View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.model;
20  
21  import org.apache.neethi.Assertion;
22  import org.apache.neethi.Constants;
23  import org.apache.neethi.Policy;
24  import org.apache.wss4j.policy.SPConstants;
25  import org.apache.wss4j.policy.SPUtils;
26  import org.w3c.dom.Element;
27  
28  import javax.xml.namespace.QName;
29  import javax.xml.stream.XMLStreamException;
30  import javax.xml.stream.XMLStreamWriter;
31  import java.util.Iterator;
32  import java.util.List;
33  
34  public class IssuedToken extends AbstractToken {
35  
36      private Element requestSecurityTokenTemplate;
37      private boolean requireExternalReference;
38      private boolean requireInternalReference;
39  
40      public IssuedToken(SPConstants.SPVersion version, SPConstants.IncludeTokenType includeTokenType,
41                         Element issuer, String issuerName, Element requestSecurityTokenTemplate, Element claims,
42                         Policy nestedPolicy) {
43          super(version, includeTokenType, issuer, issuerName, claims, nestedPolicy);
44          setRequestSecurityTokenTemplate(requestSecurityTokenTemplate);
45  
46          parseNestedPolicy(nestedPolicy, this);
47      }
48  
49      @Override
50      public QName getName() {
51          return getVersion().getSPConstants().getIssuedToken();
52      }
53  
54      @Override
55      public boolean equals(Object object) {
56          if (object == this) {
57              return true;
58          }
59          if (!(object instanceof IssuedToken)) {
60              return false;
61          }
62  
63          IssuedToken that = (IssuedToken)object;
64          if (requireExternalReference != that.requireExternalReference
65              || requireInternalReference != that.requireInternalReference) {
66              return false;
67          }
68  
69          if (requestSecurityTokenTemplate == null && that.requestSecurityTokenTemplate != null
70              || requestSecurityTokenTemplate != null && that.requestSecurityTokenTemplate == null) {
71              return false;
72          }
73  
74          if (requestSecurityTokenTemplate != null
75              && !DOM2Writer.nodeToString(requestSecurityTokenTemplate).equals(
76                  DOM2Writer.nodeToString(that.requestSecurityTokenTemplate))) {
77              return false;
78          }
79  
80          return super.equals(object);
81      }
82  
83      @Override
84      public int hashCode() {
85          int result = 17;
86          if (requestSecurityTokenTemplate != null) {
87              result = 31 * result + DOM2Writer.nodeToString(requestSecurityTokenTemplate).hashCode();
88          }
89          result = 31 * result + Boolean.hashCode(requireExternalReference);
90          result = 31 * result + Boolean.hashCode(requireInternalReference);
91  
92          return 31 * result + super.hashCode();
93      }
94  
95      @Override
96      public void serialize(XMLStreamWriter writer) throws XMLStreamException {
97          writer.writeStartElement(getName().getPrefix(), getName().getLocalPart(), getName().getNamespaceURI());
98          writer.writeNamespace(getName().getPrefix(), getName().getNamespaceURI());
99          if (getIncludeTokenType() != null) {
100             writer.writeAttribute(
101                     getVersion().getSPConstants().getIncludeToken().getPrefix(),
102                     getVersion().getSPConstants().getIncludeToken().getNamespaceURI(),
103                     getVersion().getSPConstants().getIncludeToken().getLocalPart(),
104                     getVersion().getSPConstants().getAttributeValueFromInclusion(getIncludeTokenType())
105             );
106         }
107         if (!isNormalized() && isOptional()) {
108             writer.writeAttribute(Constants.ATTR_WSP,
109                                   writer.getNamespaceContext().getNamespaceURI(Constants.ATTR_WSP),
110                                   Constants.ATTR_OPTIONAL, "true");
111         }
112         if (isIgnorable()) {
113             writer.writeAttribute(Constants.ATTR_WSP,
114                                   writer.getNamespaceContext().getNamespaceURI(Constants.ATTR_WSP),
115                                   Constants.ATTR_IGNORABLE, "true");
116         }
117         if (getIssuer() != null) {
118             SPUtils.serialize(getIssuer(), writer);
119         }
120         if (getIssuerName() != null) {
121             writer.writeStartElement(
122                     getVersion().getSPConstants().getIssuerName().getPrefix(),
123                     getVersion().getSPConstants().getIssuerName().getLocalPart(),
124                     getVersion().getSPConstants().getIssuerName().getNamespaceURI()
125             );
126             writer.writeCharacters(getIssuerName());
127             writer.writeEndElement();
128         }
129         if (getClaims() != null) {
130             SPUtils.serialize(getClaims(), writer);
131         }
132         SPUtils.serialize(getRequestSecurityTokenTemplate(), writer);
133         getPolicy().serialize(writer);
134         writer.writeEndElement();
135     }
136 
137     @Override
138     protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
139         return new IssuedToken(getVersion(), getIncludeTokenType(), getIssuer(), getIssuerName(),
140                 getRequestSecurityTokenTemplate(), getClaims(), nestedPolicy);
141     }
142 
143     protected void parseNestedPolicy(Policy nestedPolicy, IssuedToken issuedToken) {
144         Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
145         //we just process the first alternative
146         //this means that if we have a compact policy only the first alternative is visible
147         //in contrary to a normalized policy where just one alternative exists
148         if (alternatives.hasNext()) {
149             List<Assertion> assertions = alternatives.next();
150             for (Assertion assertion : assertions) {
151                 String assertionName = assertion.getName().getLocalPart();
152                 String assertionNamespace = assertion.getName().getNamespaceURI();
153                 DerivedKeys derivedKeys = DerivedKeys.lookUp(assertionName);
154                 if (derivedKeys != null) {
155                     if (issuedToken.getDerivedKeys() != null) {
156                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
157                     }
158                     issuedToken.setDerivedKeys(derivedKeys);
159                     continue;
160                 }
161 
162                 QName requireExternalRef = getVersion().getSPConstants().getRequireExternalReference();
163                 if (requireExternalRef.getLocalPart().equals(assertionName)
164                     && requireExternalRef.getNamespaceURI().equals(assertionNamespace)) {
165                     if (issuedToken.isRequireExternalReference()) {
166                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
167                     }
168                     issuedToken.setRequireExternalReference(true);
169                     continue;
170                 }
171 
172                 QName requireInternalRef = getVersion().getSPConstants().getRequireInternalReference();
173                 if (requireInternalRef.getLocalPart().equals(assertionName)
174                     && requireInternalRef.getNamespaceURI().equals(assertionNamespace)) {
175                     if (issuedToken.isRequireInternalReference()) {
176                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
177                     }
178                     issuedToken.setRequireInternalReference(true);
179                     continue;
180                 }
181             }
182         }
183     }
184 
185     public boolean isRequireExternalReference() {
186         return requireExternalReference;
187     }
188 
189     protected void setRequireExternalReference(boolean requireExternalReference) {
190         this.requireExternalReference = requireExternalReference;
191     }
192 
193     public boolean isRequireInternalReference() {
194         return requireInternalReference;
195     }
196 
197     protected void setRequireInternalReference(boolean requireInternalReference) {
198         this.requireInternalReference = requireInternalReference;
199     }
200 
201     public Element getRequestSecurityTokenTemplate() {
202         return requestSecurityTokenTemplate;
203     }
204 
205     protected void setRequestSecurityTokenTemplate(Element requestSecurityTokenTemplate) {
206         this.requestSecurityTokenTemplate = requestSecurityTokenTemplate;
207     }
208 }