@Override public void handleMessage(SoapMessage message) throws Fault { final Header callHeader = message.getHeader(RequestCallbackFeature.CALL_ID_HEADER_NAME); if (callHeader == null) { return; } handleAddressing(message); final Header callbackHeader = message.getHeader(RequestCallbackFeature.CALLBACK_ID_HEADER_NAME); if (callbackHeader == null) { return; } final BindingOperationInfo boi = message.getExchange().getBindingOperationInfo(); if (boi == null) { return; } final String action = SoapActionInInterceptor.getSoapAction(message); if (StringUtils.isEmpty(action)) { return; } final SoapOperationInfo soi = boi.getExtensor(SoapOperationInfo.class); if (soi == null) { return; } if (StringUtils.isEmpty(soi.getAction())) { soi.setAction(action); } }
@Override public void handleMessage(SoapMessage soapMessage) throws Fault { AssertionInfoMap aim = soapMessage.get(AssertionInfoMap.class); @SuppressWarnings("unchecked") final List<SecurityEvent> incomingSecurityEventList = (List<SecurityEvent>) soapMessage.get(SecurityEvent.class.getName() + ".in"); if (aim == null || incomingSecurityEventList == null) { return; } // First check for a SOAP Fault with no security header if we are the client // In this case don't blanket assert security policies if (MessageUtils.isRequestor(soapMessage) && incomingSecurityEventList.contains(WSSecurityEventConstants.NoSecurity)) { OperationSecurityEvent securityEvent = (OperationSecurityEvent) findEvent(WSSecurityEventConstants.Operation, incomingSecurityEventList); if (securityEvent != null && soapMessage.getVersion().getFault().equals(securityEvent.getOperation())) { LOG.warning("Request does not contain Security header, but it's a fault."); return; } } assertAllSecurityAssertions(aim); }
@Override public void handleMessage(SoapMessage msg) throws Fault { Endpoint ep = msg.getExchange().get(Endpoint.class); sdc.set(ep.getSecurityDomainContext()); try { SecurityToken token = msg.get(SecurityToken.class); SecurityContext context = msg.get(SecurityContext.class); if (token == null || context == null || context.getUserPrincipal() == null) { super.handleMessage(msg); return; } UsernameToken ut = (UsernameToken) token; Subject subject = createSubject( ut.getName(), ut.getPassword(), ut.isHashed(), ut.getNonce(), ut.getCreatedTime()); SecurityContext sc = doCreateSecurityContext(context.getUserPrincipal(), subject); msg.put(SecurityContext.class, sc); } finally { if (sdc != null) { sdc.remove(); } } }
public void handleMessage(SoapMessage message) { if (getInvoker(message).getProtocolHandlers().isEmpty()) { return; } if (getInvoker(message).isOutbound()) { if (!chainAlreadyContainsSAAJ(message)) { SAAJ_OUT.handleMessage(message); } message.getInterceptorChain().add(ending); } else { boolean isFault = handleMessageInternal(message); SOAPMessage msg = message.getContent(SOAPMessage.class); if (msg != null) { XMLStreamReader xmlReader = createXMLStreamReaderFromSOAPMessage(msg); message.setContent(XMLStreamReader.class, xmlReader); // replace headers try { SAAJInInterceptor.replaceHeaders(msg, message); } catch (SOAPException e) { e.printStackTrace(); } } if (isFault) { Endpoint ep = message.getExchange().get(Endpoint.class); message.getInterceptorChain().abort(); if (ep.getInFaultObserver() != null) { ep.getInFaultObserver().onMessage(message); } } } }
