View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.stax.assertionStates;
20  
21  import org.apache.wss4j.policy.AssertionState;
22  import org.apache.wss4j.common.WSSPolicyException;
23  import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
24  import org.apache.wss4j.policy.model.SignedElements;
25  import org.apache.wss4j.policy.model.XPath;
26  import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent;
27  import org.apache.xml.security.stax.securityEvent.SecurityEvent;
28  import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
29  import org.apache.wss4j.policy.stax.Assertable;
30  import org.apache.wss4j.policy.stax.DummyPolicyAsserter;
31  import org.apache.wss4j.policy.stax.PolicyAsserter;
32  import org.apache.wss4j.policy.stax.PolicyUtils;
33  import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
34  import org.apache.wss4j.stax.utils.WSSUtils;
35  
36  import javax.xml.namespace.QName;
37  
38  import java.util.ArrayList;
39  import java.util.Iterator;
40  import java.util.List;
41  
42  /**
43   * WSP1.3, 4.1.2 SignedElements Assertion
44   */
45  public class SignedElementsAssertionState extends AssertionState implements Assertable {
46  
47      private final List<List<QName>> pathElements = new ArrayList<>();
48      private PolicyAsserter policyAsserter;
49  
50      public SignedElementsAssertionState(AbstractSecurityAssertion assertion,
51                                          PolicyAsserter policyAsserter,
52                                          boolean asserted) {
53          super(assertion, asserted);
54  
55          if (assertion instanceof SignedElements) {
56              SignedElements signedElements = (SignedElements) assertion;
57              for (int i = 0; i < signedElements.getXPaths().size(); i++) {
58                  XPath xPath = signedElements.getXPaths().get(i);
59                  List<QName> elements = PolicyUtils.getElementPath(xPath);
60                  pathElements.add(elements);
61              }
62          }
63  
64          this.policyAsserter = policyAsserter;
65          if (this.policyAsserter == null) {
66              this.policyAsserter = new DummyPolicyAsserter();
67          }
68  
69          if (asserted) {
70              policyAsserter.assertPolicy(getAssertion());
71          }
72      }
73  
74      @Override
75      public SecurityEventConstants.Event[] getSecurityEventType() {
76          return new SecurityEventConstants.Event[]{
77                  SecurityEventConstants.SignedElement,
78                  WSSecurityEventConstants.SIGNED_PART
79          };
80      }
81  
82      public void addElement(List<QName> pathElement) {
83          this.pathElements.add(pathElement);
84      }
85  
86      @Override
87      public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
88          AbstractSecuredElementSecurityEvent signedSecurityEvent = (AbstractSecuredElementSecurityEvent) securityEvent;
89  
90          Iterator<List<QName>> pathElementIterator = pathElements.iterator();
91          while (pathElementIterator.hasNext()) {
92              List<QName> pathElements = pathElementIterator.next();
93              if (WSSUtils.pathMatches(pathElements, signedSecurityEvent.getElementPath())) {
94                  if (signedSecurityEvent.isSigned()) {
95                      setAsserted(true);
96                      policyAsserter.assertPolicy(getAssertion());
97                      return true;
98                  } else {
99                      //an element must be signed but isn't
100                     setAsserted(false);
101                     setErrorMessage("Element " + WSSUtils.pathAsString(signedSecurityEvent.getElementPath()) + " must be signed");
102                     policyAsserter.unassertPolicy(getAssertion(), getErrorMessage());
103                     return false;
104                 }
105             }
106         }
107         //if we return false here other signed elements will trigger a PolicyViolationException
108         policyAsserter.assertPolicy(getAssertion());
109         return true;
110     }
111 }