ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1172285 [3/48] - in /webservices/wss4j/branches/swssf: ./ cxf-integration/ cxf-integration/src/ cxf-integration/src/main/ cxf-integration/src/main/java/ cxf-integration/src/main/java/org/ cxf-integration/src/main/java/org/swssf/ cxf-integr...
Date Sun, 18 Sep 2011 13:51:36 GMT
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,452 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.llom.factory.OMXMLBuilderFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.swssf.ext.Constants;
+import org.swssf.impl.util.ConcreteLSInput;
+import org.swssf.policy.secpolicy.WSSPolicyException;
+import org.swssf.policy.secpolicybuilder.*;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.ls.LSInput;
+import org.w3c.dom.ls.LSResourceResolver;
+import org.xml.sax.SAXException;
+
+import javax.wsdl.*;
+import javax.wsdl.extensions.ExtensibilityElement;
+import javax.wsdl.extensions.UnknownExtensibilityElement;
+import javax.wsdl.extensions.soap.SOAPOperation;
+import javax.wsdl.extensions.soap12.SOAP12Operation;
+import javax.wsdl.factory.WSDLFactory;
+import javax.wsdl.xml.WSDLReader;
+import javax.xml.XMLConstants;
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.transform.*;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+import javax.xml.validation.Validator;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.util.*;
+
+/**
+ * PolicyEnforcerFactory builds a map of all the possible effective Policies
+ * and caches them for reuse
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class PolicyEnforcerFactory {
+
+    protected static final transient Log log = LogFactory.getLog(PolicyEnforcerFactory.class);
+    private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
+
+    private static Schema schemas;
+    private Definition wsdlDefinition;
+    private List<OperationPolicy> operationPolicies;
+    private Map<Element, Policy> elementPolicyCache;
+
+    static {
+        addAssertionBuilder(new AlgorithmSuiteBuilder());
+        addAssertionBuilder(new AsymmetricBindingBuilder());
+        addAssertionBuilder(new ContentEncryptedElementsBuilder());
+        addAssertionBuilder(new EncryptedElementsBuilder());
+        addAssertionBuilder(new EncryptedPartsBuilder());
+        addAssertionBuilder(new HttpsTokenBuilder());
+        addAssertionBuilder(new InitiatorTokenBuilder());
+        addAssertionBuilder(new IssuedTokenBuilder());
+        addAssertionBuilder(new LayoutBuilder());
+        addAssertionBuilder(new ProtectionTokenBuilder());
+        addAssertionBuilder(new RecipientTokenBuilder());
+        addAssertionBuilder(new RequiredElementsBuilder());
+        addAssertionBuilder(new RequiredPartsBuilder());
+        addAssertionBuilder(new SecureConversationTokenBuilder());
+        addAssertionBuilder(new SignedElementsBuilder());
+        addAssertionBuilder(new SignedPartsBuilder());
+        addAssertionBuilder(new SupportingTokensBuilder());
+        addAssertionBuilder(new SymmetricBindingBuilder());
+        addAssertionBuilder(new TransportBindingBuilder());
+        addAssertionBuilder(new TransportTokenBuilder());
+        addAssertionBuilder(new Trust13Builder());
+        addAssertionBuilder(new UsernameTokenBuilder());
+        addAssertionBuilder(new WSS10Builder());
+        addAssertionBuilder(new WSS11Builder());
+        addAssertionBuilder(new X509TokenBuilder());
+
+        List<Source> sourceList = new ArrayList<Source>();
+
+        SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+        sourceList.add(new StreamSource(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-securitypolicy-200507.xsd")));
+        sourceList.add(new StreamSource(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-securitypolicy-1.2.xsd")));
+        sourceList.add(new StreamSource(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-securitypolicy-1.2-errata-cd-01.xsd")));
+        sourceList.add(new StreamSource(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-securitypolicy-1.3.xsd")));
+        sourceList.add(new StreamSource(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-securitypolicy-200802.xsd")));
+
+        try {
+            schemaFactory.setResourceResolver(new LSResourceResolver() {
+                public LSInput resolveResource(String type, String namespaceURI, String publicId, String systemId, String baseURI) {
+                    if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(systemId)) {
+                        ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+                        concreteLSInput.setSystemId(systemId);
+                        concreteLSInput.setBaseURI(baseURI);
+                        concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/oasis-200401-wss-wssecurity-secext-1.0.xsd"));
+                        return concreteLSInput;
+                    } else if ("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd".equals(systemId)) {
+                        ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+                        concreteLSInput.setSystemId(systemId);
+                        concreteLSInput.setBaseURI(baseURI);
+                        concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/oasis-wss-wssecurity-secext-1.1.xsd"));
+                        return concreteLSInput;
+                    } else if ("http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd".equals(systemId)) {
+                        ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+                        concreteLSInput.setSystemId(systemId);
+                        concreteLSInput.setBaseURI(baseURI);
+                        concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/xmldsig-core-schema.xsd"));
+                        return concreteLSInput;
