1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.model;
20
21 import org.apache.neethi.Assertion;
22 import org.apache.neethi.Policy;
23 import org.apache.wss4j.policy.SPConstants;
24 import org.apache.wss4j.policy.SPConstants.SPVersion;
25 import org.w3c.dom.Element;
26
27 import javax.xml.namespace.QName;
28
29 import java.util.*;
30
31 public class X509Token extends AbstractToken {
32
33 public enum TokenType {
34 WssX509V1Token10,
35 WssX509V3Token10,
36 WssX509Pkcs7Token10,
37 WssX509PkiPathV1Token10,
38 WssX509V1Token11,
39 WssX509V3Token11,
40 WssX509Pkcs7Token11,
41 WssX509PkiPathV1Token11;
42
43 private static final Map<String, TokenType> LOOKUP = new HashMap<>();
44
45 static {
46 for (TokenType u : EnumSet.allOf(TokenType.class)) {
47 LOOKUP.put(u.name(), u);
48 }
49 }
50
51 public static TokenType lookUp(String name) {
52 return LOOKUP.get(name);
53 }
54 }
55
56 private boolean requireKeyIdentifierReference;
57 private boolean requireIssuerSerialReference;
58 private boolean requireEmbeddedTokenReference;
59 private boolean requireThumbprintReference;
60
61 private TokenType tokenType;
62
63 public X509Token(SPConstants.SPVersion version, SPConstants.IncludeTokenType includeTokenType,
64 Element issuer, String issuerName, Element claims, Policy nestedPolicy) {
65 super(version, includeTokenType, issuer, issuerName, claims, nestedPolicy);
66
67 parseNestedPolicy(nestedPolicy, this);
68 }
69
70 @Override
71 public QName getName() {
72 return getVersion().getSPConstants().getX509Token();
73 }
74
75 @Override
76 public boolean equals(Object object) {
77 if (object == this) {
78 return true;
79 }
80 if (!(object instanceof X509Token)) {
81 return false;
82 }
83
84 X509Token that = (X509Token)object;
85 if (tokenType != that.tokenType) {
86 return false;
87 }
88 if (requireKeyIdentifierReference != that.requireKeyIdentifierReference
89 || requireIssuerSerialReference != that.requireIssuerSerialReference
90 || requireEmbeddedTokenReference != that.requireEmbeddedTokenReference
91 || requireThumbprintReference != that.requireThumbprintReference) {
92 return false;
93 }
94
95 return super.equals(object);
96 }
97
98 @Override
99 public int hashCode() {
100 int result = 17;
101 if (tokenType != null) {
102 result = 31 * result + tokenType.hashCode();
103 }
104 result = 31 * result + Boolean.hashCode(requireKeyIdentifierReference);
105 result = 31 * result + Boolean.hashCode(requireIssuerSerialReference);
106 result = 31 * result + Boolean.hashCode(requireEmbeddedTokenReference);
107 result = 31 * result + Boolean.hashCode(requireThumbprintReference);
108
109 return 31 * result + super.hashCode();
110 }
111
112 @Override
113 protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
114 return new X509Token(getVersion(), getIncludeTokenType(), getIssuer(), getIssuerName(),
115 getClaims(), nestedPolicy);
116 }
117
118 protected void parseNestedPolicy(Policy nestedPolicy, X509Token x509Token) {
119 Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
120
121
122
123 if (alternatives.hasNext()) {
124 List<Assertion> assertions = alternatives.next();
125 for (Assertion assertion : assertions) {
126 String assertionName = assertion.getName().getLocalPart();
127 String assertionNamespace = assertion.getName().getNamespaceURI();
128 DerivedKeys derivedKeys = DerivedKeys.lookUp(assertionName);
129 if (derivedKeys != null) {
130 if (x509Token.getDerivedKeys() != null) {
131 throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
132 }
133 x509Token.setDerivedKeys(derivedKeys);
134 continue;
135 }
136 TokenType tokenType = TokenType.lookUp(assertionName);
137 if (tokenType != null) {
138 if (x509Token.getTokenType() != null) {
139 throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
140 }
141 if (TokenType.WssX509V1Token10 == tokenType && SPVersion.SP11 != getVersion()) {
142 throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
143 }
144 x509Token.setTokenType(tokenType);
145 continue;
146 }
147
148 QName requireKeyIdentifierRef =
149 getVersion().getSPConstants().getRequireKeyIdentifierReference();
150 QName requireIssuerSerialRef =
151 getVersion().getSPConstants().getRequireIssuerSerialReference();
152 QName requireEmbeddedRef =
153 getVersion().getSPConstants().getRequireEmbeddedTokenReference();
154 QName requireThumbprintRef =
155 getVersion().getSPConstants().getRequireThumbprintReference();
156 if (requireKeyIdentifierRef.getLocalPart().equals(assertionName)
157 && requireKeyIdentifierRef.getNamespaceURI().equals(assertionNamespace)) {
158 if (x509Token.isRequireKeyIdentifierReference()) {
159 throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
160 }
161 x509Token.setRequireKeyIdentifierReference(true);
162 continue;
163 } else if (requireIssuerSerialRef.getLocalPart().equals(assertionName)
164 && requireIssuerSerialRef.getNamespaceURI().equals(assertionNamespace)) {
165 if (x509Token.isRequireIssuerSerialReference()) {
166 throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
167 }
168 x509Token.setRequireIssuerSerialReference(true);
169 continue;
170 } else if (requireEmbeddedRef.getLocalPart().equals(assertionName)
171 && requireEmbeddedRef.getNamespaceURI().equals(assertionNamespace)) {
172 if (x509Token.isRequireEmbeddedTokenReference()) {
173 throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
174 }
175 x509Token.setRequireEmbeddedTokenReference(true);
176 continue;
177 } else if (requireThumbprintRef.getLocalPart().equals(assertionName)
178 && requireThumbprintRef.getNamespaceURI().equals(assertionNamespace)) {
179 if (x509Token.isRequireThumbprintReference()) {
180 throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
181 }
182 x509Token.setRequireThumbprintReference(true);
183 continue;
184
185 }
186 }
187 }
188 }
189
190 public boolean isRequireKeyIdentifierReference() {
191 return requireKeyIdentifierReference;
192 }
193
194 protected void setRequireKeyIdentifierReference(boolean requireKeyIdentifierReference) {
195 this.requireKeyIdentifierReference = requireKeyIdentifierReference;
196 }
197
198 public boolean isRequireIssuerSerialReference() {
199 return requireIssuerSerialReference;
200 }
201
202 protected void setRequireIssuerSerialReference(boolean requireIssuerSerialReference) {
203 this.requireIssuerSerialReference = requireIssuerSerialReference;
204 }
205
206 public boolean isRequireEmbeddedTokenReference() {
207 return requireEmbeddedTokenReference;
208 }
209
210 protected void setRequireEmbeddedTokenReference(boolean requireEmbeddedTokenReference) {
211 this.requireEmbeddedTokenReference = requireEmbeddedTokenReference;
212 }
213
214 public boolean isRequireThumbprintReference() {
215 return requireThumbprintReference;
216 }
217
218 protected void setRequireThumbprintReference(boolean requireThumbprintReference) {
219 this.requireThumbprintReference = requireThumbprintReference;
220 }
221
222 public TokenType getTokenType() {
223 return tokenType;
224 }
225
226 protected void setTokenType(TokenType tokenType) {
227 this.tokenType = tokenType;
228 }
229 }