Java Code Examples for org.apache.cxf.helpers.domutils#getFirstChildWithName()

The following examples show how to use org.apache.cxf.helpers.domutils#getFirstChildWithName() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SecurityToken.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * @param lifetimeElem
 * @throws TrustException 
 */
private void processLifeTime(Element lifetimeElem) {
    try {
        Element createdElem = 
            DOMUtils.getFirstChildWithName(lifetimeElem,
                                            WSConstants.WSU_NS,
                                            WSConstants.CREATED_LN);
        DateFormat zulu = new XmlSchemaDateFormat();
        
        this.created = zulu.parse(DOMUtils.getContent(createdElem));

        Element expiresElem = 
            DOMUtils.getFirstChildWithName(lifetimeElem,
                                            WSConstants.WSU_NS,
                                            WSConstants.EXPIRES_LN);
        this.expires = zulu.parse(DOMUtils.getContent(expiresElem));
    } catch (ParseException e) {
        //shouldn't happen
    }
}
 
Example 2
Source File: SecurityToken.java    From cxf with Apache License 2.0 6 votes vote down vote up
/**
 * @param lifetimeElem
 * @throws TrustException
 */
private void processLifeTime(Element lifetimeElem) {
    try {
        Element createdElem =
            DOMUtils.getFirstChildWithName(lifetimeElem,
                                            WSS4JConstants.WSU_NS,
                                            WSS4JConstants.CREATED_LN);
        if (createdElem == null) {
            // The spec says that if there is no Created Element in the Lifetime, then take the current time
            this.created = Instant.now();
        } else {
            this.created = ZonedDateTime.parse(DOMUtils.getContent(createdElem)).toInstant();
        }

        Element expiresElem =
            DOMUtils.getFirstChildWithName(lifetimeElem,
                                            WSS4JConstants.WSU_NS,
                                            WSS4JConstants.EXPIRES_LN);
        if (expiresElem != null) {
            this.expires = ZonedDateTime.parse(DOMUtils.getContent(expiresElem)).toInstant();
        }
    } catch (DateTimeParseException e) {
        //shouldn't happen
    }
}
 
Example 3
Source File: SecurityToken.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * @param lifetimeElem
 * @throws TrustException 
 */
private void processLifeTime(Element lifetimeElem) {
    try {
        Element createdElem = 
            DOMUtils.getFirstChildWithName(lifetimeElem,
                                            WSConstants.WSU_NS,
                                            WSConstants.CREATED_LN);
        DateFormat zulu = new XmlSchemaDateFormat();
        
        this.created = zulu.parse(DOMUtils.getContent(createdElem));

        Element expiresElem = 
            DOMUtils.getFirstChildWithName(lifetimeElem,
                                            WSConstants.WSU_NS,
                                            WSConstants.EXPIRES_LN);
        this.expires = zulu.parse(DOMUtils.getContent(expiresElem));
    } catch (ParseException e) {
        //shouldn't happen
    }
}
 
Example 4
Source File: JettyServerEngineFactoryParser.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected Metadata parseEngineHandlers(List<Element> engines, ComponentMetadata enclosingComponent,
                                       ParserContext context) {
    MutableMapMetadata map = context.createMetadata(MutableMapMetadata.class);
    map.setKeyType("java.lang.String");
    map.setValueType("java.util.List");

    for (Element engine : engines) {
        String port = engine.getAttribute("port");
        ValueMetadata keyValue = createValue(context, port);
        Element handlers = DOMUtils
            .getFirstChildWithName(engine, HTTPJettyTransportNamespaceHandler.JETTY_TRANSPORT,
                                   "handlers");
        if (handlers != null) {
            Metadata valValue = parseListData(context, enclosingComponent, handlers);
            map.addEntry(keyValue, valValue);
        }
    }
    return map;
}
 
Example 5
Source File: RequiredPartsPolicyValidator.java    From cxf with Apache License 2.0 5 votes vote down vote up
/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    Element header = parameters.getSoapHeader();

    for (AssertionInfo ai : ais) {
        RequiredParts rp = (RequiredParts)ai.getAssertion();
        ai.setAsserted(true);
        for (Header h : rp.getHeaders()) {
            QName qName = new QName(h.getNamespace(), h.getName());
            if (header == null || DOMUtils.getFirstChildWithName(header, qName) == null) {
                ai.setNotAsserted("No header element of name " + qName + " found.");
            }
        }
    }
}
 
