Package org.apache.cxf.ws.security.wss4j.policyhandlers

Class AbstractBindingBuilder

java.lang.Object
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler
org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder
Direct Known Subclasses:
AsymmetricBindingHandler, SymmetricBindingHandler, TransportBindingHandler
public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandler

  • Field Details

    • CRYPTO_CACHE

      public static final String CRYPTO_CACHE
      See Also:

    • LOG

      protected static final Logger LOG

    • protectionOrder

      protected org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder

    • wssConfig

      protected final org.apache.wss4j.dom.engine.WSSConfig wssConfig

    • saaj

      protected jakarta.xml.soap.SOAPMessage saaj

    • secHeader

      protected org.apache.wss4j.dom.message.WSSecHeader secHeader

    • aim

      protected org.apache.cxf.ws.policy.AssertionInfoMap aim

    • binding

      protected org.apache.wss4j.policy.model.AbstractBinding binding

    • timestampEl

      protected org.apache.wss4j.dom.message.WSSecTimestamp timestampEl

    • mainSigId

      protected String mainSigId

    • sigConfList

      protected List<org.apache.wss4j.common.WSEncryptionPart> sigConfList

    • encryptedTokensList

      protected Set<org.apache.wss4j.common.WSEncryptionPart> encryptedTokensList

    • signatures

      protected Set<Integer> signatures

    • bottomUpElement

      protected Element bottomUpElement

    • topDownElement

      protected Element topDownElement

    • bstElement

      protected Element bstElement

    • lastEncryptedKeyElement

      protected Element lastEncryptedKeyElement

    • callbackLookup

      protected final org.apache.wss4j.dom.callback.CallbackLookup callbackLookup

    • storeBytesInAttachment

      protected boolean storeBytesInAttachment

    • wsDocInfo

      protected org.apache.wss4j.dom.WSDocInfo wsDocInfo

  • Constructor Details

    • AbstractBindingBuilder

      public AbstractBindingBuilder(org.apache.wss4j.dom.engine.WSSConfig config, org.apache.wss4j.policy.model.AbstractBinding binding, jakarta.xml.soap.SOAPMessage saaj, org.apache.wss4j.dom.message.WSSecHeader secHeader, org.apache.cxf.ws.policy.AssertionInfoMap aim, org.apache.cxf.binding.soap.SoapMessage message) throws jakarta.xml.soap.SOAPException
      Throws:
      jakarta.xml.soap.SOAPException

  • Method Details

    • insertAfter

      protected void insertAfter(Element child, Element sib)

    • addDerivedKeyElement

      protected void addDerivedKeyElement(Element el)

    • addEncryptedKeyElement

      protected void addEncryptedKeyElement(Element el)

    • addSupportingElement

      protected void addSupportingElement(Element el)

    • insertBeforeBottomUp

      protected void insertBeforeBottomUp(Element el)

    • addTopDownElement

      protected void addTopDownElement(Element el)

    • getCryptoCache

      protected final Map<Object,org.apache.wss4j.common.crypto.Crypto> getCryptoCache()

    • getTokenStore

      protected final TokenStore getTokenStore() throws TokenStoreException
      Throws:
      TokenStoreException

    • createTimestamp

      protected org.apache.wss4j.dom.message.WSSecTimestamp createTimestamp()

    • handleLayout

      protected org.apache.wss4j.dom.message.WSSecTimestamp handleLayout(org.apache.wss4j.dom.message.WSSecTimestamp timestamp)

    • reshuffleTimestamp

      protected void reshuffleTimestamp()

    • handleSupportingTokens

      protected List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> handleSupportingTokens(org.apache.wss4j.policy.model.SupportingTokens suppTokens, boolean endorse, List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret) throws org.apache.wss4j.common.ext.WSSecurityException, jakarta.xml.soap.SOAPException, TokenStoreException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException
      jakarta.xml.soap.SOAPException
      TokenStoreException

    • handleUsernameTokenSupportingToken

      protected void handleUsernameTokenSupportingToken(org.apache.wss4j.policy.model.UsernameToken token, boolean endorse, boolean encryptedToken, List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> ret) throws org.apache.wss4j.common.ext.WSSecurityException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException

    • cloneElement

      protected Element cloneElement(Element el)

