1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.util;
21
22 import java.util.ArrayList;
23 import java.util.LinkedHashSet;
24 import java.util.List;
25 import java.util.Set;
26
27 import org.apache.wss4j.common.ext.WSSecurityException;
28 import org.apache.wss4j.dom.WSConstants;
29 import org.apache.wss4j.dom.WSDataRef;
30 import org.apache.wss4j.dom.WSDocInfo;
31 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
32 import org.w3c.dom.Element;
33 import org.w3c.dom.NamedNodeMap;
34 import org.w3c.dom.Node;
35
36
37
38
39 public final class SignatureUtils {
40
41 private SignatureUtils() {
42
43 }
44
45 public static void verifySignedElement(Element elem, WSDocInfo wsDocInfo)
46 throws WSSecurityException {
47 verifySignedElement(elem, wsDocInfo.getResultsByTag(WSConstants.SIGN));
48 }
49
50 public static void verifySignedElement(Element elem, List<WSSecurityEngineResult> signedResults)
51 throws WSSecurityException {
52 if (signedResults != null) {
53 for (WSSecurityEngineResult signedResult : signedResults) {
54 @SuppressWarnings("unchecked")
55 List<WSDataRef> dataRefs =
56 (List<WSDataRef>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
57 if (dataRefs != null) {
58 for (WSDataRef dataRef : dataRefs) {
59 if (isElementOrAncestorSigned(elem, dataRef.getProtectedElement())) {
60 return;
61 }
62 }
63 }
64 }
65 }
66
67 throw new WSSecurityException(
68 WSSecurityException.ErrorCode.FAILED_CHECK, "elementNotSigned",
69 new Object[] {elem});
70 }
71
72
73
74
75 public static List<String> getInclusivePrefixes(Element target, boolean excludeVisible) {
76 Set<String> result = new LinkedHashSet<>();
77 Node parent = target;
78 while (parent.getParentNode() != null
79 && Node.DOCUMENT_NODE != parent.getParentNode().getNodeType()) {
80 parent = parent.getParentNode();
81 NamedNodeMap attributes = parent.getAttributes();
82 for (int i = 0; i < attributes.getLength(); i++) {
83 Node attribute = attributes.item(i);
84 if (WSConstants.XMLNS_NS.equals(attribute.getNamespaceURI())) {
85 if ("xmlns".equals(attribute.getNodeName())) {
86 result.add("#default");
87 } else {
88 result.add(attribute.getLocalName());
89 }
90 }
91 }
92 }
93
94 if (excludeVisible) {
95 NamedNodeMap attributes = target.getAttributes();
96 for (int i = 0; i < attributes.getLength(); i++) {
97 Node attribute = attributes.item(i);
98 if (WSConstants.XMLNS_NS.equals(attribute.getNamespaceURI())) {
99 if ("xmlns".equals(attribute.getNodeName())) {
100 result.remove("#default");
101 } else {
102 result.remove(attribute.getLocalName());
103 }
104 }
105 if (attribute.getPrefix() != null) {
106 result.remove(attribute.getPrefix());
107 }
108 }
109
110 if (target.getPrefix() == null) {
111 result.remove("#default");
112 } else {
113 result.remove(target.getPrefix());
114 }
115 }
116
117 return new ArrayList<String>(result);
118 }
119
120
121
122
123 private static boolean isElementOrAncestorSigned(Element elem, Element signedElement)
124 throws WSSecurityException {
125 final Element envelope = elem.getOwnerDocument().getDocumentElement();
126 Node cur = elem;
127 while (!cur.isSameNode(envelope)) {
128 if (cur.getNodeType() == Node.ELEMENT_NODE && cur.equals(signedElement)) {
129 return true;
130 }
131 cur = cur.getParentNode();
132 }
133
134 return false;
135 }
136
137 }