protected void processToken(SoapMessage message) { Header h = findSecurityHeader(message, false); if (h == null) { return; } boolean utWithCallbacks = MessageUtils.getContextualBoolean(message, SecurityConstants.VALIDATE_TOKEN, true); Element el = (Element) h.getObject(); Element child = DOMUtils.getFirstElement(el); while (child != null) { if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName()) && WSConstants.WSSE_NS.equals(child.getNamespaceURI())) { try { Principal principal = null; Subject subject = null; if (utWithCallbacks) { final WSSecurityEngineResult result = validateToken(child, message); principal = (Principal) result.get(WSSecurityEngineResult.TAG_PRINCIPAL); subject = (Subject) result.get(WSSecurityEngineResult.TAG_SUBJECT); } else { boolean bspCompliant = isWsiBSPCompliant(message); principal = parseTokenAndCreatePrincipal(child, bspCompliant); WSS4JTokenConverter.convertToken(message, principal); } SecurityContext sc = message.get(SecurityContext.class); if (sc == null || sc.getUserPrincipal() == null) { if (subject != null && principal != null) { message.put(SecurityContext.class, createSecurityContext(principal, subject)); } else if (principal instanceof UsernameTokenPrincipal) { UsernameTokenPrincipal utPrincipal = (UsernameTokenPrincipal) principal; String nonce = null; if (utPrincipal.getNonce() != null) { nonce = Base64.encode(utPrincipal.getNonce()); } subject = createSubject( utPrincipal.getName(), utPrincipal.getPassword(), utPrincipal.isPasswordDigest(), nonce, utPrincipal.getCreatedTime()); message.put(SecurityContext.class, createSecurityContext(utPrincipal, subject)); } } if (principal instanceof UsernameTokenPrincipal) { storeResults((UsernameTokenPrincipal) principal, message); } } catch (WSSecurityException ex) { throw new Fault(ex); } catch (Base64DecodingException ex) { throw new Fault(ex); } } child = DOMUtils.getNextElement(child); } }
private SoapMessage makeInvocation( Map<String, String> outProperties, List<String> xpaths, Map<String, String> inProperties) throws Exception { Document doc = readDocument("wsse-request-clean.xml"); WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor(); SoapMessage msg = new SoapMessage(new MessageImpl()); Exchange ex = new ExchangeImpl(); ex.setInMessage(msg); SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); SOAPPart part = saajMsg.getSOAPPart(); part.setContent(new DOMSource(doc)); saajMsg.saveChanges(); msg.setContent(SOAPMessage.class, saajMsg); for (String key : outProperties.keySet()) { msg.put(key, outProperties.get(key)); } handler.handleMessage(msg); doc = part; for (String xpath : xpaths) { assertValid(xpath, doc); } byte[] docbytes = getMessageBytes(doc); XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes)); DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setValidating(false); dbf.setIgnoringComments(false); dbf.setIgnoringElementContentWhitespace(true); dbf.setNamespaceAware(true); DocumentBuilder db = dbf.newDocumentBuilder(); db.setEntityResolver(new NullResolver()); doc = StaxUtils.read(db, reader, false); WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); SoapMessage inmsg = new SoapMessage(new MessageImpl()); ex.setInMessage(inmsg); inmsg.setContent(SOAPMessage.class, saajMsg); for (String key : inProperties.keySet()) { inHandler.setProperty(key, inProperties.get(key)); } inHandler.handleMessage(inmsg); return inmsg; }
@Override public void handleMessage(SoapMessage message) throws Fault { if (message.getVersion() instanceof Soap11) { Map<String, List<String>> headers = CastUtils.cast((Map) message.get(Message.PROTOCOL_HEADERS)); headers.remove("SOAPAction"); } }
private SoapMessage coachMessage(String policyName) throws IOException, ParserConfigurationException, SAXException { Policy policy = policyBuilder.getPolicy(this.getResourceAsStream(policyName)); AssertionInfoMap aim = new AssertionInfoMap(policy); SoapMessage message = control.createMock(SoapMessage.class); EasyMock.expect(message.get(Message.REQUESTOR_ROLE)).andReturn(Boolean.TRUE); EasyMock.expect(message.get(AssertionInfoMap.class)).andReturn(aim); return message; }