    • addSignatureParts

      protected void addSignatureParts(List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> tokenList, List<org.apache.wss4j.common.WSEncryptionPart> sigParts)

    • addUsernameToken

      protected org.apache.wss4j.dom.message.WSSecUsernameToken addUsernameToken(org.apache.wss4j.policy.model.UsernameToken token)

    • addDKUsernameToken

      protected org.apache.wss4j.dom.message.WSSecUsernameToken addDKUsernameToken(org.apache.wss4j.policy.model.UsernameToken token, byte[] salt)

    • addSamlToken

      protected org.apache.wss4j.common.saml.SamlAssertionWrapper addSamlToken(org.apache.wss4j.policy.model.SamlToken token) throws org.apache.wss4j.common.ext.WSSecurityException, TokenStoreException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException
      TokenStoreException

    • storeAssertionAsSecurityToken

      protected void storeAssertionAsSecurityToken(org.apache.wss4j.common.saml.SamlAssertionWrapper assertion) throws TokenStoreException
      Store a SAML Assertion as a SecurityToken
      Throws:
      TokenStoreException

    • findIDFromSamlToken

      protected String findIDFromSamlToken(Element samlToken)

    • getPassword

      protected String getPassword(String userName, org.apache.neethi.Assertion info, int usage)

    • addWsuIdToElement

      public String addWsuIdToElement(Element element)
      Generates a wsu:Id attribute for the provided Element and returns the attribute value or finds and returns the value of the attribute if it already exists.
      Parameters:
      element - the Element to check/create the attribute on
      Returns:
      the generated or discovered wsu:Id attribute value

    • getEncryptedParts

      public List<org.apache.wss4j.common.WSEncryptionPart> getEncryptedParts() throws jakarta.xml.soap.SOAPException
      Throws:
      jakarta.xml.soap.SOAPException

    • getSignedParts

      public List<org.apache.wss4j.common.WSEncryptionPart> getSignedParts(org.apache.wss4j.policy.model.SupportingTokens supportingToken) throws jakarta.xml.soap.SOAPException
      Throws:
      jakarta.xml.soap.SOAPException

    • getPartsAndElements

      public List<org.apache.wss4j.common.WSEncryptionPart> getPartsAndElements(boolean sign, boolean includeBody, List<org.apache.wss4j.common.WSEncryptionPart> parts, List<org.apache.wss4j.policy.model.XPath> xpaths, List<org.apache.wss4j.policy.model.XPath> contentXpaths) throws jakarta.xml.soap.SOAPException
      Identifies the portions of the message to be signed/encrypted.
      Parameters:
      sign - whether the matches are to be signed or encrypted
      includeBody - if the body should be included in the signature/encryption
      parts - any WSEncryptionParts to match for signature or encryption as specified by WS-SP signed parts or encrypted parts. Parts without a name match all elements with the provided namespace.
      xpaths - any XPath expressions to sign/encrypt matches
      contentXpaths - any XPath expressions to content encrypt
      Returns:
      a configured list of WSEncryptionParts suitable for processing by WSS4J
      Throws:
      jakarta.xml.soap.SOAPException - if there is an error extracting SOAP content from the SAAJ model

    • getParts

      protected List<org.apache.wss4j.common.WSEncryptionPart> getParts(boolean sign, boolean includeBody, List<org.apache.wss4j.common.WSEncryptionPart> parts, List<Element> found) throws jakarta.xml.soap.SOAPException
      Identifies the portions of the message to be signed/encrypted.
      Parameters:
      sign - whether the matches are to be signed or encrypted
      includeBody - if the body should be included in the signature/encryption
      parts - any WSEncryptionParts to match for signature or encryption as specified by WS-SP signed parts or encrypted parts. Parts without a name match all elements with the provided namespace.
      found - a list of elements that have previously been tagged for signing/encryption. Populated with additional matches found by this method and used to prevent including the same element twice under the same operation.
      Returns:
      a configured list of WSEncryptionParts suitable for processing by WSS4J
      Throws:
      jakarta.xml.soap.SOAPException - if there is an error extracting SOAP content from the SAAJ model

