Google Git
Sign in
apache / axis-site / 3093048f5b6dcd87d976050a42adfd57786946ac / . / axis2 / java / rampart / code-coverage / org.apache.rampart.builder / BindingBuilder.java.html
blob: 7f7d2f1fc5676f1a5e46282acc8c71e19a1e3a00 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../.resources/report.css" type="text/css"/><link rel="shortcut icon" href="../.resources/report.gif" type="image/gif"/><title>BindingBuilder.java</title><link rel="stylesheet" href="../.resources/prettify.css" type="text/css"/><script type="text/javascript" src="../.resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../.sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Coverage Report</a> &gt; <a href="index.source.html" class="el_package">org.apache.rampart.builder</a> &gt; <span class="el_source">BindingBuilder.java</span></div><h1>BindingBuilder.java</h1><pre class="source lang-java linenums">/*
* Copyright 2004,2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an &quot;AS IS&quot; BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.rampart.builder;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.client.Options;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.EncryptedKeyToken;
import org.apache.rahas.SimpleTokenStore;
import org.apache.rahas.TrustException;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.SupportingPolicyData;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.Constants;
import org.apache.ws.secpolicy.SPConstants;
import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.UsernameToken;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecSignatureConfirmation;
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.crypto.dsig.Reference;
import java.io.IOException;
import java.util.*;
import java.util.Map.Entry;
<span class="fc" id="L69">public abstract class BindingBuilder {</span>
<span class="fc" id="L70"> private static Log log = LogFactory.getLog(BindingBuilder.class);</span>
private Element insertionLocation;
<span class="fc" id="L74"> protected String mainSigId = null;</span>
<span class="fc" id="L76"> protected ArrayList&lt;String&gt; encryptedTokensIdList = new ArrayList&lt;String&gt;();</span>
protected Element timestampElement;
protected Element mainRefListElement;
/**
* @param rmd
*/
protected void addTimestamp(RampartMessageData rmd) {
<span class="fc" id="L87"> log.debug(&quot;Adding timestamp&quot;);</span>
<span class="fc" id="L89"> WSSecTimestamp timestampBuilder = new WSSecTimestamp();</span>
<span class="fc" id="L90"> timestampBuilder.setWsConfig(rmd.getConfig());</span>
<span class="fc" id="L92"> timestampBuilder.setTimeToLive(RampartUtil.getTimeToLive(rmd));</span>
// add the Timestamp to the SOAP Enevelope
<span class="fc" id="L96"> timestampBuilder.build(rmd.getDocument(), rmd</span>
.getSecHeader());
<span class="pc bpc" id="L99" title="1 of 2 branches missed."> if (log.isDebugEnabled()) {</span>
<span class="nc" id="L100"> log.debug(&quot;Timestamp id: &quot; + timestampBuilder.getId());</span>
}
<span class="fc" id="L102"> rmd.setTimestampId(timestampBuilder.getId());</span>
<span class="fc" id="L104"> this.timestampElement = timestampBuilder.getElement();</span>
<span class="fc" id="L105"> log.debug(&quot;Adding timestamp: DONE&quot;);</span>
<span class="fc" id="L106"> }</span>
/**
* Add a UsernameToken to the security header
* @param rmd
* @return The &lt;code&gt;WSSecUsernameToken&lt;/code&gt; instance
* @throws RampartException
*/
protected WSSecUsernameToken addUsernameToken(RampartMessageData rmd, UsernameToken token) throws RampartException {
<span class="fc" id="L116"> log.debug(&quot;Adding a UsernameToken&quot;);</span>
<span class="fc" id="L118"> RampartPolicyData rpd = rmd.getPolicyData();</span>
//Get the user
//First try options
<span class="fc" id="L122"> Options options = rmd.getMsgContext().getOptions();</span>
<span class="fc" id="L123"> String user = options.getUserName();</span>
<span class="pc bpc" id="L124" title="1 of 4 branches missed."> if(user == null || user.length() == 0) {</span>
//Then try RampartConfig
<span class="pc bpc" id="L126" title="1 of 2 branches missed."> if(rpd.getRampartConfig() != null) {</span>
<span class="fc" id="L127"> user = rpd.getRampartConfig().getUser();</span>
}
}
<span class="pc bpc" id="L131" title="2 of 4 branches missed."> if(user != null &amp;&amp; !&quot;&quot;.equals(user)) {</span>
<span class="pc bpc" id="L132" title="1 of 2 branches missed."> if (log.isDebugEnabled()) {</span>
<span class="nc" id="L133"> log.debug(&quot;User : &quot; + user);</span>
}
// If NoPassword property is set we don't need to set the password
<span class="fc bfc" id="L137" title="All 2 branches covered."> if (token.isNoPassword()) {</span>
<span class="fc" id="L138"> WSSecUsernameToken utBuilder = new WSSecUsernameToken();</span>
<span class="fc" id="L139"> utBuilder.setUserInfo(user, null);</span>
