ws-security-dom/src/main/java/org/apache/wss4j/dom/WSDocInfo.java - ws-wss4j - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements. See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership. The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License. You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package org.apache.wss4j.dom;

 /**
  * WSDocInfo holds information about the document to process. It provides a
  * method to store and access document information about BinarySecurityToken,
  * used Crypto, and others.
  *
  * Using the Document's hash a caller can identify a document and get
  * the stored information that me be necessary to process the document.
  * The main usage for this is (are) the transformation functions that
  * are called during Signature/Verification process.
  */

 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;

 import javax.xml.crypto.dom.DOMCryptoContext;

 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.callback.CallbackLookup;
 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;

 public class WSDocInfo {
     private Document doc;
     private Crypto crypto;

     // Here we map the token "Id" to the token itself. The token "Id" is the key as it must be unique to guard
     // against various wrapping attacks. The "Id" name/namespace is stored as part of the entry (along with the
     // element), so that we know what namespace to use when setting the token on the crypto context for signature
     // creation or validation
     private final Map<String, TokenValue> tokens = new HashMap<>();

     private final List<WSSecurityEngineResult> results = new LinkedList<>();
     private final Map<Integer, List<WSSecurityEngineResult>> actionResults = new HashMap<>();
     private CallbackLookup callbackLookup;
     private Element securityHeader;

     public WSDocInfo(Document doc) {
         //
         // This is a bit of a hack. When the Document is a SAAJ SOAPPart instance, it may
         // be that the "owner" document of any child elements is an internal Document, rather
         // than the SOAPPart. This is the case for the SUN SAAJ implementation.
         //
         if (doc != null && doc.getDocumentElement() != null) {
             this.doc = doc.getDocumentElement().getOwnerDocument();
         } else {
             this.doc = doc;
         }
     }

     /**
      * Clears the data stored in this object
      */
     public void clear() {
         crypto = null;
         doc = null;
         callbackLookup = null;
         securityHeader = null;
         tokens.clear();
         results.clear();
         actionResults.clear();
     }

     /**
      * Store a token element for later retrieval. Before storing the token, we check for a
      * previously processed token with the same (wsu/SAML) Id.
      * @param element is the token element to store
      */
     public void addTokenElement(Element element) throws WSSecurityException {
         addTokenElement(element, true);
     }

     /**
      * Store a token element for later retrieval. Before storing the token, we check for a
      * previously processed token with the same (wsu/SAML) Id.
      * @param element is the token element to store
      * @param checkMultipleElements check for a previously stored element with the same Id.
      */
     public void addTokenElement(Element element, boolean checkMultipleElements) throws WSSecurityException {
         if (element == null) {
             return;
         }

         if (element.hasAttributeNS(WSConstants.WSU_NS, "Id")) {
             String id = element.getAttributeNS(WSConstants.WSU_NS, "Id");
             TokenValue tokenValue = new TokenValue("Id", WSConstants.WSU_NS, element);
             TokenValue previousValue = tokens.put(id, tokenValue);
             if (checkMultipleElements && previousValue != null) {
                 throw new WSSecurityException(
                     WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "duplicateError"
                 );
             }
         }

         if (element.hasAttributeNS(null, "Id")) {
             String id = element.getAttributeNS(null, "Id");
             TokenValue tokenValue = new TokenValue("Id", null, element);
             TokenValue previousValue = tokens.put(id, tokenValue);
             if (checkMultipleElements && previousValue != null) {
                 throw new WSSecurityException(
                     WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "duplicateError"
                 );
             }
         }

         // SAML Assertions
         if ("Assertion".equals(element.getLocalName())) {
             if (WSConstants.SAML_NS.equals(element.getNamespaceURI())
                 && element.hasAttributeNS(null, "AssertionID")) {
                 String id = element.getAttributeNS(null, "AssertionID");
                 TokenValue tokenValue = new TokenValue("AssertionID", null, element);
                 TokenValue previousValue = tokens.put(id, tokenValue);
                 if (checkMultipleElements && previousValue != null) {
                     throw new WSSecurityException(
                         WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "duplicateError"
                     );
                 }
             } else if (WSConstants.SAML2_NS.equals(element.getNamespaceURI())
                 && element.hasAttributeNS(null, "ID")) {
                 String id = element.getAttributeNS(null, "ID");
                 TokenValue tokenValue = new TokenValue("ID", null, element);
                 TokenValue previousValue = tokens.put(id, tokenValue);
                 if (checkMultipleElements && previousValue != null) {
                     throw new WSSecurityException(
                         WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "duplicateError"
                     );
                 }
             }
         }

