1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.stax.setup;
20
21 import java.nio.charset.StandardCharsets;
22 import java.util.Collections;
23 import java.util.Iterator;
24 import java.util.List;
25
26 import javax.xml.parsers.ParserConfigurationException;
27 import javax.xml.stream.XMLInputFactory;
28 import javax.xml.stream.XMLStreamException;
29 import javax.xml.stream.XMLStreamReader;
30
31 import org.apache.wss4j.common.ext.WSSecurityException;
32 import org.apache.wss4j.stax.ext.DocumentCreatorImpl;
33 import org.apache.wss4j.stax.ext.WSSConstants;
34 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
35 import org.apache.wss4j.stax.impl.InboundWSSecurityContextImpl;
36 import org.apache.wss4j.stax.impl.WSSecurityStreamReader;
37 import org.apache.wss4j.stax.impl.processor.input.OperationInputProcessor;
38 import org.apache.wss4j.stax.impl.processor.input.SecurityHeaderInputProcessor;
39 import org.apache.wss4j.stax.impl.processor.input.SignatureConfirmationInputProcessor;
40 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
41 import org.apache.xml.security.exceptions.XMLSecurityException;
42 import org.apache.xml.security.stax.ext.InputProcessor;
43 import org.apache.xml.security.stax.impl.DocumentContextImpl;
44 import org.apache.xml.security.stax.impl.InputProcessorChainImpl;
45 import org.apache.xml.security.stax.impl.processor.input.LogInputProcessor;
46 import org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor;
47 import org.apache.xml.security.stax.impl.util.IDGenerator;
48 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
49 import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
50 import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
51 import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
52 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
53
54
55
56
57
58 public class InboundWSSec {
59
60 protected static final transient org.slf4j.Logger LOG =
61 org.slf4j.LoggerFactory.getLogger(InboundWSSec.class);
62
63 private static final XMLInputFactory XML_INPUT_FACTORY = XMLInputFactory.newInstance();
64
65 static {
66 XML_INPUT_FACTORY.setProperty(XMLInputFactory.SUPPORT_DTD, false);
67 XML_INPUT_FACTORY.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
68 try {
69 XML_INPUT_FACTORY.setProperty("org.codehaus.stax2.internNames", true);
70 XML_INPUT_FACTORY.setProperty("org.codehaus.stax2.internNsUris", true);
71 XML_INPUT_FACTORY.setProperty("org.codehaus.stax2.preserveLocation", false);
72 } catch (IllegalArgumentException e) {
73 LOG.debug(e.getMessage(), e);
74
75 }
76 }
77
78 private final WSSSecurityProperties securityProperties;
79 private final boolean initiator;
80 private final boolean returnSecurityError;
81
82 public InboundWSSec(WSSSecurityProperties securityProperties) {
83 this(securityProperties, false, false);
84 }
85
86 public InboundWSSec(WSSSecurityProperties securityProperties, boolean initiator,
87 boolean returnSecurityError) {
88 this.securityProperties = securityProperties;
89 this.initiator = initiator;
90 this.returnSecurityError = returnSecurityError;
91 }
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110 public XMLStreamReader processInMessage(
111 XMLStreamReader xmlStreamReader) throws XMLStreamException, WSSecurityException {
112 return this.processInMessage(xmlStreamReader, null, (SecurityEventListener)null);
113 }
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132 public XMLStreamReader processInMessage(
133 XMLStreamReader xmlStreamReader, List<SecurityEvent> requestSecurityEvents
134 ) throws XMLStreamException, WSSecurityException {
135 return this.processInMessage(xmlStreamReader, requestSecurityEvents, (SecurityEventListener)null);
136 }
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156 public XMLStreamReader processInMessage(
157 XMLStreamReader xmlStreamReader, List<SecurityEvent> requestSecurityEvents,
158 SecurityEventListener securityEventListener) throws XMLStreamException, WSSecurityException {
159 return this.processInMessage(xmlStreamReader, requestSecurityEvents,
160 Collections.singletonList(securityEventListener));
161 }
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180 public XMLStreamReader processInMessage(
181 XMLStreamReader xmlStreamReader, List<SecurityEvent> requestSecurityEvents,
182 List<SecurityEventListener> securityEventListeners) throws XMLStreamException, WSSecurityException {