public void handleMessage(SoapMessage message) throws Fault { SOAPMessage doc = message.getContent(SOAPMessage.class); if (doc == null) { saajIn.handleMessage(message); doc = message.getContent(SOAPMessage.class); } Map<String, String> headers = toHeadersMap(doc); DistributedThreadLocal.putAll(headers); DistributedThreadLocal.onReceivedDistributedThreadLocal(); }
@Test public void testRequestorOutboundSoapAction() throws Exception { SoapMessage message = setUpMessage(); interceptor.handleMessage(message); control.verify(); Map<String, List<String>> reqHeaders = CastUtils.cast((Map<?, ?>) message.get(Message.PROTOCOL_HEADERS)); assertNotNull(reqHeaders); List<String> soapaction = reqHeaders.get("soapaction"); assertTrue(null != soapaction && soapaction.size() == 1); assertEquals("\"http://foo/bar/SEI/opReq\"", soapaction.get(0)); }
@Test public void testEncryptedUsernameToken() throws Exception { Map<String, String> outProperties = new HashMap<String, String>(); outProperties.put( WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.ENCRYPT); outProperties.put(WSHandlerConstants.ENC_PROP_FILE, "outsecurity.properties"); outProperties.put(WSHandlerConstants.USER, "alice"); outProperties.put("password", "alicePassword"); outProperties.put(WSHandlerConstants.ENCRYPTION_USER, "myalias"); outProperties.put( WSHandlerConstants.ENCRYPTION_PARTS, "{Content}{" + WSConstants.WSSE_NS + "}UsernameToken"); Map<String, String> inProperties = new HashMap<String, String>(); inProperties.put( WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.ENCRYPT); inProperties.put(WSHandlerConstants.DEC_PROP_FILE, "insecurity.properties"); inProperties.put( WSHandlerConstants.PW_CALLBACK_CLASS, "org.apache.cxf.ws.security.wss4j.TestPwdCallback"); List<String> xpaths = new ArrayList<String>(); xpaths.add("//wsse:Security"); SoapMessage inmsg = makeInvocation(outProperties, xpaths, inProperties); List<WSHandlerResult> handlerResults = getResults(inmsg); assertNotNull(handlerResults); assertSame(handlerResults.size(), 1); // // This should contain exactly 2 protection results // final java.util.List<WSSecurityEngineResult> protectionResults = handlerResults.get(0).getResults(); assertNotNull(protectionResults); assertSame(protectionResults.size(), 2); final Principal p1 = (Principal) protectionResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL); final Principal p2 = (Principal) protectionResults.get(1).get(WSSecurityEngineResult.TAG_PRINCIPAL); assertTrue(p1 instanceof UsernameTokenPrincipal || p2 instanceof UsernameTokenPrincipal); Principal utPrincipal = p1 instanceof UsernameTokenPrincipal ? p1 : p2; SecurityContext securityContext = inmsg.get(SecurityContext.class); assertNotNull(securityContext); assertSame(securityContext.getUserPrincipal(), utPrincipal); }
/** @param message */ @Override public void handleMessage(SoapMessage message) throws Fault { long l = LOG.logStart(); final OutputStream os = message.getContent(OutputStream.class); boolean isRequestor = MessageUtils.isRequestor(message); if (os == null) { LOG.logWarn("Could not log message because it not contains OutputStream!", null); return; } // create store file File fStore; if (isRequestor) { MSHOutMail rq = SoapUtils.getMSHOutMail(message); fStore = EBMSLogUtils.getOutboundFileName(true, rq.getId(), null); } else { // get base from input log file String base = (String) message.getExchange().get(EBMSConstants.EBMS_CP_BASE_LOG_SOAP_MESSAGE_FILE); fStore = EBMSLogUtils.getOutboundFileName(false, null, base); } LOG.log("Out " + (isRequestor ? "request" : "response") + " stored to:" + fStore.getName()); message .getExchange() .put( EBMSConstants.EBMS_CP_BASE_LOG_SOAP_MESSAGE_FILE, EBMSLogUtils.getBaseFileName(fStore)); message.getExchange().put(EBMSConstants.EBMS_CP_OUT_LOG_SOAP_MESSAGE_FILE, fStore); // create FileOutputStream to log request FileOutputStream fos; try { fos = new FileOutputStream(fStore); } catch (FileNotFoundException ex) { String errmsg = "Could not log outbound message to file: '" + fStore.getAbsolutePath() + "'! "; LOG.logError(l, errmsg, ex); return; } // create CacheAndWriteOutputStream final CacheAndWriteOutputStream newOut = new CacheAndWriteOutputStream(os); message.setContent(OutputStream.class, newOut); newOut.registerCallback(new LoggingCallback(fos, message, os, fStore)); LOG.logEnd(l); }
