View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.model;
20  
21  import org.apache.neethi.Assertion;
22  import org.apache.neethi.Policy;
23  import org.apache.wss4j.policy.SPConstants;
24  import org.w3c.dom.Element;
25  
26  import javax.xml.namespace.QName;
27  import java.util.Iterator;
28  import java.util.List;
29  
30  public class SpnegoContextToken extends AbstractToken {
31  
32      private boolean mustNotSendCancel;
33      private boolean mustNotSendAmend;
34      private boolean mustNotSendRenew;
35  
36      public SpnegoContextToken(SPConstants.SPVersion version, SPConstants.IncludeTokenType includeTokenType,
37                                Element issuer, String issuerName, Element claims, Policy nestedPolicy) {
38          super(version, includeTokenType, issuer, issuerName, claims, nestedPolicy);
39  
40          parseNestedPolicy(nestedPolicy, this);
41      }
42  
43      @Override
44      public QName getName() {
45          return getVersion().getSPConstants().getSpnegoContextToken();
46      }
47  
48      @Override
49      public boolean equals(Object object) {
50          if (object == this) {
51              return true;
52          }
53          if (!(object instanceof SpnegoContextToken)) {
54              return false;
55          }
56  
57          SpnegoContextToken that = (SpnegoContextToken)object;
58          if (mustNotSendCancel != that.mustNotSendCancel
59              || mustNotSendAmend != that.mustNotSendAmend
60              || mustNotSendRenew != that.mustNotSendRenew) {
61              return false;
62          }
63  
64          return super.equals(object);
65      }
66  
67      @Override
68      public int hashCode() {
69          int result = 17;
70          result = 31 * result + Boolean.hashCode(mustNotSendCancel);
71          result = 31 * result + Boolean.hashCode(mustNotSendAmend);
72          result = 31 * result + Boolean.hashCode(mustNotSendRenew);
73  
74          return 31 * result + super.hashCode();
75      }
76  
77      @Override
78      protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
79          return new SpnegoContextToken(getVersion(), getIncludeTokenType(), getIssuer(),
80                                        getIssuerName(), getClaims(), nestedPolicy);
81      }
82  
83      protected void parseNestedPolicy(Policy nestedPolicy, SpnegoContextToken spnegoContextToken) {
84          Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
85          //we just process the first alternative
86          //this means that if we have a compact policy only the first alternative is visible
87          //in contrary to a normalized policy where just one alternative exists
88          if (alternatives.hasNext()) {
89              List<Assertion> assertions = alternatives.next();
90              for (Assertion assertion : assertions) {
91                  String assertionName = assertion.getName().getLocalPart();
92                  String assertionNamespace = assertion.getName().getNamespaceURI();
93                  DerivedKeys derivedKeys = DerivedKeys.lookUp(assertionName);
94                  if (derivedKeys != null) {
95                      if (spnegoContextToken.getDerivedKeys() != null) {
96                          throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
97                      }
98                      spnegoContextToken.setDerivedKeys(derivedKeys);
99                      continue;
100                 }
101 
102                 QName mustNotSendCancel = getVersion().getSPConstants().getMustNotSendCancel();
103                 if (mustNotSendCancel.getLocalPart().equals(assertionName)
104                     && mustNotSendCancel.getNamespaceURI().equals(assertionNamespace)) {
105                     if (spnegoContextToken.isMustNotSendCancel()) {
106                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
107                     }
108                     spnegoContextToken.setMustNotSendCancel(true);
109                     continue;
110                 }
111                 QName mustNotSendAmend = getVersion().getSPConstants().getMustNotSendAmend();
112                 if (mustNotSendAmend.getLocalPart().equals(assertionName)
113                     && mustNotSendAmend.getNamespaceURI().equals(assertionNamespace)) {
114                     if (spnegoContextToken.isMustNotSendAmend()) {
115                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
116                     }
117                     spnegoContextToken.setMustNotSendAmend(true);
118                     continue;
119                 }
120                 QName mustNotSendRenew = getVersion().getSPConstants().getMustNotSendRenew();
121                 if (mustNotSendRenew.getLocalPart().equals(assertionName)
122                     && mustNotSendRenew.getNamespaceURI().equals(assertionNamespace)) {
123                     if (spnegoContextToken.isMustNotSendRenew()) {
124                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
125                     }
126                     spnegoContextToken.setMustNotSendRenew(true);
127                     continue;
128                 }
129             }
130         }
131     }
132 
133     public boolean isMustNotSendCancel() {
134         return mustNotSendCancel;
135     }
136 
137     protected void setMustNotSendCancel(boolean mustNotSendCancel) {
138         this.mustNotSendCancel = mustNotSendCancel;
139     }
140 
141     public boolean isMustNotSendAmend() {
142         return mustNotSendAmend;
143     }
144 
145     protected void setMustNotSendAmend(boolean mustNotSendAmend) {
146         this.mustNotSendAmend = mustNotSendAmend;
147     }
148 
149     public boolean isMustNotSendRenew() {
150         return mustNotSendRenew;
151     }
152 
153     protected void setMustNotSendRenew(boolean mustNotSendRenew) {
154         this.mustNotSendRenew = mustNotSendRenew;
155     }
156 }