View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.model;
20  
21  import org.apache.neethi.Assertion;
22  import org.apache.neethi.Policy;
23  import org.apache.neethi.PolicyComponent;
24  import org.apache.neethi.PolicyContainingAssertion;
25  import org.apache.wss4j.policy.SPConstants;
26  
27  import javax.xml.namespace.QName;
28  import javax.xml.stream.XMLStreamException;
29  import javax.xml.stream.XMLStreamWriter;
30  
31  import java.util.ArrayList;
32  import java.util.Iterator;
33  import java.util.List;
34  
35  public class SupportingTokens extends AbstractSecurityAssertion implements PolicyContainingAssertion {
36  
37      private QName supportingTokenType;
38      private final List<AbstractToken> tokens = new ArrayList<>();
39      private AlgorithmSuite algorithmSuite;
40      private SignedParts signedParts;
41      private SignedElements signedElements;
42      private EncryptedParts encryptedParts;
43      private EncryptedElements encryptedElements;
44      private Policy nestedPolicy;
45  
46      public SupportingTokens(SPConstants.SPVersion version, QName supportingTokenType, Policy nestedPolicy) {
47          super(version);
48          this.supportingTokenType = supportingTokenType;
49          this.nestedPolicy = nestedPolicy;
50  
51          parseNestedPolicy(nestedPolicy, this);
52      }
53  
54      @Override
55      public QName getName() {
56          return supportingTokenType;
57      }
58  
59      @Override
60      public boolean equals(Object object) {
61          if (object == this) {
62              return true;
63          }
64  
65          if (!(object instanceof SupportingTokens)) {
66              return false;
67          }
68  
69          SupportingTokens that = (SupportingTokens)object;
70          if (supportingTokenType != null && !supportingTokenType.equals(that.supportingTokenType)
71              || supportingTokenType == null && that.supportingTokenType != null) {
72              return false;
73          }
74          if (algorithmSuite != null && !algorithmSuite.equals(that.algorithmSuite)
75              || algorithmSuite == null && that.algorithmSuite != null) {
76              return false;
77          }
78          if (signedParts != null && !signedParts.equals(that.signedParts)
79              || signedParts == null && that.signedParts != null) {
80              return false;
81          }
82          if (signedElements != null && !signedElements.equals(that.signedElements)
83              || signedElements == null && that.signedElements != null) {
84              return false;
85          }
86          if (encryptedParts != null && !encryptedParts.equals(that.encryptedParts)
87              || encryptedParts == null && that.encryptedParts != null) {
88              return false;
89          }
90          if (encryptedElements != null && !encryptedElements.equals(that.encryptedElements)
91              || encryptedElements == null && that.encryptedElements != null) {
92              return false;
93          }
94          if (!tokens.equals(that.tokens)) {
95              return false;
96          }
97  
98          return super.equals(object);
99      }
100 
101     @Override
102     public int hashCode() {
103         int result = 17;
104         if (supportingTokenType != null) {
105             result = 31 * result + supportingTokenType.hashCode();
106         }
107         if (algorithmSuite != null) {
108             result = 31 * result + algorithmSuite.hashCode();
109         }
110         if (signedParts != null) {
111             result = 31 * result + signedParts.hashCode();
112         }
113         if (signedElements != null) {
114             result = 31 * result + signedElements.hashCode();
115         }
116         if (encryptedParts != null) {
117             result = 31 * result + encryptedParts.hashCode();
118         }
119         if (encryptedElements != null) {
120             result = 31 * result + encryptedElements.hashCode();
121         }
122         result = 31 * result + tokens.hashCode();
123 
124         return 31 * result + super.hashCode();
125     }
126 
127     @Override
128     public void serialize(XMLStreamWriter writer) throws XMLStreamException {
129         super.serialize(writer, getPolicy());
130     }
131 
132     @Override
133     public PolicyComponent normalize() {
134         return super.normalize(getPolicy());
135     }
136 
137     @Override
138     protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
139         return new SupportingTokens(getVersion(), getName(), nestedPolicy);
140     }
141 
142     @Override
143     public Policy getPolicy() {
144         return nestedPolicy;
145     }
146 
147     protected void parseNestedPolicy(Policy nestedPolicy, SupportingTokens supportingTokens) {
148         Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
149         //we just process the first alternative
150         //this means that if we have a compact policy only the first alternative is visible
151         //in contrary to a normalized policy where just one alternative exists
152         if (alternatives.hasNext()) {
153             List<Assertion> assertions = alternatives.next();
154             for (Assertion assertion : assertions) {
155                 String assertionName = assertion.getName().getLocalPart();
