Google Git
Sign in
apache / axis-site / f7bdbce8f5178add02522fdbf11ca5350d8eef03 / . / axis2 / java / rampart-staging / code-coverage / org.apache.rampart.policy / RampartPolicyBuilder.java.html
blob: 4ceb86fcc575dadf4fc21777acde20a7599ae4c2 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../.resources/report.css" type="text/css"/><link rel="shortcut icon" href="../.resources/report.gif" type="image/gif"/><title>RampartPolicyBuilder.java</title><link rel="stylesheet" href="../.resources/prettify.css" type="text/css"/><script type="text/javascript" src="../.resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../.sessions.html" class="el_session">Sessions</a></span><a href="../index.html" class="el_report">Coverage Report</a> &gt; <a href="index.source.html" class="el_package">org.apache.rampart.policy</a> &gt; <span class="el_source">RampartPolicyBuilder.java</span></div><h1>RampartPolicyBuilder.java</h1><pre class="source lang-java linenums">/*
* Copyright 2004,2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an &quot;AS IS&quot; BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.rampart.policy;
import org.apache.axis2.policy.model.MTOMAssertion;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Assertion;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.secpolicy.model.AsymmetricBinding;
import org.apache.ws.secpolicy.model.Binding;
import org.apache.ws.secpolicy.model.ContentEncryptedElements;
import org.apache.ws.secpolicy.model.EncryptionToken;
import org.apache.ws.secpolicy.model.Header;
import org.apache.ws.secpolicy.model.InitiatorToken;
import org.apache.ws.secpolicy.model.ProtectionToken;
import org.apache.ws.secpolicy.model.RecipientToken;
import org.apache.ws.secpolicy.model.RequiredElements;
import org.apache.ws.secpolicy.model.SignatureToken;
import org.apache.ws.secpolicy.model.SignedEncryptedElements;
import org.apache.ws.secpolicy.model.SignedEncryptedParts;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.SymmetricAsymmetricBindingBase;
import org.apache.ws.secpolicy.model.SymmetricBinding;
import org.apache.ws.secpolicy.model.TransportBinding;
import org.apache.ws.secpolicy.model.TransportToken;
import org.apache.ws.secpolicy.model.Trust10;
import org.apache.ws.secpolicy.model.Wss10;
import org.apache.ws.secpolicy.model.Wss11;
import java.util.Iterator;
import java.util.List;
<span class="nc" id="L48">public class RampartPolicyBuilder {</span>
<span class="fc" id="L50"> private static Log log = LogFactory.getLog(RampartPolicyBuilder.class);</span>
/**
* Compile the parsed security data into one Policy data block.
*
* This methods loops over all top level Policy Engine data elements,
* extracts the parsed parameters and sets them into a single data block.
* During this processing the method prepares the parameters in a format
* that is ready for processing by the WSS4J functions.
*
* &lt;p&gt;
*
* The WSS4J policy enabled handler takes this data block to control the
* setup of the security header.
*
* @param topLevelAssertions
* The iterator of the top level policy assertions
* @return The compile Policy data block.
* @throws WSSPolicyException
*/
public static RampartPolicyData build(List&lt;Assertion&gt; topLevelAssertions)
throws WSSPolicyException {
<span class="fc" id="L73"> RampartPolicyData rpd = new RampartPolicyData();</span>
<span class="fc bfc" id="L75" title="All 2 branches covered."> for (Iterator&lt;Assertion&gt; iter = topLevelAssertions.iterator(); iter.hasNext();) {</span>
<span class="fc" id="L76"> Assertion assertion = (Assertion) iter.next();</span>
<span class="fc bfc" id="L77" title="All 2 branches covered."> if (assertion instanceof Binding) {</span>
<span class="fc" id="L79"> setWebServiceSecurityPolicyNS(assertion, rpd);</span>
<span class="fc bfc" id="L81" title="All 2 branches covered."> if (assertion instanceof SymmetricBinding) {</span>
<span class="fc" id="L82"> processSymmetricPolicyBinding((SymmetricBinding) assertion, rpd);</span>
<span class="fc bfc" id="L83" title="All 2 branches covered."> } else if(assertion instanceof AsymmetricBinding) {</span>
<span class="fc" id="L84"> processAsymmetricPolicyBinding((AsymmetricBinding) assertion, rpd);</span>
} else {
<span class="fc" id="L86"> processTransportBinding((TransportBinding) assertion, rpd);</span>
}
/*
* Don't change the order of Wss11 / Wss10 instance checks
* because Wss11 extends Wss10 - thus first check Wss11.