<span class="fc" id="L140"> utBuilder.setPasswordType(null);</span>
<span class="pc bpc" id="L141" title="1 of 2 branches missed."> if (rmd.getConfig() != null) {</span>
<span class="fc" id="L142"> utBuilder.setWsConfig(rmd.getConfig());</span>
}
<span class="fc" id="L144"> return utBuilder;</span>
}
//Get the password
//First check options object for a password
<span class="fc" id="L150"> String password = options.getPassword();</span>
<span class="pc bpc" id="L152" title="1 of 4 branches missed."> if(password == null || password.length() == 0) {</span>
//Then try to get the password from the given callback handler
<span class="fc" id="L155"> CallbackHandler handler = RampartUtil.getPasswordCB(rmd);</span>
<span class="pc bpc" id="L157" title="1 of 2 branches missed."> if(handler == null) {</span>
//If the callback handler is missing
<span class="nc" id="L159"> throw new RampartException(&quot;cbHandlerMissing&quot;);</span>
}
<span class="fc" id="L162"> WSPasswordCallback[] cb = { new WSPasswordCallback(user,</span>
WSPasswordCallback.USERNAME_TOKEN) };
try {
<span class="fc" id="L165"> handler.handle(cb);</span>
<span class="nc" id="L166"> } catch (Exception e) {</span>
<span class="nc" id="L167"> throw new RampartException(&quot;errorInGettingPasswordForUser&quot;, </span>
new String[]{user}, e);
<span class="fc" id="L169"> }</span>
//get the password
<span class="fc" id="L172"> password = cb[0].getPassword();</span>
}
<span class="pc bpc" id="L175" title="2 of 4 branches missed."> if(password != null &amp;&amp; !&quot;&quot;.equals(password)) {</span>
//If the password is available then build the token
<span class="fc" id="L178"> WSSecUsernameToken utBuilder = new WSSecUsernameToken();</span>
<span class="pc bpc" id="L179" title="1 of 2 branches missed."> if(rmd.getConfig() != null) {</span>
<span class="fc" id="L180"> utBuilder.setWsConfig(rmd.getConfig());</span>
}
<span class="fc bfc" id="L182" title="All 2 branches covered."> if (token.isHashPassword()) {</span>
<span class="fc" id="L183"> utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST); </span>
} else {
<span class="fc" id="L185"> utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);</span>
}
<span class="fc" id="L188"> utBuilder.setUserInfo(user, password);</span>
<span class="fc" id="L190"> return utBuilder;</span>
} else {
//If there's no password then throw an exception
<span class="nc" id="L193"> throw new RampartException(&quot;noPasswordForUser&quot;, </span>
new String[]{user});
}
} else {
<span class="nc" id="L198"> log.debug(&quot;No user value specified in the configuration&quot;);</span>
<span class="nc" id="L199"> throw new RampartException(&quot;userMissing&quot;);</span>
}
}
/**
* @param rmd
* @param token
* @return
* @throws RampartException
*/
protected WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rmd, Token token) throws RampartException {
<span class="fc" id="L213"> RampartPolicyData rpd = rmd.getPolicyData();</span>
<span class="fc" id="L214"> Document doc = rmd.getDocument();</span>
<span class="fc" id="L216"> WSSecEncryptedKey encrKey = new WSSecEncryptedKey();</span>
try {
<span class="fc" id="L219"> RampartUtil.setKeyIdentifierType(rmd, encrKey, token);</span>
<span class="fc" id="L220"> RampartUtil.setEncryptionUser(rmd, encrKey);</span>
//TODO we do not need to pass keysize as it is taken from algorithm it self - verify
<span class="fc" id="L223"> encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());</span>
<span class="fc" id="L225"> encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));</span>
<span class="fc" id="L227"> return encrKey;</span>
<span class="nc" id="L228"> } catch (WSSecurityException e) {</span>
<span class="nc" id="L229"> throw new RampartException(&quot;errorCreatingEncryptedKey&quot;, e);</span>
}
}
//Deprecated after 1.5 release
@Deprecated
protected WSSecSignature getSignatureBuider(RampartMessageData rmd,
Token token) throws RampartException {
<span class="nc" id="L237"> return getSignatureBuilder(rmd, token, null);</span>
}
//Deprecated after 1.5 release
@Deprecated
protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token token,
String userCertAlias) throws RampartException {
<span class="nc" id="L244"> return getSignatureBuilder(rmd, token, userCertAlias);</span>
}
protected WSSecSignature getSignatureBuilder(RampartMessageData rmd,
Token token)throws RampartException {
<span class="fc" id="L249"> return getSignatureBuilder(rmd, token, null);</span>
}
protected WSSecSignature getSignatureBuilder(RampartMessageData rmd, Token token,
String userCertAlias) throws RampartException {
<span class="fc" id="L255"> RampartPolicyData rpd = rmd.getPolicyData();</span>
<span class="fc" id="L257"> WSSecSignature sig = new WSSecSignature();</span>
<span class="fc" id="L258"> checkForX509PkiPath(sig, token);</span>
<span class="fc" id="L259"> sig.setWsConfig(rmd.getConfig());</span>