    • getElements

      protected List<org.apache.wss4j.common.WSEncryptionPart> getElements(String encryptionModifier, List<org.apache.wss4j.policy.model.XPath> xpaths, List<Element> found, boolean forceId) throws jakarta.xml.soap.SOAPException
      Identifies the portions of the message to be signed/encrypted.
      Parameters:
      encryptionModifier - indicates the scope of the crypto operation over matched elements. Either "Content" or "Element".
      xpaths - any XPath expressions to sign/encrypt matches
      found - a list of elements that have previously been tagged for signing/encryption. Populated with additional matches found by this method and used to prevent including the same element twice under the same operation.
      forceId - force adding a wsu:Id onto the elements. Recommended for signatures.
      Returns:
      a configured list of WSEncryptionParts suitable for processing by WSS4J
      Throws:
      jakarta.xml.soap.SOAPException - if there is an error extracting SOAP content from the SAAJ model

    • getEncryptedKeyBuilder

      protected org.apache.wss4j.dom.message.WSSecEncryptedKey getEncryptedKeyBuilder(org.apache.wss4j.policy.model.AbstractToken token, SecretKey symmetricKey) throws org.apache.wss4j.common.ext.WSSecurityException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException

    • getSignatureCrypto

      public org.apache.wss4j.common.crypto.Crypto getSignatureCrypto() throws org.apache.wss4j.common.ext.WSSecurityException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException

    • getEncryptionCrypto

      public org.apache.wss4j.common.crypto.Crypto getEncryptionCrypto() throws org.apache.wss4j.common.ext.WSSecurityException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException

    • getCrypto

      protected org.apache.wss4j.common.crypto.Crypto getCrypto(String cryptoKey, String propKey) throws org.apache.wss4j.common.ext.WSSecurityException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException

    • setKeyIdentifierType

      public void setKeyIdentifierType(org.apache.wss4j.dom.message.WSSecBase secBase, org.apache.wss4j.policy.model.AbstractToken token)

    • setEncryptionUser

      public String setEncryptionUser(org.apache.wss4j.dom.message.WSSecEncryptedKey encrKeyBuilder, org.apache.wss4j.policy.model.AbstractToken token, boolean sign, org.apache.wss4j.common.crypto.Crypto crypto)

    • getUsername

      public static String getUsername(List<org.apache.wss4j.dom.handler.WSHandlerResult> results)
      Scan through WSHandlerResult list for a Username token and return the username if a Username Token found
      Parameters:
      results -
      Returns:

    • getEncryptedKeyResult

      protected org.apache.wss4j.dom.engine.WSSecurityEngineResult getEncryptedKeyResult()

    • getSignatureBuilder

      protected org.apache.wss4j.dom.message.WSSecSignature getSignatureBuilder(org.apache.wss4j.policy.model.AbstractToken token, boolean attached, boolean endorse) throws org.apache.wss4j.common.ext.WSSecurityException, TokenStoreException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException
      TokenStoreException

    • doEndorsedSignatures

      protected void doEndorsedSignatures(List<org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractBindingBuilder.SupportingToken> tokenList, boolean isTokenProtection, boolean isSigProtect)

    • addSupportingTokens

      protected void addSupportingTokens(List<org.apache.wss4j.common.WSEncryptionPart> sigs) throws org.apache.wss4j.common.ext.WSSecurityException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException

    • doEndorse

      protected void doEndorse()

    • addSignatureConfirmation

      protected void addSignatureConfirmation(List<org.apache.wss4j.common.WSEncryptionPart> sigParts)

    • handleEncryptedSignedHeaders

      public void handleEncryptedSignedHeaders(List<org.apache.wss4j.common.WSEncryptionPart> encryptedParts, List<org.apache.wss4j.common.WSEncryptionPart> signedParts)
      Processes the parts to be signed and reconfigures those parts that have already been encrypted.
      Parameters:
      encryptedParts - the parts that have been encrypted
      signedParts - the parts that are to be signed
      Throws:
      IllegalArgumentException - if an element in signedParts contains a WSEncryptionPart with a null id value and the WSEncryptionPart name value is not "Token"

    • convertToEncryptionPart

      public org.apache.wss4j.common.WSEncryptionPart convertToEncryptionPart(Element element)
      Convert a DOM Element into a WSEncryptionPart, adding a (wsu:)Id if there is not one already.
      Parameters:
      element - The DOM Element to convert
      Returns:
      The WSEncryptionPart representing the DOM Element argument

    • addSig

      protected void addSig(byte[] val)

    • isExpandXopInclude

      public boolean isExpandXopInclude()