private void loadAttachments( List<org.apache.wss4j.common.ext.Attachment> attachmentList, String attachmentId) throws IOException { final Collection<org.apache.cxf.message.Attachment> attachments = soapMessage.getAttachments(); // Calling LazyAttachmentCollection.size() here to force it to load the attachments if (attachments != null && attachments.size() > 0) { for (Iterator<org.apache.cxf.message.Attachment> iterator = attachments.iterator(); iterator.hasNext(); ) { org.apache.cxf.message.Attachment attachment = iterator.next(); if (attachmentId != null && !attachmentId.equals(attachment.getId())) { continue; } org.apache.wss4j.common.ext.Attachment att = new org.apache.wss4j.common.ext.Attachment(); att.setMimeType(attachment.getDataHandler().getContentType()); att.setId(attachment.getId()); att.setSourceStream(attachment.getDataHandler().getInputStream()); Iterator<String> headerIterator = attachment.getHeaderNames(); while (headerIterator.hasNext()) { String next = headerIterator.next(); att.addHeader(next, attachment.getHeader(next)); } attachmentList.add(att); iterator.remove(); } } }
private SoapMessage setUpMessage() throws Exception { SoapMessage message = new SoapMessage(new MessageImpl()); Exchange exchange = new ExchangeImpl(); BindingOperationInfo bop = setUpBindingOperationInfo( "http://foo/bar", "opReq", "opResp", SEI.class.getMethod("op", new Class[0])); SoapOperationInfo sop = new SoapOperationInfo(); sop.setAction("http://foo/bar/SEI/opReq"); bop.addExtensor(sop); exchange.put(BindingOperationInfo.class, bop); message.setExchange(exchange); message.put(Message.REQUESTOR_ROLE, Boolean.TRUE); control.replay(); return message; }
private static boolean chainAlreadyContainsSAAJ(SoapMessage message) { ListIterator<Interceptor<? extends Message>> listIterator = message.getInterceptorChain().getIterator(); while (listIterator.hasNext()) { if (listIterator.next() instanceof SAAJOutInterceptor) { return true; } } return false; }
private void storeResults(UsernameTokenPrincipal principal, SoapMessage message) { List<WSSecurityEngineResult> v = new ArrayList<WSSecurityEngineResult>(); int action = WSConstants.UT; if (principal.getPassword() == null) { action = WSConstants.UT_NOPASSWORD; } v.add(0, new WSSecurityEngineResult(action, principal, null, null, null)); List<WSHandlerResult> results = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS)); if (results == null) { results = new ArrayList<WSHandlerResult>(); message.put(WSHandlerConstants.RECV_RESULTS, results); } WSHandlerResult rResult = new WSHandlerResult(null, v); results.add(0, rResult); assertTokens(message, principal, false); message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, principal); }
protected UsernameToken assertTokens(SoapMessage message) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); assertPolicy(aim, SPConstants.USERNAME_TOKEN10); assertPolicy(aim, SPConstants.USERNAME_TOKEN11); assertPolicy(aim, SPConstants.HASH_PASSWORD); assertPolicy(aim, SPConstants.NO_PASSWORD); assertPolicy(aim, SP13Constants.NONCE); assertPolicy(aim, SP13Constants.CREATED); return (UsernameToken) assertTokens(message, SPConstants.USERNAME_TOKEN, true); }
private void checkUnderstoodHeaders(SoapMessage soapMessage) { Set<QName> paramHeaders = HeaderUtil.getHeaderQNameInOperationParam(soapMessage); if (soapMessage.getHeaders().isEmpty() && paramHeaders.isEmpty()) { // the TCK expects the getHeaders method to always be // called. If there aren't any headers in the message, // THe MustUnderstandInterceptor quickly returns without // trying to calculate the understood headers. Thus, // we need to call it here. getUnderstoodHeaders(); } }
