private boolean isTimestamp(List<QName> qnames) { return qnames != null && qnames.size() == 4 && isEnvelope(qnames.get(0)) && isSoapHeader(qnames.get(1)) && isSecurityHeader(qnames.get(2)) && "Timestamp".equals(qnames.get(3).getLocalPart()) && WSU_NS.equals(qnames.get(3).getNamespaceURI()); }
private boolean isReplyTo(List<QName> qnames) { return qnames != null && qnames.size() == 3 && isEnvelope(qnames.get(0)) && isSoapHeader(qnames.get(1)) && "ReplyTo".equals(qnames.get(2).getLocalPart()) && WSA_NS.equals(qnames.get(2).getNamespaceURI()); }
getEventFromResults(WSSecurityEventConstants.SIGNED_PART, incomingSecurityEventList)); results.addAll( getEventFromResults(WSSecurityEventConstants.SignedElement, incomingSecurityEventList)); getEventFromResults(WSSecurityEventConstants.ENCRYPTED_PART, incomingSecurityEventList)); results.addAll( getEventFromResults(WSSecurityEventConstants.EncryptedElement, incomingSecurityEventList)); checkSignedBody(results); checkEncryptedBody(results); getEventFromResults(WSSecurityEventConstants.TIMESTAMP, incomingSecurityEventList); if (!timestampResults.isEmpty()) { checkSignedTimestamp(results); AddressingProperties addressingProperties = (AddressingProperties)soapMessage.get("javax.xml.ws.addressing.context.inbound"); checkSignedAddressing(results, addressingProperties); getEventFromResults(WSSecurityEventConstants.USERNAME_TOKEN, incomingSecurityEventList); if (!usernameTokenResults.isEmpty()) { if (signUsernameToken) { checkSignedUsernameToken(results); checkEncryptedUsernameToken(results); throw createSoapFault(soapMessage.getVersion(), e);
private void checkEncryptedBody(List<SecurityEvent> results) throws WSSecurityException { if (!encryptBody) { return; } boolean isBodyEncrypted = false; for (SecurityEvent signedEvent : results) { AbstractSecuredElementSecurityEvent securedEvent = (AbstractSecuredElementSecurityEvent)signedEvent; if (!securedEvent.isEncrypted()) { continue; } List<QName> encryptedPath = securedEvent.getElementPath(); if (isBody(encryptedPath)) { isBodyEncrypted = true; break; } } if (!isBodyEncrypted) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("The SOAP Body is not encrypted")); } }
private boolean isBody(List<QName> qnames) { return qnames != null && qnames.size() == 2 && isEnvelope(qnames.get(0)) && "Body".equals(qnames.get(1).getLocalPart()) && (SOAP_NS.equals(qnames.get(1).getNamespaceURI()) || SOAP12_NS.equals(qnames.get(1).getNamespaceURI())); }
getEventFromResults(WSSecurityEventConstants.SIGNED_PART, incomingSecurityEventList)); results.addAll( getEventFromResults(WSSecurityEventConstants.SignedElement, incomingSecurityEventList)); getEventFromResults(WSSecurityEventConstants.ENCRYPTED_PART, incomingSecurityEventList)); results.addAll( getEventFromResults(WSSecurityEventConstants.EncryptedElement, incomingSecurityEventList)); checkSignedBody(results); checkEncryptedBody(results); getEventFromResults(WSSecurityEventConstants.TIMESTAMP, incomingSecurityEventList); if (!timestampResults.isEmpty()) { checkSignedTimestamp(results); AddressingProperties addressingProperties = (AddressingProperties)soapMessage.get("javax.xml.ws.addressing.context.inbound"); checkSignedAddressing(results, addressingProperties); getEventFromResults(WSSecurityEventConstants.USERNAME_TOKEN, incomingSecurityEventList); if (!usernameTokenResults.isEmpty()) { if (signUsernameToken) { checkSignedUsernameToken(results); checkEncryptedUsernameToken(results); throw createSoapFault(soapMessage.getVersion(), e);
