File Doc Category Size Date Package
BindingProcessor.java API Doc Example 13103 Thu Jul 19 02:00:10 BST 2007 com.sun.xml.ws.security.impl.policyconv

BindingProcessor

java.lang.Object

public abstract class BindingProcessor extends Object

author: K.Venugopal@sun.com

Fields Summary
protected String
protectionOrder
protected boolean
isServer
protected boolean
isIncoming
protected com.sun.xml.wss.impl.policy.mls.SignaturePolicy
primarySP
protected com.sun.xml.wss.impl.policy.mls.EncryptionPolicy
primaryEP
protected com.sun.xml.wss.impl.policy.mls.EncryptionPolicy
sEncPolicy
protected com.sun.xml.wss.impl.policy.mls.SignaturePolicy
sSigPolicy
protected XWSSPolicyContainer
container
protected Vector
signedParts
protected Vector
encryptedParts
protected Vector
signedElements
protected Vector
encryptedElements
protected PolicyID
pid
protected TokenProcessor
tokenProcessor
protected IntegrityAssertionProcessor
iAP
protected EncryptionAssertionProcessor
eAP
private com.sun.xml.ws.security.policy.WSSAssertion
wss11
protected boolean
foundEncryptTargets
Constructors Summary
public BindingProcessor()
Creates a new instance of BindingProcessor
this.pid = new PolicyID();
Methods Summary
protected void addPrimaryTargets()
SignaturePolicy.FeatureBinding spFB = (SignaturePolicy.FeatureBinding)primarySP.getFeatureBinding(); EncryptionPolicy.FeatureBinding epFB = (EncryptionPolicy.FeatureBinding)primaryEP.getFeatureBinding(); if(spFB.getCanonicalizationAlgorithm() == null || spFB.getCanonicalizationAlgorithm().equals("")){ spFB.setCanonicalizationAlgorithm(CanonicalizationMethod.EXCLUSIVE); } //TODO:: Merge SignedElements. for(SignedElements se : signedElements){ iAP.process(se,spFB); } /* If Empty SignParts is present then remove rest of the SignParts as we will be signing all HEADERS and Body. Question to WS-SX: Are SignedParts headers targeted to ultimate reciever role. */ for(SignedParts sp : signedParts){ if(SecurityPolicyUtil.isSignedPartsEmpty(sp)){ signedParts.removeAllElements(); signedParts.add(sp); break; } } for(SignedParts sp : signedParts){ iAP.process(sp,spFB); } for(EncryptedParts ep :encryptedParts){ foundEncryptTargets = true; eAP.process(ep,epFB); } for(EncryptedElements encEl : encryptedElements){ foundEncryptTargets = true; eAP.process(encEl,epFB); } if(isWSS11() && requireSC()){ iAP.process(SIGNATURE_CONFIRMATION,spFB); }
protected abstract void close()
protected abstract com.sun.xml.ws.security.policy.Binding getBinding()
private com.sun.xml.wss.impl.policy.mls.EncryptionPolicy getEncryptionPolicy()
if(getBinding().getProtectionOrder() == Binding.SIGN_ENCRYPT){ return primaryEP; }else{ return getSecondaryEncryptionPolicy(); }
protected abstract com.sun.xml.wss.impl.policy.mls.EncryptionPolicy getSecondaryEncryptionPolicy()
protected com.sun.xml.wss.impl.policy.mls.SignaturePolicy getSignaturePolicy()
if(getBinding().getProtectionOrder() == Binding.SIGN_ENCRYPT){ return primarySP; }else{ return sSigPolicy; }
public boolean isWSS11()
if(wss11 != null){ return true; } return false;
public void processSupportingTokens(com.sun.xml.ws.security.policy.SupportingTokens st)
SupportingTokensProcessor stp = new SupportingTokensProcessor((SupportingTokens)st, tokenProcessor,getBinding(),container,primarySP,getEncryptionPolicy(),pid); stp.process();
public void processSupportingTokens(com.sun.xml.ws.security.policy.SignedSupportingTokens st)
SignedSupportingTokensProcessor stp = new SignedSupportingTokensProcessor(st, tokenProcessor,getBinding(),container,primarySP,getEncryptionPolicy(),pid); stp.process();
public void processSupportingTokens(com.sun.xml.ws.security.policy.EndorsingSupportingTokens est)
EndorsingSupportingTokensProcessor stp = new EndorsingSupportingTokensProcessor(est, tokenProcessor,getBinding(),container,primarySP,getEncryptionPolicy(),pid); stp.process();
