001: /*
002: * $Id: MessagePolicy.java,v 1.7 2007/02/14 11:24:48 venu Exp $
003: */
004:
005: /*
006: * The contents of this file are subject to the terms
007: * of the Common Development and Distribution License
008: * (the License). You may not use this file except in
009: * compliance with the License.
010: *
011: * You can obtain a copy of the license at
012: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
013: * See the License for the specific language governing
014: * permissions and limitations under the License.
015: *
016: * When distributing Covered Code, include this CDDL
017: * Header Notice in each file and include the License file
018: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
019: * If applicable, add the following below the CDDL Header,
020: * with the fields enclosed by brackets [] replaced by
021: * you own identifying information:
022: * "Portions Copyrighted [year] [name of copyright owner]"
023: *
024: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
025: */
026:
027: package com.sun.xml.wss.impl.policy.mls;
028:
029: import com.sun.xml.wss.impl.MessageConstants;
030: import java.util.Iterator;
031: import java.util.ArrayList;
032: import java.util.Collection;
033: import com.sun.xml.wss.XWSSecurityException;
034:
035: import java.util.logging.Level;
036: import java.util.logging.Logger;
037:
038: import com.sun.xml.wss.logging.LogDomainConstants;
039:
040: import com.sun.xml.wss.impl.policy.SecurityPolicy;
041: import com.sun.xml.wss.impl.policy.PolicyGenerationException;
042: import com.sun.xml.wss.impl.PolicyTypeUtil;
043: import java.util.HashMap;
044: import com.sun.xml.wss.impl.configuration.*;
045: import com.sun.xml.wss.impl.misc.SecurityUtil;
046:
047: import com.sun.xml.wss.impl.AlgorithmSuite;
048: import com.sun.xml.wss.impl.WSSAssertion;
049:
050: import com.sun.xml.wss.impl.MessageLayout;
051:
052: /**
053: * Represents an ordered collection of Security Policies
054: */
055: public class MessagePolicy implements SecurityPolicy {
056:
057: protected static final Logger log = Logger.getLogger(
058: LogDomainConstants.IMPL_CONFIG_DOMAIN,
059: LogDomainConstants.IMPL_CONFIG_DOMAIN_BUNDLE);
060:
061: private ArrayList info;
062: private ArrayList optionals;
063:
064: private boolean dumpMessages = false;
065: private boolean enableDynamicPolicyFlag = false;
066: private boolean bsp = false;
067: private boolean enableWSS11PolicyFlag = false;
068: private boolean enableSignatureConfirmation = false;
069: private WSSAssertion wssAssertion;
070: private MessageLayout layout = MessageLayout.Lax;
071: private boolean onSSL = false;
072: private int optimizedType = -1;
073:
074: //TODO: temporary workaround for obtain the algosuite
075: // need to remove this once we have the SC Layer taking care of it
076: private AlgorithmSuite algoSuite;
077:
078: /**
079: * Construct an Empty MessagePolicy
080: */
081: public MessagePolicy() {
082: info = new ArrayList();
083: optionals = new ArrayList();
084: }
085:
086: public int getOptimizedType() throws XWSSecurityException {
087:
088: if (optimizedType != -1)
089: return optimizedType;
090:
091: if (enableDynamicPolicy()) {
092: optimizedType = MessageConstants.NOT_OPTIMIZED;
093: return optimizedType;
094: }
095:
096: StringBuffer securityOperation = new StringBuffer();
097: securityOperation.append("_BODY");
098:
099: StringBuffer tmpBuffer = new StringBuffer("");
100:
101: SignatureTarget sigTarget = null;
102: EncryptionTarget encTarget = null;
103:
