1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.stax.assertionStates;
20
21 import javax.xml.namespace.QName;
22
23 import org.apache.wss4j.common.WSSPolicyException;
24 import org.apache.wss4j.policy.SPConstants;
25 import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
26 import org.apache.wss4j.policy.model.AbstractToken;
27 import org.apache.wss4j.policy.model.KeyValueToken;
28 import org.apache.wss4j.policy.stax.PolicyAsserter;
29 import org.apache.wss4j.stax.securityToken.RsaKeyValueSecurityToken;
30 import org.apache.wss4j.stax.securityEvent.KeyValueTokenSecurityEvent;
31 import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
32 import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
33 import org.apache.xml.security.stax.securityToken.SecurityToken;
34 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
35
36
37
38
39
40 public class KeyValueTokenAssertionState extends TokenAssertionState {
41
42 public KeyValueTokenAssertionState(AbstractSecurityAssertion assertion, boolean asserted,
43 PolicyAsserter policyAsserter, boolean initiator) {
44 super(assertion, asserted, policyAsserter, initiator);
45
46 if (asserted) {
47 KeyValueToken token = (KeyValueToken) getAssertion();
48 String namespace = token.getName().getNamespaceURI();
49 if (token.isRsaKeyValue()) {
50 getPolicyAsserter().assertPolicy(new QName(namespace, SPConstants.RSA_KEY_VALUE));
51 }
52 }
53 }
54
55 @Override
56 public SecurityEventConstants.Event[] getSecurityEventType() {
57 return new SecurityEventConstants.Event[]{
58 WSSecurityEventConstants.KeyValueToken
59 };
60 }
61
62 @Override
63 public boolean assertToken(TokenSecurityEvent<? extends SecurityToken> tokenSecurityEvent,
64 AbstractToken abstractToken) throws WSSPolicyException {
65 if (!(tokenSecurityEvent instanceof KeyValueTokenSecurityEvent)) {
66 throw new WSSPolicyException("Expected a KeyValueTokenSecurityEvent but got " + tokenSecurityEvent.getClass().getName());
67 }
68
69 KeyValueTokenSecurityEvent keyValueTokenSecurityEvent = (KeyValueTokenSecurityEvent) tokenSecurityEvent;
70 KeyValueToken keyValueToken = (KeyValueToken) abstractToken;
71
72 String namespace = getAssertion().getName().getNamespaceURI();
73 if (keyValueToken.isRsaKeyValue()) {
74 if (!(keyValueTokenSecurityEvent.getSecurityToken() instanceof RsaKeyValueSecurityToken)) {
75 setErrorMessage("Policy enforces that a RsaKeyValue must be present in the KeyValueToken but we got a "
76 + keyValueTokenSecurityEvent.getSecurityToken().getClass().getSimpleName());
77 getPolicyAsserter().unassertPolicy(new QName(namespace, SPConstants.RSA_KEY_VALUE),
78 getErrorMessage());
79 return false;
80 } else {
81 getPolicyAsserter().assertPolicy(new QName(namespace, SPConstants.RSA_KEY_VALUE));
82 }
83 }
84
85
86 getPolicyAsserter().assertPolicy(getAssertion());
87 return true;
88 }
89 }