public void processSupportingTokens(com.sun.xml.ws.security.policy.SignedEndorsingSupportingTokens est)
SignedEndorsingSupportingTokensProcessor stp = new SignedEndorsingSupportingTokensProcessor(est, tokenProcessor,getBinding(),container,primarySP,getEncryptionPolicy(),pid); stp.process();
protected void protectPrimarySignature()
boolean encryptSignConfirm = (isServer && !isIncoming) || (!isServer && isIncoming); if(protectionOrder == Binding.ENCRYPT_SIGN){ EncryptionPolicy ep = getSecondaryEncryptionPolicy(); EncryptionPolicy.FeatureBinding epFB = (EncryptionPolicy.FeatureBinding) ep.getFeatureBinding(); EncryptionTarget et = eAP.getTargetCreator().newURIEncryptionTarget(primarySP.getUUID()); SecurityPolicyUtil.setName(et, primarySP); epFB.addTargetBinding(et); if(foundEncryptTargets && (isWSS11() && requireSC() ) && encryptSignConfirm && getBinding().getSignatureProtection()){ eAP.process(SIGNATURE_CONFIRMATION,epFB); } }else{ EncryptionPolicy.FeatureBinding epFB = (EncryptionPolicy.FeatureBinding) primaryEP.getFeatureBinding(); EncryptionTarget et = eAP.getTargetCreator().newURIEncryptionTarget(primarySP.getUUID()); SecurityPolicyUtil.setName(et, primarySP); epFB.addTargetBinding(et); if(foundEncryptTargets && (isWSS11() && requireSC() ) && encryptSignConfirm && getBinding().getSignatureProtection()){ eAP.process(SIGNATURE_CONFIRMATION,epFB); } }
protected void protectTimestamp()
TimestampPolicy tp = new TimestampPolicy(); tp.setUUID(pid.generateID()); SignatureTarget target = iAP.getTargetCreator().newURISignatureTarget(tp.getUUID()); SecurityPolicyUtil.setName(target, tp); container.insert(tp); SignaturePolicy.FeatureBinding spFB = (SignaturePolicy.FeatureBinding)primarySP.getFeatureBinding(); spFB.addTargetBinding(target);
protected void protectToken(com.sun.xml.wss.impl.policy.mls.WSSPolicy token)
protectToken(token,false);
protected void protectToken(com.sun.xml.wss.impl.policy.mls.WSSPolicy token, boolean ignoreSTR)
String uid = token.getUUID(); if(PolicyTypeUtil.x509CertificateBinding(token)){ uid = ((AuthenticationTokenPolicy.X509CertificateBinding)token).getSTRID(); if(uid == null){ uid = pid.generateID(); ((AuthenticationTokenPolicy.X509CertificateBinding)token).setSTRID(uid); } }else if(PolicyTypeUtil.samlTokenPolicy(token)){ uid = ((AuthenticationTokenPolicy.SAMLAssertionBinding)token).getSTRID(); if(uid == null){ uid = pid.generateID(); ((AuthenticationTokenPolicy.SAMLAssertionBinding)token).setSTRID(uid); } } //TODO:: Handle DTK and IssuedToken. if(!ignoreSTR){ if ( uid != null ) { SignatureTargetCreator stc = iAP.getTargetCreator(); SignatureTarget st = stc.newURISignatureTarget(uid); stc.addSTRTransform(st); SignaturePolicy.FeatureBinding fb = (com.sun.xml.wss.impl.policy.mls.SignaturePolicy.FeatureBinding) primarySP.getFeatureBinding(); fb.addTargetBinding(st); } }else{ SignatureTargetCreator stc = iAP.getTargetCreator(); SignatureTarget st = null; if (PolicyTypeUtil.derivedTokenKeyBinding(token)) { WSSPolicy kbd = ((DerivedTokenKeyBinding)token).getOriginalKeyBinding(); if (PolicyTypeUtil.symmetricKeyBinding(kbd)) { WSSPolicy sbd = (KeyBindingBase)kbd.getKeyBinding(); st = stc.newURISignatureTarget(sbd.getUUID()); } else { st = stc.newURISignatureTarget(kbd.getUUID()); } } else { st = stc.newURISignatureTarget(token.getUUID()); } SignaturePolicy.FeatureBinding fb = (com.sun.xml.wss.impl.policy.mls.SignaturePolicy.FeatureBinding) primarySP.getFeatureBinding(); fb.addTargetBinding(st); }
protected boolean requireSC()
if(wss11 != null){ if(wss11.getRequiredProperties().contains(WSSAssertion.REQUIRE_SIGNATURE_CONFIRMATION)){ return true; } } return false;
public void setWSS11(com.sun.xml.ws.security.policy.WSSAssertion wss11)
this.wss11 = wss11;