104: WSSPolicy policy = null;
105: String targetValue = null;
106: int secureHeaders = -1;
107: int secureAttachments = -1;
108:
109: HashMap map = new HashMap();
110:
111: ArrayList primaryPolicies = getPrimaryPolicies();
112: ArrayList secondaryPolicies = getSecondaryPolicies();
113:
114: int size = primaryPolicies.size();
115: int secondaryPoliciesSize = secondaryPolicies.size();
116:
117: if (size == 0 && secondaryPoliciesSize > 0) {
118: optimizedType = MessageConstants.SECURITY_HEADERS;
119: return optimizedType;
120: }
121:
122: int iterator = 0;
123:
124: for (iterator = 0; iterator < secondaryPoliciesSize; iterator++) {
125: policy = (WSSPolicy) secondaryPolicies.get(iterator);
126: if (policy.getType().intern() == "uri") {
127: if (PolicyTypeUtil.usernameTokenPolicy(policy)) {
128: map.put("UsernameToken", policy.getUUID());
129: } else if (PolicyTypeUtil.timestampPolicy(policy)) {
130: map.put("Timestamp", policy.getUUID());
131: } else if (PolicyTypeUtil.samlTokenPolicy(policy)) {
132: map.put("Assertion", policy.getUUID());
133: }
134: }
135: }
136:
137: for (iterator = 0; iterator < size; iterator++) {
138: policy = (WSSPolicy) primaryPolicies.get(iterator);
139:
140: if (PolicyTypeUtil.signaturePolicy(policy)) {
141: tmpBuffer.delete(0, tmpBuffer.length());
142: SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) policy
143: .getFeatureBinding();
144:
145: int targetBindingSize = featureBinding
146: .getTargetBindings().size();
147: for (int targetIterator = 0; targetIterator < targetBindingSize; targetIterator++) {
148: sigTarget = (SignatureTarget) featureBinding
149: .getTargetBindings().get(targetIterator);
150:
151: if (sigTarget == null) {
152: throw new XWSSecurityException(
153: "Signature Target is null.");
154: }
155:
156: if (sigTarget != null
157: && sigTarget.getTransforms().size() > 1) {
158: optimizedType = MessageConstants.NOT_OPTIMIZED;
159: return optimizedType;
160: }
161:
162: if (sigTarget.getTransforms().size() == 1) {
163: SignatureTarget.Transform transform = (SignatureTarget.Transform) sigTarget
164: .getTransforms().get(0);
165: if (transform != null) {
166: if (transform.getTransform().intern() != MessageConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS) {
167: optimizedType = MessageConstants.NOT_OPTIMIZED;
168: return optimizedType;
169: }
170: }
171: }
172:
173: if (sigTarget.getType().intern() == "qname") {
174: targetValue = sigTarget.getQName()
175: .getLocalPart().intern();
176: } else if (sigTarget.getType().intern() == "uri") {
177: if (map.containsKey(sigTarget.getValue())) {
178: targetValue = map.get(sigTarget.getValue())
179: .toString();
180: } else if (sigTarget.getValue().intern() == "attachmentRef:attachment"
181: || sigTarget.getValue().startsWith(
182: "cid:")) {
183: targetValue = "Attachment";
184: }
185: } else if (sigTarget.getType().intern() == "xpath") {
186: optimizedType = MessageConstants.NOT_OPTIMIZED;
187: return optimizedType;
188: }
189:
190: if (targetValue == "Body") {
191: if (tmpBuffer.indexOf("_SIGN") == -1) {
192: tmpBuffer.append("_SIGN");
193: if (secureHeaders == 1
194: || secureHeaders == -1)
195: secureHeaders = 0;
196: if (secureAttachments == 1
197: || secureAttachments == -1)
198: secureAttachments = 0;
199: }
200: } else if (targetValue == "Timestamp"
201: || targetValue == "UsernameToken"
202: || targetValue == "Assertion") {
203: if (secureHeaders == -1)
204: secureHeaders = 1;
205: } else if (targetValue == "Attachment") {
