View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.stax.assertionStates;
20  
21  import org.apache.wss4j.policy.AssertionState;
22  import org.apache.wss4j.common.WSSPolicyException;
23  import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
24  import org.apache.wss4j.policy.model.ContentEncryptedElements;
25  import org.apache.wss4j.policy.model.XPath;
26  import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
27  import org.apache.xml.security.stax.securityEvent.SecurityEvent;
28  import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
29  import org.apache.wss4j.policy.stax.Assertable;
30  import org.apache.wss4j.policy.stax.DummyPolicyAsserter;
31  import org.apache.wss4j.policy.stax.PolicyAsserter;
32  import org.apache.wss4j.policy.stax.PolicyUtils;
33  import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
34  import org.apache.wss4j.stax.utils.WSSUtils;
35  
36  import javax.xml.namespace.QName;
37  
38  import java.util.ArrayList;
39  import java.util.Iterator;
40  import java.util.List;
41  
42  /**
43   * WSP1.3, 4.2.3 ContentEncryptedElements Assertion
44   */
45  public class ContentEncryptedElementsAssertionState extends AssertionState implements Assertable {
46  
47      private final List<List<QName>> pathElements = new ArrayList<>();
48      private PolicyAsserter policyAsserter;
49  
50      public ContentEncryptedElementsAssertionState(AbstractSecurityAssertion assertion,
51                                                    PolicyAsserter policyAsserter,
52                                                    boolean asserted) {
53          super(assertion, asserted);
54  
55          ContentEncryptedElements contentEncryptedElements = (ContentEncryptedElements) assertion;
56          for (int i = 0; i < contentEncryptedElements.getXPaths().size(); i++) {
57              XPath xPath = contentEncryptedElements.getXPaths().get(i);
58              List<QName> elements = PolicyUtils.getElementPath(xPath);
59              pathElements.add(elements);
60          }
61  
62          this.policyAsserter = policyAsserter;
63          if (this.policyAsserter == null) {
64              this.policyAsserter = new DummyPolicyAsserter();
65          }
66  
67          if (asserted) {
68              policyAsserter.assertPolicy(getAssertion());
69          }
70      }
71  
72      @Override
73      public SecurityEventConstants.Event[] getSecurityEventType() {
74          return new SecurityEventConstants.Event[]{
75                  WSSecurityEventConstants.ContentEncrypted
76          };
77      }
78  
79      @Override
80      public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
81          ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = (ContentEncryptedElementSecurityEvent) securityEvent;
82  
83          Iterator<List<QName>> pathElementIterator = pathElements.iterator();
84          while (pathElementIterator.hasNext()) {
85              List<QName> pathElements = pathElementIterator.next();
86              if (WSSUtils.pathMatches(pathElements, contentEncryptedElementSecurityEvent.getElementPath())) {
87                  if (contentEncryptedElementSecurityEvent.isEncrypted()) {
88                      setAsserted(true);
89                      policyAsserter.assertPolicy(getAssertion());
90                      return true;
91                  } else {
92                      //an element must be encrypted but isn't
93                      setAsserted(false);
94                      setErrorMessage("Content of element " + WSSUtils.pathAsString(contentEncryptedElementSecurityEvent.getElementPath())
95                          + " must be encrypted");
96                      policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
97                      return false;
98                  }
99              }
100         }
101         //if we return false here other encrypted elements will trigger a PolicyViolationException
102         policyAsserter.assertPolicy(getAssertion());
103         return true;
104     }
105 }