156                 String assertionNamespace = assertion.getName().getNamespaceURI();
157                 if (assertion instanceof AbstractToken) {
158                     AbstractToken abstractToken = (AbstractToken) assertion;
159                     supportingTokens.addToken(abstractToken);
160                     abstractToken.setParentAssertion(supportingTokens);
161                     continue;
162                 }
163 
164                 QName algSuite = getVersion().getSPConstants().getAlgorithmSuite();
165                 if (algSuite.getLocalPart().equals(assertionName)
166                     && algSuite.getNamespaceURI().equals(assertionNamespace)) {
167                     if (supportingTokens.getAlgorithmSuite() != null) {
168                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
169                     }
170                     supportingTokens.setAlgorithmSuite((AlgorithmSuite) assertion);
171                     continue;
172                 }
173 
174                 QName signedParts = getVersion().getSPConstants().getSignedParts();
175                 if (signedParts.getLocalPart().equals(assertionName)
176                     && signedParts.getNamespaceURI().equals(assertionNamespace)) {
177                     if (supportingTokens.getSignedParts() != null) {
178                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
179                     }
180                     supportingTokens.setSignedParts((SignedParts) assertion);
181                     continue;
182                 }
183 
184                 QName signedElements = getVersion().getSPConstants().getSignedElements();
185                 if (signedElements.getLocalPart().equals(assertionName)
186                     && signedElements.getNamespaceURI().equals(assertionNamespace)) {
187                     if (supportingTokens.getSignedElements() != null) {
188                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
189                     }
190                     supportingTokens.setSignedElements((SignedElements) assertion);
191                     continue;
192                 }
193 
194                 QName encryptedParts = getVersion().getSPConstants().getEncryptedParts();
195                 if (encryptedParts.getLocalPart().equals(assertionName)
196                     && encryptedParts.getNamespaceURI().equals(assertionNamespace)) {
197                     if (supportingTokens.getEncryptedParts() != null) {
198                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
199                     }
200                     supportingTokens.setEncryptedParts((EncryptedParts) assertion);
201                     continue;
202                 }
203 
204                 QName encryptedElements = getVersion().getSPConstants().getEncryptedElements();
205                 if (encryptedElements.getLocalPart().equals(assertionName)
206                     && encryptedElements.getNamespaceURI().equals(assertionNamespace)) {
207                     if (supportingTokens.getEncryptedElements() != null) {
208                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
209                     }
210                     supportingTokens.setEncryptedElements((EncryptedElements) assertion);
211                     continue;
212                 }
213             }
214         }
215     }
216 
217     public List<AbstractToken> getTokens() {
218         return tokens;
219     }
220 
221     public void addToken(AbstractToken token) {
222         this.tokens.add(token);
223     }
224 
225     public AlgorithmSuite getAlgorithmSuite() {
226         return algorithmSuite;
227     }
228 
229     protected void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
230         this.algorithmSuite = algorithmSuite;
231     }
232 
233     public SignedParts getSignedParts() {
234         return signedParts;
235     }
236 
237     protected void setSignedParts(SignedParts signedParts) {
238         this.signedParts = signedParts;
239     }
240 
241     public SignedElements getSignedElements() {
242         return signedElements;
243     }
244 
245     protected void setSignedElements(SignedElements signedElements) {
246         this.signedElements = signedElements;
247     }
248 
249     public EncryptedParts getEncryptedParts() {
250         return encryptedParts;
251     }
252 
253     protected void setEncryptedParts(EncryptedParts encryptedParts) {
254         this.encryptedParts = encryptedParts;
255     }
256 
257     public EncryptedElements getEncryptedElements() {
258         return encryptedElements;
259     }
260 
261     protected void setEncryptedElements(EncryptedElements encryptedElements) {
262         this.encryptedElements = encryptedElements;
263     }
264 
265     /**
266      * @return true if the supporting token should be encrypted
267      */
268     public boolean isEncryptedToken() {
269         QName name = getName();
270         return name != null && name.getLocalPart().contains("Encrypted");
271     }
272 
273     /**
274      * @return true if the supporting token is endorsing
275      */
276     public boolean isEndorsing() {
277         QName name = getName();
278         return name != null && name.getLocalPart().contains("Endorsing");
279     }
280 
281 }