*/
<span class="fc bfc" id="L93" title="All 2 branches covered."> } else if (assertion instanceof Wss11) {</span>
<span class="fc" id="L94"> processWSS11((Wss11) assertion, rpd);</span>
<span class="fc bfc" id="L95" title="All 2 branches covered."> } else if (assertion instanceof Wss10) {</span>
<span class="fc" id="L96"> processWSS10((Wss10) assertion, rpd);</span>
<span class="fc bfc" id="L97" title="All 2 branches covered."> } else if (assertion instanceof SignedEncryptedElements) {</span>
<span class="fc" id="L98"> processSignedEncryptedElements((SignedEncryptedElements) assertion,</span>
rpd);
<span class="fc bfc" id="L100" title="All 2 branches covered."> } else if (assertion instanceof SignedEncryptedParts) {</span>
<span class="fc" id="L101"> processSignedEncryptedParts((SignedEncryptedParts) assertion, rpd);</span>
<span class="fc bfc" id="L102" title="All 2 branches covered."> } else if ( assertion instanceof RequiredElements) { </span>
<span class="fc" id="L103"> processRequiredElements((RequiredElements)assertion, rpd);</span>
<span class="fc bfc" id="L104" title="All 2 branches covered."> } else if (assertion instanceof ContentEncryptedElements) { </span>
<span class="fc" id="L105"> processContentEncryptedElements((ContentEncryptedElements) assertion, rpd);</span>
<span class="fc bfc" id="L106" title="All 2 branches covered."> }else if (assertion instanceof SupportingToken) {</span>
//Set policy version. Cos a supporting token can appear along without a binding
<span class="fc" id="L109"> setWebServiceSecurityPolicyNS(assertion, rpd);</span>
<span class="fc" id="L111"> processSupportingTokens((SupportingToken) assertion, rpd);</span>
<span class="fc bfc" id="L112" title="All 2 branches covered."> } else if (assertion instanceof Trust10) {</span>
<span class="fc" id="L113"> processTrust10((Trust10)assertion, rpd);</span>
<span class="fc bfc" id="L114" title="All 2 branches covered."> } else if (assertion instanceof RampartConfig) {</span>
<span class="fc" id="L115"> processRampartConfig((RampartConfig)assertion, rpd);</span>
<span class="pc bpc" id="L116" title="1 of 2 branches missed."> } else if (assertion instanceof MTOMAssertion){</span>
<span class="nc" id="L117"> processMTOMSerialization((MTOMAssertion)assertion, rpd);</span>
} else {
<span class="pc bpc" id="L119" title="1 of 2 branches missed."> if (log.isDebugEnabled()) {</span>
<span class="nc" id="L120"> log.debug(&quot;Unknown top level PED found: &quot;</span>
+ assertion.getClass().getName());
}
}
<span class="fc" id="L124"> }</span>
<span class="fc" id="L126"> return rpd;</span>
}
/**
* Sets web service security policy version. The policy version is extracted from an assertion.
* But if namespace is already set this method will just return.
* @param assertion The assertion to get policy namespace.