public void handleMessage(SoapMessage message) throws Fault { Iterator<Header> iter = message.getHeaders().iterator(); while (iter.hasNext()) { Header hdr = iter.next(); // Only remove inbound marked headers.. if (hdr == null || hdr.getDirection() == Header.Direction.DIRECTION_IN) { iter.remove(); } } }
public void handleMessage(SoapMessage message) throws Fault { // TODO Auto-generated method stub Iterator<Header> iter = message.getHeaders().iterator(); while (iter.hasNext()) { Header hdr = (Header) iter.next(); // Only remove inbound marked headers.. if (hdr.getDirection() == Header.Direction.DIRECTION_IN) { iter.remove(); } } }
protected WSSecUsernameToken addUsernameToken(SoapMessage message, UsernameToken token) { String userName = (String) message.getContextualProperty(SecurityConstants.USERNAME); WSSConfig wssConfig = (WSSConfig) message.getContextualProperty(WSSConfig.class.getName()); if (wssConfig == null) { wssConfig = WSSConfig.getNewInstance(); } if (!StringUtils.isEmpty(userName)) { // If NoPassword property is set we don't need to set the password if (token.getPasswordType() == UsernameToken.PasswordType.NoPassword) { WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig); utBuilder.setUserInfo(userName, null); utBuilder.setPasswordType(null); return utBuilder; } String password = (String) message.getContextualProperty(SecurityConstants.PASSWORD); if (StringUtils.isEmpty(password)) { password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN, message); } if (!StringUtils.isEmpty(password)) { // If the password is available then build the token WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig); if (token.getPasswordType() == UsernameToken.PasswordType.HashPassword) { utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST); } else { utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT); } utBuilder.setUserInfo(userName, password); return utBuilder; } else { policyNotAsserted(token, "No username available", message); } } else { policyNotAsserted(token, "No username available", message); } return null; }
private void handleAddressing(SoapMessage message) { final AddressingProperties maps = (AddressingProperties) message.getContextualProperty(JAXWSAConstants.ADDRESSING_PROPERTIES_INBOUND); if (maps == null) { return; } final EndpointReferenceType rpl = maps.getReplyTo(); if (rpl == null) { return; } final AttributedURIType addr = rpl.getAddress(); if (addr == null) { return; } final String replyTo = addr.getValue(); final Exchange exchange = message.getExchange(); if (exchange.getDestination() instanceof JMSDestination) { ContextUtils.storePartialResponseSent(message); if (!exchange.isOneWay()) { exchange.setOneWay(true); } } else { if (exchange.isOneWay()) { if (!Names.WSA_NONE_ADDRESS.equals(replyTo)) { // disable creation of "partial" response // by CXF decoupled response feature exchange.setOneWay(false); } } else { // A generic default exchange has been created. // Provide it to MAP aggregator as anon. request-response // and convert it afterwards to one-way. if (Names.WSA_NONE_ADDRESS.equals(replyTo)) { addr.setValue(Names.WSA_ANONYMOUS_ADDRESS); } } } }
@Test public void testRequestorOutboundDispatchedSoapAction() throws Exception { SoapMessage message = setUpMessage(); BindingOperationInfo dbop = setUpBindingOperationInfo( "http://foo/bar/d", "opDReq", "opDResp", SEI.class.getMethod("op", new Class[0])); SoapOperationInfo soi = new SoapOperationInfo(); soi.setAction("http://foo/bar/d/SEI/opDReq"); dbop.addExtensor(soi); BindingOperationInfo bop = message.getExchange().get(BindingOperationInfo.class); bop.setProperty("dispatchToOperation", dbop); interceptor.handleMessage(message); control.verify(); Map<String, List<String>> reqHeaders = CastUtils.cast((Map<?, ?>) message.get(Message.PROTOCOL_HEADERS)); assertNotNull(reqHeaders); List<String> soapaction = reqHeaders.get("soapaction"); assertTrue(null != soapaction && soapaction.size() == 1); assertEquals("\"http://foo/bar/d/SEI/opDReq\"", soapaction.get(0)); }
