View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.stax.impl.processor.input;
20  
21  import org.apache.wss4j.binding.wss11.SignatureConfirmationType;
22  import org.apache.wss4j.common.bsp.BSPRule;
23  import org.apache.wss4j.common.ext.WSSecurityException;
24  import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
25  import org.apache.wss4j.stax.securityEvent.SignatureConfirmationSecurityEvent;
26  import org.apache.xml.security.exceptions.XMLSecurityException;
27  import org.apache.xml.security.stax.ext.AbstractInputSecurityHeaderHandler;
28  import org.apache.xml.security.stax.ext.InputProcessorChain;
29  import org.apache.xml.security.stax.ext.XMLSecurityProperties;
30  import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
31  
32  import jakarta.xml.bind.JAXBElement;
33  import java.util.Deque;
34  
35  /**
36   * Processor for the SignatureConfirmation XML Structure
37   */
38  public class SignatureConfirmationInputHandler extends AbstractInputSecurityHeaderHandler {
39  
40      @Override
41      public void handle(final InputProcessorChain inputProcessorChain, final XMLSecurityProperties securityProperties,
42                         Deque<XMLSecEvent> eventQueue, Integer index) throws XMLSecurityException {
43  
44          @SuppressWarnings("unchecked")
45          final SignatureConfirmationType signatureConfirmationType =
46                  ((JAXBElement<SignatureConfirmationType>) parseStructure(eventQueue, index, securityProperties)).getValue();
47  
48          checkBSPCompliance(inputProcessorChain, signatureConfirmationType);
49  
50          inputProcessorChain.getSecurityContext().putAsList(SignatureConfirmationType.class, signatureConfirmationType);
51  
52          //emit a SignatureConfirmationSecurityEvent
53          SignatureConfirmationSecurityEvent signatureConfirmationSecurityEvent = new SignatureConfirmationSecurityEvent();
54          signatureConfirmationSecurityEvent.setSignatureValue(signatureConfirmationType.getValue());
55          inputProcessorChain.getSecurityContext().registerSecurityEvent(signatureConfirmationSecurityEvent);
56      }
57  
58      private void checkBSPCompliance(InputProcessorChain inputProcessorChain, SignatureConfirmationType signatureConfirmationType)
59          throws WSSecurityException {
60          if (signatureConfirmationType.getId() == null) {
61              ((WSInboundSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(BSPRule.R5441);
62          }
63      }
64  }