File Doc Category Size Date Package
XWSSPolicyGenerator.java API Doc Example 16591 Tue May 29 16:56:50 BST 2007 com.sun.xml.ws.security.impl.policyconv

XWSSPolicyGenerator

java.lang.Object

public class XWSSPolicyGenerator extends Object

Will convert WS Security Policy to XWSS policy. WS Security Policies are digested and cached by the first pipe. The same objects are shared across instances of the pipe(refer to Pipe javadoc for more information)

author: K.Venugopal@sun.com

Fields Summary
String
_protectionOrder
com.sun.xml.wss.impl.policy.mls.SignaturePolicy
_primarySP
com.sun.xml.wss.impl.policy.mls.EncryptionPolicy
_primaryEP
com.sun.xml.wss.impl.policy.mls.EncryptionPolicy
_sEncPolicy
com.sun.xml.wss.impl.policy.mls.SignaturePolicy
_csSP
com.sun.xml.ws.security.impl.policyconv.XWSSPolicyContainer
_policyContainer
com.sun.xml.ws.security.policy.Binding
_binding
com.sun.xml.ws.policy.Policy
effectivePolicy
int
id
boolean
isServer
boolean
isIncoming
private com.sun.xml.ws.policy.PolicyAssertion
wssAssertion
private com.sun.xml.ws.security.policy.WSSAssertion
wss11
private com.sun.xml.ws.security.impl.policy.Trust10
trust10
private com.sun.xml.ws.security.policy.AlgorithmSuite
algSuite
private boolean
signBody
private boolean
encryptBody
private Vector
signedParts
private Vector
encryptedParts
private Vector
signedElements
private Vector
encryptedElements
private boolean
ignoreST
private boolean
transportBinding
private com.sun.xml.ws.security.impl.policyconv.IntegrityAssertionProcessor
iAP
private EncryptionAssertionProcessor
eAP
private com.sun.xml.ws.security.policy.Binding
policyBinding
private List
reqElements
Constructors Summary
public XWSSPolicyGenerator(com.sun.xml.ws.policy.Policy effectivePolicy, boolean isServer, boolean isIncoming)
Creates a new instance of WSPolicyProcessorImpl
//public XWSSPolicyGenerator(AssertionSet assertionSet,boolean isServer,boolean isIncoming){ this.effectivePolicy = effectivePolicy; this._policyContainer = new XWSSPolicyContainer(isServer,isIncoming); this.isServer = isServer; this.isIncoming = isIncoming;
Methods Summary
private void collectPolicies()
for(AssertionSet assertionSet: effectivePolicy){ for(PolicyAssertion assertion:assertionSet){ if(PolicyUtil.isSignedParts(assertion)){ signedParts.add((SignedParts)assertion); }else if(PolicyUtil.isEncryptParts(assertion)){ encryptedParts.add((EncryptedParts)assertion); }else if(PolicyUtil.isSignedElements(assertion)){ signedElements.add((SignedElements)assertion); }else if(PolicyUtil.isEncryptedElements(assertion)){ encryptedElements.add((EncryptedElements)assertion); }else if(PolicyUtil.isWSS10(assertion)){ wssAssertion = assertion; }else if(PolicyUtil.isWSS11(assertion)){ wssAssertion = assertion; }else if(PolicyUtil.isTrust10(assertion)){ trust10 = (Trust10)assertion; }else if(PolicyUtil.isBinding(assertion)){ _binding =(Binding) assertion; }else if(PolicyUtil.isRequiredElements(assertion)){ reqElements.add((RequiredElements)assertion); } } }
protected com.sun.xml.wss.impl.AlgorithmSuite getAlgoSuite(com.sun.xml.ws.security.policy.AlgorithmSuite suite)
com.sun.xml.wss.impl.AlgorithmSuite als = new com.sun.xml.wss.impl.AlgorithmSuite( suite.getDigestAlgorithm(), suite.getEncryptionAlgorithm(), suite.getSymmetricKeyAlgorithm(), suite.getAsymmetricKeyAlgorithm()); return als;
private com.sun.xml.ws.security.policy.Binding getBinding()
return _binding;
public com.sun.xml.ws.security.policy.AlgorithmSuite getBindingLevelAlgSuite()
return _binding.getAlgorithmSuite();
protected com.sun.xml.wss.impl.MessageLayout getLayout(com.sun.xml.ws.security.policy.MessageLayout layout)
switch(layout) { case Strict :{ if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE,"MessageLayout has been configured to be STRICT "); } return com.sun.xml.wss.impl.MessageLayout.Strict; } case Lax :{ if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE,"MessageLayout has been configured to be LAX "); } return com.sun.xml.wss.impl.MessageLayout.Lax; } case LaxTsFirst :{ if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE,"MessageLayout has been configured to be LaxTimestampFirst "); } return com.sun.xml.wss.impl.MessageLayout.LaxTsFirst; } case LaxTsLast :{ if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE,"MessageLayout has been configured tp be LaxTimestampLast "); } return com.sun.xml.wss.impl.MessageLayout.LaxTsLast; }default :{ if(logger.isLoggable(Level.SEVERE)){ logger.log(Level.SEVERE,LogStringsMessages.SP_0106_UNKNOWN_MESSAGE_LAYOUT(layout)); } throw new RuntimeException(LogStringsMessages.SP_0106_UNKNOWN_MESSAGE_LAYOUT(layout)); } }
protected com.sun.xml.wss.impl.WSSAssertion getWssAssertion(com.sun.xml.ws.security.policy.WSSAssertion asser)
com.sun.xml.wss.impl.WSSAssertion assertion = new com.sun.xml.wss.impl.WSSAssertion( asser.getRequiredProperties(), asser.getType()); return assertion;
