View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.model;
20  
21  import org.apache.neethi.Assertion;
22  import org.apache.neethi.Policy;
23  import org.apache.neethi.PolicyComponent;
24  import org.apache.neethi.PolicyContainingAssertion;
25  import org.apache.wss4j.policy.SPConstants;
26  
27  import javax.xml.namespace.QName;
28  import javax.xml.stream.XMLStreamException;
29  import javax.xml.stream.XMLStreamWriter;
30  import java.util.Iterator;
31  import java.util.List;
32  
33  public class Trust10 extends AbstractSecurityAssertion implements PolicyContainingAssertion {
34  
35      private Policy nestedPolicy;
36      private boolean mustSupportClientChallenge;
37      private boolean mustSupportServerChallenge;
38      private boolean requireClientEntropy;
39      private boolean requireServerEntropy;
40      private boolean mustSupportIssuedTokens;
41  
42      public Trust10(SPConstants.SPVersion version, Policy nestedPolicy) {
43          super(version);
44          this.nestedPolicy = nestedPolicy;
45  
46          parseNestedTrust10Policy(nestedPolicy, this);
47      }
48  
49      @Override
50      public Policy getPolicy() {
51          return nestedPolicy;
52      }
53  
54      @Override
55      public QName getName() {
56          return getVersion().getSPConstants().getTrust10();
57      }
58  
59      @Override
60      public boolean equals(Object object) {
61          if (object == this) {
62              return true;
63          }
64          if (!(object instanceof Trust10)) {
65              return false;
66          }
67  
68          Trust10 that = (Trust10)object;
69          if (mustSupportClientChallenge != that.mustSupportClientChallenge
70              || mustSupportServerChallenge != that.mustSupportServerChallenge
71              || requireClientEntropy != that.requireClientEntropy
72              || requireServerEntropy != that.requireServerEntropy
73              || mustSupportIssuedTokens != that.mustSupportIssuedTokens) {
74              return false;
75          }
76  
77          return super.equals(object);
78      }
79  
80      @Override
81      public int hashCode() {
82          int result = 17;
83          result = 31 * result + Boolean.hashCode(mustSupportClientChallenge);
84          result = 31 * result + Boolean.hashCode(mustSupportServerChallenge);
85          result = 31 * result + Boolean.hashCode(requireClientEntropy);
86          result = 31 * result + Boolean.hashCode(requireServerEntropy);
87          result = 31 * result + Boolean.hashCode(mustSupportIssuedTokens);
88  
89          return 31 * result + super.hashCode();
90      }
91  
92      @Override
93      public PolicyComponent normalize() {
94          return super.normalize(getPolicy());
95      }
96  
97      @Override
98      public void serialize(XMLStreamWriter writer) throws XMLStreamException {
99          super.serialize(writer, getPolicy());
100     }
101 
102     @Override
103     protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
104         return new Trust10(getVersion(), nestedPolicy);
105     }
106 
107     protected void parseNestedTrust10Policy(Policy nestedPolicy, Trust10 trust10) {
108         Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
109         //we just process the first alternative
110         //this means that if we have a compact policy only the first alternative is visible
111         //in contrary to a normalized policy where just one alternative exists
112         if (alternatives.hasNext()) {
113             List<Assertion> assertions = alternatives.next();
114             for (Assertion assertion : assertions) {
115                 String assertionName = assertion.getName().getLocalPart();
116                 String assertionNamespace = assertion.getName().getNamespaceURI();
117 
118                 QName mustSupportClientChallenge = getVersion().getSPConstants().getMustSupportClientChallenge();
119                 if (mustSupportClientChallenge.getLocalPart().equals(assertionName)
120                     && mustSupportClientChallenge.getNamespaceURI().equals(assertionNamespace)) {
121                     if (trust10.isMustSupportClientChallenge()) {
122                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
123                     }
124                     trust10.setMustSupportClientChallenge(true);
125                     continue;
126                 }
127 
128                 QName mustSupportServerChallenge = getVersion().getSPConstants().getMustSupportServerChallenge();
129                 if (mustSupportServerChallenge.getLocalPart().equals(assertionName)
130                     && mustSupportServerChallenge.getNamespaceURI().equals(assertionNamespace)) {
131                     if (trust10.isMustSupportServerChallenge()) {
132                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
133                     }
134                     trust10.setMustSupportServerChallenge(true);
135                     continue;
136                 }
137 
138                 QName requireClientEntropy = getVersion().getSPConstants().getRequireClientEntropy();
139                 if (requireClientEntropy.getLocalPart().equals(assertionName)
140                     && requireClientEntropy.getNamespaceURI().equals(assertionNamespace)) {
141                     if (trust10.isRequireClientEntropy()) {
142                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
143                     }
144                     trust10.setRequireClientEntropy(true);
145                     continue;
146                 }
147 
148                 QName requireServerEntropy = getVersion().getSPConstants().getRequireServerEntropy();
149                 if (requireServerEntropy.getLocalPart().equals(assertionName)
150                     && requireServerEntropy.getNamespaceURI().equals(assertionNamespace)) {
151                     if (trust10.isRequireServerEntropy()) {
152                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
153                     }
154                     trust10.setRequireServerEntropy(true);
155                     continue;
156                 }
157 
158                 QName mustSupportIssuedTokens = getVersion().getSPConstants().getMustSupportIssuedTokens();
159                 if (mustSupportIssuedTokens.getLocalPart().equals(assertionName)
160                     && mustSupportIssuedTokens.getNamespaceURI().equals(assertionNamespace)) {
161                     if (trust10.isMustSupportIssuedTokens()) {
162                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
163                     }
164                     trust10.setMustSupportIssuedTokens(true);
165                     continue;
166                 }
167             }
168         }
169     }
170 
171     public boolean isMustSupportClientChallenge() {
172         return mustSupportClientChallenge;
173     }
174 
175     protected void setMustSupportClientChallenge(boolean mustSupportClientChallenge) {
176         this.mustSupportClientChallenge = mustSupportClientChallenge;
177     }
178 
179     public boolean isMustSupportServerChallenge() {
180         return mustSupportServerChallenge;
181     }
182 
183     protected void setMustSupportServerChallenge(boolean mustSupportServerChallenge) {
184         this.mustSupportServerChallenge = mustSupportServerChallenge;
185     }
186 
187     public boolean isRequireClientEntropy() {
188         return requireClientEntropy;
189     }
190 
191     protected void setRequireClientEntropy(boolean requireClientEntropy) {
192         this.requireClientEntropy = requireClientEntropy;
193     }
194 
195     public boolean isRequireServerEntropy() {
196         return requireServerEntropy;
197     }
198 
199     protected void setRequireServerEntropy(boolean requireServerEntropy) {
200         this.requireServerEntropy = requireServerEntropy;
201     }
202 
203     public boolean isMustSupportIssuedTokens() {
204         return mustSupportIssuedTokens;
205     }
206 
207     protected void setMustSupportIssuedTokens(boolean mustSupportIssuedTokens) {
208         this.mustSupportIssuedTokens = mustSupportIssuedTokens;
209     }
210 }