private boolean isEncryptedTokenSigned(Element token, WSDataRef signedRef, List<WSSecurityEngineResult> encryptedResults) { if (signedRef.getProtectedElement() != null && "EncryptedData".equals(signedRef.getProtectedElement().getLocalName()) && WSS4JConstants.ENC_NS.equals(signedRef.getProtectedElement().getNamespaceURI())) { String encryptedDataId = signedRef.getProtectedElement().getAttributeNS(null, "Id"); for (WSSecurityEngineResult result : encryptedResults) { List<WSDataRef> encryptedDataRefs = CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (encryptedDataRefs != null) { for (WSDataRef encryptedDataRef : encryptedDataRefs) { if (token == encryptedDataRef.getProtectedElement() && (encryptedDataRef.getWsuId() != null && encryptedDataRef.getWsuId().equals(encryptedDataId))) { return true; } } } } } return false; }
private boolean isEncryptedTokenSigned(Element token, WSDataRef signedRef, List<WSSecurityEngineResult> encryptedResults) { if (signedRef.getProtectedElement() != null && "EncryptedData".equals(signedRef.getProtectedElement().getLocalName()) && WSS4JConstants.ENC_NS.equals(signedRef.getProtectedElement().getNamespaceURI())) { String encryptedDataId = signedRef.getProtectedElement().getAttributeNS(null, "Id"); for (WSSecurityEngineResult result : encryptedResults) { List<WSDataRef> encryptedDataRefs = CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (encryptedDataRefs != null) { for (WSDataRef encryptedDataRef : encryptedDataRefs) { if (token == encryptedDataRef.getProtectedElement() && (encryptedDataRef.getWsuId() != null && encryptedDataRef.getWsuId().equals(encryptedDataId))) { return true; } } } } } return false; }
private static boolean matchElement(Collection<WSDataRef> refs, CoverageType type, CoverageScope scope, Element el) { final boolean content; switch (scope) { case CONTENT: content = true; break; case ELEMENT: default: content = false; } for (WSDataRef r : refs) { // If the element is the same object instance // as that in the ref, we found it and can // stop looking at this element. if (r.getProtectedElement() == el && r.isContent() == content) { return true; } } return false; }
private static boolean matchElement(Collection<WSDataRef> refs, CoverageType type, CoverageScope scope, Element el) { final boolean content; switch (scope) { case CONTENT: content = true; break; case ELEMENT: default: content = false; } for (WSDataRef r : refs) { // If the element is the same object instance // as that in the ref, we found it and can // stop looking at this element. if (r.getProtectedElement() == el && r.isContent() == content) { return true; } } return false; }
/** * Return true if a token was encrypted, false otherwise. */ private boolean isTokenEncrypted(Element token, List<WSSecurityEngineResult> encryptedResults) { for (WSSecurityEngineResult result : encryptedResults) { List<WSDataRef> dataRefs = CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (dataRefs != null) { for (WSDataRef dataRef : dataRefs) { if (token == dataRef.getProtectedElement()) { return true; } } } } return false; }
/** * Return true if a token was encrypted, false otherwise. */ private boolean isTokenEncrypted(Element token, List<WSSecurityEngineResult> encryptedResults) { for (WSSecurityEngineResult result : encryptedResults) { List<WSDataRef> dataRefs = CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (dataRefs != null) { for (WSDataRef dataRef : dataRefs) { if (token == dataRef.getProtectedElement()) { return true; } } } } return false; }
/** * Return true if the given Element was encrypted */ private boolean isElementEncrypted(Element element, List<WSSecurityEngineResult> results) { for (WSSecurityEngineResult wser : results) { Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION); if (actInt.intValue() == WSConstants.ENCR) { List<WSDataRef> el = CastUtils.cast((List<?>)wser.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (el != null) { for (WSDataRef r : el) { Element protectedElement = r.getProtectedElement(); if (element.equals(protectedElement)) { return true; } } } } } return false; }
/** * Return true if the given Element was encrypted */ private boolean isElementEncrypted(Element element, List<WSSecurityEngineResult> results) { for (WSSecurityEngineResult wser : results) { Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION); if (actInt.intValue() == WSConstants.ENCR) { List<WSDataRef> el = CastUtils.cast((List<?>)wser.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (el != null) { for (WSDataRef r : el) { Element protectedElement = r.getProtectedElement(); if (element.equals(protectedElement)) { return true; } } } } } return false; }
private boolean checkSignatureIsSignedPlacement( List<WSSecurityEngineResult> results, List<WSSecurityEngineResult> signedResults ) { for (WSSecurityEngineResult signedResult : signedResults) { List<WSDataRef> sl = CastUtils.cast((List<?>)signedResult.get( WSSecurityEngineResult.TAG_DATA_REF_URIS )); if (sl != null && sl.size() >= 1) { for (WSDataRef dataRef : sl) { QName signedQName = dataRef.getName(); if (WSConstants.SIGNATURE.equals(signedQName)) { Element protectedElement = dataRef.getProtectedElement(); if (!isEndorsingSignatureInCorrectPlace(results, signedResult, protectedElement)) { return false; } } } } } return true; }
