View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.model;
20  
21  import java.util.Iterator;
22  import java.util.List;
23  
24  import javax.xml.namespace.QName;
25  
26  import org.apache.neethi.Assertion;
27  import org.apache.neethi.Policy;
28  import org.apache.wss4j.policy.SPConstants;
29  
30  public class Trust13 extends Trust10 {
31  
32      private boolean requireRequestSecurityTokenCollection;
33      private boolean requireAppliesTo;
34      private boolean scopePolicy15;
35      private boolean mustSupportInteractiveChallenge;
36  
37      public Trust13(SPConstants.SPVersion version, Policy nestedPolicy) {
38          super(version, nestedPolicy);
39  
40          parseNestedTrust13Policy(nestedPolicy, this);
41      }
42  
43      @Override
44      public QName getName() {
45          return getVersion().getSPConstants().getTrust13();
46      }
47  
48      @Override
49      public boolean equals(Object object) {
50          if (object == this) {
51              return true;
52          }
53          if (!(object instanceof Trust13)) {
54              return false;
55          }
56  
57          Trust13 that = (Trust13)object;
58          if (requireRequestSecurityTokenCollection != that.requireRequestSecurityTokenCollection
59              || requireAppliesTo != that.requireAppliesTo
60              || scopePolicy15 != that.scopePolicy15
61              || mustSupportInteractiveChallenge != that.mustSupportInteractiveChallenge) {
62              return false;
63          }
64  
65          return super.equals(object);
66      }
67  
68      @Override
69      public int hashCode() {
70          int result = 17;
71          result = 31 * result + Boolean.hashCode(requireRequestSecurityTokenCollection);
72          result = 31 * result + Boolean.hashCode(requireAppliesTo);
73          result = 31 * result + Boolean.hashCode(scopePolicy15);
74          result = 31 * result + Boolean.hashCode(mustSupportInteractiveChallenge);
75  
76          return 31 * result + super.hashCode();
77      }
78  
79      @Override
80      protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
81          return new Trust13(getVersion(), nestedPolicy);
82      }
83  
84      protected void parseNestedTrust13Policy(Policy nestedPolicy, Trust13 trust13) {
85          Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
86          //we just process the first alternative
87          //this means that if we have a compact policy only the first alternative is visible
88          //in contrary to a normalized policy where just one alternative exists
89          if (alternatives.hasNext()) {
90              List<Assertion> assertions = alternatives.next();
91              for (Assertion assertion : assertions) {
92                  String assertionName = assertion.getName().getLocalPart();
93                  String assertionNamespace = assertion.getName().getNamespaceURI();
94  
95                  QName requireRSTC = getVersion().getSPConstants().getRequireRequestSecurityTokenCollection();
96                  if (requireRSTC.getLocalPart().equals(assertionName)
97                      && requireRSTC.getNamespaceURI().equals(assertionNamespace)) {
98                      if (trust13.isRequireRequestSecurityTokenCollection()) {
99                          throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
100                     }
101                     trust13.setRequireRequestSecurityTokenCollection(true);
102                     continue;
103                 }
104 
105                 QName requireAppliesTo = getVersion().getSPConstants().getRequireAppliesTo();
106                 if (requireAppliesTo.getLocalPart().equals(assertionName)
107                     && requireAppliesTo.getNamespaceURI().equals(assertionNamespace)) {
108                     if (trust13.isRequireAppliesTo()) {
109                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
110                     }
111                     trust13.setRequireAppliesTo(true);
112                     continue;
113                 }
114 
115                 QName scopePolicy15 = getVersion().getSPConstants().getScopePolicy15();
116                 if (scopePolicy15.getLocalPart().equals(assertionName)
117                     && scopePolicy15.getNamespaceURI().equals(assertionNamespace)) {
118                     if (trust13.isScopePolicy15()) {
119                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
120                     }
121                     trust13.setScopePolicy15(true);
122                     continue;
123                 }
124 
125                 QName supportInteractiveChallenge =
126                     getVersion().getSPConstants().getMustSupportInteractiveChallenge();
127                 if (supportInteractiveChallenge.getLocalPart().equals(assertionName)
128                     && supportInteractiveChallenge.getNamespaceURI().equals(assertionNamespace)) {
129                     if (trust13.isMustSupportInteractiveChallenge()) {
130                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
131                     }
132                     trust13.setMustSupportInteractiveChallenge(true);
133                     continue;
134                 }
135             }
136         }
137     }
138 
139     public boolean isRequireRequestSecurityTokenCollection() {
140         return requireRequestSecurityTokenCollection;
141     }
142 
143     protected void setRequireRequestSecurityTokenCollection(boolean requireRequestSecurityTokenCollection) {
144         this.requireRequestSecurityTokenCollection = requireRequestSecurityTokenCollection;
145     }
146 
147     public boolean isRequireAppliesTo() {
148         return requireAppliesTo;
149     }
150 
151     protected void setRequireAppliesTo(boolean requireAppliesTo) {
152         this.requireAppliesTo = requireAppliesTo;
153     }
154 
155     public boolean isScopePolicy15() {
156         return scopePolicy15;
157     }
158 
159     protected void setScopePolicy15(boolean scopePolicy15) {
160         this.scopePolicy15 = scopePolicy15;
161     }
162 
163     public boolean isMustSupportInteractiveChallenge() {
164         return mustSupportInteractiveChallenge;
165     }
166 
167     protected void setMustSupportInteractiveChallenge(boolean mustSupportInteractiveChallenge) {
168         this.mustSupportInteractiveChallenge = mustSupportInteractiveChallenge;
169     }
170 }