Example 6
Source File: SourceGenerator.java    From cxf with Apache License 2.0 5 votes vote down vote up
private String getDocText(Element el) {
    Element doc = DOMUtils.getFirstChildWithName(el, getWadlNamespace(), "doc");
    if (doc != null) {
        return DOMUtils.getContent(doc);
    }
    return null;
}
 
Example 7
Source File: SAML2ITCase.java    From syncope with Apache License 2.0 5 votes vote down vote up
@Test
public void spMetadata() {
    assumeTrue(SAML2SPDetector.isSAML2SPAvailable());

    try {
        SAML2SPService service = anonymous.getService(SAML2SPService.class);
        WebClient.client(service).accept(MediaType.APPLICATION_XML_TYPE);
        Response response = service.getMetadata(ADDRESS, "saml2sp");
        assertNotNull(response);

        Document responseDoc = StaxUtils.read(
                new InputStreamReader((InputStream) response.getEntity(), StandardCharsets.UTF_8));
        assertEquals("EntityDescriptor", responseDoc.getDocumentElement().getLocalName());
        assertEquals("urn:oasis:names:tc:SAML:2.0:metadata", responseDoc.getDocumentElement().getNamespaceURI());

        // Get the signature
        QName signatureQName = new QName(SignatureConstants.XMLSIG_NS, "Signature");
        Element signatureElement =
                DOMUtils.getFirstChildWithName(responseDoc.getDocumentElement(), signatureQName);
        assertNotNull(signatureElement);

        // Validate the signature
        XMLSignature signature = new XMLSignature(signatureElement, null);
        KeyStore keystore = KeyStore.getInstance("JKS");
        keystore.load(Loader.getResourceAsStream("keystore"), "changeit".toCharArray());
        assertTrue(signature.checkSignatureValue((X509Certificate) keystore.getCertificate("sp")));
    } catch (Exception e) {
        LOG.error("During SAML 2.0 SP metadata parsing", e);
        fail(e::getMessage);
    }
}
 
Example 8
Source File: JavaFirstPolicyServiceTest.java    From cxf with Apache License 2.0 5 votes vote down vote up
private String getOperationPolicyReferenceId(Element operationElement, String policyNamespace) {
    Element policyReference = DOMUtils.getFirstChildWithName(operationElement, policyNamespace,
                                                             "PolicyReference");
    if (policyReference != null) {
        return policyReference.getAttributeNS(null, "URI");
    }
    return null;
}
 
Example 9
Source File: SecurityContextTokenBuilder.java    From steady with Apache License 2.0 4 votes vote down vote up
public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {

    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;

    SecurityContextToken contextToken = new SecurityContextToken(consts);

    String includeAttr = DOMUtils.getAttribute(element, consts.getIncludeToken());

    if (includeAttr != null) {
        contextToken.setInclusion(consts.getInclusionFromAttributeValue(includeAttr));
    }

    element = PolicyConstants.findPolicyElement(element);
    if (element == null && consts != SP11Constants.INSTANCE) {
        throw new IllegalArgumentException(
            "sp:SecurityContextToken/wsp:Policy must have a value"
        );
    }

    if (element != null) {
        if (DOMUtils.getFirstChildWithName(element, 
                consts.getNamespace(),
                SPConstants.REQUIRE_DERIVED_KEYS) != null) {
            contextToken.setDerivedKeys(true);
        }

        if (DOMUtils.getFirstChildWithName(element, 
                consts.getNamespace(),
                SPConstants.REQUIRE_EXTERNAL_URI_REFERENCE) != null) {
            contextToken.setRequireExternalUriRef(true);
        }

        if (DOMUtils.getFirstChildWithName(element,
                consts.getNamespace(),
                SPConstants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
            contextToken.setSc10SecurityContextToken(true);
        }

        if (DOMUtils.getFirstChildWithName(element,
                consts.getNamespace(),
                SPConstants.SC13_SECURITY_CONTEXT_TOKEN) != null) {
            contextToken.setSc13SecurityContextToken(true);
        }
    }

    return contextToken;
}
 
Example 10
Source File: X509TokenBuilder.java    From steady with Apache License 2.0 4 votes vote down vote up
public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {
    