     }


     /**
      * Get a token Element for the given Id. The Id can be either a wsu:Id or a
      * SAML AssertionID/ID.
      * @param uri is the (relative) uri of the id
      * @return the token element or null if nothing found
      */
     public Element getTokenElement(String uri) {
         String id = XMLUtils.getIDFromReference(uri);
         if (id == null) {
             return null;
         }

         TokenValue token = tokens.get(id);
         if (token != null) {
             return token.getToken();
         }

         return null;
     }

     /**
      * Set all stored tokens on the DOMCryptoContext argument
      * @param context
      */
     public void setTokensOnContext(DOMCryptoContext context) {
         if (!tokens.isEmpty() && context != null) {
             for (Map.Entry<String, TokenValue> entry : tokens.entrySet()) {
                 TokenValue tokenValue = entry.getValue();
                 context.setIdAttributeNS(tokenValue.getToken(), tokenValue.getIdNamespace(),
                                          tokenValue.getIdName());
             }
         }
     }

     public void setTokenOnContext(String uri, DOMCryptoContext context) {
         String id = XMLUtils.getIDFromReference(uri);
         if (id == null || context == null) {
             return;
         }

         TokenValue tokenValue = tokens.get(id);
         if (tokenValue != null) {
             context.setIdAttributeNS(tokenValue.getToken(), tokenValue.getIdNamespace(),
                                      tokenValue.getIdName());
         }
     }


     /**
      * Store a WSSecurityEngineResult for later retrieval.
      * @param result is the WSSecurityEngineResult to store
      */
     public void addResult(WSSecurityEngineResult result) {
         results.add(result);
         Integer resultTag = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
         if (resultTag != null) {
             List<WSSecurityEngineResult> storedResults = actionResults.get(resultTag);
             if (storedResults == null) {
                 storedResults = new ArrayList<>();
             }
             storedResults.add(result);
             actionResults.put(resultTag, storedResults);
         }
     }

     /**
      * Get a copy of the security results list. Modifying the subsequent list does not
      * change the internal results list.
      */
     public List<WSSecurityEngineResult> getResults() {
         if (results.isEmpty()) {
             return Collections.emptyList();
         }
         return new ArrayList<>(results);
     }

     /**
      * Return a copy of the map between security actions + results. Modifying the subsequent
      * map does not change the internal map.
      */
     public Map<Integer, List<WSSecurityEngineResult>> getActionResults() {
         if (actionResults.isEmpty()) {
             return Collections.emptyMap();
         }
         return new HashMap<>(actionResults);
     }

     /**
      * Get a WSSecurityEngineResult for the given Id.
      * @param uri is the (relative) uri of the id
      * @return the WSSecurityEngineResult or null if nothing found
      */
     public WSSecurityEngineResult getResult(String uri) {
         String id = XMLUtils.getIDFromReference(uri);
         if (id == null) {
             return null;
         }

         if (!results.isEmpty()) {
             for (WSSecurityEngineResult result : results) {
                 String cId = (String)result.get(WSSecurityEngineResult.TAG_ID);
                 if (id.equals(cId)) {
                     return result;
                 }
             }
         }
         return null;
     }