<span class="pc bpc" id="L261" title="1 of 2 branches missed."> if (log.isDebugEnabled()) {</span>
<span class="nc" id="L262"> log.debug(&quot;Token inclusion: &quot; + token.getInclusion());</span>
}
<span class="fc" id="L265"> RampartUtil.setKeyIdentifierType(rmd, sig, token);</span>
<span class="fc" id="L267"> String user = null;</span>
<span class="fc bfc" id="L269" title="All 2 branches covered."> if (userCertAlias != null) {</span>
<span class="fc" id="L270"> user = userCertAlias;</span>
}
// Get the user - First check whether userCertAlias present
<span class="fc" id="L274"> RampartConfig rampartConfig = rpd.getRampartConfig();</span>
<span class="pc bpc" id="L275" title="1 of 2 branches missed."> if(rampartConfig == null) {</span>
<span class="nc" id="L276"> throw new RampartException(&quot;rampartConfigMissing&quot;);</span>
}
<span class="fc bfc" id="L279" title="All 2 branches covered."> if (user == null) {</span>
<span class="fc" id="L280"> user = rampartConfig.getUserCertAlias();</span>
}
// If userCertAlias is not present, use user property as Alias
<span class="fc bfc" id="L285" title="All 2 branches covered."> if (user == null) {</span>
<span class="fc" id="L286"> user = rampartConfig.getUser();</span>
}
<span class="fc" id="L289"> String password = null;</span>
<span class="pc bpc" id="L291" title="2 of 4 branches missed."> if(user != null &amp;&amp; !&quot;&quot;.equals(user)) {</span>
<span class="pc bpc" id="L292" title="1 of 2 branches missed."> if (log.isDebugEnabled()) {</span>
<span class="nc" id="L293"> log.debug(&quot;User : &quot; + user);</span>
}
//Get the password
<span class="fc" id="L297"> CallbackHandler handler = RampartUtil.getPasswordCB(rmd);</span>
<span class="pc bpc" id="L299" title="1 of 2 branches missed."> if(handler == null) {</span>
//If the callback handler is missing
<span class="nc" id="L301"> throw new RampartException(&quot;cbHandlerMissing&quot;);</span>
}
<span class="fc" id="L304"> WSPasswordCallback[] cb = { new WSPasswordCallback(user,</span>
WSPasswordCallback.SIGNATURE) };
try {
<span class="fc" id="L308"> handler.handle(cb);</span>
<span class="pc bpc" id="L309" title="2 of 4 branches missed."> if(cb[0].getPassword() != null &amp;&amp; !&quot;&quot;.equals(cb[0].getPassword())) {</span>
<span class="fc" id="L310"> password = cb[0].getPassword();</span>
<span class="pc bpc" id="L311" title="1 of 2 branches missed."> if (log.isDebugEnabled()) {</span>
<span class="nc" id="L312"> log.debug(&quot;Password : &quot; + password);</span>
}
} else {
//If there's no password then throw an exception
<span class="nc" id="L316"> throw new RampartException(&quot;noPasswordForUser&quot;, </span>
new String[]{user});
}
<span class="nc" id="L319"> } catch (IOException e) {</span>
<span class="nc" id="L320"> throw new RampartException(&quot;errorInGettingPasswordForUser&quot;, </span>
new String[]{user}, e);
<span class="nc" id="L322"> } catch (UnsupportedCallbackException e) {</span>
<span class="nc" id="L323"> throw new RampartException(&quot;errorInGettingPasswordForUser&quot;, </span>
new String[]{user}, e);
<span class="fc" id="L325"> }</span>
<span class="fc" id="L327"> } else {</span>
<span class="nc" id="L328"> log.debug(&quot;No user value specified in the configuration&quot;);</span>
<span class="nc" id="L329"> throw new RampartException(&quot;userMissing&quot;);</span>
}
<span class="fc" id="L332"> sig.setUserInfo(user, password);</span>
<span class="fc" id="L333"> AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();</span>
<span class="fc" id="L334"> sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());</span>
<span class="fc" id="L335"> sig.setSigCanonicalization(algorithmSuite.getInclusiveC14n());</span>
<span class="fc" id="L336"> sig.setDigestAlgo(algorithmSuite.getDigest());</span>
try {
<span class="fc" id="L339"> sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rampartConfig, rmd.getCustomClassLoader()), </span>
rmd.getSecHeader());
<span class="nc" id="L341"> } catch (WSSecurityException e) {</span>
<span class="nc" id="L342"> throw new RampartException(&quot;errorInSignatureWithX509Token&quot;, e);</span>
<span class="fc" id="L343"> }</span>
<span class="fc" id="L345"> return sig;</span>
}
/**
* @param rmd
* @param suppTokens
* @throws RampartException
*/
protected HashMap handleSupportingTokens(RampartMessageData rmd, SupportingToken suppTokens)
throws RampartException {
//Create the list to hold the tokens
// TODO putting different types of objects. Need to figure out a way to add single types of objects
<span class="fc" id="L358"> HashMap endSuppTokMap = new HashMap();</span>
<span class="pc bpc" id="L360" title="1 of 6 branches missed."> if(suppTokens != null &amp;&amp; suppTokens.getTokens() != null &amp;&amp;</span>
suppTokens.getTokens().size() &gt; 0) {