    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;
    X509Token x509Token = new X509Token(consts);
    x509Token.setOptional(PolicyConstants.isOptional(element));
    x509Token.setIgnorable(PolicyConstants.isIgnorable(element));

    Element policyElement = DOMUtils.getFirstElement(element);
    if (policyElement == null && consts != SP11Constants.INSTANCE) {
        throw new IllegalArgumentException(
            "sp:X509Token/wsp:Policy must have a value"
        );
    }

    // Process token inclusion
    String includeAttr = DOMUtils.getAttribute(element, consts.getIncludeToken());

    if (includeAttr != null) {
        SPConstants.IncludeTokenType inclusion 
            = consts.getInclusionFromAttributeValue(includeAttr);
        x509Token.setInclusion(inclusion);
    }

    if (policyElement != null) {
        if (DOMUtils.getFirstChildWithName(policyElement, consts.getRequiredDerivedKeys()) != null) {
            x509Token.setDerivedKeys(true);
        } else if (DOMUtils.getFirstChildWithName(policyElement, 
                SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS) != null) {
            x509Token.setImpliedDerivedKeys(true);
        } else if (DOMUtils.getFirstChildWithName(policyElement, 
                SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS) != null) {
            x509Token.setExplicitDerivedKeys(true);
        }
    }

    Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
    policy = policy.normalize(builder.getPolicyRegistry(), false);

    for (Iterator<List<Assertion>> iterator = policy.getAlternatives(); iterator.hasNext();) {
        processAlternative(iterator.next(), x509Token, consts);

        /*
         * since there should be only one alternative
         */
        break;
    }
    return x509Token;
}
 
Example 11
Source File: Trust13Builder.java    From steady with Apache License 2.0 4 votes vote down vote up
public Assertion build(Element element, AssertionBuilderFactory factory) {
    element = PolicyConstants.findPolicyElement(element);

    if (element == null) {
        throw new IllegalArgumentException(
                "Trust13 assertion doesn't contain any Policy");
    }

    Trust13 trust13 = new Trust13(SP12Constants.INSTANCE);

    if (DOMUtils
            .getFirstChildWithName(element, SP12Constants.MUST_SUPPORT_CLIENT_CHALLENGE) != null) {
        trust13.setMustSupportClientChallenge(true);
    }

    if (DOMUtils
            .getFirstChildWithName(element, SP12Constants.MUST_SUPPORT_SERVER_CHALLENGE) != null) {
        trust13.setMustSupportServerChallenge(true);
    }

    if (DOMUtils.getFirstChildWithName(element, SP12Constants.REQUIRE_CLIENT_ENTROPY) != null) {
        trust13.setRequireClientEntropy(true);
    }

    if (DOMUtils.getFirstChildWithName(element, SP12Constants.REQUIRE_SERVER_ENTROPY) != null) {
        trust13.setRequireServerEntropy(true);
    }

    if (DOMUtils.getFirstChildWithName(element, SP12Constants.MUST_SUPPORT_ISSUED_TOKENS) != null) {
        trust13.setMustSupportIssuedTokens(true);
    }
    
    if (DOMUtils.getFirstChildWithName(element,
                                       SP12Constants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION) != null) {
        trust13.setRequireRequestSecurityTokenCollection(true);
    }
    
    if (DOMUtils.getFirstChildWithName(element, SP12Constants.REQUIRE_APPLIES_TO) != null) {
        trust13.setRequireAppliesTo(true);
    }

    return trust13;
}
 
Example 12
Source File: STSClient.java    From steady with Apache License 2.0 4 votes vote down vote up
protected List<SecurityToken> validateSecurityToken(SecurityToken tok, String tokentype) 
    throws Exception {
    STSResponse response = validate(tok, tokentype);
    
