View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.stax.assertionStates;
20  
21  import org.apache.wss4j.policy.AssertionState;
22  import org.apache.wss4j.common.WSSPolicyException;
23  import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
24  import org.apache.wss4j.policy.model.Layout;
25  import org.apache.xml.security.stax.securityEvent.SecurityEvent;
26  import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
27  import org.apache.wss4j.policy.stax.Assertable;
28  import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
29  
30  import java.util.ArrayList;
31  import java.util.List;
32  
33  public class LayoutAssertionState extends AssertionState implements Assertable {
34  
35      private List<SecurityEventConstants.Event> occuredEvents = new ArrayList<>();
36  
37      public LayoutAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
38          super(assertion, asserted);
39      }
40  
41      @Override
42      public SecurityEventConstants.Event[] getSecurityEventType() {
43          return new SecurityEventConstants.Event[]{
44                  WSSecurityEventConstants.USERNAME_TOKEN,
45                  WSSecurityEventConstants.ISSUED_TOKEN,
46                  SecurityEventConstants.X509Token,
47                  WSSecurityEventConstants.KERBEROS_TOKEN,
48                  WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN,
49                  WSSecurityEventConstants.SAML_TOKEN,
50                  WSSecurityEventConstants.REL_TOKEN,
51                  WSSecurityEventConstants.HTTPS_TOKEN,
52                  SecurityEventConstants.KeyValueToken,
53                  WSSecurityEventConstants.TIMESTAMP,
54          };
55      }
56  
57      @Override
58      public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
59          Layout layout = (Layout) getAssertion();
60          switch (layout.getLayoutType()) {
61              case Strict:
62                  //todo
63                  break;
64              case Lax:
65                  //todo?
66                  break;
67              case LaxTsFirst:
68                  if (occuredEvents.isEmpty()
69                      && !WSSecurityEventConstants.TIMESTAMP.equals(securityEvent.getSecurityEventType())) {
70                      setAsserted(false);
71                      setErrorMessage("Policy enforces " + layout.getLayoutType() + " but "
72                          + securityEvent.getSecurityEventType() + " occured first");
73                  }
74                  break;
75              case LaxTsLast:
76                  if (occuredEvents.contains(WSSecurityEventConstants.TIMESTAMP)) {
77                      setAsserted(false);
78                      setErrorMessage("Policy enforces " + layout.getLayoutType() + " but "
79                          + securityEvent.getSecurityEventType() + " occured last");
80                  }
81                  break;
82          }
83          occuredEvents.add(securityEvent.getSecurityEventType());
84          return isAsserted();
85      }
86  }