206: if (secureAttachments == -1)
207: secureAttachments = 1;
208: } else {
209: return MessageConstants.NOT_OPTIMIZED;
210: }
211: }
212: securityOperation.insert(securityOperation
213: .indexOf("_BODY"), tmpBuffer.toString());
214: } else if (PolicyTypeUtil.encryptionPolicy(policy)) {
215: tmpBuffer.delete(0, tmpBuffer.length());
216: EncryptionPolicy.FeatureBinding featureBinding = (EncryptionPolicy.FeatureBinding) policy
217: .getFeatureBinding();
218:
219: int targetBindingSize = featureBinding
220: .getTargetBindings().size();
221: for (int targetIterator = 0; targetIterator < targetBindingSize; targetIterator++) {
222: encTarget = (EncryptionTarget) featureBinding
223: .getTargetBindings().get(targetIterator);
224:
225: if (encTarget.getType().intern() == "qname") {
226: targetValue = encTarget.getQName()
227: .getLocalPart().intern();
228: } else if (encTarget.getType().intern() == "uri") {
229: if (map.containsKey(encTarget.getValue())) {
230: targetValue = map.get(encTarget.getValue())
231: .toString();
232: } else if (encTarget.getValue().intern() == "attachmentRef:attachment"
233: || encTarget.getValue().startsWith(
234: "cid:")) {
235: targetValue = "Attachment";
236: }
237: } else if (encTarget.getType().intern() == "xpath") {
238: optimizedType = MessageConstants.NOT_OPTIMIZED;
239: return optimizedType;
240: }
241:
242: if (targetValue == "Body") {
243: if (tmpBuffer.indexOf("_ENCRYPT") == -1) {
244: tmpBuffer.append("_ENCRYPT");
245: if (secureHeaders == 1
246: || secureHeaders == -1)
247: secureHeaders = 0;
248: if (secureAttachments == 1
249: || secureAttachments == -1)
250: secureAttachments = 0;
251: }
252: } else if (targetValue == "Timestamp"
253: || targetValue == "UsernameToken"
254: || targetValue == "Assertion") {
255: if (secureHeaders == -1)
256: secureHeaders = 1;
257: } else if (targetValue == "Attachment") {
258: if (secureAttachments == -1)
259: secureAttachments = 1;
260: } else {
261: return MessageConstants.NOT_OPTIMIZED;
262: }
263: }
264: securityOperation.insert(securityOperation
265: .indexOf("_BODY"), tmpBuffer.toString());
266: }
267: }
268:
269: if (secureHeaders == 1 && secureAttachments != 1) {
270: optimizedType = MessageConstants.SECURITY_HEADERS;
271: return optimizedType;
272: } else if (secureAttachments == 1 && secureAttachments != 1) {
273: optimizedType = MessageConstants.SECURE_ATTACHMENTS;
274: return optimizedType;
275: } else if (secureHeaders == 1 && secureAttachments == 1) {
276: optimizedType = MessageConstants.SECURITY_HEADERS_AND_ATTACHMENTS;
277: return optimizedType;
278: }
279:
280: String type = securityOperation.toString().intern();
281:
282: if (type == "_SIGN_BODY") {
283: optimizedType = MessageConstants.SIGN_BODY;
284: } else if (type == "_SIGN_ENCRYPT_BODY") {
285: optimizedType = MessageConstants.SIGN_ENCRYPT_BODY;
286: } else if (type == "_ENCRYPT_SIGN_BODY") {
287: optimizedType = MessageConstants.NOT_OPTIMIZED;//MessageConstants.ENCRYPT_SIGN_BODY;
288: } else if (type == "_ENCRYPT_BODY") {
289: optimizedType = MessageConstants.NOT_OPTIMIZED;// MessageConstants.ENCRYPT_BODY;
290: }
291:
292: return optimizedType;
293: }
294:
295: /**
296: * Append a SecurityPolicy
297: * @param item SecurityPolicy instance to be appended
298: * @throws PolicyGenerationException if the policy being appended is
299: * not an instance of <code>WSSPolicy</code>
300: */
301: public void append(SecurityPolicy item)
302: throws PolicyGenerationException {
303: //BooleanComposer.checkType(item);
304: info.add(item);
