1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.impl.processor.input;
20
21 import org.apache.wss4j.binding.wssc.AbstractSecurityContextTokenType;
22 import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
23 import org.apache.wss4j.stax.ext.WSSConstants;
24 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
25 import org.apache.wss4j.stax.securityEvent.SecurityContextTokenSecurityEvent;
26 import org.apache.wss4j.stax.validate.SecurityContextTokenValidator;
27 import org.apache.wss4j.stax.validate.SecurityContextTokenValidatorImpl;
28 import org.apache.wss4j.stax.validate.TokenContext;
29 import org.apache.xml.security.exceptions.XMLSecurityException;
30 import org.apache.xml.security.stax.ext.*;
31 import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
32 import org.apache.xml.security.stax.impl.util.IDGenerator;
33 import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
34 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
35
36 import jakarta.xml.bind.JAXBElement;
37 import javax.xml.namespace.QName;
38 import java.util.Deque;
39 import java.util.List;
40
41
42
43
44 public class SecurityContextTokenInputHandler extends AbstractInputSecurityHeaderHandler {
45
46 @Override
47 public void handle(InputProcessorChain inputProcessorChain, final XMLSecurityProperties securityProperties,
48 Deque<XMLSecEvent> eventQueue, Integer index) throws XMLSecurityException {
49
50 JAXBElement<AbstractSecurityContextTokenType> securityContextTokenTypeJAXBElement =
51 parseStructure(eventQueue, index, securityProperties);
52 final AbstractSecurityContextTokenType securityContextTokenType = securityContextTokenTypeJAXBElement.getValue();
53 if (securityContextTokenType.getId() == null) {
54 securityContextTokenType.setId(IDGenerator.generateID(null));
55 }
56
57 final QName identifierElementName = new QName(securityContextTokenTypeJAXBElement.getName().getNamespaceURI(),
58 WSSConstants.TAG_WSC0502_IDENTIFIER.getLocalPart());
59 final String identifier = XMLSecurityUtils.getQNameType(securityContextTokenType.getAny(),
60 identifierElementName);
61
62 final WSInboundSecurityContext wsInboundSecurityContext =
63 (WSInboundSecurityContext) inputProcessorChain.getSecurityContext();
64 final WSSSecurityProperties wssSecurityProperties = (WSSSecurityProperties) securityProperties;
65 final List<XMLSecEvent> xmlSecEvents = getResponsibleXMLSecEvents(eventQueue, index);
66 final List<QName> elementPath = getElementPath(eventQueue);
67
68 final TokenContext tokenContext =
69 new TokenContext(wssSecurityProperties, wsInboundSecurityContext, xmlSecEvents, elementPath);
70
71 final QName elementName = securityContextTokenTypeJAXBElement.getName();
72 SecurityContextTokenValidator securityContextTokenValidator = wssSecurityProperties.getValidator(elementName);
73 if (securityContextTokenValidator == null) {
74 securityContextTokenValidator = new SecurityContextTokenValidatorImpl();
75 }
76 final InboundSecurityToken securityContextToken =
77 securityContextTokenValidator.validate(securityContextTokenType, identifier, tokenContext);
78
79 SecurityTokenProvider<InboundSecurityToken> securityTokenProvider =
80 new SecurityTokenProvider<InboundSecurityToken>() {
81
82 @Override
83 public InboundSecurityToken getSecurityToken() throws XMLSecurityException {
84 return securityContextToken;
85 }
86
87 @Override
88 public String getId() {
89 return securityContextTokenType.getId();
90 }
91 };
92 wsInboundSecurityContext.registerSecurityTokenProvider(securityContextTokenType.getId(), securityTokenProvider);
93
94
95 SecurityTokenProvider<InboundSecurityToken> securityTokenProviderDirectReference =
96 new SecurityTokenProvider<InboundSecurityToken>() {
97
98 @Override
99 public InboundSecurityToken getSecurityToken() throws XMLSecurityException {
100 return securityContextToken;
101 }
102
103 @Override
104 public String getId() {
105 return identifier;
106 }
107 };
108 wsInboundSecurityContext.registerSecurityTokenProvider(identifier, securityTokenProviderDirectReference);
109
110
111 SecurityContextTokenSecurityEvent securityEvent = createTokenSecurityEvent(securityContextTokenType, securityTokenProvider);
112 wsInboundSecurityContext.registerSecurityEvent(securityEvent);
113 }
114
115 private SecurityContextTokenSecurityEvent createTokenSecurityEvent(AbstractSecurityContextTokenType securityContextTokenType,
116 SecurityTokenProvider<InboundSecurityToken> securityTokenProvider)
117 throws XMLSecurityException {
118 SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
119 securityContextTokenSecurityEvent.setSecurityToken(securityTokenProvider.getSecurityToken());
120 securityContextTokenSecurityEvent.setCorrelationID(securityContextTokenType.getId());
121 return securityContextTokenSecurityEvent;
122 }
123
124 }