View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.model;
20  
21  import org.apache.neethi.Assertion;
22  import org.apache.neethi.Policy;
23  import org.apache.wss4j.policy.SPConstants;
24  import org.w3c.dom.Element;
25  
26  import javax.xml.namespace.QName;
27  import java.util.*;
28  
29  public class UsernameToken extends AbstractToken {
30  
31      public enum PasswordType {
32          NoPassword,
33          HashPassword;
34  
35          private static final Map<String, PasswordType> LOOKUP = new HashMap<>();
36  
37          static {
38              for (PasswordType u : EnumSet.allOf(PasswordType.class)) {
39                  LOOKUP.put(u.name(), u);
40              }
41          }
42  
43          public static PasswordType lookUp(String name) {
44              return LOOKUP.get(name);
45          }
46      }
47  
48      public enum UsernameTokenType {
49          WssUsernameToken10,
50          WssUsernameToken11;
51  
52          private static final Map<String, UsernameTokenType> LOOKUP = new HashMap<>();
53  
54          static {
55              for (UsernameTokenType u : EnumSet.allOf(UsernameTokenType.class)) {
56                  LOOKUP.put(u.name(), u);
57              }
58          }
59  
60          public static UsernameTokenType lookUp(String name) {
61              return LOOKUP.get(name);
62          }
63      }
64  
65      private PasswordType passwordType;
66      private boolean created;
67      private boolean nonce;
68      private UsernameTokenType usernameTokenType;
69  
70      public UsernameToken(SPConstants.SPVersion version, SPConstants.IncludeTokenType includeTokenType,
71                           Element issuer, String issuerName, Element claims, Policy nestedPolicy) {
72          super(version, includeTokenType, issuer, issuerName, claims, nestedPolicy);
73  
74          parseNestedPolicy(nestedPolicy, this);
75      }
76  
77      @Override
78      public QName getName() {
79          return getVersion().getSPConstants().getUsernameToken();
80      }
81  
82      @Override
83      public boolean equals(Object object) {
84          if (object == this) {
85              return true;
86          }
87          if (!(object instanceof UsernameToken)) {
88              return false;
89          }
90  
91          UsernameToken that = (UsernameToken)object;
92          if (passwordType != that.passwordType || usernameTokenType != that.usernameTokenType) {
93              return false;
94          }
95          if (created != that.created || nonce != that.nonce) {
96              return false;
97          }
98  
99          return super.equals(object);
100     }
101 
102     @Override
103     public int hashCode() {
104         int result = 17;
105         if (passwordType != null) {
106             result = 31 * result + passwordType.hashCode();
107         }
108         if (usernameTokenType != null) {
109             result = 31 * result + usernameTokenType.hashCode();
110         }
111         result = 31 * result + Boolean.hashCode(created);
112         result = 31 * result + Boolean.hashCode(nonce);
113 
114         return 31 * result + super.hashCode();
115     }
116 
117     @Override
118     protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
119         return new UsernameToken(getVersion(), getIncludeTokenType(), getIssuer(),
120                                  getIssuerName(), getClaims(), nestedPolicy);
121     }
122 
123     protected void parseNestedPolicy(Policy nestedPolicy, UsernameToken usernameToken) {
124         Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
125         //we just process the first alternative
126         //this means that if we have a compact policy only the first alternative is visible
127         //in contrary to a normalized policy where just one alternative exists
128         if (alternatives.hasNext()) {
129             List<Assertion> assertions = alternatives.next();
130             for (Assertion assertion : assertions) {
131                 String assertionName = assertion.getName().getLocalPart();
132                 String assertionNamespace = assertion.getName().getNamespaceURI();
133                 PasswordType passwordType = PasswordType.lookUp(assertionName);
134                 if (passwordType != null) {
135                     if (usernameToken.getPasswordType() != null) {
136                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
137                     }
138                     usernameToken.setPasswordType(passwordType);
139                     continue;
140                 }
141                 if (getVersion().getSPConstants().getCreated().getLocalPart().equals(assertionName)
142                         && getVersion().getSPConstants().getCreated().getNamespaceURI().equals(assertionNamespace)) {
143                     if (usernameToken.isCreated()) {
144                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
145                     }
146                     usernameToken.setCreated(true);
147                     continue;
148                 }
149                 if (getVersion().getSPConstants().getNonce().getLocalPart().equals(assertionName)
150                         && getVersion().getSPConstants().getNonce().getNamespaceURI().equals(assertionNamespace)) {
151                     if (usernameToken.isNonce()) {
152                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
153                     }
154                     usernameToken.setNonce(true);
155                     continue;
156                 }
157                 DerivedKeys derivedKeys = DerivedKeys.lookUp(assertionName);
158                 if (derivedKeys != null) {
159                     if (usernameToken.getDerivedKeys() != null) {
160                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
161                     }
162                     usernameToken.setDerivedKeys(derivedKeys);
163                     continue;
164                 }
165                 UsernameTokenType usernameTokenType = UsernameTokenType.lookUp(assertionName);
166                 if (usernameTokenType != null) {
167                     if (usernameToken.getUsernameTokenType() != null) {
168                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
169                     }
170                     usernameToken.setUsernameTokenType(usernameTokenType);
171                     continue;
172                 }
173             }
174         }
175     }
176 
177     public PasswordType getPasswordType() {
178         return passwordType;
179     }
180 
181     protected void setPasswordType(PasswordType passwordType) {
182         this.passwordType = passwordType;
183     }
184 
185     public boolean isCreated() {
186         return created;
187     }
188 
189     protected void setCreated(boolean created) {
190         this.created = created;
191     }
192 
193     public boolean isNonce() {
194         return nonce;
195     }
196 
197     protected void setNonce(boolean nonce) {
198         this.nonce = nonce;
199     }
200 
201     public UsernameTokenType getUsernameTokenType() {
202         return usernameTokenType;
203     }
204 
205     protected void setUsernameTokenType(UsernameTokenType usernameTokenType) {
206         this.usernameTokenType = usernameTokenType;
207     }
208 }