51 Element encryptedDataElement =
52 XMLUtils.getDirectChildElement(elem, WSConstants.ENC_DATA_LN, WSConstants.ENC_NS);
53 if (encryptedDataElement == null) {
54
55 return Collections.emptyList();
56 }
57
58 List<WSSecurityEngineResult> completeResults = new LinkedList<>();
59
60
61 for (Node currentChild = elem.getFirstChild();
62 currentChild != null;
63 currentChild = currentChild.getNextSibling()
64 ) {
65 if (Node.ELEMENT_NODE == currentChild.getNodeType()
66 && "EncryptedKey".equals(currentChild.getLocalName())
67 && WSConstants.ENC_NS.equals(currentChild.getNamespaceURI())) {
68 QName el =
69 new QName(((Element)currentChild).getNamespaceURI(),
70 ((Element)currentChild).getLocalName());
71 Processor proc = request.getWssConfig().getProcessor(el);
72 if (proc != null) {
73 completeResults.addAll(proc.handleToken((Element)currentChild, request));
74 }
75 }
76 }
77
78
79
80 if (!completeResults.isEmpty()) {
81 for (WSSecurityEngineResult r : completeResults) {
82 @SuppressWarnings("unchecked")
83 List<WSDataRef> dataRefs =
84 (List<WSDataRef>)r.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
85 if (dataRefs != null) {
86 for (WSDataRef dataRef : dataRefs) {
87 if (WSConstants.SAML_TOKEN.equals(dataRef.getName())
88 || WSConstants.SAML2_TOKEN.equals(dataRef.getName())) {
89
90 Element decryptedElem = dataRef.getProtectedElement();
91 QName el = new QName(decryptedElem.getNamespaceURI(), decryptedElem.getLocalName());
92 Processor proc = request.getWssConfig().getProcessor(el);
93 if (proc != null) {
94 LOG.debug("Processing decrypted element with: {}", proc.getClass().getName());
95 List<WSSecurityEngineResult> results = proc.handleToken(decryptedElem, request);
96 completeResults.addAll(0, results);
97 return completeResults;
98 }
99 }
100 }
101 }
102 }
103 }
104
105
106
107
108 String typeStr = encryptedDataElement.getAttributeNS(null, "Type");
109 if (typeStr != null && !(WSConstants.ENC_NS + "Element").equals(typeStr)) {
110 throw new WSSecurityException(
111 WSSecurityException.ErrorCode.INVALID_SECURITY, "badElement",
112 new Object[] {"Element", typeStr}
113 );
114 }
115
116
117 QName el =
118 new QName(encryptedDataElement.getNamespaceURI(), encryptedDataElement.getLocalName());
119 Processor proc = request.getWssConfig().getProcessor(el);
120 if (proc != null) {
121 LOG.debug("Processing decrypted element with: {}", proc.getClass().getName());
122 return proc.handleToken(encryptedDataElement, request);
123 }
124
125 return Collections.emptyList();
126 }
127
128 }