*/
private static void setWebServiceSecurityPolicyNS(Assertion assertion, RampartPolicyData policyData) {
<span class="fc bfc" id="L136" title="All 2 branches covered."> if (policyData.getWebServiceSecurityPolicyNS() == null) {</span>
<span class="fc" id="L137"> policyData.setWebServiceSecurityPolicyNS(assertion.getName().getNamespaceURI());</span>
}
<span class="fc" id="L139"> }</span>
/**
* @param binding
* @param rpd
*/
private static void processTransportBinding(TransportBinding binding, RampartPolicyData rpd) {
<span class="fc" id="L148"> binding(binding, rpd);</span>
<span class="fc" id="L149"> rpd.setTransportBinding(true);</span>
<span class="fc" id="L150"> rpd.setTokenProtection(binding.isTokenProtection());</span>
<span class="fc" id="L151"> TransportToken transportToken = binding.getTransportToken();</span>
<span class="pc bpc" id="L152" title="1 of 2 branches missed."> if ( transportToken != null ) {</span>
<span class="fc" id="L153"> rpd.setTransportToken(transportToken.getTransportToken());</span>
}
<span class="fc" id="L155"> }</span>
/**
* Add TRust10 assertion info into rampart policy data
* @param trust10
* @param rpd
*/
private static void processTrust10(Trust10 trust10, RampartPolicyData rpd) {
<span class="fc" id="L163"> rpd.setTrust10(trust10);</span>
<span class="fc" id="L164"> }</span>
/**
* Add the rampart configuration information into rampart policy data.
* @param config
* @param rpd
*/
private static void processRampartConfig(RampartConfig config, RampartPolicyData rpd) {
<span class="fc" id="L172"> rpd.setRampartConfig(config);</span>
<span class="fc" id="L173"> }</span>
/**
* Evaluate the symmetric policy binding data.
*
* @param symmBinding
* The binding data
* @param rpd
* The WSS4J data to initialize
* @throws WSSPolicyException
*/
private static void processSymmetricPolicyBinding(
SymmetricBinding symmBinding, RampartPolicyData rpd)
throws WSSPolicyException {
<span class="fc" id="L187"> rpd.setSymmetricBinding(true);</span>
<span class="fc" id="L188"> binding(symmBinding, rpd);</span>
<span class="fc" id="L189"> symmAsymmBinding(symmBinding, rpd);</span>
<span class="fc" id="L190"> symmetricBinding(symmBinding, rpd);</span>
<span class="fc" id="L191"> }</span>
private static void processWSS10(Wss10 wss10, RampartPolicyData rpd) {
<span class="fc" id="L194"> rpd.setWss10(wss10);</span>
<span class="fc" id="L195"> }</span>
/**
* Evaluate the asymmetric policy binding data.
*
* @param binding
* The binding data
* @param rpd
* The WSS4J data to initialize
* @throws WSSPolicyException
*/
private static void processAsymmetricPolicyBinding(
AsymmetricBinding binding, RampartPolicyData rpd)
throws WSSPolicyException {
<span class="fc" id="L209"> rpd.setAsymmetricBinding(true);</span>
<span class="fc" id="L210"> binding(binding, rpd);</span>
<span class="fc" id="L211"> symmAsymmBinding(binding, rpd);</span>
<span class="fc" id="L212"> asymmetricBinding(binding, rpd);</span>
<span class="fc" id="L213"> }</span>
private static void processWSS11(Wss11 wss11, RampartPolicyData rpd) {
<span class="fc" id="L216"> rpd.setSignatureConfirmation(wss11.isRequireSignatureConfirmation());</span>
<span class="fc" id="L217"> rpd.setWss11(wss11);</span>
<span class="fc" id="L218"> }</span>
/**
* Populate elements to sign and/or encrypt with the message tokens.
*
* @param see
* The data describing the elements (XPath)
* @param rpd
* The WSS4J data to initialize
*/
private static void processSignedEncryptedElements(
SignedEncryptedElements see, RampartPolicyData rpd) {
<span class="fc" id="L230"> Iterator&lt;String&gt; it = see.getXPathExpressions().iterator();</span>
<span class="fc bfc" id="L231" title="All 2 branches covered."> if (see.isSignedElemets()) {</span>
<span class="fc bfc" id="L232" title="All 2 branches covered."> while (it.hasNext()) {</span>
<span class="fc" id="L233"> rpd.setSignedElements(it.next());</span>
}
} else {
<span class="fc bfc" id="L236" title="All 2 branches covered."> while (it.hasNext()) {</span>
<span class="fc" id="L237"> rpd.setEncryptedElements(it.next());</span>
}
}
<span class="fc" id="L240"> rpd.addDeclaredNamespaces(see.getDeclaredNamespaces());</span>
<span class="fc" id="L241"> }</span>
/**
* Populate parts to sign and/or encrypt with the message tokens.