305: }
306:
307: /**
308: * Prepend a SecurityPolicy
309: * @param item SecurityPolicy instance to be prepended
310: * @throws PolicyGenerationException if the policy being prepended is
311: * not an instance of <code>WSSPolicy</code>
312: */
313: public void prepend(SecurityPolicy item)
314: throws PolicyGenerationException {
315: //BooleanComposer.checkType(item);
316: int i = 0;
317: for (i = 0; i < info.size(); i++) {
318: SecurityPolicy sp = (SecurityPolicy) info.get(i);
319: if (!sp.getType().equals(
320: PolicyTypeUtil.SIGNATURE_CONFIRMATION_POLICY_TYPE)) {
321: break;
322: }
323: }
324: info.add(i, item);
325: }
326:
327: /**
328: * Append a policy collection
329: * @param items Collection of SecurityPolicy instances to be appended
330: * @throws PolicyGenerationException
331: */
332: public void appendAll(Collection items)
333: throws PolicyGenerationException {
334: Iterator i = items.iterator();
335: while (i.hasNext()) {
336: SecurityPolicy item = (SecurityPolicy) i.next();
337: //BooleanComposer.checkType(item);
338: }
339: info.addAll(items);
340: }
341:
342: /**
343: * clear this policy collection
344: */
345: public void removeAll() {
346: info.clear();
347: }
348:
349: /**
350: * @return size of policy collection
351: */
352: public int size() {
353: return info.size();
354: }
355:
356: /**
357: * Get the Security policy at the specified index
358: * @param index index to the policy collection
359: * @return SecurityPolicy instance at the specified index
360: * @throws Exception if a policy could not be retrieved
361: */
362: public SecurityPolicy get(int index) throws Exception {
363:
364: if (!optionals.isEmpty())
365: addOptionals();
366:
367: return (SecurityPolicy) info.get(index);
368: }
369:
370: /**
371: * @return <code>Iterator</code> iterator on policy collection
372: */
373: public Iterator iterator() {
374:
375: if (!optionals.isEmpty())
376: addOptionals();
377:
378: return info.iterator();
379: }
380:
381: /**
382: * @return true if collection is empty
383: */
384: public boolean isEmpty() {
385: return info.isEmpty();
386: }
387:
388: /**
389: * remove the specified SecurityPolicy
390: * @param item the SecurityPolicy instance to be removed
391: */
392: public void remove(SecurityPolicy item) {
393: int i = info.indexOf(item);
394: if (i == -1) {
395: return;
396: }
397: info.remove(i);
398: }
399:
400: /**
401: * Insert the additional policy before the existing policy
402: * @param existing SecurityPolicy instance before which the additional policy needs to be inserted
403: * @param additional SecurityPolicy instance to be inserted
404: * @throws PolicyGenerationException if the policy to be inserted is not an instance of <code>WSSPolicy</code>,
405: * or there is an error in inserting the policy
406: */
407: public void insertBefore(SecurityPolicy existing,
408: SecurityPolicy additional) throws PolicyGenerationException {
409: //BooleanComposer.checkType(existing);
410: //BooleanComposer.checkType(additional);
411:
412: int i = info.indexOf(existing);
413: if (i == -1) {
414: return;
415: }
416: info.add(i, additional);
417: }
418:
419: /**
420: * @param dump set it to true if messages should be Logged
421: */
422: public void dumpMessages(boolean dump) {
423: dumpMessages = dump;
424: }
425:
426: /**
427: * @return true if logging of messages is enabled
428: */
429: public boolean dumpMessages() {
430: return dumpMessages;
431: }
432:
433: /*
434: * @param flag boolean that indicates if dynamic policy is enabled