private boolean isFaultTo(List<QName> qnames) { return qnames != null && qnames.size() == 3 && isEnvelope(qnames.get(0)) && isSoapHeader(qnames.get(1)) && "FaultTo".equals(qnames.get(2).getLocalPart()) && WSA_NS.equals(qnames.get(2).getNamespaceURI()); }
private void checkSignedBody(List<SecurityEvent> results) throws WSSecurityException { if (!signBody) { return; } boolean isBodySigned = false; for (SecurityEvent signedEvent : results) { AbstractSecuredElementSecurityEvent securedEvent = (AbstractSecuredElementSecurityEvent)signedEvent; if (!securedEvent.isSigned()) { continue; } List<QName> signedPath = securedEvent.getElementPath(); if (isBody(signedPath)) { isBodySigned = true; break; } } if (!isBodySigned) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("The SOAP Body is not signed")); } }
private boolean isBody(List<QName> qnames) { return qnames != null && qnames.size() == 2 && isEnvelope(qnames.get(0)) && "Body".equals(qnames.get(1).getLocalPart()) && (SOAP_NS.equals(qnames.get(1).getNamespaceURI()) || SOAP12_NS.equals(qnames.get(1).getNamespaceURI())); }
private boolean isUsernameToken(List<QName> qnames) { return qnames != null && qnames.size() == 4 && isEnvelope(qnames.get(0)) && isSoapHeader(qnames.get(1)) && isSecurityHeader(qnames.get(2)) && "UsernameToken".equals(qnames.get(3).getLocalPart()) && WSSE_NS.equals(qnames.get(3).getNamespaceURI()); }
private boolean isFaultTo(List<QName> qnames) { return qnames != null && qnames.size() == 3 && isEnvelope(qnames.get(0)) && isSoapHeader(qnames.get(1)) && "FaultTo".equals(qnames.get(2).getLocalPart()) && WSA_NS.equals(qnames.get(2).getNamespaceURI()); }
private void checkSignedBody(List<SecurityEvent> results) throws WSSecurityException { if (!signBody) { return; } boolean isBodySigned = false; for (SecurityEvent signedEvent : results) { AbstractSecuredElementSecurityEvent securedEvent = (AbstractSecuredElementSecurityEvent)signedEvent; if (!securedEvent.isSigned()) { continue; } List<QName> signedPath = securedEvent.getElementPath(); if (isBody(signedPath)) { isBodySigned = true; break; } } if (!isBodySigned) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("The SOAP Body is not signed")); } }
private boolean isTimestamp(List<QName> qnames) { return qnames != null && qnames.size() == 4 && isEnvelope(qnames.get(0)) && isSoapHeader(qnames.get(1)) && isSecurityHeader(qnames.get(2)) && "Timestamp".equals(qnames.get(3).getLocalPart()) && WSU_NS.equals(qnames.get(3).getNamespaceURI()); }
private boolean isReplyTo(List<QName> qnames) { return qnames != null && qnames.size() == 3 && isEnvelope(qnames.get(0)) && isSoapHeader(qnames.get(1)) && "ReplyTo".equals(qnames.get(2).getLocalPart()) && WSA_NS.equals(qnames.get(2).getNamespaceURI()); }
private void checkEncryptedBody(List<SecurityEvent> results) throws WSSecurityException { if (!encryptBody) { return; } boolean isBodyEncrypted = false; for (SecurityEvent signedEvent : results) { AbstractSecuredElementSecurityEvent securedEvent = (AbstractSecuredElementSecurityEvent)signedEvent; if (!securedEvent.isEncrypted()) { continue; } List<QName> encryptedPath = securedEvent.getElementPath(); if (isBody(encryptedPath)) { isBodyEncrypted = true; break; } } if (!isBodyEncrypted) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("The SOAP Body is not encrypted")); } }
private boolean isUsernameToken(List<QName> qnames) { return qnames != null && qnames.size() == 4 && isEnvelope(qnames.get(0)) && isSoapHeader(qnames.get(1)) && isSecurityHeader(qnames.get(2)) && "UsernameToken".equals(qnames.get(3).getLocalPart()) && WSSE_NS.equals(qnames.get(3).getNamespaceURI()); }