    Element el = getDocumentElement(response.getResponse());
    if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
        el = DOMUtils.getFirstElement(el);
    }
    if (!"RequestSecurityTokenResponse".equals(el.getLocalName())) {
        throw new Fault("Unexpected element " + el.getLocalName(), LOG);
    }
    el = DOMUtils.getFirstElement(el);
    String reason = null;
    boolean valid = false;
    List<SecurityToken> tokens = new LinkedList<SecurityToken>();
    while (el != null) {
        if ("Status".equals(el.getLocalName())) {
            Element e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Code");
            String s = DOMUtils.getContent(e2);
            valid = s.endsWith("/status/valid");
            
            e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Reason");
            if (e2 != null) {
                reason = DOMUtils.getContent(e2);
            }
        } else if ("RequestedSecurityToken".equals(el.getLocalName())) {
            Element requestedSecurityTokenElement = DOMUtils.getFirstElement(el);
            String id = findID(null, null, requestedSecurityTokenElement);
            if (StringUtils.isEmpty(id)) {
                throw new TrustException("NO_ID", LOG);
            }
            SecurityToken requestedSecurityToken = new SecurityToken(id);
            requestedSecurityToken.setToken(requestedSecurityTokenElement);
            tokens.add(requestedSecurityToken);
        }
        el = DOMUtils.getNextElement(el);
    }
    if (!valid) {
        throw new TrustException(LOG, "VALIDATION_FAILED", reason);
    }
    if (tokens.isEmpty()) {
        tokens.add(tok);
    }
    return tokens;
}
 
Example 13
Source File: X509TokenBuilder.java    From steady with Apache License 2.0 4 votes vote down vote up
public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {
    
    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;
    X509Token x509Token = new X509Token(consts);
    x509Token.setOptional(PolicyConstants.isOptional(element));
    x509Token.setIgnorable(PolicyConstants.isIgnorable(element));

    Element policyElement = DOMUtils.getFirstElement(element);
    if (policyElement == null && consts != SP11Constants.INSTANCE) {
        throw new IllegalArgumentException(
            "sp:X509Token/wsp:Policy must have a value"
        );
    }

    // Process token inclusion
    String includeAttr = DOMUtils.getAttribute(element, consts.getIncludeToken());

    if (includeAttr != null) {
        SPConstants.IncludeTokenType inclusion 
            = consts.getInclusionFromAttributeValue(includeAttr);
        x509Token.setInclusion(inclusion);
    }

    if (policyElement != null) {
        if (DOMUtils.getFirstChildWithName(policyElement, consts.getRequiredDerivedKeys()) != null) {
            x509Token.setDerivedKeys(true);
        } else if (DOMUtils.getFirstChildWithName(policyElement, 
                SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS) != null) {
            x509Token.setImpliedDerivedKeys(true);
        } else if (DOMUtils.getFirstChildWithName(policyElement, 
                SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS) != null) {
            x509Token.setExplicitDerivedKeys(true);
        }
    }

    Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
    policy = policy.normalize(builder.getPolicyRegistry(), false);

    for (Iterator<List<Assertion>> iterator = policy.getAlternatives(); iterator.hasNext();) {
        processAlternative(iterator.next(), x509Token, consts);

        /*
         * since there should be only one alternative
         */
        break;
    }
    return x509Token;
}
 
Example 14
Source File: SecureConversationTokenBuilder.java    From steady with Apache License 2.0 4 votes vote down vote up
public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {

    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;
    
    
    SecureConversationToken conversationToken = new SecureConversationToken(consts);
    conversationToken.setOptional(PolicyConstants.isOptional(element));
    conversationToken.setIgnorable(PolicyConstants.isIgnorable(element));

    String attribute = DOMUtils.getAttribute(element, consts.getIncludeToken());
    if (attribute != null) {
        conversationToken.setInclusion(consts.getInclusionFromAttributeValue(attribute.trim()));
    }
    
    Element elem = DOMUtils.getFirstElement(element);
    boolean foundPolicy = false;
    while (elem != null) {
        QName qn = DOMUtils.getElementQName(elem);
        if (Constants.isPolicyElement(qn)) {
            foundPolicy = true;
            if (DOMUtils.getFirstChildWithName(elem, 
                                               consts.getNamespace(),
                                               SPConstants.REQUIRE_DERIVED_KEYS) != null) {
                conversationToken.setDerivedKeys(true);
            } else if (DOMUtils.getFirstChildWithName(elem, 
                                                      SP12Constants
                                                          .REQUIRE_IMPLIED_DERIVED_KEYS) 
                                                      != null) {
                conversationToken.setImpliedDerivedKeys(true);
            } else if (DOMUtils.getFirstChildWithName(elem, 
                                                      SP12Constants
                                                          .REQUIRE_EXPLICIT_DERIVED_KEYS)
                                                          != null) {
                conversationToken.setExplicitDerivedKeys(true);
            }