     /**
      * Get a unmodifiable list of WSSecurityEngineResults of the given Integer tag
      */
     public List<WSSecurityEngineResult> getResultsByTag(Integer tag) {
         if (actionResults.isEmpty() || !actionResults.containsKey(tag)) {
             return Collections.emptyList();
         }

         return Collections.unmodifiableList(actionResults.get(tag));
     }

     /**
      * See whether we have a WSSecurityEngineResult of the given Integer tag for the given Id
      */
     public boolean hasResult(Integer tag, String uri) {
         String id = XMLUtils.getIDFromReference(uri);
         if (id == null || "".equals(uri)) {
             return false;
         }

         if (!actionResults.isEmpty() && actionResults.containsKey(tag)) {
             for (WSSecurityEngineResult result : actionResults.get(tag)) {
                 String cId = (String)result.get(WSSecurityEngineResult.TAG_ID);
                 if (id.equals(cId)) {
                     return true;
                 }
             }
         }

         return false;
     }

     /**
      * @return the signature crypto class used to process
      *         the signature/verify
      */
     public Crypto getCrypto() {
         return crypto;
     }

     /**
      * @return the document
      */
     public Document getDocument() {
         return doc;
     }

     /**
      * @param crypto is the signature crypto class used to
      *               process signature/verify
      */
     public void setCrypto(Crypto crypto) {
         this.crypto = crypto;
     }

     /**
      * @param callbackLookup The CallbackLookup object to retrieve elements
      */
     public void setCallbackLookup(CallbackLookup callbackLookup) {
         this.callbackLookup = callbackLookup;
     }

     /**
      * @return the CallbackLookup object to retrieve elements
      */
     public CallbackLookup getCallbackLookup() {
         return callbackLookup;
     }

     /**
      * @return the wsse header being processed
      */
     public Element getSecurityHeader() {
         return securityHeader;
     }

     /**
      * Sets the wsse header being processed
      *
      * @param securityHeader
      */
     public void setSecurityHeader(Element securityHeader) {
         this.securityHeader = securityHeader;
     }

     private static class TokenValue {
         private final String idName;
         private final String idNamespace;
         private final Element token;

         TokenValue(String idName, String idNamespace, Element token) {
             this.idName = idName;
             this.idNamespace = idNamespace;
             this.token = token;
         }

         public String getIdName() {
             return idName;
         }

         public String getIdNamespace() {
             return idNamespace;
         }
         public Element getToken() {
             return token;
         }
     }

 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package org.apache.wss4j.dom;

	/**
	* WSDocInfo holds information about the document to process. It provides a
	* method to store and access document information about BinarySecurityToken,
	* used Crypto, and others.
	*
	* Using the Document's hash a caller can identify a document and get
	* the stored information that me be necessary to process the document.
	* The main usage for this is (are) the transformation functions that
	* are called during Signature/Verification process.
	*/

	import java.util.ArrayList;
	import java.util.Collections;
	import java.util.HashMap;
	import java.util.LinkedList;
	import java.util.List;
	import java.util.Map;

	import javax.xml.crypto.dom.DOMCryptoContext;

	import org.apache.wss4j.common.crypto.Crypto;
	import org.apache.wss4j.common.ext.WSSecurityException;
	import org.apache.wss4j.common.util.XMLUtils;
	import org.apache.wss4j.dom.callback.CallbackLookup;
	import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
	import org.w3c.dom.Document;
	import org.w3c.dom.Element;

	public class WSDocInfo {
	private Document doc;
	private Crypto crypto;

	// Here we map the token "Id" to the token itself. The token "Id" is the key as it must be unique to guard
	// against various wrapping attacks. The "Id" name/namespace is stored as part of the entry (along with the
	// element), so that we know what namespace to use when setting the token on the crypto context for signature
	// creation or validation
	private final Map<String, TokenValue> tokens = new HashMap<>();

	private final List<WSSecurityEngineResult> results = new LinkedList<>();
	private final Map<Integer, List<WSSecurityEngineResult>> actionResults = new HashMap<>();
	private CallbackLookup callbackLookup;
	private Element securityHeader;

	public WSDocInfo(Document doc) {
	//
	// This is a bit of a hack. When the Document is a SAAJ SOAPPart instance, it may
	// be that the "owner" document of any child elements is an internal Document, rather
	// than the SOAPPart. This is the case for the SUN SAAJ implementation.
	//
	if (doc != null && doc.getDocumentElement() != null) {
	this.doc = doc.getDocumentElement().getOwnerDocument();
	} else {
	this.doc = doc;
	}
	}