@Override public void handleMessage(SoapMessage message) throws Fault { Document doc = DOMUtils.createDocument(); Element root = doc.createElementNS(namespaceURL, rootName); Element elCode = doc.createElement(elCodeName); elCode.setTextContent(this.code); Element elPasswd = doc.createElement(elPasswdName); elPasswd.setTextContent(this.passwd); root.appendChild(elCode); root.appendChild(elPasswd); QName qName = new QName("RequestSOAPHeader"); Header header = new Header(qName, root); message.getHeaders().add(header); }
public void handleMessage(SoapMessage message) { if (binding.getHandlerChain().isEmpty()) { return; } if (getInvoker(message).getProtocolHandlers().isEmpty()) { return; } checkUnderstoodHeaders(message); MessageContext context = createProtocolMessageContext(message); HandlerChainInvoker invoker = getInvoker(message); invoker.setProtocolMessageContext(context); if (!invoker.invokeProtocolHandlersHandleFault(isRequestor(message), context)) { handleAbort(message, context); } SOAPMessage msg = message.getContent(SOAPMessage.class); if (msg != null) { XMLStreamReader xmlReader = createXMLStreamReaderFromSOAPMessage(msg); message.setContent(XMLStreamReader.class, xmlReader); } }
private void readHeaders(XMLStreamReader xmlReader, SoapMessage message) throws XMLStreamException { // read header portion of SOAP document into DOM SoapVersion version = message.getVersion(); XMLStreamReader filteredReader = new PartialXMLStreamReader(xmlReader, version.getBody()); Node nd = message.getContent(Node.class); W3CDOMStreamWriter writer = message.get(W3CDOMStreamWriter.class); Document doc = null; if (writer != null) { StaxUtils.copy(filteredReader, writer); doc = writer.getDocument(); } else if (nd instanceof Document) { doc = (Document) nd; StaxUtils.readDocElements(doc, doc, filteredReader, false, false); } else { doc = StaxUtils.read(filteredReader); message.setContent(Node.class, doc); } // get the actual SOAP header Element element = doc.getDocumentElement(); QName header = version.getHeader(); List<Element> elemList = DOMUtils.findAllElementsByTagNameNS( element, header.getNamespaceURI(), header.getLocalPart()); for (Element elem : elemList) { // set all child elements as headers for message transmission Element hel = DOMUtils.getFirstElement(elem); while (hel != null) { SoapHeader sheader = new SoapHeader(DOMUtils.getElementQName(hel), hel); message.getHeaders().add(sheader); hel = DOMUtils.getNextElement(hel); } } }
@Override protected MessageContext createProtocolMessageContext(SoapMessage message) { SOAPMessageContextImpl sm = new SOAPMessageContextImpl(message); Exchange exch = message.getExchange(); setupBindingOperationInfo(exch, sm); SOAPMessage msg = sm.getMessage(); try { List<SOAPElement> params = new ArrayList<SOAPElement>(); message.put(MessageContext.REFERENCE_PARAMETERS, params); SOAPHeader head = msg.getSOAPHeader(); if (head != null) { Iterator<Node> it = CastUtils.cast(head.getChildElements()); while (it != null && it.hasNext()) { Node nd = it.next(); if (nd instanceof SOAPElement) { SOAPElement el = (SOAPElement) nd; if (el.hasAttributeNS(Names.WSA_NAMESPACE_NAME, "IsReferenceParameter") && ("1".equals(el.getAttributeNS(Names.WSA_NAMESPACE_NAME, "IsReferenceParameter")) || Boolean.parseBoolean( el.getAttributeNS(Names.WSA_NAMESPACE_NAME, "IsReferenceParameter")))) { params.add(el); } } } } if (msg.getSOAPPart().getEnvelope().getBody() != null && msg.getSOAPPart().getEnvelope().getBody().hasFault()) { return null; } } catch (SOAPException e) { throw new Fault(e); } return sm; }
