Esempio n. 1
0
  private UsernameToken assertTokens(
      SoapMessage message, UsernameTokenPrincipal princ, boolean signed) {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
    UsernameToken tok = null;
    for (AssertionInfo ai : ais) {
      tok = (UsernameToken) ai.getAssertion();
      ai.setAsserted(true);
      if ((tok.getPasswordType() == UsernameToken.PasswordType.HashPassword)
          && (princ == null || !princ.isPasswordDigest())) {
        ai.setNotAsserted("Password hashing policy not enforced");
      } else {
        assertPolicy(aim, SPConstants.HASH_PASSWORD);
      }

      if ((tok.getPasswordType() != UsernameToken.PasswordType.NoPassword)
          && isNonEndorsingSupportingToken(tok)
          && (princ == null || princ.getPassword() == null)) {
        ai.setNotAsserted("Username Token No Password supplied");
      } else {
        assertPolicy(aim, SPConstants.NO_PASSWORD);
      }

      if (tok.isCreated() && princ.getCreatedTime() == null) {
        ai.setNotAsserted("No Created Time");
      } else {
        assertPolicy(aim, SP13Constants.CREATED);
      }

      if (tok.isNonce() && princ.getNonce() == null) {
        ai.setNotAsserted("No Nonce");
      } else {
        assertPolicy(aim, SP13Constants.NONCE);
      }
    }

    assertPolicy(aim, SPConstants.USERNAME_TOKEN10);
    assertPolicy(aim, SPConstants.USERNAME_TOKEN11);
    assertPolicy(aim, SPConstants.SUPPORTING_TOKENS);

    if (signed || isTLSInUse(message)) {
      assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
    }
    return tok;
  }
Esempio n. 2
0
  private void parsePolicies(
      AssertionInfoMap aim,
      Collection<AssertionInfo> ais,
      Message message,
      List<WSSecurityEngineResult> results,
      List<WSSecurityEngineResult> signedResults) {
    for (AssertionInfo ai : ais) {
      Layout layout = (Layout) ai.getAssertion();
      ai.setAsserted(true);

      if (!validatePolicy(layout, results, signedResults)) {
        String error = "Layout does not match the requirements";
        ai.setNotAsserted(error);
      }
    }

    assertPolicy(aim, SPConstants.LAYOUT_LAX);
    assertPolicy(aim, SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST);
    assertPolicy(aim, SPConstants.LAYOUT_LAX_TIMESTAMP_LAST);
    assertPolicy(aim, SPConstants.LAYOUT_STRICT);
  }