<span class="fc" id="L362"> log.debug(&quot;Processing supporting tokens&quot;);</span>
<span class="fc" id="L364"> ArrayList tokens = suppTokens.getTokens();</span>
<span class="fc bfc" id="L365" title="All 2 branches covered."> for (Object objectToken : tokens) {</span>
<span class="fc" id="L366"> Token token = (Token) objectToken;</span>
<span class="fc" id="L367"> org.apache.rahas.Token endSuppTok = null;</span>
<span class="pc bpc" id="L368" title="1 of 4 branches missed."> if (token instanceof IssuedToken &amp;&amp; rmd.isInitiator()) {</span>
<span class="fc" id="L369"> String id = RampartUtil.getIssuedToken(rmd, (IssuedToken) token);</span>
try {
<span class="fc" id="L371"> endSuppTok = rmd.getTokenStorage().getToken(id);</span>
<span class="nc" id="L372"> } catch (TrustException e) {</span>
<span class="nc" id="L373"> throw new RampartException(&quot;errorInRetrievingTokenId&quot;,</span>
new String[]{id}, e);
<span class="fc" id="L375"> }</span>
<span class="pc bpc" id="L377" title="1 of 2 branches missed."> if (endSuppTok == null) {</span>
<span class="nc" id="L378"> throw new RampartException(&quot;errorInRetrievingTokenId&quot;,</span>
new String[]{id});
}
//Add the token to the header
<span class="fc" id="L383"> Element siblingElem = RampartUtil</span>
.insertSiblingAfter(rmd, this.getInsertionLocation(),
(Element) endSuppTok.getToken());
<span class="fc" id="L386"> this.setInsertionLocation(siblingElem);</span>
<span class="pc bpc" id="L388" title="1 of 2 branches missed."> if (suppTokens.isEncryptedToken()) {</span>
<span class="nc" id="L389"> this.encryptedTokensIdList.add(endSuppTok.getId());</span>
}
//Add the extracted token
<span class="fc" id="L393"> endSuppTokMap.put(token, endSuppTok);</span>
<span class="fc bfc" id="L395" title="All 2 branches covered."> } else if (token instanceof X509Token) {</span>
//We have to use a cert
//Prepare X509 signature
<span class="fc" id="L399"> WSSecSignature sig = this.getSignatureBuilder(rmd, token);</span>
<span class="fc" id="L400"> Element bstElem = sig.getBinarySecurityTokenElement();</span>
<span class="pc bpc" id="L401" title="1 of 2 branches missed."> if (bstElem != null) {</span>
<span class="fc" id="L402"> bstElem = RampartUtil.insertSiblingAfter(rmd,</span>
this.getInsertionLocation(), bstElem);
<span class="fc" id="L404"> this.setInsertionLocation(bstElem);</span>
<span class="fc" id="L406"> SupportingPolicyData supportingPolcy = new SupportingPolicyData();</span>
<span class="fc" id="L407"> supportingPolcy.build(suppTokens);</span>
<span class="fc" id="L408"> supportingPolcy.setSignatureToken(token);</span>
<span class="fc" id="L409"> supportingPolcy.setEncryptionToken(token);</span>
<span class="fc" id="L410"> rmd.getPolicyData().addSupportingPolicyData(supportingPolcy);</span>
<span class="fc bfc" id="L412" title="All 2 branches covered."> if (suppTokens.isEncryptedToken()) {</span>
<span class="fc" id="L413"> this.encryptedTokensIdList.add(sig.getBSTTokenId());</span>
}
}
<span class="fc" id="L416"> endSuppTokMap.put(token, sig);</span>
<span class="pc bpc" id="L418" title="1 of 2 branches missed."> } else if (token instanceof UsernameToken) {</span>
<span class="fc" id="L419"> WSSecUsernameToken utBuilder = addUsernameToken(rmd, (UsernameToken) token);</span>
<span class="fc" id="L421"> utBuilder.prepare(rmd.getDocument());</span>
//Add the UT
<span class="fc" id="L424"> Element elem = utBuilder.getUsernameTokenElement();</span>
<span class="fc" id="L425"> elem = RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), elem);</span>
<span class="fc bfc" id="L427" title="All 2 branches covered."> if (suppTokens.isEncryptedToken()) {</span>
<span class="fc" id="L428"> encryptedTokensIdList.add(utBuilder.getId());</span>
}
//Move the insert location to the next element
<span class="fc" id="L432"> this.setInsertionLocation(elem);</span>
<span class="fc" id="L433"> Date now = new Date();</span>
try {
<span class="fc" id="L435"> org.apache.rahas.Token tempTok = new org.apache.rahas.Token(</span>
utBuilder.getId(), (OMElement) elem, now,
new Date(now.getTime() + 300000));
<span class="fc" id="L438"> endSuppTokMap.put(token, tempTok);</span>
<span class="nc" id="L439"> } catch (TrustException e) {</span>
<span class="nc" id="L440"> throw new RampartException(&quot;errorCreatingRahasToken&quot;, e);</span>
<span class="fc" id="L441"> }</span>
}
<span class="fc" id="L443"> }</span>
}
<span class="fc" id="L446"> return endSuppTokMap;</span>
}
/**
* @param tokenMap
* @param sigParts
* @throws RampartException
*/
protected List&lt;WSEncryptionPart&gt; addSignatureParts(HashMap tokenMap, List&lt;WSEncryptionPart&gt; sigParts)
throws RampartException {
<span class="fc" id="L456"> Set entrySet = tokenMap.entrySet();</span>
<span class="fc bfc" id="L458" title="All 2 branches covered."> for (Object anEntrySet : entrySet) {</span>
