View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.stax.impl.processor.input;
20  
21  import org.apache.wss4j.binding.wssc.AbstractSecurityContextTokenType;
22  import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
23  import org.apache.wss4j.stax.ext.WSSConstants;
24  import org.apache.wss4j.stax.ext.WSSSecurityProperties;
25  import org.apache.wss4j.stax.securityEvent.SecurityContextTokenSecurityEvent;
26  import org.apache.wss4j.stax.validate.SecurityContextTokenValidator;
27  import org.apache.wss4j.stax.validate.SecurityContextTokenValidatorImpl;
28  import org.apache.wss4j.stax.validate.TokenContext;
29  import org.apache.xml.security.exceptions.XMLSecurityException;
30  import org.apache.xml.security.stax.ext.*;
31  import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
32  import org.apache.xml.security.stax.impl.util.IDGenerator;
33  import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
34  import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
35  
36  import jakarta.xml.bind.JAXBElement;
37  import javax.xml.namespace.QName;
38  import java.util.Deque;
39  import java.util.List;
40  
41  /**
42   * Processor for the SecurityContextToken XML Structure
43   */
44  public class SecurityContextTokenInputHandler extends AbstractInputSecurityHeaderHandler {
45  
46      @Override
47      public void handle(InputProcessorChain inputProcessorChain, final XMLSecurityProperties securityProperties,
48                         Deque<XMLSecEvent> eventQueue, Integer index) throws XMLSecurityException {
49  
50          JAXBElement<AbstractSecurityContextTokenType> securityContextTokenTypeJAXBElement =
51                  parseStructure(eventQueue, index, securityProperties);
52          final AbstractSecurityContextTokenType securityContextTokenType = securityContextTokenTypeJAXBElement.getValue();
53          if (securityContextTokenType.getId() == null) {
54              securityContextTokenType.setId(IDGenerator.generateID(null));
55          }
56  
57          final QName identifierElementName = new QName(securityContextTokenTypeJAXBElement.getName().getNamespaceURI(),
58                  WSSConstants.TAG_WSC0502_IDENTIFIER.getLocalPart());
59          final String identifier = XMLSecurityUtils.getQNameType(securityContextTokenType.getAny(),
60                  identifierElementName);
61  
62          final WSInboundSecurityContext wsInboundSecurityContext =
63              (WSInboundSecurityContext) inputProcessorChain.getSecurityContext();
64          final WSSSecurityProperties wssSecurityProperties = (WSSSecurityProperties) securityProperties;
65          final List<XMLSecEvent> xmlSecEvents = getResponsibleXMLSecEvents(eventQueue, index);
66          final List<QName> elementPath = getElementPath(eventQueue);
67  
68          final TokenContext tokenContext =
69              new TokenContext(wssSecurityProperties, wsInboundSecurityContext, xmlSecEvents, elementPath);
70  
71          final QName elementName = securityContextTokenTypeJAXBElement.getName();
72          SecurityContextTokenValidator securityContextTokenValidator = wssSecurityProperties.getValidator(elementName);
73          if (securityContextTokenValidator == null) {
74              securityContextTokenValidator = new SecurityContextTokenValidatorImpl();
75          }
76          final InboundSecurityToken securityContextToken =
77                  securityContextTokenValidator.validate(securityContextTokenType, identifier, tokenContext);
78  
79          SecurityTokenProvider<InboundSecurityToken> securityTokenProvider =
80                  new SecurityTokenProvider<InboundSecurityToken>() {
81  
82              @Override
83              public InboundSecurityToken getSecurityToken() throws XMLSecurityException {
84                  return securityContextToken;
85              }
86  
87              @Override
88              public String getId() {
89                  return securityContextTokenType.getId();
90              }
91          };
92          wsInboundSecurityContext.registerSecurityTokenProvider(securityContextTokenType.getId(), securityTokenProvider);
93  
94          //also register a SecurityProvider with the identifier. @see SecurityContexTest#testSCTKDKTSignAbsolute
95          SecurityTokenProvider<InboundSecurityToken> securityTokenProviderDirectReference =
96                  new SecurityTokenProvider<InboundSecurityToken>() {
97  
98              @Override
99              public InboundSecurityToken getSecurityToken() throws XMLSecurityException {
100                 return securityContextToken;
101             }
102 
103             @Override
104             public String getId() {
105                 return identifier;
106             }
107         };
108         wsInboundSecurityContext.registerSecurityTokenProvider(identifier, securityTokenProviderDirectReference);
109 
110         //fire a tokenSecurityEvent
111         SecurityContextTokenSecurityEvent securityEvent = createTokenSecurityEvent(securityContextTokenType, securityTokenProvider);
112         wsInboundSecurityContext.registerSecurityEvent(securityEvent);
113     }
114 
115     private SecurityContextTokenSecurityEvent createTokenSecurityEvent(AbstractSecurityContextTokenType securityContextTokenType,
116                                                                        SecurityTokenProvider<InboundSecurityToken> securityTokenProvider)
117             throws XMLSecurityException {
118         SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent();
119         securityContextTokenSecurityEvent.setSecurityToken(securityTokenProvider.getSecurityToken());
120         securityContextTokenSecurityEvent.setCorrelationID(securityContextTokenType.getId());
121         return securityContextTokenSecurityEvent;
122     }
123 
124 }