            if (DOMUtils.getFirstChildWithName(elem,
                                               consts.getNamespace(),
                                               SPConstants.REQUIRE_EXTERNAL_URI_REFERENCE) != null) {
                conversationToken.setRequireExternalUriRef(true);
            }

            if (DOMUtils.getFirstChildWithName(elem, 
                                               consts.getNamespace(),
                                               SPConstants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
                conversationToken.setSc10SecurityContextToken(true);
            }
            
            if (DOMUtils.getFirstChildWithName(elem, 
                    consts.getNamespace(),
                    SPConstants.SC13_SECURITY_CONTEXT_TOKEN) != null) {
                conversationToken.setSc13SecurityContextToken(true);
            }

            Element bootstrapPolicyElement = DOMUtils.getFirstChildWithName(elem, 
                                                                            consts.getNamespace(),
                                                                            SPConstants.BOOTSTRAP_POLICY);
            if (bootstrapPolicyElement != null) {
                Policy policy = builder.getPolicy(DOMUtils.getFirstElement(bootstrapPolicyElement));
                conversationToken.setBootstrapPolicy(policy);
            }

        } else if (consts.getNamespace().equals(qn.getNamespaceURI())
            && SPConstants.ISSUER.equals(qn.getLocalPart())) {
            conversationToken.setIssuerEpr(DOMUtils.getFirstElement(elem));                
        }
        elem = DOMUtils.getNextElement(elem);
    }
    
    if (!foundPolicy && consts != SP11Constants.INSTANCE) {
        throw new IllegalArgumentException(
            "sp:SecureConversationToken/wsp:Policy must have a value"
        );
    }
    
    return conversationToken;
}
 
Example 15
Source File: Trust13Builder.java    From steady with Apache License 2.0 4 votes vote down vote up
public Assertion build(Element element, AssertionBuilderFactory factory) {
    element = PolicyConstants.findPolicyElement(element);

    if (element == null) {
        throw new IllegalArgumentException(
                "Trust13 assertion doesn't contain any Policy");
    }

    Trust13 trust13 = new Trust13(SP12Constants.INSTANCE);

    if (DOMUtils
            .getFirstChildWithName(element, SP12Constants.MUST_SUPPORT_CLIENT_CHALLENGE) != null) {
        trust13.setMustSupportClientChallenge(true);
    }

    if (DOMUtils
            .getFirstChildWithName(element, SP12Constants.MUST_SUPPORT_SERVER_CHALLENGE) != null) {
        trust13.setMustSupportServerChallenge(true);
    }

    if (DOMUtils.getFirstChildWithName(element, SP12Constants.REQUIRE_CLIENT_ENTROPY) != null) {
        trust13.setRequireClientEntropy(true);
    }

    if (DOMUtils.getFirstChildWithName(element, SP12Constants.REQUIRE_SERVER_ENTROPY) != null) {
        trust13.setRequireServerEntropy(true);
    }

    if (DOMUtils.getFirstChildWithName(element, SP12Constants.MUST_SUPPORT_ISSUED_TOKENS) != null) {
        trust13.setMustSupportIssuedTokens(true);
    }
    
    if (DOMUtils.getFirstChildWithName(element,
                                       SP12Constants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION) != null) {
        trust13.setRequireRequestSecurityTokenCollection(true);
    }
    
    if (DOMUtils.getFirstChildWithName(element, SP12Constants.REQUIRE_APPLIES_TO) != null) {
        trust13.setRequireAppliesTo(true);
    }

    return trust13;
}
 
Example 16
Source File: SecurityContextTokenBuilder.java    From steady with Apache License 2.0 4 votes vote down vote up
public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {

    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;

    SecurityContextToken contextToken = new SecurityContextToken(consts);

