1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.stax.assertionStates;
20
21 import org.apache.wss4j.policy.AssertionState;
22 import org.apache.wss4j.common.WSSPolicyException;
23 import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
24 import org.apache.wss4j.policy.model.ContentEncryptedElements;
25 import org.apache.wss4j.policy.model.XPath;
26 import org.apache.xml.security.stax.securityEvent.ContentEncryptedElementSecurityEvent;
27 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
28 import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
29 import org.apache.wss4j.policy.stax.Assertable;
30 import org.apache.wss4j.policy.stax.DummyPolicyAsserter;
31 import org.apache.wss4j.policy.stax.PolicyAsserter;
32 import org.apache.wss4j.policy.stax.PolicyUtils;
33 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
34 import org.apache.wss4j.stax.utils.WSSUtils;
35
36 import javax.xml.namespace.QName;
37
38 import java.util.ArrayList;
39 import java.util.Iterator;
40 import java.util.List;
41
42
43
44
45 public class ContentEncryptedElementsAssertionState extends AssertionState implements Assertable {
46
47 private final List<List<QName>> pathElements = new ArrayList<>();
48 private PolicyAsserter policyAsserter;
49
50 public ContentEncryptedElementsAssertionState(AbstractSecurityAssertion assertion,
51 PolicyAsserter policyAsserter,
52 boolean asserted) {
53 super(assertion, asserted);
54
55 ContentEncryptedElements contentEncryptedElements = (ContentEncryptedElements) assertion;
56 for (int i = 0; i < contentEncryptedElements.getXPaths().size(); i++) {
57 XPath xPath = contentEncryptedElements.getXPaths().get(i);
58 List<QName> elements = PolicyUtils.getElementPath(xPath);
59 pathElements.add(elements);
60 }
61
62 this.policyAsserter = policyAsserter;
63 if (this.policyAsserter == null) {
64 this.policyAsserter = new DummyPolicyAsserter();
65 }
66
67 if (asserted) {
68 policyAsserter.assertPolicy(getAssertion());
69 }
70 }
71
72 @Override
73 public SecurityEventConstants.Event[] getSecurityEventType() {
74 return new SecurityEventConstants.Event[]{
75 WSSecurityEventConstants.ContentEncrypted
76 };
77 }
78
79 @Override
80 public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
81 ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = (ContentEncryptedElementSecurityEvent) securityEvent;
82
83 Iterator<List<QName>> pathElementIterator = pathElements.iterator();
84 while (pathElementIterator.hasNext()) {
85 List<QName> pathElements = pathElementIterator.next();
86 if (WSSUtils.pathMatches(pathElements, contentEncryptedElementSecurityEvent.getElementPath())) {
87 if (contentEncryptedElementSecurityEvent.isEncrypted()) {
88 setAsserted(true);
89 policyAsserter.assertPolicy(getAssertion());
90 return true;
91 } else {
92
93 setAsserted(false);
94 setErrorMessage("Content of element " + WSSUtils.pathAsString(contentEncryptedElementSecurityEvent.getElementPath())
95 + " must be encrypted");
96 policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
97 return false;
98 }
99 }
100 }
101
102 policyAsserter.assertPolicy(getAssertion());
103 return true;
104 }
105 }