+                    } else if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd".equals(systemId)) {
+                        ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+                        concreteLSInput.setSystemId(systemId);
+                        concreteLSInput.setBaseURI(baseURI);
+                        concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/oasis-200401-wss-wssecurity-utility-1.0.xsd"));
+                        return concreteLSInput;
+                    } else if ("http://www.w3.org/2005/08/addressing".equals(systemId) || "http://www.w3.org/2006/03/addressing/ws-addr.xsd".equals(systemId)) {
+                        ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+                        concreteLSInput.setSystemId(systemId);
+                        concreteLSInput.setBaseURI(baseURI);
+                        concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-addr200508.xsd"));
+                        return concreteLSInput;
+                    } else if ("http://schemas.xmlsoap.org/ws/2004/08/addressing".equals(systemId)) {
+                        ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+                        concreteLSInput.setSystemId(systemId);
+                        concreteLSInput.setBaseURI(baseURI);
+                        concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-addr200408.xsd"));
+                        return concreteLSInput;
+                    } else if ("http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd".equals(systemId)) {
+                        ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+                        concreteLSInput.setSystemId(systemId);
+                        concreteLSInput.setBaseURI(baseURI);
+                        concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/ws-policy-200409.xsd"));
+                        return concreteLSInput;
+                    } else if ("http://www.w3.org/2001/xml.xsd".equals(systemId)) {
+                        ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+                        concreteLSInput.setSystemId(systemId);
+                        concreteLSInput.setBaseURI(baseURI);
+                        concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/xml.xsd"));
+                        return concreteLSInput;
+                    } else if ("XMLSchema.dtd".equals(systemId) || "http://www.w3.org/2001/XMLSchema.dtd".equals(systemId)) {
+                        ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+                        concreteLSInput.setSystemId(systemId);
+                        concreteLSInput.setBaseURI(baseURI);
+                        concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/XMLSchema.dtd"));
+                        return concreteLSInput;
+                    } else if ("datatypes.dtd".equals(systemId)) {
+                        ConcreteLSInput concreteLSInput = new ConcreteLSInput();
+                        concreteLSInput.setSystemId(systemId);
+                        concreteLSInput.setBaseURI(baseURI);
+                        concreteLSInput.setByteStream(PolicyEnforcerFactory.class.getClassLoader().getResourceAsStream("schemas/datatypes.dtd"));
+                        return concreteLSInput;
+                    }
+                    throw new IllegalArgumentException("Offline resource not available: " + systemId);
+                }
+            });
+            schemas = schemaFactory.newSchema(sourceList.toArray(new Source[sourceList.size()]));
+        } catch (SAXException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private static void addAssertionBuilder(AssertionBuilder assertionBuilder) {
+        QName[] knownElements = assertionBuilder.getKnownElements();
+        for (int i = 0; i < knownElements.length; i++) {
+            QName knownElement = knownElements[i];
+            PolicyEngine.registerBuilder(knownElement, assertionBuilder);
+        }
+    }
+
+    private PolicyEnforcerFactory() {
+        elementPolicyCache = new HashMap<Element, Policy>();
+    }
+
+    public static PolicyEnforcerFactory newInstance(URL wsdlUrl) throws WSSPolicyException {
+        PolicyEnforcerFactory policyEnforcerFactory = new PolicyEnforcerFactory();
+        policyEnforcerFactory.parseWsdl(wsdlUrl);
+        return policyEnforcerFactory;
+    }
+
+    //todo enforce uniqueness of operation names to prevent SOAPAction spoofing.
+    private void parseWsdl(URL wsdlUrl) throws WSSPolicyException {
+        try {
+            WSDLFactory wsdlFactory = WSDLFactory.newInstance();
+            WSDLReader reader = wsdlFactory.newWSDLReader();
+            reader.setFeature("javax.wsdl.verbose", false);
+            wsdlDefinition = reader.readWSDL(wsdlUrl.toString());
+            operationPolicies = findPoliciesByOperation(wsdlDefinition);
+        } catch (WSDLException e) {
+            throw new WSSPolicyException(e.getMessage(), e);
+        }
+    }
+
+    private List<OperationPolicy> findPoliciesByOperation(Definition wsdlDefinition) throws WSSPolicyException {
+
+        List<OperationPolicy> operationPolicyList = new ArrayList<OperationPolicy>();
+        @SuppressWarnings("unchecked")
+        Iterator<Map.Entry> services = wsdlDefinition.getAllServices().entrySet().iterator();
+        while (services.hasNext()) {
+            @SuppressWarnings("unchecked")
+            Map.Entry<QName, Service> serviceEntry = services.next();
+            Service service = serviceEntry.getValue();
+            @SuppressWarnings("unchecked")
+            Iterator<Map.Entry> ports = service.getPorts().entrySet().iterator();
+            while (ports.hasNext()) {
+                @SuppressWarnings("unchecked")
+                Map.Entry<QName, Port> portEntry = ports.next();
+                Port port = portEntry.getValue();