    String includeAttr = DOMUtils.getAttribute(element, consts.getIncludeToken());

    if (includeAttr != null) {
        contextToken.setInclusion(consts.getInclusionFromAttributeValue(includeAttr));
    }

    element = PolicyConstants.findPolicyElement(element);
    if (element == null && consts != SP11Constants.INSTANCE) {
        throw new IllegalArgumentException(
            "sp:SecurityContextToken/wsp:Policy must have a value"
        );
    }

    if (element != null) {
        if (DOMUtils.getFirstChildWithName(element, 
                consts.getNamespace(),
                SPConstants.REQUIRE_DERIVED_KEYS) != null) {
            contextToken.setDerivedKeys(true);
        }

        if (DOMUtils.getFirstChildWithName(element, 
                consts.getNamespace(),
                SPConstants.REQUIRE_EXTERNAL_URI_REFERENCE) != null) {
            contextToken.setRequireExternalUriRef(true);
        }

        if (DOMUtils.getFirstChildWithName(element,
                consts.getNamespace(),
                SPConstants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
            contextToken.setSc10SecurityContextToken(true);
        }

        if (DOMUtils.getFirstChildWithName(element,
                consts.getNamespace(),
                SPConstants.SC13_SECURITY_CONTEXT_TOKEN) != null) {
            contextToken.setSc13SecurityContextToken(true);
        }
    }

    return contextToken;
}
 
Example 17
Source File: X509TokenBuilder.java    From steady with Apache License 2.0 4 votes vote down vote up
public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {
    
    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;
    X509Token x509Token = new X509Token(consts);
    x509Token.setOptional(PolicyConstants.isOptional(element));
    x509Token.setIgnorable(PolicyConstants.isIgnorable(element));

    Element policyElement = DOMUtils.getFirstElement(element);
    if (policyElement == null && consts != SP11Constants.INSTANCE) {
        throw new IllegalArgumentException(
            "sp:X509Token/wsp:Policy must have a value"
        );
    }

    // Process token inclusion
    String includeAttr = DOMUtils.getAttribute(element, consts.getIncludeToken());

    if (includeAttr != null) {
        SPConstants.IncludeTokenType inclusion 
            = consts.getInclusionFromAttributeValue(includeAttr);
        x509Token.setInclusion(inclusion);
    }

    if (policyElement != null) {
        if (DOMUtils.getFirstChildWithName(policyElement, consts.getRequiredDerivedKeys()) != null) {
            x509Token.setDerivedKeys(true);
        } else if (DOMUtils.getFirstChildWithName(policyElement, 
                SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS) != null) {
            x509Token.setImpliedDerivedKeys(true);
        } else if (DOMUtils.getFirstChildWithName(policyElement, 
                SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS) != null) {
            x509Token.setExplicitDerivedKeys(true);
        }
    }

    Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
    policy = policy.normalize(builder.getPolicyRegistry(), false);

    for (Iterator<List<Assertion>> iterator = policy.getAlternatives(); iterator.hasNext();) {
        processAlternative(iterator.next(), x509Token, consts);

        /*
         * since there should be only one alternative
         */
        break;
    }
    return x509Token;
}
 
Example 18
Source File: SecurityContextTokenBuilder.java    From steady with Apache License 2.0 4 votes vote down vote up
public Assertion build(Element element, AssertionBuilderFactory factory)
    throws IllegalArgumentException {

    SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
        ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;

    SecurityContextToken contextToken = new SecurityContextToken(consts);

    String includeAttr = DOMUtils.getAttribute(element, consts.getIncludeToken());

    if (includeAttr != null) {
        contextToken.setInclusion(consts.getInclusionFromAttributeValue(includeAttr));
    }

    element = PolicyConstants.findPolicyElement(element);
    if (element == null && consts != SP11Constants.INSTANCE) {
        throw new IllegalArgumentException(
            "sp:SecurityContextToken/wsp:Policy must have a value"
        );
    }

    if (element != null) {
        if (DOMUtils.getFirstChildWithName(element, 
                consts.getNamespace(),
                SPConstants.REQUIRE_DERIVED_KEYS) != null) {
            contextToken.setDerivedKeys(true);
        }

        if (DOMUtils.getFirstChildWithName(element, 
                consts.getNamespace(),
                SPConstants.REQUIRE_EXTERNAL_URI_REFERENCE) != null) {
            contextToken.setRequireExternalUriRef(true);
        }