<span class="fc" id="L459"> Object tempTok = ((Entry) anEntrySet).getValue();</span>
<span class="fc" id="L460"> WSEncryptionPart part = null;</span>
<span class="fc bfc" id="L462" title="All 2 branches covered."> if (tempTok instanceof org.apache.rahas.Token) {</span>
<span class="fc" id="L464"> part = new WSEncryptionPart(</span>
((org.apache.rahas.Token) tempTok).getId());
<span class="pc bpc" id="L467" title="1 of 2 branches missed."> } else if (tempTok instanceof WSSecSignature) {</span>
<span class="fc" id="L468"> WSSecSignature tempSig = (WSSecSignature) tempTok;</span>
<span class="pc bpc" id="L469" title="1 of 2 branches missed."> if (tempSig.getBSTTokenId() != null) {</span>
<span class="fc" id="L470"> part = new WSEncryptionPart(tempSig.getBSTTokenId());</span>
}
<span class="fc" id="L472"> } else {</span>
<span class="nc" id="L474"> throw new RampartException(&quot;UnsupportedTokenInSupportingToken&quot;);</span>
}
<span class="fc" id="L476"> sigParts.add(part);</span>
<span class="fc" id="L477"> }</span>
<span class="fc" id="L479"> return sigParts;</span>
}
public Element getInsertionLocation() {
<span class="fc" id="L484"> return insertionLocation;</span>
}
public void setInsertionLocation(Element insertionLocation) {
<span class="fc" id="L488"> this.insertionLocation = insertionLocation;</span>
<span class="fc" id="L489"> }</span>
protected List&lt;byte[]&gt; doEndorsedSignatures(RampartMessageData rmd, HashMap tokenMap) throws RampartException {
<span class="fc" id="L494"> Set tokenSet = tokenMap.keySet();</span>
<span class="fc" id="L496"> List&lt;byte[]&gt; sigValues = new ArrayList&lt;byte[]&gt;();</span>
<span class="fc bfc" id="L498" title="All 2 branches covered."> for (Object aTokenSet : tokenSet) {</span>
<span class="fc" id="L500"> Token token = (Token) aTokenSet;</span>
<span class="fc" id="L502"> Object tempTok = tokenMap.get(token);</span>
// Migrating to a list
<span class="fc" id="L505"> List&lt;WSEncryptionPart&gt; sigParts = new ArrayList&lt;WSEncryptionPart&gt;();</span>
<span class="fc" id="L506"> sigParts.add(new WSEncryptionPart(this.mainSigId));</span>
<span class="pc bpc" id="L508" title="1 of 2 branches missed."> if (tempTok instanceof org.apache.rahas.Token) {</span>
<span class="nc" id="L509"> org.apache.rahas.Token tok = (org.apache.rahas.Token) tempTok;</span>
<span class="nc bnc" id="L510" title="All 2 branches missed."> if (rmd.getPolicyData().isTokenProtection()) {</span>
<span class="nc" id="L511"> sigParts.add(new WSEncryptionPart(tok.getId()));</span>
}
<span class="nc" id="L514"> this.doSymmSignature(rmd, token, (org.apache.rahas.Token) tempTok, sigParts);</span>
<span class="pc bpc" id="L516" title="1 of 2 branches missed."> } else if (tempTok instanceof WSSecSignature) {</span>
<span class="fc" id="L517"> WSSecSignature sig = (WSSecSignature) tempTok;</span>
<span class="pc bpc" id="L518" title="3 of 4 branches missed."> if (rmd.getPolicyData().isTokenProtection() &amp;&amp;</span>
sig.getBSTTokenId() != null) {
<span class="nc" id="L520"> sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));</span>
}
try {
<span class="fc" id="L526"> List&lt;Reference&gt; referenceList</span>
= sig.addReferencesToSign(sigParts, rmd.getSecHeader());
/**
* Before migration it was - this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd, this
* .getInsertionLocation(), supportingSignatureElement));
*
* In this case we need to append &lt;Signature&gt;..&lt;/Signature&gt; element to
* current insertion location
*/
<span class="fc" id="L537"> sig.computeSignature(referenceList, false, this.getInsertionLocation());</span>
<span class="fc" id="L539"> this.setInsertionLocation(sig.getSignatureElement());</span>
<span class="nc" id="L541"> } catch (WSSecurityException e) {</span>
<span class="nc" id="L542"> throw new RampartException(&quot;errorInSignatureWithX509Token&quot;, e);</span>
<span class="fc" id="L543"> }</span>
<span class="fc" id="L544"> sigValues.add(sig.getSignatureValue());</span>
}
<span class="fc" id="L546"> } </span>
<span class="fc" id="L548"> return sigValues;</span>
}
protected byte[] doSymmSignature(RampartMessageData rmd, Token policyToken, org.apache.rahas.Token tok,
List&lt;WSEncryptionPart&gt; sigParts) throws RampartException {
<span class="fc" id="L556"> Document doc = rmd.getDocument();</span>
<span class="fc" id="L558"> RampartPolicyData rpd = rmd.getPolicyData();</span>
<span class="fc" id="L560"> AlgorithmSuite algorithmSuite = rpd.getAlgorithmSuite();</span>
<span class="fc bfc" id="L561" title="All 2 branches covered."> if(policyToken.isDerivedKeys()) {</span>
try {
<span class="fc" id="L563"> WSSecDKSign dkSign = new WSSecDKSign(); </span>
//Check whether it is security policy 1.2 and use the secure conversation accordingly
<span class="fc bfc" id="L566" title="All 2 branches covered."> if (SPConstants.SP_V12 == policyToken.getVersion()) {</span>
