Google Git
Sign in
apache / ws-wss4j / 916910b1dfb32117a88da78f51929e858fad1f89 / . / policy / src / main / java / org / apache / wss4j / policy / model / X509Token.java
blob: b47242442db147e5391f9c215cb3176ee1e9a880 [file] [log] [blame]
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.wss4j.policy.model;
import org.apache.neethi.Assertion;
import org.apache.neethi.Policy;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.SPConstants.SPVersion;
import org.w3c.dom.Element;
import javax.xml.namespace.QName;
import java.util.*;
public class X509Token extends AbstractToken {
public enum TokenType {
WssX509V1Token10,
WssX509V3Token10,
WssX509Pkcs7Token10,
WssX509PkiPathV1Token10,
WssX509V1Token11,
WssX509V3Token11,
WssX509Pkcs7Token11,
WssX509PkiPathV1Token11;
private static final Map<String, TokenType> LOOKUP = new HashMap<>();
static {
for (TokenType u : EnumSet.allOf(TokenType.class)) {
LOOKUP.put(u.name(), u);
}
}
public static TokenType lookUp(String name) {
return LOOKUP.get(name);
}
}
private boolean requireKeyIdentifierReference;
private boolean requireIssuerSerialReference;
private boolean requireEmbeddedTokenReference;
private boolean requireThumbprintReference;
private TokenType tokenType;
public X509Token(SPConstants.SPVersion version, SPConstants.IncludeTokenType includeTokenType,
Element issuer, String issuerName, Element claims, Policy nestedPolicy) {
super(version, includeTokenType, issuer, issuerName, claims, nestedPolicy);
parseNestedPolicy(nestedPolicy, this);
}
@Override
public QName getName() {
return getVersion().getSPConstants().getX509Token();
}
@Override
public boolean equals(Object object) {
if (object == this) {
return true;
}
if (!(object instanceof X509Token)) {
return false;
}
X509Token that = (X509Token)object;
if (tokenType != that.tokenType) {
return false;
}
if (requireKeyIdentifierReference != that.requireKeyIdentifierReference
|| requireIssuerSerialReference != that.requireIssuerSerialReference
|| requireEmbeddedTokenReference != that.requireEmbeddedTokenReference
|| requireThumbprintReference != that.requireThumbprintReference) {
return false;
}
return super.equals(object);
}
@Override
public int hashCode() {
int result = 17;
if (tokenType != null) {
result = 31 * result + tokenType.hashCode();
}
result = 31 * result + Boolean.hashCode(requireKeyIdentifierReference);
result = 31 * result + Boolean.hashCode(requireIssuerSerialReference);
result = 31 * result + Boolean.hashCode(requireEmbeddedTokenReference);
result = 31 * result + Boolean.hashCode(requireThumbprintReference);
return 31 * result + super.hashCode();
}
@Override
protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
return new X509Token(getVersion(), getIncludeTokenType(), getIssuer(), getIssuerName(),
getClaims(), nestedPolicy);
}
protected void parseNestedPolicy(Policy nestedPolicy, X509Token x509Token) {
Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
//we just process the first alternative
//this means that if we have a compact policy only the first alternative is visible
//in contrary to a normalized policy where just one alternative exists
if (alternatives.hasNext()) {
List<Assertion> assertions = alternatives.next();
for (Assertion assertion : assertions) {
String assertionName = assertion.getName().getLocalPart();
String assertionNamespace = assertion.getName().getNamespaceURI();
DerivedKeys derivedKeys = DerivedKeys.lookUp(assertionName);
if (derivedKeys != null) {
if (x509Token.getDerivedKeys() != null) {
throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
}
x509Token.setDerivedKeys(derivedKeys);
continue;
}
TokenType tokenType = TokenType.lookUp(assertionName);
if (tokenType != null) {
if (x509Token.getTokenType() != null) {
throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
}
if (TokenType.WssX509V1Token10 == tokenType && SPVersion.SP11 != getVersion()) {
throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
}
x509Token.setTokenType(tokenType);
continue;
}
QName requireKeyIdentifierRef =
getVersion().getSPConstants().getRequireKeyIdentifierReference();
QName requireIssuerSerialRef =
getVersion().getSPConstants().getRequireIssuerSerialReference();
QName requireEmbeddedRef =
getVersion().getSPConstants().getRequireEmbeddedTokenReference();
QName requireThumbprintRef =
getVersion().getSPConstants().getRequireThumbprintReference();
if (requireKeyIdentifierRef.getLocalPart().equals(assertionName)
&& requireKeyIdentifierRef.getNamespaceURI().equals(assertionNamespace)) {
if (x509Token.isRequireKeyIdentifierReference()) {
throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
}
x509Token.setRequireKeyIdentifierReference(true);
continue;
} else if (requireIssuerSerialRef.getLocalPart().equals(assertionName)
&& requireIssuerSerialRef.getNamespaceURI().equals(assertionNamespace)) {
if (x509Token.isRequireIssuerSerialReference()) {
throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
}
x509Token.setRequireIssuerSerialReference(true);
continue;
} else if (requireEmbeddedRef.getLocalPart().equals(assertionName)
&& requireEmbeddedRef.getNamespaceURI().equals(assertionNamespace)) {
if (x509Token.isRequireEmbeddedTokenReference()) {
throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
}
x509Token.setRequireEmbeddedTokenReference(true);
continue;
} else if (requireThumbprintRef.getLocalPart().equals(assertionName)
&& requireThumbprintRef.getNamespaceURI().equals(assertionNamespace)) {
if (x509Token.isRequireThumbprintReference()) {
throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
}
x509Token.setRequireThumbprintReference(true);
continue;
}
}
}
}
public boolean isRequireKeyIdentifierReference() {
return requireKeyIdentifierReference;
}
protected void setRequireKeyIdentifierReference(boolean requireKeyIdentifierReference) {
this.requireKeyIdentifierReference = requireKeyIdentifierReference;
}
public boolean isRequireIssuerSerialReference() {
return requireIssuerSerialReference;
}
protected void setRequireIssuerSerialReference(boolean requireIssuerSerialReference) {
this.requireIssuerSerialReference = requireIssuerSerialReference;
}
public boolean isRequireEmbeddedTokenReference() {
return requireEmbeddedTokenReference;
}
protected void setRequireEmbeddedTokenReference(boolean requireEmbeddedTokenReference) {
this.requireEmbeddedTokenReference = requireEmbeddedTokenReference;
}
public boolean isRequireThumbprintReference() {
return requireThumbprintReference;
}
protected void setRequireThumbprintReference(boolean requireThumbprintReference) {
this.requireThumbprintReference = requireThumbprintReference;
}
public TokenType getTokenType() {
return tokenType;
}
protected void setTokenType(TokenType tokenType) {
this.tokenType = tokenType;
}
}