183
184 if (requestSecurityEvents == null) {
185 requestSecurityEvents = Collections.emptyList();
186 }
187
188 final InboundWSSecurityContextImpl securityContextImpl = new InboundWSSecurityContextImpl();
189 securityContextImpl.putList(SecurityEvent.class, requestSecurityEvents);
190 if (securityEventListeners != null) {
191 for (SecurityEventListener securityEventListener : securityEventListeners) {
192 securityContextImpl.addSecurityEventListener(securityEventListener);
193 }
194 }
195 securityContextImpl.ignoredBSPRules(this.securityProperties.getIgnoredBSPRules());
196 securityContextImpl.setDisableBSPEnforcement(this.securityProperties.isDisableBSPEnforcement());
197 securityContextImpl.setAllowRSA15KeyTransportAlgorithm(this.securityProperties.isAllowRSA15KeyTransportAlgorithm());
198 securityContextImpl.setSoap12(this.securityProperties.isSoap12());
199
200 if (securityProperties.getDocumentCreator() == null) {
201 try {
202 securityProperties.setDocumentCreator(new DocumentCreatorImpl());
203 } catch (ParserConfigurationException e) {
204 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
205 }
206 }
207
208 if (!requestSecurityEvents.isEmpty()) {
209 try {
210 Iterator<SecurityEvent> securityEventIterator = requestSecurityEvents.iterator();
211 while (securityEventIterator.hasNext()) {
212 SecurityEvent securityEvent = securityEventIterator.next();
213 if (securityEvent instanceof TokenSecurityEvent) {
214 @SuppressWarnings("unchecked")
215 final TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent =
216 (TokenSecurityEvent<? extends InboundSecurityToken>)securityEvent;
217
218 if (WSSecurityEventConstants.HTTPS_TOKEN.equals(securityEvent.getSecurityEventType())) {
219 securityContextImpl.registerSecurityEvent(securityEvent);
220 securityContextImpl.put(WSSConstants.TRANSPORT_SECURITY_ACTIVE, Boolean.TRUE);
221 }
222
223 SecurityTokenProvider<InboundSecurityToken> securityTokenProvider =
224 new SecurityTokenProvider<InboundSecurityToken>() {
225
226 private String id;
227
228 @Override
229 public InboundSecurityToken getSecurityToken() throws XMLSecurityException {
230 return tokenSecurityEvent.getSecurityToken();
231 }
232
233 @Override
234 public String getId() {
235 if (this.id == null) {
236 this.id = tokenSecurityEvent.getSecurityToken().getId();
237 if (this.id == null) {
238 this.id = IDGenerator.generateID(null);
239 }
240 }
241 return this.id;
242 }
243 };
244 securityContextImpl.registerSecurityTokenProvider(securityTokenProvider.getId(), securityTokenProvider);
245 }
246 }
247 } catch (XMLSecurityException e) {
248 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
249 }
250 }
251
252 securityContextImpl.put(WSSConstants.XMLINPUTFACTORY, XML_INPUT_FACTORY);
253
254 DocumentContextImpl documentContext = new DocumentContextImpl();
255 documentContext.setEncoding(xmlStreamReader.getEncoding() != null ? xmlStreamReader.getEncoding() : StandardCharsets.UTF_8.name());
256 InputProcessorChainImpl inputProcessorChain = new InputProcessorChainImpl(securityContextImpl, documentContext);
257 inputProcessorChain.addProcessor(new XMLEventReaderInputProcessor(securityProperties, xmlStreamReader));
258 inputProcessorChain.addProcessor(new SecurityHeaderInputProcessor(securityProperties));
259 inputProcessorChain.addProcessor(new OperationInputProcessor(securityProperties));
260
261 if (securityProperties.isEnableSignatureConfirmationVerification()) {
262 inputProcessorChain.addProcessor(new SignatureConfirmationInputProcessor(securityProperties));
263 }
264
265 if (LOG.isTraceEnabled()) {
266 LogInputProcessor logInputProcessor = new LogInputProcessor(securityProperties);
267 logInputProcessor.addAfterProcessor(SecurityHeaderInputProcessor.class.getName());
268 inputProcessorChain.addProcessor(logInputProcessor);
269 }
270
271 List<InputProcessor> additionalInputProcessors = securityProperties.getInputProcessorList();
272 if (!additionalInputProcessors.isEmpty()) {
273 Iterator<InputProcessor> inputProcessorIterator = additionalInputProcessors.iterator();
274 while (inputProcessorIterator.hasNext()) {
275 InputProcessor inputProcessor = inputProcessorIterator.next();
276 inputProcessorChain.addProcessor(inputProcessor);
277 }
278 }
279
280 return new WSSecurityStreamReader(inputProcessorChain, securityProperties, initiator, returnSecurityError);
281 }
282 }