<span class="fc" id="L567"> dkSign.setWscVersion(ConversationConstants.VERSION_05_12);</span>
}
//Check for whether the token is attached in the message or not
<span class="fc" id="L571"> boolean attached = false;</span>
<span class="pc bpc" id="L573" title="2 of 8 branches missed."> if (SPConstants.INCLUDE_TOEKN_ALWAYS == policyToken.getInclusion() ||</span>
SPConstants.INCLUDE_TOKEN_ONCE == policyToken.getInclusion() ||
(rmd.isInitiator() &amp;&amp; SPConstants.INCLUDE_TOEKN_ALWAYS_TO_RECIPIENT
== policyToken.getInclusion())) {
<span class="fc" id="L577"> attached = true;</span>
}
// Setting the AttachedReference or the UnattachedReference according to the flag
OMElement ref;
<span class="fc bfc" id="L582" title="All 2 branches covered."> if (attached) {</span>
<span class="fc" id="L583"> ref = tok.getAttachedReference();</span>
} else {
<span class="fc" id="L585"> ref = tok.getUnattachedReference();</span>
}
<span class="fc bfc" id="L588" title="All 2 branches covered."> if(ref != null) {</span>
<span class="fc" id="L589"> dkSign.setExternalKey(tok.getSecret(), (Element) </span>
doc.importNode((Element) ref, true));
<span class="pc bpc" id="L591" title="1 of 4 branches missed."> } else if (!rmd.isInitiator() &amp;&amp; policyToken.isDerivedKeys()) { </span>
// If the Encrypted key used to create the derived key is not
// attached use key identifier as defined in WSS1.1 section
// 7.7 Encrypted Key reference
<span class="fc" id="L596"> SecurityTokenReference tokenRef = new SecurityTokenReference(doc);</span>
<span class="pc bpc" id="L597" title="1 of 2 branches missed."> if(tok instanceof EncryptedKeyToken) {</span>
<span class="fc" id="L598"> tokenRef.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken)tok).getSHA1());;</span>
}
<span class="fc" id="L600"> dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());</span>
<span class="fc" id="L601"> tokenRef.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE); // TODO check this</span>
<span class="fc" id="L603"> } else {</span>
<span class="fc" id="L604"> dkSign.setExternalKey(tok.getSecret(), tok.getId());</span>
}
//Set the algo info
<span class="fc" id="L608"> dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());</span>
<span class="fc" id="L609"> dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength()/8);</span>
// dkSign.setDigestAlgorithm(algorithmSuite.getDigest()); //uncomment when wss4j version is updated
<span class="fc bfc" id="L611" title="All 2 branches covered."> if(tok instanceof EncryptedKeyToken) {</span>
//Set the value type of the reference
<span class="fc" id="L613"> dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + &quot;#&quot;</span>
+ WSConstants.ENC_KEY_VALUE_TYPE);
}
<span class="fc" id="L617"> dkSign.prepare(doc, rmd.getSecHeader());</span>
<span class="pc bpc" id="L619" title="1 of 2 branches missed."> if(rpd.isTokenProtection()) {</span>
//Hack to handle reference id issues
//TODO Need a better fix
<span class="nc" id="L623"> String sigTokId = tok.getId();</span>
<span class="nc bnc" id="L624" title="All 2 branches missed."> if(sigTokId.startsWith(&quot;#&quot;)) {</span>
<span class="nc" id="L625"> sigTokId = sigTokId.substring(1);</span>
}
<span class="nc" id="L627"> sigParts.add(new WSEncryptionPart(sigTokId));</span>
}
<span class="fc" id="L630"> dkSign.setParts(sigParts);</span>
<span class="fc" id="L632"> List&lt;Reference&gt; referenceList</span>
= dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
//Add elements to header
//Do signature
<span class="pc bpc" id="L637" title="1 of 4 branches missed."> if (rpd.getProtectionOrder().equals(SPConstants.ENCRYPT_BEFORE_SIGNING) &amp;&amp;</span>
this.mainRefListElement != null ) {
/**
* &lt;xenc:ReferenceList&gt;
* &lt;xenc:DataReference URI=&quot;#EncDataId-2&quot;/&gt;
* &lt;/xenc:ReferenceList&gt;
* If there is a reference list as above we need to first prepend reference list
* with the new derived key. Then we need to prepend Signature to newly added derived key.
*/
// Add DeriveKey before ReferenceList
<span class="fc" id="L649"> RampartUtil.insertSiblingBefore(rmd, this.mainRefListElement, dkSign.getdktElement());</span>
// Insert signature before DerivedKey
<span class="fc" id="L652"> dkSign.computeSignature(referenceList, true, dkSign.getdktElement());</span>
<span class="fc" id="L653"> this.setInsertionLocation(this.mainRefListElement);</span>
} else {
/**
* Add &lt;wsc:DerivedKeyToken&gt;..&lt;/wsc:DerivedKeyToken&gt; to security
* header.
*/
<span class="fc" id="L660"> dkSign.appendDKElementToHeader(rmd.getSecHeader());</span>
<span class="fc" id="L662"> this.setInsertionLocation(dkSign.getdktElement());</span>
/**
* In this case we need to insert &lt;Signature&gt;..&lt;/Signature&gt; element
* before this.mainRefListElement element. In other words we need to
* prepend &lt;Signature&gt;...&lt;/Signature&gt; element to this.mainRefListElement.