	/**
	* Clears the data stored in this object
	*/
	public void clear() {
	crypto = null;
	doc = null;
	callbackLookup = null;
	securityHeader = null;
	tokens.clear();
	results.clear();
	actionResults.clear();
	}

	/**
	* Store a token element for later retrieval. Before storing the token, we check for a
	* previously processed token with the same (wsu/SAML) Id.
	* @param element is the token element to store
	*/
	public void addTokenElement(Element element) throws WSSecurityException {
	addTokenElement(element, true);
	}

	/**
	* Store a token element for later retrieval. Before storing the token, we check for a
	* previously processed token with the same (wsu/SAML) Id.
	* @param element is the token element to store
	* @param checkMultipleElements check for a previously stored element with the same Id.
	*/
	public void addTokenElement(Element element, boolean checkMultipleElements) throws WSSecurityException {
	if (element == null) {
	return;
	}

	if (element.hasAttributeNS(WSConstants.WSU_NS, "Id")) {
	String id = element.getAttributeNS(WSConstants.WSU_NS, "Id");
	TokenValue tokenValue = new TokenValue("Id", WSConstants.WSU_NS, element);
	TokenValue previousValue = tokens.put(id, tokenValue);
	if (checkMultipleElements && previousValue != null) {
	throw new WSSecurityException(
	WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "duplicateError"
	);
	}
	}

	if (element.hasAttributeNS(null, "Id")) {
	String id = element.getAttributeNS(null, "Id");
	TokenValue tokenValue = new TokenValue("Id", null, element);
	TokenValue previousValue = tokens.put(id, tokenValue);
	if (checkMultipleElements && previousValue != null) {
	throw new WSSecurityException(
	WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "duplicateError"
	);
	}
	}

	// SAML Assertions
	if ("Assertion".equals(element.getLocalName())) {
	if (WSConstants.SAML_NS.equals(element.getNamespaceURI())
	&& element.hasAttributeNS(null, "AssertionID")) {
	String id = element.getAttributeNS(null, "AssertionID");
	TokenValue tokenValue = new TokenValue("AssertionID", null, element);
	TokenValue previousValue = tokens.put(id, tokenValue);
	if (checkMultipleElements && previousValue != null) {
	throw new WSSecurityException(
	WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "duplicateError"
	);
	}
	} else if (WSConstants.SAML2_NS.equals(element.getNamespaceURI())
	&& element.hasAttributeNS(null, "ID")) {
	String id = element.getAttributeNS(null, "ID");
	TokenValue tokenValue = new TokenValue("ID", null, element);
	TokenValue previousValue = tokens.put(id, tokenValue);
	if (checkMultipleElements && previousValue != null) {
	throw new WSSecurityException(
	WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "duplicateError"
	);
	}
	}
	}

	}


	/**
	* Get a token Element for the given Id. The Id can be either a wsu:Id or a
	* SAML AssertionID/ID.
	* @param uri is the (relative) uri of the id
	* @return the token element or null if nothing found
	*/
	public Element getTokenElement(String uri) {
	String id = XMLUtils.getIDFromReference(uri);
	if (id == null) {
	return null;
	}

	TokenValue token = tokens.get(id);
	if (token != null) {
	return token.getToken();
	}

	return null;
	}

	/**
	* Set all stored tokens on the DOMCryptoContext argument
	* @param context
	*/
	public void setTokensOnContext(DOMCryptoContext context) {
	if (!tokens.isEmpty() && context != null) {
	for (Map.Entry<String, TokenValue> entry : tokens.entrySet()) {
	TokenValue tokenValue = entry.getValue();
	context.setIdAttributeNS(tokenValue.getToken(), tokenValue.getIdNamespace(),
	tokenValue.getIdName());
	}
	}
	}

	public void setTokenOnContext(String uri, DOMCryptoContext context) {
	String id = XMLUtils.getIDFromReference(uri);
	if (id == null \|\| context == null) {
	return;
	}

	TokenValue tokenValue = tokens.get(id);
	if (tokenValue != null) {
	context.setIdAttributeNS(tokenValue.getToken(), tokenValue.getIdNamespace(),
	tokenValue.getIdName());
	}
	}


