1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.stax.assertionStates;
20
21 import org.apache.wss4j.policy.AssertionState;
22 import org.apache.wss4j.common.WSSPolicyException;
23 import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
24 import org.apache.wss4j.policy.model.Layout;
25 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
26 import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
27 import org.apache.wss4j.policy.stax.Assertable;
28 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
29
30 import java.util.ArrayList;
31 import java.util.List;
32
33 public class LayoutAssertionState extends AssertionState implements Assertable {
34
35 private List<SecurityEventConstants.Event> occuredEvents = new ArrayList<>();
36
37 public LayoutAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
38 super(assertion, asserted);
39 }
40
41 @Override
42 public SecurityEventConstants.Event[] getSecurityEventType() {
43 return new SecurityEventConstants.Event[]{
44 WSSecurityEventConstants.USERNAME_TOKEN,
45 WSSecurityEventConstants.ISSUED_TOKEN,
46 SecurityEventConstants.X509Token,
47 WSSecurityEventConstants.KERBEROS_TOKEN,
48 WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN,
49 WSSecurityEventConstants.SAML_TOKEN,
50 WSSecurityEventConstants.REL_TOKEN,
51 WSSecurityEventConstants.HTTPS_TOKEN,
52 SecurityEventConstants.KeyValueToken,
53 WSSecurityEventConstants.TIMESTAMP,
54 };
55 }
56
57 @Override
58 public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
59 Layout layout = (Layout) getAssertion();
60 switch (layout.getLayoutType()) {
61 case Strict:
62
63 break;
64 case Lax:
65
66 break;
67 case LaxTsFirst:
68 if (occuredEvents.isEmpty()
69 && !WSSecurityEventConstants.TIMESTAMP.equals(securityEvent.getSecurityEventType())) {
70 setAsserted(false);
71 setErrorMessage("Policy enforces " + layout.getLayoutType() + " but "
72 + securityEvent.getSecurityEventType() + " occured first");
73 }
74 break;
75 case LaxTsLast:
76 if (occuredEvents.contains(WSSecurityEventConstants.TIMESTAMP)) {
77 setAsserted(false);
78 setErrorMessage("Policy enforces " + layout.getLayoutType() + " but "
79 + securityEvent.getSecurityEventType() + " occured last");
80 }
81 break;
82 }
83 occuredEvents.add(securityEvent.getSecurityEventType());
84 return isAsserted();
85 }
86 }