+                Binding binding = port.getBinding();
+
+                @SuppressWarnings("unchecked")
+                List<BindingOperation> bindingOperations = binding.getBindingOperations();
+                for (int i = 0; i < bindingOperations.size(); i++) {
+                    BindingOperation bindingOperation = bindingOperations.get(i);
+
+                    Operation operation = bindingOperation.getOperation();
+
+                    OperationPolicy operationPolicy = new OperationPolicy(operation.getName());
+                    operationPolicyList.add(operationPolicy);
+
+                    @SuppressWarnings("unchecked")
+                    List<ExtensibilityElement> extensibilityElements = bindingOperation.getExtensibilityElements();
+                    for (int j = 0; j < extensibilityElements.size(); j++) {
+                        ExtensibilityElement extensibilityElement = extensibilityElements.get(j);
+                        if (extensibilityElement instanceof SOAPOperation) {
+                            SOAPOperation soapOperation = (SOAPOperation) extensibilityElement;
+                            String soapActionUri = soapOperation.getSoapActionURI();
+                            operationPolicy.setOperationAction(soapActionUri);
+                            operationPolicy.setSoapMessageVersionNamespace(Constants.NS_SOAP11);
+                        } else if (extensibilityElement instanceof SOAP12Operation) {
+                            SOAP12Operation soap12Operation = (SOAP12Operation) extensibilityElement;
+                            String soapActionUri = soap12Operation.getSoapActionURI();
+                            operationPolicy.setOperationAction(soapActionUri);
+                            operationPolicy.setSoapMessageVersionNamespace(Constants.NS_SOAP12);
+                        }
+                    }
+
+                    Policy policy = getPolicy(service, port, binding, bindingOperation, operation);
+                    operationPolicy.setPolicy((Policy) policy.normalize(true));
+                }
+            }
+        }
+        return operationPolicyList;
+    }
+
+    private Policy getPolicy(Service service, Port port, Binding binding, BindingOperation bindingOperation, Operation operation) throws WSSPolicyException {
+        List<Policy> policies = new ArrayList<Policy>();
+
+        Policy servicePolicy = findPolicies(service);
+        if (servicePolicy != null) {
+            policies.add(servicePolicy);
+        }
+        Policy portPolicy = findPolicies(port);
+        if (portPolicy != null) {
+            policies.add(portPolicy);
+        }
+        Policy bindingPolicy = findPolicies(binding);
+        if (bindingPolicy != null) {
+            policies.add(bindingPolicy);
+        }
+
+        Policy bindingOperationPolicy = findPolicies(bindingOperation);
+        if (bindingOperationPolicy != null) {
+            policies.add(bindingOperationPolicy);
+        }
+
+        Policy bindingOperationInputPolicy = findPolicies(bindingOperation.getBindingInput());
+        if (bindingOperationInputPolicy != null) {
+            policies.add(bindingOperationInputPolicy);
+        }
+
+        Policy portTypePolicy = findPortTypePolicy(binding, operation);
+        if (portTypePolicy != null) {
+            policies.add(portTypePolicy);
+        }
+
+        if (policies.size() == 0) {
+            return new Policy();
+        }
+
+        Policy mergedPolicy = policies.get(0);
+        for (int i = 1; i < policies.size(); i++) {
+            Policy policy = policies.get(i);
+            mergedPolicy = mergedPolicy.merge(policy);
+        }
+        return mergedPolicy;
+    }
+
+    private Policy findPortTypePolicy(Binding binding, Operation operation) throws WSSPolicyException {
+
+        List<Policy> policies = new ArrayList<Policy>();
+
+        PortType portType = binding.getPortType();
+        Policy portTypePolicy = findPolicies(portType);
+        if (portTypePolicy != null) {
+            policies.add(portTypePolicy);
+        }
+
+        @SuppressWarnings("unchecked")
+        List<Operation> operations = portType.getOperations();
+        for (int i = 0; i < operations.size(); i++) {
+            Operation portTypeOperation = operations.get(i);
+            if (portTypeOperation.getName().equals(operation.getName())) {
+                Policy operationPolicy = findPolicies(portTypeOperation);
+                if (operationPolicy != null) {
+                    policies.add(operationPolicy);
+                }
+
+                Policy inputPolicy = findPolicies(portTypeOperation.getInput());
+                if (inputPolicy != null) {
+                    policies.add(inputPolicy);
+                }
+
+                Policy messagePolicy = findPolicies(portTypeOperation.getInput().getMessage());
+                if (messagePolicy != null) {
+                    policies.add(messagePolicy);
+                }
+            }
+        }
+
+        if (policies.size() == 0) {
+            return new Policy();
+        }
+
+        Policy mergedPolicy = policies.get(0);
+        for (int i = 1; i < policies.size(); i++) {
+            Policy policy = policies.get(i);
+            mergedPolicy = mergedPolicy.merge(policy);
+        }
+        return mergedPolicy;
+    }
+
+    private Policy findPolicies(WSDLElement wsdlElement) throws WSSPolicyException {
+        if (wsdlElement == null) {
+            return new Policy();
+        }
+
+        List<Policy> policies = new ArrayList<Policy>();
+
+        @SuppressWarnings("unchecked")
+        List<ExtensibilityElement> extensibilityElements = wsdlElement.getExtensibilityElements();
+        for (int i = 0; i < extensibilityElements.size(); i++) {
+            ExtensibilityElement extensibilityElement = extensibilityElements.get(i);