private boolean checkSignatureIsSignedPlacement( List<WSSecurityEngineResult> results, List<WSSecurityEngineResult> signedResults ) { for (WSSecurityEngineResult signedResult : signedResults) { List<WSDataRef> sl = CastUtils.cast((List<?>)signedResult.get( WSSecurityEngineResult.TAG_DATA_REF_URIS )); if (sl != null && sl.size() >= 1) { for (WSDataRef dataRef : sl) { QName signedQName = dataRef.getName(); if (WSConstants.SIGNATURE.equals(signedQName)) { Element protectedElement = dataRef.getProtectedElement(); if (!isEndorsingSignatureInCorrectPlace(results, signedResult, protectedElement)) { return false; } } } } } return true; }
/** * Return true if a token was signed, false otherwise. */ private boolean isTokenSigned(Element token, List<WSSecurityEngineResult> signedResults, List<WSSecurityEngineResult> encryptedResults) { for (WSSecurityEngineResult signedResult : signedResults) { List<WSDataRef> dataRefs = CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); for (WSDataRef dataRef : dataRefs) { if (token == dataRef.getProtectedElement() || isEncryptedTokenSigned(token, dataRef, encryptedResults)) { return true; } } } return false; }
CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); for (WSDataRef dataRef : dataRefs) { if (timestamp.getElement() == dataRef.getProtectedElement()) { return true;
/** * Return true if a token was signed, false otherwise. */ private boolean isTokenSigned(Element token, List<WSSecurityEngineResult> signedResults, List<WSSecurityEngineResult> encryptedResults) { for (WSSecurityEngineResult signedResult : signedResults) { List<WSDataRef> dataRefs = CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); for (WSDataRef dataRef : dataRefs) { if (token == dataRef.getProtectedElement() || isEncryptedTokenSigned(token, dataRef, encryptedResults)) { return true; } } } return false; }
public static void verifySignedElement(Element elem, List<WSSecurityEngineResult> signedResults) throws WSSecurityException { if (signedResults != null) { for (WSSecurityEngineResult signedResult : signedResults) { @SuppressWarnings("unchecked") List<WSDataRef> dataRefs = (List<WSDataRef>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS); if (dataRefs != null) { for (WSDataRef dataRef : dataRefs) { if (isElementOrAncestorSigned(elem, dataRef.getProtectedElement())) { return; } } } } } throw new WSSecurityException( WSSecurityException.ErrorCode.FAILED_CHECK, "elementNotSigned", new Object[] {elem}); }
/** * Return true if the Timestamp is signed by one of the token results * @param tokenResults A list of WSSecurityEngineResults corresponding to tokens * @return true if the Timestamp is signed */ private boolean checkTimestampIsSigned(List<WSSecurityEngineResult> tokenResults, List<WSSecurityEngineResult> signedResults, Element timestamp) { for (WSSecurityEngineResult signedResult : signedResults) { List<WSDataRef> sl = CastUtils.cast((List<?>)signedResult.get( WSSecurityEngineResult.TAG_DATA_REF_URIS )); if (sl != null) { for (WSDataRef dataRef : sl) { if (timestamp == dataRef.getProtectedElement() && checkSignatureOrEncryptionResult(signedResult, tokenResults)) { return true; } } } } return false; }
/** * Return true if the Timestamp is signed by one of the token results * @param tokenResults A list of WSSecurityEngineResults corresponding to tokens * @return true if the Timestamp is signed */ private boolean checkTimestampIsSigned(List<WSSecurityEngineResult> tokenResults, List<WSSecurityEngineResult> signedResults, Element timestamp) { for (WSSecurityEngineResult signedResult : signedResults) { List<WSDataRef> sl = CastUtils.cast((List<?>)signedResult.get( WSSecurityEngineResult.TAG_DATA_REF_URIS )); if (sl != null) { for (WSDataRef dataRef : sl) { if (timestamp == dataRef.getProtectedElement() && checkSignatureOrEncryptionResult(signedResult, tokenResults)) { return true; } } } } return false; }
if (sl != null) { for (WSDataRef dataRef : sl) { Element referenceElement = dataRef.getProtectedElement(); if (referenceElement != null && referenceElement.equals(tokenResult.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT))) {
Element protectedElement = r.getProtectedElement(); boolean tokenFound = false;
/** * Check that an Element is signed or encrypted by one of the token results */ private boolean checkProtectionResult( Element elementToProtect, boolean content, List<WSSecurityEngineResult> protResults, List<WSSecurityEngineResult> tokenResults ) { elementToProtect = (Element)DOMUtils.getDomElement(elementToProtect); for (WSSecurityEngineResult result : protResults) { List<WSDataRef> dataRefs = CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (dataRefs != null) { for (WSDataRef dataRef : dataRefs) { if (elementToProtect == dataRef.getProtectedElement() && content == dataRef.isContent() && checkSignatureOrEncryptionResult(result, tokenResults)) { return true; } } } } return false; }
/** * Check that an Element is signed or encrypted by one of the token results */ private boolean checkProtectionResult( Element elementToProtect, boolean content, List<WSSecurityEngineResult> protResults, List<WSSecurityEngineResult> tokenResults ) { elementToProtect = (Element)DOMUtils.getDomElement(elementToProtect); for (WSSecurityEngineResult result : protResults) { List<WSDataRef> dataRefs = CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); if (dataRefs != null) { for (WSDataRef dataRef : dataRefs) { if (elementToProtect == dataRef.getProtectedElement() && content == dataRef.isContent() && checkSignatureOrEncryptionResult(result, tokenResults)) { return true; } } } } return false; }