View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.model;
20  
21  import org.apache.neethi.Assertion;
22  import org.apache.neethi.Policy;
23  import org.apache.wss4j.policy.SPConstants;
24  import org.w3c.dom.Element;
25  
26  import javax.xml.namespace.QName;
27  import java.util.*;
28  
29  public class RelToken extends AbstractToken {
30  
31      public enum RelTokenType {
32          WssRelV10Token10,
33          WssRelV20Token10,
34          WssRelV10Token11,
35          WssRelV20Token11;
36  
37          private static final Map<String, RelTokenType> LOOKUP = new HashMap<>();
38  
39          static {
40              for (RelTokenType u : EnumSet.allOf(RelTokenType.class)) {
41                  LOOKUP.put(u.name(), u);
42              }
43          }
44  
45          public static RelTokenType lookUp(String name) {
46              return LOOKUP.get(name);
47          }
48      }
49  
50      private boolean requireKeyIdentifierReference;
51      private RelTokenType relTokenType;
52  
53      public RelToken(SPConstants.SPVersion version, SPConstants.IncludeTokenType includeTokenType,
54                      Element issuer, String issuerName, Element claims, Policy nestedPolicy) {
55          super(version, includeTokenType, issuer, issuerName, claims, nestedPolicy);
56  
57          parseNestedPolicy(nestedPolicy, this);
58      }
59  
60      @Override
61      public QName getName() {
62          return getVersion().getSPConstants().getRelToken();
63      }
64  
65      @Override
66      public boolean equals(Object object) {
67          if (object == this) {
68              return true;
69          }
70          if (!(object instanceof RelToken)) {
71              return false;
72          }
73  
74          RelToken that = (RelToken)object;
75          if (requireKeyIdentifierReference != that.requireKeyIdentifierReference) {
76              return false;
77          }
78          if (relTokenType != that.relTokenType) {
79              return false;
80          }
81  
82          return super.equals(object);
83      }
84  
85      @Override
86      public int hashCode() {
87          int result = 17;
88          if (relTokenType != null) {
89              result = 31 * result + relTokenType.hashCode();
90          }
91          result = 31 * result + Boolean.hashCode(requireKeyIdentifierReference);
92  
93          return 31 * result + super.hashCode();
94      }
95  
96      @Override
97      protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
98          return new RelToken(getVersion(), getIncludeTokenType(), getIssuer(), getIssuerName(),
99                              getClaims(), nestedPolicy);
100     }
101 
102     protected void parseNestedPolicy(Policy nestedPolicy, RelToken relToken) {
103         Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
104         //we just process the first alternative
105         //this means that if we have a compact policy only the first alternative is visible
106         //in contrary to a normalized policy where just one alternative exists
107         if (alternatives.hasNext()) {
108             List<Assertion> assertions = alternatives.next();
109             for (Assertion assertion : assertions) {
110                 String assertionName = assertion.getName().getLocalPart();
111                 String assertionNamespace = assertion.getName().getNamespaceURI();
112                 DerivedKeys derivedKeys = DerivedKeys.lookUp(assertionName);
113                 if (derivedKeys != null) {
114                     if (relToken.getDerivedKeys() != null) {
115                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
116                     }
117                     relToken.setDerivedKeys(derivedKeys);
118                     continue;
119                 }
120                 QName requireKeyIdentifierRef =
121                     getVersion().getSPConstants().getRequireKeyIdentifierReference();
122                 if (requireKeyIdentifierRef.getLocalPart().equals(assertionName)
123                     && requireKeyIdentifierRef.getNamespaceURI().equals(assertionNamespace)) {
124                     if (relToken.isRequireKeyIdentifierReference()) {
125                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
126                     }
127                     relToken.setRequireKeyIdentifierReference(true);
128                     continue;
129                 }
130                 RelTokenType samlTokenType = RelTokenType.lookUp(assertionName);
131                 if (samlTokenType != null) {
132                     if (relToken.getRelTokenType() != null) {
133                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
134                     }
135                     relToken.setRelTokenType(samlTokenType);
136                     continue;
137                 }
138             }
139         }
140     }
141 
142     public boolean isRequireKeyIdentifierReference() {
143         return requireKeyIdentifierReference;
144     }
145 
146     public void setRequireKeyIdentifierReference(boolean requireKeyIdentifierReference) {
147         this.requireKeyIdentifierReference = requireKeyIdentifierReference;
148     }
149 
150     public RelTokenType getRelTokenType() {
151         return relTokenType;
152     }
153 
154     protected void setRelTokenType(RelTokenType relTokenType) {
155         this.relTokenType = relTokenType;
156     }
157 }