+            if (extensibilityElement instanceof UnknownExtensibilityElement) {
+                UnknownExtensibilityElement unknownExtensibilityElement = (UnknownExtensibilityElement) extensibilityElement;
+                if (unknownExtensibilityElement.getElementType().getLocalPart().equals("PolicyReference")) {
+                    String uri = unknownExtensibilityElement.getElement().getAttribute("URI").substring(1);
+                    NodeList policyNodeList = unknownExtensibilityElement.getElement().getOwnerDocument().getElementsByTagNameNS("*", "Policy");
+
+                    boolean found = false;
+                    for (int j = 0; j < policyNodeList.getLength(); j++) {
+                        Element element = (Element) policyNodeList.item(j);
+                        String refUri = element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
+                        if (refUri != null && refUri.equals(uri)) {
+                            found = true;
+                            Policy policy = parsePolicy(element);
+                            policies.add(policy);
+                            break;
+                        }
+                    }
+                    if (!found) {
+                        throw new WSSPolicyException("Referenced Policy not found " + uri);
+                    }
+                } else if (unknownExtensibilityElement.getElementType().getLocalPart().equals("Policy")) {
+                    Element element = unknownExtensibilityElement.getElement();
+                    Policy policy = parsePolicy(element);
+                    policies.add(policy);
+                }
+            }
+        }
+
+        if (policies.size() == 0) {
+            return new Policy();
+        }
+
+        Policy mergedPolicy = policies.get(0);
+        for (int i = 1; i < policies.size(); i++) {
+            Policy policy = policies.get(i);
+            mergedPolicy = mergedPolicy.merge(policy);
+        }
+        return mergedPolicy;
+    }
+
+    private Policy parsePolicy(Element element) throws WSSPolicyException {
+        if (elementPolicyCache.containsKey(element)) {
+            return elementPolicyCache.get(element);
+        }
+        Validator validator = schemas.newValidator();
+        try {
+            validator.setFeature("http://apache.org/xml/features/honour-all-schemaLocations", true);
+            validator.validate(new DOMSource(element));
+        } catch (SAXException e) {
+            throw new WSSPolicyException(e.getMessage(), e);
+        } catch (IOException e) {
+            throw new WSSPolicyException(e.getMessage(), e);
+        }
+        XMLInputFactory xmlInputFactory = XMLInputFactory.newFactory();
+        XMLStreamReader xmlStreamReader;
+        try {
+            //because of old JAXP implementation in the jdk 1.6 we get the
+            //following exception when we try to create an XMLStreamReader from DOMSource:
+            //java.lang.UnsupportedOperationException: Cannot create XMLStreamReader or XMLEventReader from a javax.xml.transform.dom.DOMSource
+            //xmlStreamReader = xmlInputFactory.createXMLStreamReader(new DOMSource(element));
+            //so we serialize / deserialze the xml...
+            ByteArrayOutputStream baos = new ByteArrayOutputStream();
+            Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+            transformer.transform(new DOMSource(element), new StreamResult(baos));
+            xmlStreamReader = xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+        } catch (XMLStreamException e) {
+            throw new WSSPolicyException(e.getMessage(), e);
+        } catch (TransformerConfigurationException e) {
+            throw new WSSPolicyException(e.getMessage(), e);
+        } catch (TransformerException e) {
+            throw new WSSPolicyException(e.getMessage(), e);
+        }
+        OMElement omElement = OMXMLBuilderFactory.createStAXOMBuilder(OMAbstractFactory.getOMFactory(), xmlStreamReader).getDocumentElement();
+        Policy policy = PolicyEngine.getPolicy(omElement);
+        elementPolicyCache.put(element, policy);
+        return policy;
+    }
+
+    public PolicyEnforcer newPolicyEnforcer(String soapAction) throws WSSPolicyException {
+        return new PolicyEnforcer(this.operationPolicies, soapAction);
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcerFactory.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,157 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy;
+
+import org.swssf.ext.*;
+import org.swssf.impl.processor.input.SecurityHeaderInputProcessor;
+import org.swssf.securityEvent.*;
+
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.XMLEvent;
+
+/**
+ * Processor to generate SecurityEvents regarding not secured elements
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class PolicyInputProcessor extends AbstractInputProcessor {
+
+    private PolicyEnforcer policyEnforcer;
+    private boolean firstHeaderCall = true;
+    private boolean firstBodyCall = true;
+
+    public PolicyInputProcessor(PolicyEnforcer policyEnforcer, SecurityProperties securityProperties) {
+        super(securityProperties);
+        this.setPhase(Constants.Phase.POSTPROCESSING);
+        this.getBeforeProcessors().add(SecurityHeaderInputProcessor.class.getName());
+        this.policyEnforcer = policyEnforcer;
+    }
+
+    @Override
+    public XMLEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+        if (firstHeaderCall) {
+            firstHeaderCall = false;
+            if (policyEnforcer.isTransportSecurityActive()) {
+                inputProcessorChain.getDocumentContext().setIsInEncryptedContent();
+                inputProcessorChain.getDocumentContext().setIsInSignedContent();
+            }
+        }