*
* @param sep
* The data describing the parts
* @param rpd
* The WSS4J data to initialize
*/
private static void processSignedEncryptedParts(SignedEncryptedParts sep,
RampartPolicyData rpd) {
<span class="fc" id="L253"> Iterator&lt;Header&gt; it = sep.getHeaders().iterator();</span>
<span class="fc bfc" id="L254" title="All 2 branches covered."> if (sep.isSignedParts()) {</span>
<span class="fc" id="L255"> rpd.setSignBody(sep.isBody());</span>
<span class="fc" id="L256"> rpd.setSignAttachments(sep.isAttachments());</span>
<span class="fc" id="L257"> rpd.setSignAllHeaders(sep.isSignAllHeaders());</span>
<span class="fc" id="L258"> rpd.setSignBodyOptional(sep.isOptional());</span>
<span class="fc" id="L259"> rpd.setSignAttachmentsOptional(sep.isOptional());</span>
<span class="fc bfc" id="L260" title="All 2 branches covered."> while (it.hasNext()) {</span>
<span class="fc" id="L261"> Header header = it.next();</span>
<span class="fc" id="L262"> rpd.addSignedPart(header.getNamespace(), header.getName());</span>
<span class="fc" id="L263"> }</span>
} else {
<span class="fc" id="L265"> rpd.setEncryptBody(sep.isBody());</span>
<span class="fc" id="L266"> rpd.setEncryptAttachments(sep.isAttachments());</span>
<span class="fc" id="L267"> rpd.setEncryptBodyOptional(sep.isOptional());</span>
<span class="fc" id="L268"> rpd.setEncryptAttachmentsOptional(sep.isOptional());</span>
<span class="fc bfc" id="L269" title="All 2 branches covered."> while (it.hasNext()) {</span>
<span class="fc" id="L270"> Header header = it.next();</span>
<span class="fc" id="L271"> rpd.setEncryptedParts(header.getNamespace(), header.getName(),&quot;Header&quot;);</span>
<span class="fc" id="L272"> }</span>
}
<span class="fc" id="L274"> }</span>
private static void processContentEncryptedElements(ContentEncryptedElements cee,
RampartPolicyData rpd) {
<span class="fc" id="L279"> Iterator&lt;String&gt; it = cee.getXPathExpressions().iterator(); </span>
<span class="fc bfc" id="L280" title="All 2 branches covered."> while (it.hasNext()) {</span>
<span class="fc" id="L281"> rpd.setContentEncryptedElements(it.next());</span>
}
<span class="fc" id="L283"> rpd.addDeclaredNamespaces(cee.getDeclaredNamespaces());</span>
<span class="fc" id="L284"> }</span>
private static void processRequiredElements(RequiredElements req,
RampartPolicyData rpd) {
<span class="fc" id="L289"> Iterator&lt;String&gt; it = req.getXPathExpressions().iterator(); </span>
<span class="fc bfc" id="L290" title="All 2 branches covered."> while (it.hasNext()) {</span>
<span class="fc" id="L291"> rpd.setRequiredElements(it.next());</span>
}
<span class="fc" id="L293"> rpd.addDeclaredNamespaces(req.getDeclaredNamespaces());</span>
<span class="fc" id="L294"> }</span>
/**
* Evaluate policy data that is common to all bindings.
*
* @param binding
* The common binding data
* @param rpd
* The WSS4J data to initialize
*/
private static void binding(Binding binding, RampartPolicyData rpd) {
<span class="fc" id="L304"> rpd.setLayout(binding.getLayout().getValue());</span>
<span class="fc" id="L305"> rpd.setIncludeTimestamp(binding.isIncludeTimestamp());</span>
<span class="fc" id="L306"> rpd.setIncludeTimestampOptional(binding.isIncludeTimestampOptional());</span>
<span class="fc" id="L307"> rpd.setAlgorithmSuite(binding.getAlgorithmSuite());</span>
<span class="fc" id="L308"> }</span>
/**
* Evaluate policy data that is common to symmetric and asymmetric bindings.