*/
<span class="fc" id="L669"> dkSign.computeSignature(referenceList, false, this.getInsertionLocation());</span>
<span class="fc" id="L670"> this.setInsertionLocation(dkSign.getSignatureElement());</span>
}
<span class="fc" id="L673"> return dkSign.getSignatureValue();</span>
<span class="nc" id="L675"> } catch (ConversationException e) {</span>
<span class="nc" id="L676"> throw new RampartException(</span>
&quot;errorInDerivedKeyTokenSignature&quot;, e);
<span class="nc" id="L678"> } catch (WSSecurityException e) {</span>
<span class="nc" id="L679"> throw new RampartException(</span>
&quot;errorInDerivedKeyTokenSignature&quot;, e);
}
} else {
try {
<span class="fc" id="L684"> WSSecSignature sig = new WSSecSignature();</span>
<span class="fc" id="L685"> sig.setWsConfig(rmd.getConfig());</span>
// If a EncryptedKeyToken is used, set the correct value type to
// be used in the wsse:Reference in ds:KeyInfo
<span class="pc bpc" id="L689" title="1 of 2 branches missed."> if (policyToken instanceof X509Token) {</span>
<span class="fc bfc" id="L690" title="All 2 branches covered."> if (rmd.isInitiator()) {</span>
<span class="fc" id="L691"> sig.setCustomTokenValueType(WSConstants.SOAPMESSAGE_NS11 + &quot;#&quot;</span>
+ WSConstants.ENC_KEY_VALUE_TYPE);
<span class="fc" id="L693"> sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);</span>
} else {
// the tok has to be an EncryptedKey token
<span class="fc" id="L696"> sig.setEncrKeySha1value(((EncryptedKeyToken) tok).getSHA1());</span>
<span class="fc" id="L697"> sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);</span>
}
<span class="nc bnc" id="L700" title="All 2 branches missed."> } else if (policyToken instanceof IssuedToken) {</span>
<span class="nc" id="L702"> sig.setCustomTokenValueType(RampartUtil.getSAML10AssertionNamespace());</span>
<span class="nc" id="L703"> sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);</span>
}
String sigTokId;
<span class="pc bpc" id="L708" title="1 of 2 branches missed."> if ( policyToken instanceof SecureConversationToken) {</span>
<span class="nc" id="L709"> sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);</span>
<span class="nc" id="L710"> OMElement ref = tok.getAttachedReference();</span>
<span class="nc bnc" id="L711" title="All 2 branches missed."> if(ref == null) {</span>
<span class="nc" id="L712"> ref = tok.getUnattachedReference();</span>
}
<span class="nc bnc" id="L715" title="All 2 branches missed."> if (ref != null) {</span>
<span class="nc" id="L716"> sigTokId = SimpleTokenStore.getIdFromSTR(ref);</span>
} else {
<span class="nc" id="L718"> sigTokId = tok.getId();</span>
}
<span class="nc" id="L720"> } else {</span>
<span class="fc" id="L721"> sigTokId = tok.getId();</span>
}
//Hack to handle reference id issues
//TODO Need a better fix
<span class="pc bpc" id="L726" title="1 of 2 branches missed."> if(sigTokId.startsWith(&quot;#&quot;)) {</span>
<span class="nc" id="L727"> sigTokId = sigTokId.substring(1);</span>
}
<span class="fc" id="L730"> sig.setCustomTokenId(sigTokId);</span>
<span class="fc" id="L731"> sig.setSecretKey(tok.getSecret());</span>
<span class="fc" id="L732"> sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature()); // TODO what is the correct algorith ? For sure one is redundant</span>
<span class="fc" id="L733"> sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());</span>
<span class="fc" id="L734"> sig.setDigestAlgo(algorithmSuite.getDigest());</span>
<span class="fc" id="L735"> sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd</span>
.getRampartConfig(), rmd.getCustomClassLoader()),
rmd.getSecHeader());
<span class="fc" id="L739"> sig.setParts(sigParts);</span>
<span class="fc" id="L740"> List&lt;Reference&gt; referenceList</span>
= sig.addReferencesToSign(sigParts, rmd.getSecHeader());
//Do signature
<span class="pc bpc" id="L744" title="1 of 4 branches missed."> if (rpd.getProtectionOrder().equals(SPConstants.ENCRYPT_BEFORE_SIGNING)</span>
&amp;&amp; this.mainRefListElement != null) {
/**
* In this case we need to insert &lt;Signature&gt;..&lt;/Signature&gt; element
* before this.mainRefListElement element. In other words we need to
* prepend &lt;Signature&gt;...&lt;/Signature&gt; element to this.mainRefListElement.
* this.mainRefListElement is equivalent to
* &lt;xenc:ReferenceList&gt;
* &lt;xenc:DataReference URI=&quot;#EncDataId-2&quot;/&gt;
* &lt;/xenc:ReferenceList&gt;
*/
<span class="fc" id="L756"> sig.computeSignature(referenceList, true, this.mainRefListElement);</span>
<span class="fc" id="L757"> this.setInsertionLocation(this.mainRefListElement);</span>
} else {
/**
* In this case we need to append &lt;Signature&gt;..&lt;/Signature&gt; element to
* current insertion location.