+        XMLEvent xmlEvent = inputProcessorChain.processHeaderEvent();
+        //test if non encrypted element have to be encrypted per policy
+        if (!inputProcessorChain.getDocumentContext().isInEncryptedContent() && inputProcessorChain.getDocumentContext().isInSecurityHeader()) {
+            testEncryptionPolicy(xmlEvent, inputProcessorChain);
+        }
+        if (xmlEvent.isStartElement() && inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && inputProcessorChain.getDocumentContext().isInSOAPHeader()) {
+            RequiredPartSecurityEvent requiredPartSecurityEvent = new RequiredPartSecurityEvent(SecurityEvent.Event.RequiredPart);
+            requiredPartSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+            policyEnforcer.registerSecurityEvent(requiredPartSecurityEvent);
+            RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent(SecurityEvent.Event.RequiredElement);
+            requiredElementSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+            policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
+        }
+        return xmlEvent;
+    }
+
+    @Override
+    public XMLEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, WSSecurityException {
+        if (firstBodyCall) {
+            firstBodyCall = false;
+            if (policyEnforcer.isTransportSecurityActive()) {
+                inputProcessorChain.getDocumentContext().setIsInEncryptedContent();
+                inputProcessorChain.getDocumentContext().setIsInSignedContent();
+            }
+        }
+        XMLEvent xmlEvent = inputProcessorChain.processEvent();
+
+        if (xmlEvent.isStartElement()) {
+            if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && inputProcessorChain.getDocumentContext().isInSOAPBody()) {
+                OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent(SecurityEvent.Event.Operation);
+                operationSecurityEvent.setOperation(xmlEvent.asStartElement().getName());
+                policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+            }
+        } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 0
+                && xmlEvent.isEndElement()
+                //ns mismatch should be detected by the xml parser so a local-name equality check should be enough
+                && xmlEvent.asEndElement().getName().getLocalPart().equals(Constants.TAG_soap_Envelope_LocalName)) {
+            policyEnforcer.doFinal();
+        }
+
+        //test if non encrypted element have to be encrypted per policy
+        if (!inputProcessorChain.getDocumentContext().isInEncryptedContent() && !inputProcessorChain.getDocumentContext().isInSecurityHeader()) {
+            testEncryptionPolicy(xmlEvent, inputProcessorChain);
+        }
+
+        //test if non signed element have to be signed per policy
+        if (!inputProcessorChain.getDocumentContext().isInSignedContent()) {
+            testSignaturePolicy(inputProcessorChain, xmlEvent);
+        }
+        return xmlEvent;
+    }
+
+    private void testSignaturePolicy(InputProcessorChain inputProcessorChain, XMLEvent xmlEvent) throws WSSecurityException {
+        if (xmlEvent.isStartElement()) {
+
+            if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && inputProcessorChain.getDocumentContext().isInSOAPHeader()) {
+                SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, true);
+                signedPartSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+                policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+            } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 2 && inputProcessorChain.getDocumentContext().isInSOAPBody()) {
+                SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, true);
+                signedPartSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+                policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+            } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() > 3) {
+                SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(SecurityEvent.Event.SignedElement, true);
+                signedElementSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+                policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
+            }
+        }
+    }
+
+    private void testEncryptionPolicy(XMLEvent xmlEvent, InputProcessorChain inputProcessorChain) throws WSSecurityException {
+        //the following events are only interesting for policy verification. So call directly the policyEnforcer for these
+        if (xmlEvent.isStartElement()) {
+
+            if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && inputProcessorChain.getDocumentContext().isInSOAPHeader()) {
+                EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(SecurityEvent.Event.EncryptedPart, true);
+                encryptedPartSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+                policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+            } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() == 3 && inputProcessorChain.getDocumentContext().isInSOAPBody()) {
+                EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(SecurityEvent.Event.EncryptedPart, true);
+                encryptedPartSecurityEvent.setElement(inputProcessorChain.getDocumentContext().getParentElement(xmlEvent.getEventType()));
+                policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+            } else if (inputProcessorChain.getDocumentContext().getDocumentLevel() > 3) {
+                EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+                encryptedElementSecurityEvent.setElement(xmlEvent.asStartElement().getName());
+                policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+
+                //... or it could be a contentEncryption too...