private org.apache.xml.security.stax.securityToken.SecurityToken findEncryptedKeyToken() throws XMLSecurityException { @SuppressWarnings("unchecked") final List<SecurityEvent> incomingEventList = (List<SecurityEvent>) message.getExchange().get(SecurityEvent.class.getName() + ".in"); if (incomingEventList != null) { for (SecurityEvent incomingEvent : incomingEventList) { if (WSSecurityEventConstants.ENCRYPTED_PART == incomingEvent.getSecurityEventType() || WSSecurityEventConstants.EncryptedElement == incomingEvent.getSecurityEventType()) { org.apache.xml.security.stax.securityToken.SecurityToken token = ((AbstractSecuredElementSecurityEvent) incomingEvent).getSecurityToken(); if (token != null && token.getKeyWrappingToken() != null && token.getKeyWrappingToken().getSecretKey() != null && token.getKeyWrappingToken().getSha1Identifier() != null) { return token.getKeyWrappingToken(); } else if (token != null && token.getSecretKey() != null && token.getSha1Identifier() != null) { return token; } } } // Fall back to a Signature in case there was no encrypted Element in the request for (SecurityEvent incomingEvent : incomingEventList) { if (WSSecurityEventConstants.SIGNED_PART == incomingEvent.getSecurityEventType() || WSSecurityEventConstants.SignedElement == incomingEvent.getSecurityEventType()) { org.apache.xml.security.stax.securityToken.SecurityToken token = ((AbstractSecuredElementSecurityEvent) incomingEvent).getSecurityToken(); if (token != null && token.getKeyWrappingToken() != null && token.getKeyWrappingToken().getSecretKey() != null && token.getKeyWrappingToken().getSha1Identifier() != null) { return token.getKeyWrappingToken(); } else if (token != null && token.getSecretKey() != null && token.getSha1Identifier() != null) { return token; } } } } return null; }
private UsernameToken assertTokens( SoapMessage message, UsernameTokenPrincipal princ, boolean signed) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); UsernameToken tok = null; for (AssertionInfo ai : ais) { tok = (UsernameToken) ai.getAssertion(); ai.setAsserted(true); if ((tok.getPasswordType() == UsernameToken.PasswordType.HashPassword) && (princ == null || !princ.isPasswordDigest())) { ai.setNotAsserted("Password hashing policy not enforced"); } else { assertPolicy(aim, SPConstants.HASH_PASSWORD); } if ((tok.getPasswordType() != UsernameToken.PasswordType.NoPassword) && isNonEndorsingSupportingToken(tok) && (princ == null || princ.getPassword() == null)) { ai.setNotAsserted("Username Token No Password supplied"); } else { assertPolicy(aim, SPConstants.NO_PASSWORD); } if (tok.isCreated() && princ.getCreatedTime() == null) { ai.setNotAsserted("No Created Time"); } else { assertPolicy(aim, SP13Constants.CREATED); } if (tok.isNonce() && princ.getNonce() == null) { ai.setNotAsserted("No Nonce"); } else { assertPolicy(aim, SP13Constants.NONCE); } } assertPolicy(aim, SPConstants.USERNAME_TOKEN10); assertPolicy(aim, SPConstants.USERNAME_TOKEN11); assertPolicy(aim, SPConstants.SUPPORTING_TOKENS); if (signed || isTLSInUse(message)) { assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS); } return tok; }
public String parseSecret(SoapMessage soapMessage) { Header header = soapMessage.getHeader(HEADER_TYPE); if (header != null) { // parse header. consider iterating through w3c DOM tree directly as an optimalization try { Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); BankRequestHeader bankRequestHeader = (BankRequestHeader) unmarshaller.unmarshal((Node) header.getObject()); return bankRequestHeader.getSecret(); } catch (JAXBException e) { logger.warn("Unable to unmarshall header", e); } } return null; }