*
* @param binding
* The symmetric/asymmetric binding data
* @param rpd
* The WSS4J data to initialize
*/
private static void symmAsymmBinding(
SymmetricAsymmetricBindingBase binding, RampartPolicyData rpd) {
<span class="fc" id="L320"> rpd.setEntireHeadersAndBodySignatures(binding</span>
.isEntireHeadersAndBodySignatures());
<span class="fc" id="L322"> rpd.setProtectionOrder(binding.getProtectionOrder());</span>
<span class="fc" id="L323"> rpd.setSignatureProtection(binding.isSignatureProtection());</span>
<span class="fc" id="L324"> rpd.setTokenProtection(binding.isTokenProtection());</span>
<span class="fc" id="L325"> rpd.setAlgorithmSuite(binding.getAlgorithmSuite());</span>
<span class="fc" id="L326"> }</span>
/**
* Evaluate policy data that is specific to symmetric binding.
*
* @param binding
* The symmetric binding data
* @param rpd
* The WSS4J data to initialize
*/
private static void symmetricBinding(SymmetricBinding binding,
RampartPolicyData rpd) throws WSSPolicyException {
<span class="fc" id="L338"> Assertion token = binding.getProtectionToken();</span>
<span class="pc bpc" id="L340" title="1 of 2 branches missed."> if (token != null) {</span>
<span class="fc" id="L341"> rpd.setProtectionToken(((ProtectionToken)token).getProtectionToken());</span>
} else {
<span class="nc" id="L343"> Assertion encrToken = binding.getEncryptionToken();</span>
<span class="nc" id="L344"> Assertion sigToken = binding.getSignatureToken();</span>
<span class="nc bnc" id="L345" title="All 4 branches missed."> if (token == null &amp;&amp; sigToken == null) {</span>
<span class="nc" id="L346"> throw new WSSPolicyException(&quot;Symmetric binding should have a Protection token or&quot; +</span>
&quot; both Signature and Encryption tokens defined&quot;);
}
<span class="nc" id="L349"> rpd.setEncryptionToken(</span>
((EncryptionToken) encrToken).getEncryptionToken());
<span class="nc" id="L351"> rpd.setSignatureToken(((SignatureToken) sigToken).getSignatureToken());</span>
}
<span class="fc" id="L353"> }</span>
/**
* Evaluate policy data that is specific to asymmetric binding.
*
* @param binding
* The asymmetric binding data
* @param rpd
* The WSS4J data to initialize
*/
private static void asymmetricBinding(AsymmetricBinding binding,
RampartPolicyData rpd) throws WSSPolicyException {
<span class="fc" id="L365"> RecipientToken rt = binding.getRecipientToken();</span>
<span class="fc" id="L366"> InitiatorToken it = binding.getInitiatorToken();</span>
<span class="pc bpc" id="L367" title="2 of 4 branches missed."> if (rt == null || it == null) {</span>
<span class="nc" id="L368"> throw new WSSPolicyException(&quot;Asymmetric binding should have both Initiator and &quot; +</span>
&quot;Recipient tokens defined&quot;);
}
<span class="fc" id="L371"> rpd.setRecipientToken(rt.getReceipientToken());</span>
<span class="fc" id="L372"> rpd.setInitiatorToken(it.getInitiatorToken());</span>
<span class="fc" id="L373"> }</span>
private static void processSupportingTokens(SupportingToken token,
RampartPolicyData rpd) throws WSSPolicyException {
<span class="fc" id="L377"> rpd.setSupportingTokens(token);</span>
<span class="fc" id="L378"> }</span>
private static void processMTOMSerialization(MTOMAssertion mtomAssertion, RampartPolicyData rpd)
{
<span class="nc" id="L383"> rpd.setMTOMAssertion(mtomAssertion);</span>
<span class="nc" id="L384"> }</span>
}
</pre><div class="footer"><span class="right">Created with <a href="http://www.eclemma.org/jacoco">JaCoCo</a> 0.7.5.201505241946</span></div></body></html>