private boolean isAllowNoPassword(AssertionInfoMap aim) throws WSSecurityException { Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); if (!ais.isEmpty()) { for (AssertionInfo ai : ais) { UsernameToken policy = (UsernameToken) ai.getAssertion(); if (policy.getPasswordType() == UsernameToken.PasswordType.NoPassword) { return true; } } } return false; }
private UsernameToken assertTokens( SoapMessage message, UsernameTokenPrincipal princ, boolean signed) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN); UsernameToken tok = null; for (AssertionInfo ai : ais) { tok = (UsernameToken) ai.getAssertion(); ai.setAsserted(true); if ((tok.getPasswordType() == UsernameToken.PasswordType.HashPassword) && (princ == null || !princ.isPasswordDigest())) { ai.setNotAsserted("Password hashing policy not enforced"); } else { assertPolicy(aim, SPConstants.HASH_PASSWORD); } if ((tok.getPasswordType() != UsernameToken.PasswordType.NoPassword) && isNonEndorsingSupportingToken(tok) && (princ == null || princ.getPassword() == null)) { ai.setNotAsserted("Username Token No Password supplied"); } else { assertPolicy(aim, SPConstants.NO_PASSWORD); } if (tok.isCreated() && princ.getCreatedTime() == null) { ai.setNotAsserted("No Created Time"); } else { assertPolicy(aim, SP13Constants.CREATED); } if (tok.isNonce() && princ.getNonce() == null) { ai.setNotAsserted("No Nonce"); } else { assertPolicy(aim, SP13Constants.NONCE); } } assertPolicy(aim, SPConstants.USERNAME_TOKEN10); assertPolicy(aim, SPConstants.USERNAME_TOKEN11); assertPolicy(aim, SPConstants.SUPPORTING_TOKENS); if (signed || isTLSInUse(message)) { assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS); } return tok; }
// Handle these separately for custom AlgorithmSuites private void assertAlgorithmSuites(Collection<AssertionInfo> ais, AssertionInfoMap aim) { for (AssertionInfo ai : ais) { ai.setAsserted(true); AlgorithmSuite algorithmSuite = (AlgorithmSuite) ai.getAssertion(); AlgorithmSuiteType algorithmSuiteType = algorithmSuite.getAlgorithmSuiteType(); String namespace = algorithmSuiteType.getNamespace(); if (namespace != null && !namespace.equals(algorithmSuite.getName().getNamespaceURI())) { Collection<AssertionInfo> algAis = aim.get(new QName(namespace, algorithmSuiteType.getName())); if (algAis != null && !algAis.isEmpty()) { for (AssertionInfo algAi : algAis) { algAi.setAsserted(true); } } } } }
private void parsePolicies( AssertionInfoMap aim, Collection<AssertionInfo> ais, Message message, List<WSSecurityEngineResult> results, List<WSSecurityEngineResult> signedResults) { for (AssertionInfo ai : ais) { Layout layout = (Layout) ai.getAssertion(); ai.setAsserted(true); if (!validatePolicy(layout, results, signedResults)) { String error = "Layout does not match the requirements"; ai.setNotAsserted(error); } } assertPolicy(aim, SPConstants.LAYOUT_LAX); assertPolicy(aim, SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST); assertPolicy(aim, SPConstants.LAYOUT_LAX_TIMESTAMP_LAST); assertPolicy(aim, SPConstants.LAYOUT_STRICT); }
@SuppressWarnings("unchecked") protected JaxbAssertion<RMAssertion> getAssertion(AssertionInfo ai) { return (JaxbAssertion<RMAssertion>) ai.getAssertion(); }