View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.stax.assertionStates;
20  
21  import org.apache.wss4j.policy.AssertionState;
22  import org.apache.wss4j.common.WSSPolicyException;
23  import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
24  import org.apache.wss4j.policy.model.EncryptedElements;
25  import org.apache.wss4j.policy.model.XPath;
26  import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent;
27  import org.apache.xml.security.stax.securityEvent.SecurityEvent;
28  import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
29  import org.apache.wss4j.policy.stax.Assertable;
30  import org.apache.wss4j.policy.stax.DummyPolicyAsserter;
31  import org.apache.wss4j.policy.stax.PolicyAsserter;
32  import org.apache.wss4j.policy.stax.PolicyUtils;
33  import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
34  import org.apache.wss4j.stax.utils.WSSUtils;
35  
36  import javax.xml.namespace.QName;
37  
38  import java.util.ArrayList;
39  import java.util.Iterator;
40  import java.util.List;
41  
42  /**
43   * WSP1.3, 4.2.2 EncryptedElements Assertion
44   */
45  public class EncryptedElementsAssertionState extends AssertionState implements Assertable {
46  
47      private final List<List<QName>> pathElements = new ArrayList<>();
48      private PolicyAsserter policyAsserter;
49  
50      public EncryptedElementsAssertionState(AbstractSecurityAssertion assertion,
51                                             PolicyAsserter policyAsserter,
52                                             boolean asserted) {
53          super(assertion, asserted);
54  
55          EncryptedElements encryptedElements = (EncryptedElements) assertion;
56          for (int i = 0; i < encryptedElements.getXPaths().size(); i++) {
57              XPath xPath = encryptedElements.getXPaths().get(i);
58              List<QName> elements = PolicyUtils.getElementPath(xPath);
59              pathElements.add(elements);
60          }
61  
62          this.policyAsserter = policyAsserter;
63          if (this.policyAsserter == null) {
64              this.policyAsserter = new DummyPolicyAsserter();
65          }
66  
67          if (asserted) {
68              policyAsserter.assertPolicy(getAssertion());
69          }
70      }
71  
72      @Override
73      public SecurityEventConstants.Event[] getSecurityEventType() {
74          return new SecurityEventConstants.Event[]{
75                  WSSecurityEventConstants.EncryptedElement,
76                  WSSecurityEventConstants.ENCRYPTED_PART
77          };
78      }
79  
80      @Override
81      public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
82          AbstractSecuredElementSecurityEvent encryptedElementSecurityEvent =
83              (AbstractSecuredElementSecurityEvent) securityEvent;
84  
85          Iterator<List<QName>> pathElementIterator = pathElements.iterator();
86          while (pathElementIterator.hasNext()) {
87              List<QName> pathElements = pathElementIterator.next();
88              if (WSSUtils.pathMatches(pathElements, encryptedElementSecurityEvent.getElementPath())) {
89                  if (encryptedElementSecurityEvent.isEncrypted()) {
90                      setAsserted(true);
91                      policyAsserter.assertPolicy(getAssertion());
92                      return true;
93                  } else {
94                      //an element must be encrypted but isn't
95                      setAsserted(false);
96                      setErrorMessage("Element " + WSSUtils.pathAsString(encryptedElementSecurityEvent.getElementPath())
97                          + " must be encrypted");
98                      policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
99                      return false;
100                 }
101             }
102         }
103         //if we return false here other encrypted elements will trigger a PolicyViolationException
104         policyAsserter.assertPolicy(getAssertion());
105         return true;
106     }
107 }