435: */
436: public void enableDynamicPolicy(boolean flag) {
437: enableDynamicPolicyFlag = flag;
438: }
439:
440: /*
441: * @return true if dynamic policy is enabled
442: */
443: public boolean enableDynamicPolicy() {
444: return enableDynamicPolicyFlag;
445: }
446:
447: public void setWSSAssertion(WSSAssertion wssAssertion)
448: throws PolicyGenerationException {
449: this .wssAssertion = wssAssertion;
450: if ("1.1".equals(this .wssAssertion.getType())) {
451: enableWSS11PolicyFlag = true;
452: }
453: if (this .wssAssertion.getRequiredProperties().contains(
454: "RequireSignatureConfirmation")) {
455: enableSignatureConfirmation = true;
456: }
457: if (enableSignatureConfirmation) {
458: SignatureConfirmationPolicy signConfirmPolicy = new SignatureConfirmationPolicy();
459: String id = SecurityUtil.generateUUID();
460: signConfirmPolicy.setUUID(id);
461: prepend(signConfirmPolicy);
462: }
463: }
464:
465: public WSSAssertion getWSSAssertion() {
466: return this .wssAssertion;
467: }
468:
469: public void enableSignatureConfirmation(boolean flag)
470: throws PolicyGenerationException {
471: enableSignatureConfirmation = flag;
472: if (enableSignatureConfirmation) {
473: SignatureConfirmationPolicy signConfirmPolicy = new SignatureConfirmationPolicy();
474: String id = SecurityUtil.generateUUID();
475: signConfirmPolicy.setUUID(id);
476: append(signConfirmPolicy);
477: }
478: }
479:
480: public boolean enableSignatureConfirmation() {
481: return enableSignatureConfirmation;
482: }
483:
484: public void enableWSS11Policy(boolean flag) {
485: enableWSS11PolicyFlag = flag;
486: }
487:
488: public boolean enableWSS11Policy() {
489: return enableWSS11PolicyFlag;
490: }
491:
492: /*
493: */
494: public void isBSP(boolean flag) {
495: bsp = flag;
496: }
497:
498: /*
499: */
500: public boolean isBSP() {
501: return bsp;
502: }
503:
504: /*
505: */
506: public void removeOptionalTargets() {
507: optionals.clear();
508: }
509:
510: /*
511: * @param optionals specify optional targets that can be signed/encrypted
512: */
513: public void addOptionalTargets(ArrayList optionls)
514: throws XWSSecurityException {
515: Iterator i = optionls.iterator();
516:
517: while (i.hasNext()) {
518: try {
519: Target target = (Target) i.next();
520: target.setEnforce(false);
521: } catch (ClassCastException cce) {
522: String message = "Target should be of types: "
523: + "com.sun.xml.wss.impl.policy.mls.SignatureTarget OR "
524: + "com.sun.xml.wss.impl.policy.mls.EncryptionTarget";
525: log.log(Level.SEVERE, "WSS1100.classcast.target",
526: new Object[] { message });
527: throw new XWSSecurityException(message, cce);
528: }
529: }
530:
531: optionals.addAll(optionls);
532: }
533:
534: /*
535: * @param target add an optional target for signature/encryption
536: */
537: public void addOptionalTarget(Target target) {
538: target.setEnforce(false);
539: optionals.add(target);
540: }
541:
542: /**
543: * Equals operator
544: * @param policy <code>MessagePolicy</code> to be compared for equality
545: * @return true if the policy is equal to this policy
546: */
547: public boolean equals(MessagePolicy policy) {
548:
549: boolean assrt = policy.dumpMessages()
550: && policy.enableDynamicPolicy();
551:
552: if (assrt) {
553: ArrayList primary0 = getPrimaryPolicies();
554: ArrayList secdary0 = getSecondaryPolicies();
555:
556: ArrayList primary1 = policy.getPrimaryPolicies();
557: ArrayList secdary1 = policy.getSecondaryPolicies();
558:
559: if (primary0.equals(primary1) && secdary0.equals(secdary1))
560: assrt = true;
561: }
562:
563: return assrt;
564: }
565:
566: /*
567: * @return primary policy list
568: */
569: public ArrayList getPrimaryPolicies() {
570: ArrayList list = new ArrayList();
571:
572: Iterator i = iterator();
573: while (i.hasNext()) {
574: SecurityPolicy policy = (SecurityPolicy) i.next();
575: if (PolicyTypeUtil.encryptionPolicy(policy)
576: || PolicyTypeUtil.signaturePolicy(policy)) {
577: list.add(policy);
578: }
579: }
580:
581: return list;
582: }
583:
584: /*
585: * @return secondary policy list
586: */
587: public ArrayList getSecondaryPolicies() {
588: ArrayList list = new ArrayList();
589:
590: Iterator i = iterator();
591: while (i.hasNext()) {
592: SecurityPolicy policy = (SecurityPolicy) i.next();
593:
594: if (PolicyTypeUtil.authenticationTokenPolicy(policy)
595: || PolicyTypeUtil.timestampPolicy(policy)) {
596: list.add(policy);
597: }
598: }
599:
600: return list;
601: }
602:
603: private void addOptionals() {
604:
605: Iterator j = info.iterator();
606:
607: while (j.hasNext()) {
608:
609: SecurityPolicy policy = (SecurityPolicy) j.next();
610:
611: if (policy instanceof WSSPolicy) {
612: processWSSPolicy((WSSPolicy) policy);
613: } /*else
614: if (PolicyTypeUtil.booleanComposerPolicy(policy)) {
615: processBooleanComposer((BooleanComposer)policy);
616: }*/
617:
618: }
619:
620: optionals.clear();
621: }
622:
623: /*
624: * @param policy WSSPolicy
625: */
626: private void processWSSPolicy(WSSPolicy policy) {
627: if (PolicyTypeUtil.signaturePolicy(policy)) {
628: SignaturePolicy sPolicy = (SignaturePolicy) policy;
629: SignaturePolicy.FeatureBinding fBinding = (SignaturePolicy.FeatureBinding) sPolicy
630: .getFeatureBinding();
631:
632: Iterator it = optionals.iterator();
633: for (; it.hasNext();) {
634: fBinding.addTargetBinding((Target) it.next());
635: }
636: } else if (PolicyTypeUtil.encryptionPolicy(policy)) {
637: EncryptionPolicy ePolicy = (EncryptionPolicy) policy;
638: EncryptionPolicy.FeatureBinding fBinding = (EncryptionPolicy.FeatureBinding) ePolicy
639: .getFeatureBinding();
640:
641: Iterator it = optionals.iterator();
642: for (; it.hasNext();) {
643: fBinding.addTargetBinding((Target) it.next());
644: }
645: }
646: }
647:
648: /*
649: * @param composer BooleanComposer
650: */
651: /*private void processBooleanComposer(BooleanComposer composer) {
652: if (PolicyTypeUtil.booleanComposerPolicy(composer.getPolicyA())) {
653: processBooleanComposer((BooleanComposer) composer.getPolicyA());
654: } else {
655: processWSSPolicy((WSSPolicy) composer.getPolicyA());
656: }
657:
658: if (PolicyTypeUtil.booleanComposerPolicy(composer.getPolicyB())) {
659: processBooleanComposer((BooleanComposer) composer.getPolicyB());
660: } else {
661: processWSSPolicy((WSSPolicy) composer.getPolicyB());
662: }
663: }*/
664:
665: /**
666: * @return the type of the policy
667: */
668: public String getType() {
669: return PolicyTypeUtil.MESSAGEPOLICY_CONFIG_TYPE;
670: }
671:
672: public void setAlgorithmSuite(AlgorithmSuite algSuite) {
673: this .algoSuite = algSuite;
674: }
675:
676: public AlgorithmSuite getAlgorithmSuite() {
677: return this .algoSuite;
678: }
679:
680: public MessageLayout getLayout() {
681: return layout;
682: }
683:
684: public void setLayout(MessageLayout layout) {
685: this .layout = layout;
686: }
687:
688: public void setSSL(boolean value) {
689: this .onSSL = value;
690: }
691:
692: public boolean isSSL() {
693: return onSSL;
694: }
695:
696: }
|