+                ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(SecurityEvent.Event.ContentEncrypted, true);
+                contentEncryptedElementSecurityEvent.setElement(inputProcessorChain.getDocumentContext().getParentElement(xmlEvent.getEventType()));
+                policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+            }
+
+        } else if (xmlEvent.isCharacters() || xmlEvent.isEntityReference() || xmlEvent.isProcessingInstruction()) {
+            //can only be a content encryption
+            ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(SecurityEvent.Event.ContentEncrypted, true);
+            contentEncryptedElementSecurityEvent.setElement(inputProcessorChain.getDocumentContext().getParentElement(xmlEvent.getEventType()));
+            policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+        }
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyInputProcessor.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyViolationException.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyViolationException.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyViolationException.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyViolationException.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy;
+
+import org.swssf.policy.secpolicy.WSSPolicyException;
+
+/**
+ * Exception for PolicyViolation
+ *
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class PolicyViolationException extends WSSPolicyException {
+
+    public PolicyViolationException(String message) {
+        super(message);
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyViolationException.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,124 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.policy.secpolicy.model.AlgorithmSuite;
+import org.swssf.securityEvent.AlgorithmSuiteSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class AlgorithmSuiteAssertionState extends AssertionState {
+
+    public AlgorithmSuiteAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+        super(assertion, asserted);
+    }
+
+    @Override
+    public boolean assertEvent(SecurityEvent securityEvent) {
+        AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = (AlgorithmSuiteSecurityEvent) securityEvent;
+        AlgorithmSuite algorithmSuite = (AlgorithmSuite) getAssertion();
+
+        switch (algorithmSuiteSecurityEvent.getKeyUsage()) {
+            case Sym_Sig:
+                if (!algorithmSuite.getSymmetricSignature().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+                    setAsserted(false);
+                    setErrorMessage("Symmetric signature algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+                }
+                break;
+            case Asym_Sig:
+                if (!algorithmSuite.getAsymmetricSignature().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+                    setAsserted(false);
+                    setErrorMessage("Asymmetric signature algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+                }
+                break;
+            case Dig:
+                if (!algorithmSuite.getDigest().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+                    setAsserted(false);
+                    setErrorMessage("Digest algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+                }
+                break;
+            case Enc:
+                if (!algorithmSuite.getEncryption().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+                    setAsserted(false);
+                    setErrorMessage("Encryption algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+                }
+                break;
+            case Sym_Key_Wrap:
+                if (!algorithmSuite.getSymmetricKeyWrap().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+                    setAsserted(false);
+                    setErrorMessage("Symmetric key wrap algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+                }
+                break;
+            case Asym_Key_Wrap:
+                if (!algorithmSuite.getAsymmetricKeyWrap().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+                    setAsserted(false);
+                    setErrorMessage("Asymmetric key wrap algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+                }
+                break;
+            case Comp_Key:
+                if (!algorithmSuite.getComputedKey().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+                    setAsserted(false);
+                    setErrorMessage("Computed key algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+                }
+                break;
+            case Enc_KD:
+                if (!algorithmSuite.getEncryptionKeyDerivation().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+                    setAsserted(false);
+                    setErrorMessage("Encryption key derivation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+                }
+                break;
+            case Sig_KD:
+                if (!algorithmSuite.getSignatureKeyDerivation().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+                    setAsserted(false);
+                    setErrorMessage("Signature key derivation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+                }
+                break;
+            case C14n:
+                if (!algorithmSuite.getC14n().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+                    setAsserted(false);
+                    setErrorMessage("C14N algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+                }
+                break;
+            case Soap_Norm:
+                if (!algorithmSuite.getSoapNormalization().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+                    setAsserted(false);
+                    setErrorMessage("Soap normalization algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+                }
+                break;
+            case STR_Trans:
+                if (!algorithmSuite.getStrTransform().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+                    setAsserted(false);
+                    setErrorMessage("STR transformation algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+                }
+                break;
+            case XPath:
+                if (!algorithmSuite.getXPath().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())) {
+                    setAsserted(false);
+                    setErrorMessage("XPath algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
+                }
+                break;
+
+        }
+        return isAsserted();
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AlgorithmSuiteAssertionState.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.SecurityEvent;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class AssertionState {
+
+    private AbstractSecurityAssertion assertion;
+    private boolean asserted;
+    private StringBuilder errorMessage = new StringBuilder();
+
+    public AssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+        this.assertion = assertion;
