org.apache.cxf.helpers.CastUtils Java Examples

The following examples show how to use org.apache.cxf.helpers.CastUtils. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AbstractPolicySecurityTest.java    From steady with Apache License 2.0 6 votes vote down vote up
protected void verifyWss4jEncResults(SoapMessage inmsg) {
    //
    // There should be exactly 1 (WSS4J) HandlerResult
    //
    final List<WSHandlerResult> handlerResults = 
        CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS));
    assertNotNull(handlerResults);
    assertSame(handlerResults.size(), 1);

    List<WSSecurityEngineResult> protectionResults = new Vector<WSSecurityEngineResult>();
    WSSecurityUtil.fetchAllActionResults(handlerResults.get(0).getResults(),
            WSConstants.ENCR, protectionResults);
    assertNotNull(protectionResults);
    
    //
    // This result should contain a reference to the decrypted element
    //
    final Map<String, Object> result = protectionResults
            .get(0);
    final List<WSDataRef> protectedElements = 
        CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
    assertNotNull(protectedElements);
}
 
Example #2
Source File: KerberosTokenInterceptorProvider.java    From steady with Apache License 2.0 6 votes vote down vote up
public void handleMessage(Message message) throws Fault {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim != null) {
        Collection<AssertionInfo> ais = aim.get(SP12Constants.KERBEROS_TOKEN);
        if (ais == null) {
            return;
        }
        if (!isRequestor(message)) {
            List<WSHandlerResult> results = 
                CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
            if (results != null && results.size() > 0) {
                parseHandlerResults(results.get(0), message, aim);
            }
        } else {
            //client side should be checked on the way out
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }                    
        }
    }
}
 
Example #3
Source File: AbstractBindingPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Check to see if encryption was applied before signature.
 * Note that results are stored in the reverse order.
 */
private boolean isEncryptedBeforeSigned(List<WSSecurityEngineResult> results) {
    boolean encrypted = false;
    for (WSSecurityEngineResult result : results) {
        Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
        List<WSDataRef> el = 
            CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        
        if (actInt.intValue() == WSConstants.ENCR && el != null) {
            encrypted = true;
        }
        // Don't count an endorsing signature
        if (actInt.intValue() == WSConstants.SIGN && el != null
            && !(el.size() == 1 && el.get(0).getName().equals(SIG_QNAME))) {
            if (encrypted) {
                return true;
            }
            return false;
        }
    }
    return false;
}
 
Example #4
Source File: AbstractSupportingTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Check that an Element is signed or encrypted by one of the token results
 */
private boolean checkProtectionResult(
    Element elementToProtect,
    boolean content,
    List<WSSecurityEngineResult> protResults,
    List<WSSecurityEngineResult> tokenResults
) {
    for (WSSecurityEngineResult result : protResults) {
        List<WSDataRef> dataRefs = 
            CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        if (dataRefs != null) {
            for (WSDataRef dataRef : dataRefs) {
                if (elementToProtect == dataRef.getProtectedElement()
                    && content == dataRef.isContent()
                    && checkSignatureOrEncryptionResult(result, tokenResults)) {
                    return true;
                }
            }
        }
    }
    return false;
}
 
Example #5
Source File: AbstractBindingPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Check to see if a signature was applied before encryption.
 * Note that results are stored in the reverse order.
 */
private boolean isSignedBeforeEncrypted(List<WSSecurityEngineResult> results) {
    boolean signed = false;
    for (WSSecurityEngineResult result : results) {
        Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
        List<WSDataRef> el = 
            CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        
        // Don't count an endorsing signature
        if (actInt.intValue() == WSConstants.SIGN && el != null
            && !(el.size() == 1 && el.get(0).getName().equals(SIG_QNAME))) {
            signed = true;
        }
        if (actInt.intValue() == WSConstants.ENCR && el != null) {
            if (signed) {
                return true;
            }
            return false;
        }
    }
    return false;
}
 
Example #6
Source File: AbstractSupportingTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Return true if the Signature is itself signed by one of the token results
 * @param tokenResults A list of WSSecurityEngineResults corresponding to tokens
 * @return true if the Signature is itself signed
 */
private boolean checkSignatureIsSigned(List<WSSecurityEngineResult> tokenResults) {
    for (WSSecurityEngineResult signedResult : signedResults) {
        List<WSDataRef> sl =
            CastUtils.cast((List<?>)signedResult.get(
                WSSecurityEngineResult.TAG_DATA_REF_URIS
            ));
        if (sl != null && sl.size() == 1) {
            for (WSDataRef dataRef : sl) {
                QName signedQName = dataRef.getName();
                if (WSSecurityEngine.SIGNATURE.equals(signedQName)
                    && checkSignatureOrEncryptionResult(signedResult, tokenResults)) {
                    return true;
                }
            }
        }
    }
    return false;
}
 
Example #7
Source File: AbstractBindingPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Check to see if a signature was applied before encryption.
 * Note that results are stored in the reverse order.
 */
private boolean isSignedBeforeEncrypted(List<WSSecurityEngineResult> results) {
    boolean signed = false;
    for (WSSecurityEngineResult result : results) {
        Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
        List<WSDataRef> el = 
            CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        
        // Don't count an endorsing signature
        if (actInt.intValue() == WSConstants.SIGN && el != null
            && !(el.size() == 1 && el.get(0).getName().equals(SIG_QNAME))) {
            signed = true;
        }
        if (actInt.intValue() == WSConstants.ENCR && el != null) {
            if (signed) {
                return true;
            }
            return false;
        }
    }
    return false;
}
 