*/
<span class="fc" id="L764"> sig.computeSignature(referenceList, false, this.getInsertionLocation());</span>
<span class="fc" id="L765"> this.setInsertionLocation(sig.getSignatureElement());</span>
}
<span class="fc" id="L769"> return sig.getSignatureValue();</span>
<span class="nc" id="L771"> } catch (WSSecurityException e) {</span>
<span class="nc" id="L772"> throw new RampartException(&quot;errorInSignatureWithACustomToken&quot;, e);</span>
}
}
}
/**
* Get hold of the token from the token storage
* @param rmd
* @param tokenId
* @return token from the token storage
* @throws RampartException
*/
protected org.apache.rahas.Token getToken(RampartMessageData rmd,
String tokenId) throws RampartException {
org.apache.rahas.Token tok;
try {
<span class="fc" id="L790"> tok = rmd.getTokenStorage().getToken(tokenId);</span>
<span class="nc" id="L791"> } catch (TrustException e) {</span>
<span class="nc" id="L792"> throw new RampartException(&quot;errorInRetrievingTokenId&quot;, </span>
new String[]{tokenId}, e);
<span class="fc" id="L794"> }</span>
<span class="pc bpc" id="L796" title="1 of 2 branches missed."> if(tok == null) {</span>
<span class="nc" id="L797"> throw new RampartException(&quot;errorInRetrievingTokenId&quot;, </span>
new String[]{tokenId});
}
<span class="fc" id="L800"> return tok;</span>
}
protected void addSignatureConfirmation(RampartMessageData rmd, List&lt;WSEncryptionPart&gt; sigParts) {
<span class="fc bfc" id="L806" title="All 2 branches covered."> if(!rmd.getPolicyData().isSignatureConfirmation()) {</span>
//If we don't require sig confirmation simply go back :-)
<span class="fc" id="L809"> return;</span>
}
<span class="fc" id="L812"> Document doc = rmd.getDocument();</span>
<span class="fc" id="L814"> List&lt;WSHandlerResult&gt; results</span>
= (List&lt;WSHandlerResult&gt;)rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
/*
* loop over all results gathered by all handlers in the chain. For each
* handler result get the various actions. After that loop we have all
* signature results in the signatureActions list.
*/
<span class="fc" id="L821"> List&lt;WSSecurityEngineResult&gt; signatureActions = new ArrayList&lt;WSSecurityEngineResult&gt;();</span>
<span class="fc bfc" id="L822" title="All 2 branches covered."> for (Object result : results) {</span>
<span class="fc" id="L823"> WSHandlerResult wshResult = (WSHandlerResult) result;</span>
<span class="fc" id="L825"> WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),</span>
WSConstants.SIGN, signatureActions);
<span class="fc" id="L827"> WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),</span>
WSConstants.ST_SIGNED, signatureActions);
<span class="fc" id="L829"> WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),</span>
WSConstants.UT_SIGN, signatureActions);
<span class="fc" id="L831"> }</span>
// prepare a SignatureConfirmation token
<span class="fc" id="L834"> WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();</span>
<span class="pc bpc" id="L835" title="1 of 2 branches missed."> if (signatureActions.size() &gt; 0) {</span>
<span class="pc bpc" id="L836" title="1 of 2 branches missed."> if (log.isDebugEnabled()) {</span>
<span class="nc" id="L837"> log.debug(&quot;Signature Confirmation: number of Signature results: &quot;</span>
+ signatureActions.size());
}
<span class="fc bfc" id="L840" title="All 2 branches covered."> for (WSSecurityEngineResult signatureAction : signatureActions) {</span>
<span class="fc" id="L841"> byte[] sigVal = (byte[]) signatureAction.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);</span>
<span class="fc" id="L842"> wsc.setSignatureValue(sigVal);</span>
<span class="fc" id="L843"> wsc.prepare(doc);</span>
<span class="fc" id="L844"> RampartUtil.appendChildToSecHeader(rmd, wsc.getSignatureConfirmationElement());</span>
<span class="pc bpc" id="L845" title="1 of 2 branches missed."> if (sigParts != null) {</span>
<span class="fc" id="L846"> sigParts.add(new WSEncryptionPart(wsc.getId()));</span>
}
<span class="fc" id="L848"> }</span>
} else {
//No Sig value
<span class="nc" id="L851"> wsc.prepare(doc);</span>
<span class="nc" id="L852"> RampartUtil.appendChildToSecHeader(rmd, wsc.getSignatureConfirmationElement());</span>
<span class="nc bnc" id="L853" title="All 2 branches missed."> if(sigParts != null) {</span>
<span class="nc" id="L854"> sigParts.add(new WSEncryptionPart(wsc.getId()));</span>
}
}
<span class="fc" id="L857"> }</span>
private void checkForX509PkiPath(WSSecSignature sig, Token token){
<span class="pc bpc" id="L859" title="1 of 2 branches missed."> if (token instanceof X509Token) {</span>
<span class="fc" id="L860"> X509Token x509Token = (X509Token) token;</span>
<span class="pc bpc" id="L861" title="2 of 4 branches missed."> if (x509Token.getTokenVersionAndType().equals(Constants.WSS_X509_PKI_PATH_V1_TOKEN10)</span>
|| x509Token.getTokenVersionAndType().equals(Constants.WSS_X509_PKI_PATH_V1_TOKEN11)) {
<span class="nc" id="L863"> sig.setUseSingleCertificate(false);</span>
}
}
<span class="fc" id="L866"> }</span>
}
</pre><div class="footer"><span class="right">Created with <a href="http://www.eclemma.org/jacoco">JaCoCo</a> 0.7.5.201505241946</span></div></body></html>