+        this.asserted = asserted;
+    }
+
+    public AbstractSecurityAssertion getAssertion() {
+        return assertion;
+    }
+
+    public void setAsserted(boolean asserted) {
+        this.asserted = asserted;
+    }
+
+    public boolean isAsserted() {
+        return asserted;
+    }
+
+    public boolean assertEvent(SecurityEvent securityEvent) {
+        if (securityEvent != null) {
+            this.asserted = true;
+        }
+        return this.asserted;
+    }
+
+    public void setErrorMessage(String errorMessage) {
+        this.errorMessage.append("\n").append(errorMessage);
+    }
+
+    public String getErrorMessage() {
+        if (errorMessage.length() == 0) {
+            return "Assertion " + assertion.getName() + " not satisfied";
+        } else {
+            return errorMessage.toString();
+        }
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/AssertionState.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.ContentEncryptedElementSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+
+import javax.xml.namespace.QName;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class ContentEncryptedElementAssertionState extends AssertionState {
+
+    private List<QName> elements;
+
+    public ContentEncryptedElementAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+        super(assertion, asserted);
+        this.elements = elements;
+    }
+
+    @Override
+    public boolean assertEvent(SecurityEvent securityEvent) {
+        ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = (ContentEncryptedElementSecurityEvent) securityEvent;
+        for (int i = 0; i < elements.size(); i++) {
+            QName qName = elements.get(i);
+            if (qName.equals(contentEncryptedElementSecurityEvent.getElement())) {
+                if (contentEncryptedElementSecurityEvent.isNotEncrypted()) {
+                    //an element must be encrypted but isn't
+                    setAsserted(false);
+                    setErrorMessage("Element " + contentEncryptedElementSecurityEvent.getElement() + " must be encrypted");
+                    return false;
+                } else {
+                    setAsserted(true);
+                }
+            }
+        }
+        //if we return false here other encrypted elements will trigger a PolicyViolationException
+        return true;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ContentEncryptedElementAssertionState.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.EncryptedElementSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+
+import javax.xml.namespace.QName;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class EncryptedElementAssertionState extends AssertionState {
+
+    private List<QName> elements;
+
+    public EncryptedElementAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+        super(assertion, asserted);
+        this.elements = elements;
+    }
+
+    @Override
+    public boolean assertEvent(SecurityEvent securityEvent) {
+        EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
+        for (int i = 0; i < elements.size(); i++) {
+            QName qName = elements.get(i);
+            if (qName.equals(encryptedElementSecurityEvent.getElement())) {
+                if (encryptedElementSecurityEvent.isNotEncrypted()) {
+                    //an element must be encrypted but isn't
+                    setAsserted(false);
+                    setErrorMessage("Element " + encryptedElementSecurityEvent.getElement() + " must be encrypted");
+                    return false;
+                } else {
+                    setAsserted(true);
+                }
+            }
+        }
+        //if we return false here other encrypted elements will trigger a PolicyViolationException
+        return true;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedElementAssertionState.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.EncryptedPartSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+
+import javax.xml.namespace.QName;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class EncryptedPartAssertionState extends AssertionState {
+
+    private List<QName> elements;
+
+    public EncryptedPartAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+        super(assertion, asserted);
+        this.elements = elements;
+    }
+
+    @Override
+    public boolean assertEvent(SecurityEvent securityEvent) {
+        EncryptedPartSecurityEvent encryptedPartSecurityEvent = (EncryptedPartSecurityEvent) securityEvent;
+        for (int i = 0; i < elements.size(); i++) {
+            QName qName = elements.get(i);
+            if (qName.equals(encryptedPartSecurityEvent.getElement())
+                    || (qName.getLocalPart().equals("*") && qName.getNamespaceURI().equals(encryptedPartSecurityEvent.getElement().getNamespaceURI()))) {
+                if (encryptedPartSecurityEvent.isNotEncrypted()) {
+                    //an element must be encrypted but isn't
+                    setAsserted(false);
+                    setErrorMessage("Element " + encryptedPartSecurityEvent.getElement() + " must be encrypted");
+                    return false;
+                } else {
+                    setAsserted(true);
+                }
+            }
+        }
+        //if we return false here other encrypted elements will trigger a PolicyViolationException
+        return true;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/EncryptedPartAssertionState.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.policy.secpolicy.model.Binding;
+import org.swssf.securityEvent.SecurityEvent;
+import org.swssf.securityEvent.TimestampSecurityEvent;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class IncludeTimeStampAssertionState extends AssertionState {
+
+    public IncludeTimeStampAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+        super(assertion, asserted);
+    }
+
+    public boolean assertEvent(SecurityEvent securityEvent) {
+        TimestampSecurityEvent timestampSecurityEvent = (TimestampSecurityEvent) securityEvent;
+        boolean isIncludeTimestamp = ((Binding) getAssertion()).isIncludeTimestamp();
+
+        if (isIncludeTimestamp) {
+            setAsserted(true);
+        } else {
+            setAsserted(false);
+            setErrorMessage("Timestamp must not be present");
+        }
+        return isAsserted();
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IncludeTimeStampAssertionState.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/ProtectionOrderAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,61 @@
+ /**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.SPConstants;
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.policy.secpolicy.model.SymmetricAsymmetricBindingBase;
+import org.swssf.securityEvent.EncryptionTokenSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+import org.swssf.securityEvent.SignatureTokenSecurityEvent;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 272 $ $Date: 2010-12-23 14:30:56 +0100 (Thu, 23 Dec 2010) $
+ */
+
+public class ProtectionOrderAssertionState extends AssertionState {
+
+    boolean firstEvent = true;