        if (DOMUtils.getFirstChildWithName(element,
                consts.getNamespace(),
                SPConstants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
            contextToken.setSc10SecurityContextToken(true);
        }

        if (DOMUtils.getFirstChildWithName(element,
                consts.getNamespace(),
                SPConstants.SC13_SECURITY_CONTEXT_TOKEN) != null) {
            contextToken.setSc13SecurityContextToken(true);
        }
    }

    return contextToken;
}
 
Example 19
Source File: Trust13Builder.java    From steady with Apache License 2.0 4 votes vote down vote up
public Assertion build(Element element, AssertionBuilderFactory factory) {
    element = PolicyConstants.findPolicyElement(element);

    if (element == null) {
        throw new IllegalArgumentException(
                "Trust13 assertion doesn't contain any Policy");
    }

    Trust13 trust13 = new Trust13(SP12Constants.INSTANCE);

    if (DOMUtils
            .getFirstChildWithName(element, SP12Constants.MUST_SUPPORT_CLIENT_CHALLENGE) != null) {
        trust13.setMustSupportClientChallenge(true);
    }

    if (DOMUtils
            .getFirstChildWithName(element, SP12Constants.MUST_SUPPORT_SERVER_CHALLENGE) != null) {
        trust13.setMustSupportServerChallenge(true);
    }

    if (DOMUtils.getFirstChildWithName(element, SP12Constants.REQUIRE_CLIENT_ENTROPY) != null) {
        trust13.setRequireClientEntropy(true);
    }

    if (DOMUtils.getFirstChildWithName(element, SP12Constants.REQUIRE_SERVER_ENTROPY) != null) {
        trust13.setRequireServerEntropy(true);
    }

    if (DOMUtils.getFirstChildWithName(element, SP12Constants.MUST_SUPPORT_ISSUED_TOKENS) != null) {
        trust13.setMustSupportIssuedTokens(true);
    }
    
    if (DOMUtils.getFirstChildWithName(element,
                                       SP12Constants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION) != null) {
        trust13.setRequireRequestSecurityTokenCollection(true);
    }
    
    if (DOMUtils.getFirstChildWithName(element, SP12Constants.REQUIRE_APPLIES_TO) != null) {
        trust13.setRequireAppliesTo(true);
    }

    return trust13;
}
 
Example 20
Source File: STSClient.java    From steady with Apache License 2.0 4 votes vote down vote up
protected List<SecurityToken> validateSecurityToken(SecurityToken tok, String tokentype) 
    throws Exception {
    STSResponse response = validate(tok, tokentype);
    
    Element el = getDocumentElement(response.getResponse());
    if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
        el = DOMUtils.getFirstElement(el);
    }
    if (!"RequestSecurityTokenResponse".equals(el.getLocalName())) {
        throw new Fault("Unexpected element " + el.getLocalName(), LOG);
    }
    el = DOMUtils.getFirstElement(el);
    String reason = null;
    boolean valid = false;
    List<SecurityToken> tokens = new LinkedList<SecurityToken>();
    while (el != null) {
        if ("Status".equals(el.getLocalName())) {
            Element e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Code");
            String s = DOMUtils.getContent(e2);
            valid = s.endsWith("/status/valid");
            
            e2 = DOMUtils.getFirstChildWithName(el, el.getNamespaceURI(), "Reason");
            if (e2 != null) {
                reason = DOMUtils.getContent(e2);
            }
        } else if ("RequestedSecurityToken".equals(el.getLocalName())) {
            Element requestedSecurityTokenElement = DOMUtils.getFirstElement(el);
            String id = findID(null, null, requestedSecurityTokenElement);
            if (StringUtils.isEmpty(id)) {
                throw new TrustException("NO_ID", LOG);
            }
            SecurityToken requestedSecurityToken = new SecurityToken(id);
            requestedSecurityToken.setToken(requestedSecurityTokenElement);
            tokens.add(requestedSecurityToken);
        }
        el = DOMUtils.getNextElement(el);
    }
    if (!valid) {
        throw new TrustException(LOG, "VALIDATION_FAILED", reason);
    }
    if (tokens.isEmpty()) {
        tokens.add(tok);
    }
    return tokens;
}