public com.sun.xml.wss.impl.policy.mls.MessagePolicy getXWSSPolicy()
MessagePolicy mp = null; try{ mp = _policyContainer.getMessagePolicy(); }catch(PolicyGenerationException ex){ logger.log(Level.SEVERE,""+effectivePolicy,ex); throw new PolicyException("Unable to digest SecurityPolicy "); } //try{ if(wssAssertion != null){ try{ mp.setWSSAssertion(getWssAssertion((com.sun.xml.ws.security.policy.WSSAssertion) wssAssertion)); } catch (PolicyGenerationException ex) { logger.log(Level.SEVERE,LogStringsMessages.SP_0104_ERROR_SIGNATURE_CONFIRMATION_ELEMENT(ex.getMessage()),ex); throw new PolicyException(LogStringsMessages.SP_0104_ERROR_SIGNATURE_CONFIRMATION_ELEMENT(ex.getMessage())); } } if(policyBinding.getAlgorithmSuite() != null){ mp.setAlgorithmSuite(getAlgoSuite(policyBinding.getAlgorithmSuite())); } if(policyBinding.getLayout()!= null){ mp.setLayout(getLayout(policyBinding.getLayout())); } if(isIncoming && reqElements.size() > 0){ try { com.sun.xml.ws.security.impl.policyconv.RequiredElementsProcessor rep = new com.sun.xml.ws.security.impl.policyconv.RequiredElementsProcessor(reqElements, mp); rep.process(); } catch (PolicyGenerationException ex) { logger.log(Level.SEVERE,LogStringsMessages.SP_0103_ERROR_REQUIRED_ELEMENTS(ex.getMessage()),ex); throw new PolicyException(LogStringsMessages.SP_0103_ERROR_REQUIRED_ELEMENTS(ex.getMessage())); } } if(transportBinding){ mp.setSSL(transportBinding); } return mp;
public void process(boolean ignoreST)
this.ignoreST = ignoreST; process();
public void process()
collectPolicies(); PolicyAssertion binding = (PolicyAssertion)getBinding(); policyBinding =(Binding) binding; if(binding == null){ //log error. logger.log(Level.SEVERE,LogStringsMessages.SP_0105_ERROR_BINDING_ASSR_NOT_PRESENT()); throw new PolicyException(LogStringsMessages.SP_0105_ERROR_BINDING_ASSR_NOT_PRESENT()); } if(PolicyUtil.isTransportBinding(binding)){ if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "TransportBinding was configured in the policy"); } TransportBindingProcessor tbp= new TransportBindingProcessor((TransportBinding)binding,isServer, isIncoming,_policyContainer); tbp.process(); processNonBindingAssertions(tbp); transportBinding = true; }else{ iAP = new IntegrityAssertionProcessor(_binding.getAlgorithmSuite(),_binding.isSignContent()); eAP = new EncryptionAssertionProcessor(_binding.getAlgorithmSuite(),false); _policyContainer.setPolicyContainerMode(_binding.getLayout()); if(PolicyUtil.isSymmetricBinding(binding.getName())) { if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "SymmetricBinding was configured in the policy"); } SymmetricBindingProcessor sbp = new SymmetricBindingProcessor((SymmetricBinding) _binding, _policyContainer, isServer, isIncoming,signedParts,encryptedParts, signedElements,encryptedElements); if(wssAssertion != null && PolicyUtil.isWSS11(wssAssertion)){ sbp.setWSS11((WSSAssertion)wssAssertion); } sbp.process(); processNonBindingAssertions(sbp); sbp.close(); }else if(PolicyUtil.isAsymmetricBinding(binding.getName()) ){ if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "AsymmetricBinding was configured in the policy"); } AsymmetricBindingProcessor abp = new AsymmetricBindingProcessor((AsymmetricBinding) _binding, _policyContainer, isServer, isIncoming,signedParts,encryptedParts, signedElements,encryptedElements); if( wssAssertion != null && PolicyUtil.isWSS11(wssAssertion)){ abp.setWSS11((WSSAssertion)wssAssertion); } abp.process(); processNonBindingAssertions(abp); abp.close(); } }
private void processNonBindingAssertions(BindingProcessor bindingProcessor)
for(AssertionSet assertionSet: effectivePolicy){ for(PolicyAssertion assertion:assertionSet){ if(PolicyUtil.isBinding(assertion)){ continue; }else if(!ignoreST && shouldAddST() && PolicyUtil.isSupportingToken(assertion)){ bindingProcessor.processSupportingTokens((SupportingTokens)assertion); } else if(!ignoreST && shouldAddST() && PolicyUtil.isSignedSupportingToken(assertion)){ bindingProcessor.processSupportingTokens((SignedSupportingTokens)assertion); }else if(!ignoreST && shouldAddST() && PolicyUtil.isEndorsedSupportingToken(assertion)){ bindingProcessor.processSupportingTokens((EndorsingSupportingTokens)assertion); }else if(!ignoreST && shouldAddST() && PolicyUtil.isSignedEndorsingSupportingToken(assertion)){ bindingProcessor.processSupportingTokens((SignedEndorsingSupportingTokens)assertion); }else if(PolicyUtil.isWSS10(assertion)){ wssAssertion = assertion; }else if(PolicyUtil.isWSS11(assertion)){ wssAssertion = assertion; }else if(PolicyUtil.isTrust10(assertion)){ trust10 = (Trust10)assertion; } } }
private boolean shouldAddST()
if(isServer && !isIncoming){ return false; } if(!isServer && isIncoming){ return false; } return true;