	/**
	* Store a WSSecurityEngineResult for later retrieval.
	* @param result is the WSSecurityEngineResult to store
	*/
	public void addResult(WSSecurityEngineResult result) {
	results.add(result);
	Integer resultTag = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
	if (resultTag != null) {
	List<WSSecurityEngineResult> storedResults = actionResults.get(resultTag);
	if (storedResults == null) {
	storedResults = new ArrayList<>();
	}
	storedResults.add(result);
	actionResults.put(resultTag, storedResults);
	}
	}

	/**
	* Get a copy of the security results list. Modifying the subsequent list does not
	* change the internal results list.
	*/
	public List<WSSecurityEngineResult> getResults() {
	if (results.isEmpty()) {
	return Collections.emptyList();
	}
	return new ArrayList<>(results);
	}

	/**
	* Return a copy of the map between security actions + results. Modifying the subsequent
	* map does not change the internal map.
	*/
	public Map<Integer, List<WSSecurityEngineResult>> getActionResults() {
	if (actionResults.isEmpty()) {
	return Collections.emptyMap();
	}
	return new HashMap<>(actionResults);
	}

	/**
	* Get a WSSecurityEngineResult for the given Id.
	* @param uri is the (relative) uri of the id
	* @return the WSSecurityEngineResult or null if nothing found
	*/
	public WSSecurityEngineResult getResult(String uri) {
	String id = XMLUtils.getIDFromReference(uri);
	if (id == null) {
	return null;
	}

	if (!results.isEmpty()) {
	for (WSSecurityEngineResult result : results) {
	String cId = (String)result.get(WSSecurityEngineResult.TAG_ID);
	if (id.equals(cId)) {
	return result;
	}
	}
	}
	return null;
	}

	/**
	* Get a unmodifiable list of WSSecurityEngineResults of the given Integer tag
	*/
	public List<WSSecurityEngineResult> getResultsByTag(Integer tag) {
	if (actionResults.isEmpty() \|\| !actionResults.containsKey(tag)) {
	return Collections.emptyList();
	}

	return Collections.unmodifiableList(actionResults.get(tag));
	}

	/**
	* See whether we have a WSSecurityEngineResult of the given Integer tag for the given Id
	*/
	public boolean hasResult(Integer tag, String uri) {
	String id = XMLUtils.getIDFromReference(uri);
	if (id == null \|\| "".equals(uri)) {
	return false;
	}

	if (!actionResults.isEmpty() && actionResults.containsKey(tag)) {
	for (WSSecurityEngineResult result : actionResults.get(tag)) {
	String cId = (String)result.get(WSSecurityEngineResult.TAG_ID);
	if (id.equals(cId)) {
	return true;
	}
	}
	}

	return false;
	}

	/**
	* @return the signature crypto class used to process
	* the signature/verify
	*/
	public Crypto getCrypto() {
	return crypto;
	}

	/**
	* @return the document
	*/
	public Document getDocument() {
	return doc;
	}

	/**
	* @param crypto is the signature crypto class used to
	* process signature/verify
	*/
	public void setCrypto(Crypto crypto) {
	this.crypto = crypto;
	}

	/**
	* @param callbackLookup The CallbackLookup object to retrieve elements
	*/
	public void setCallbackLookup(CallbackLookup callbackLookup) {
	this.callbackLookup = callbackLookup;
	}

	/**
	* @return the CallbackLookup object to retrieve elements
	*/
	public CallbackLookup getCallbackLookup() {
	return callbackLookup;
	}

	/**
	* @return the wsse header being processed
	*/
	public Element getSecurityHeader() {
	return securityHeader;
	}

	/**
	* Sets the wsse header being processed
	*
	* @param securityHeader
	*/
	public void setSecurityHeader(Element securityHeader) {
	this.securityHeader = securityHeader;
	}

	private static class TokenValue {
	private final String idName;
	private final String idNamespace;
	private final Element token;

	TokenValue(String idName, String idNamespace, Element token) {
	this.idName = idName;
	this.idNamespace = idNamespace;
	this.token = token;
	}

	public String getIdName() {
	return idName;
	}

	public String getIdNamespace() {
	return idNamespace;
	}
	public Element getToken() {
	return token;
	}
	}

	}