+
+    public ProtectionOrderAssertionState(AbstractSecurityAssertion assertion, boolean asserted) {
+        super(assertion, asserted);
+    }
+
+    @Override
+    public boolean assertEvent(SecurityEvent securityEvent) {
+        SPConstants.ProtectionOrder protectionOrder = ((SymmetricAsymmetricBindingBase) getAssertion()).getProtectionOrder();
+
+        if (firstEvent) {
+            firstEvent = false;
+            //we have to invert the logic. When SignBeforeEncrypt is set then the Encryption token appears as first
+            //in contrary if EncryptBeforeSign is set then the SignatureToken appears as first. So...:
+            if (protectionOrder.equals(SPConstants.ProtectionOrder.SignBeforeEncrypting)
+                    && securityEvent instanceof SignatureTokenSecurityEvent) {
+                setAsserted(false);
+                setErrorMessage("ProtectionOrder is " + SPConstants.ProtectionOrder.SignBeforeEncrypting + " but we got " + securityEvent.getSecurityEventType() + " first");
+            } else if (protectionOrder.equals(SPConstants.ProtectionOrder.EncryptBeforeSigning)
+                    && securityEvent instanceof EncryptionTokenSecurityEvent) {
+                setAsserted(false);
+                setErrorMessage("ProtectionOrder is " + SPConstants.ProtectionOrder.SignBeforeEncrypting + " but we got " + securityEvent.getSecurityEventType() + " first");
+            }
+        }
+        return isAsserted();
+    }
+}

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredElementAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,48 @@
+ /**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.RequiredElementSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+
+import javax.xml.namespace.QName;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 272 $ $Date: 2010-12-23 14:30:56 +0100 (Thu, 23 Dec 2010) $
+ */
+public class RequiredElementAssertionState extends AssertionState {
+
+    private QName element;
+
+    public RequiredElementAssertionState(AbstractSecurityAssertion assertion, boolean asserted, QName element) {
+        super(assertion, asserted);
+        this.element = element;
+    }
+
+    @Override
+    public boolean assertEvent(SecurityEvent securityEvent) {
+        RequiredElementSecurityEvent requiredElementSecurityEvent = (RequiredElementSecurityEvent) securityEvent;
+        if (element.equals(requiredElementSecurityEvent.getElement())) {
+            setAsserted(true);
+        }
+        return true;
+    }
+}

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RequiredPartAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,49 @@
+ /**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.RequiredPartSecurityEvent;
+import org.swssf.securityEvent.SecurityEvent;
+
+import javax.xml.namespace.QName;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 272 $ $Date: 2010-12-23 14:30:56 +0100 (Thu, 23 Dec 2010) $
+ */
+public class RequiredPartAssertionState extends AssertionState {
+
+    private QName element;
+
+    public RequiredPartAssertionState(AbstractSecurityAssertion assertion, boolean asserted, QName element) {
+        super(assertion, asserted);
+        this.element = element;
+    }
+
+    @Override
+    public boolean assertEvent(SecurityEvent securityEvent) {
+        RequiredPartSecurityEvent requiredPartSecurityEvent = (RequiredPartSecurityEvent) securityEvent;
+        if (element.equals(requiredPartSecurityEvent.getElement())
+                || (element.getLocalPart().equals("*") && element.getNamespaceURI().equals(requiredPartSecurityEvent.getElement().getNamespaceURI()))) {
+            setAsserted(true);
+        }
+        return true;
+    }
+}

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.SecurityEvent;
+import org.swssf.securityEvent.SignedElementSecurityEvent;
+
+import javax.xml.namespace.QName;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class SignedElementAssertionState extends AssertionState {
+
+    private List<QName> elements;
+
+    public SignedElementAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+        super(assertion, asserted);
+        this.elements = elements;
+    }
+
+    @Override
+    public boolean assertEvent(SecurityEvent securityEvent) {
+        SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
+        for (int i = 0; i < elements.size(); i++) {
+            QName qName = elements.get(i);
+            if (qName.equals(signedElementSecurityEvent.getElement())) {
+                if (signedElementSecurityEvent.isNotSigned()) {
+                    //an element must be signed but isn't
+                    setAsserted(false);
+                    setErrorMessage("Element " + signedElementSecurityEvent.getElement() + " must be signed");
+                    return false;
+                } else {
+                    setAsserted(true);
+                }
+            }
+        }
+        //if we return false here other signed elements will trigger a PolicyViolationException
+        return true;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedElementAssertionState.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartAssertionState.java?rev=1172285&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartAssertionState.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartAssertionState.java Sun Sep 18 13:51:23 2011
@@ -0,0 +1,61 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.assertionStates;
+
+import org.swssf.policy.secpolicy.model.AbstractSecurityAssertion;
+import org.swssf.securityEvent.SecurityEvent;
+import org.swssf.securityEvent.SignedPartSecurityEvent;
+
+import javax.xml.namespace.QName;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class SignedPartAssertionState extends AssertionState {
+
+    private List<QName> elements;
+
+    public SignedPartAssertionState(AbstractSecurityAssertion assertion, boolean asserted, List<QName> elements) {
+        super(assertion, asserted);
+        this.elements = elements;
+    }
+
+    @Override
+    public boolean assertEvent(SecurityEvent securityEvent) {
+        SignedPartSecurityEvent signedPartSecurityEvent = (SignedPartSecurityEvent) securityEvent;
+        for (int i = 0; i < elements.size(); i++) {
+            QName qName = elements.get(i);
+            if (qName.equals(signedPartSecurityEvent.getElement())
+                    || (qName.getLocalPart().equals("*") && qName.getNamespaceURI().equals(signedPartSecurityEvent.getElement().getNamespaceURI()))) {
+                if (signedPartSecurityEvent.isNotSigned()) {
+                    //an element must be signed but isn't
+                    setAsserted(false);
+                    setErrorMessage("Element " + signedPartSecurityEvent.getElement() + " must be signed");
+                    return false;
+                } else {
+                    setAsserted(true);
+                }
+            }
+        }
+        //if we return false here other signed elements will trigger a PolicyViolationException
+        return true;
+    }
+}

Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignedPartAssertionState.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision



Mime
View raw message