Example #8
Source File: IssuedTokenInterceptorProvider.java    From steady with Apache License 2.0 6 votes vote down vote up
public void handleMessage(Message message) throws Fault {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim != null) {
        Collection<AssertionInfo> ais = aim.get(SP12Constants.ISSUED_TOKEN);
        if (ais == null) {
            return;
        }
        if (!isRequestor(message)) {
            List<WSHandlerResult> results = 
                CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
            if (results != null && results.size() > 0) {
                parseHandlerResults(results.get(0), message, aim);
            }
        } else {
            //client side should be checked on the way out
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }                    
        }
    }
}
 
Example #9
Source File: AbstractSupportingTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Return true if a token was encrypted, false otherwise.
 */
private boolean isTokenEncrypted(Element token) {
    for (WSSecurityEngineResult signedResult : encryptedResults) {
        List<WSDataRef> dataRefs = 
            CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        if (dataRefs == null) {
            return false;
        }
        for (WSDataRef dataRef : dataRefs) {
            if (token == dataRef.getProtectedElement()) {
                return true;
            }
        }
    }
    return false;
}
 
Example #10
Source File: AbstractBindingPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Validate the entire header and body signature property.
 */
protected boolean validateEntireHeaderAndBodySignatures(
    List<WSSecurityEngineResult> signedResults
) {
    for (WSSecurityEngineResult signedResult : signedResults) {
        List<WSDataRef> dataRefs = 
                CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        for (WSDataRef dataRef : dataRefs) {
            String xpath = dataRef.getXpath();
            if (xpath != null) {
                String[] nodes = StringUtils.split(xpath, "/");
                // envelope/Body || envelope/Header/header || envelope/Header/wsse:Security/header
                if (nodes.length == 5 && nodes[3].contains("Security")) {
                    continue;
                } else if (nodes.length < 3 || nodes.length > 4) {
                    return false;
                }
            }
        }
    }
    return true;
}
 
Example #11
Source File: AbstractBindingPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Check to see if a signature was applied before encryption.
 * Note that results are stored in the reverse order.
 */
private boolean isSignedBeforeEncrypted(List<WSSecurityEngineResult> results) {
    boolean signed = false;
    for (WSSecurityEngineResult result : results) {
        Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
        List<WSDataRef> el = 
            CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        
        // Don't count an endorsing signature
        if (actInt.intValue() == WSConstants.SIGN && el != null
            && !(el.size() == 1 && el.get(0).getName().equals(SIG_QNAME))) {
            signed = true;
        }
        if (actInt.intValue() == WSConstants.ENCR && el != null) {
            if (signed) {
                return true;
            }
            return false;
        }
    }
    return false;
}
 
Example #12
Source File: AbstractSupportingTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Return true if the Timestamp is signed by one of the token results
 * @param tokenResults A list of WSSecurityEngineResults corresponding to tokens
 * @return true if the Timestamp is signed
 */
private boolean checkTimestampIsSigned(List<WSSecurityEngineResult> tokenResults) {
    for (WSSecurityEngineResult signedResult : signedResults) {
        List<WSDataRef> sl =
            CastUtils.cast((List<?>)signedResult.get(
                WSSecurityEngineResult.TAG_DATA_REF_URIS
            ));
        if (sl != null) {
            for (WSDataRef dataRef : sl) {
                if (timestamp == dataRef.getProtectedElement()
                    && checkSignatureOrEncryptionResult(signedResult, tokenResults)) {
                    return true;
                }
            }
        }
    }
    return false;
}
 
Example #13
Source File: AbstractSupportingTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Return true if the Timestamp is signed by one of the token results
 * @param tokenResults A list of WSSecurityEngineResults corresponding to tokens
 * @return true if the Timestamp is signed
 */
private boolean checkTimestampIsSigned(List<WSSecurityEngineResult> tokenResults) {
    for (WSSecurityEngineResult signedResult : signedResults) {
        List<WSDataRef> sl =
            CastUtils.cast((List<?>)signedResult.get(
                WSSecurityEngineResult.TAG_DATA_REF_URIS
            ));
        if (sl != null) {
            for (WSDataRef dataRef : sl) {
                if (timestamp == dataRef.getProtectedElement()
                    && checkSignatureOrEncryptionResult(signedResult, tokenResults)) {
                    return true;
                }
            }
        }
    }
    return false;
}
 
Example #14
Source File: AbstractSupportingTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Check that an Element is signed or encrypted by one of the token results
 */
private boolean checkProtectionResult(
    Element elementToProtect,
    boolean content,
    List<WSSecurityEngineResult> protResults,
    List<WSSecurityEngineResult> tokenResults
) {
    for (WSSecurityEngineResult result : protResults) {
        List<WSDataRef> dataRefs = 
            CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        if (dataRefs != null) {
            for (WSDataRef dataRef : dataRefs) {
                if (elementToProtect == dataRef.getProtectedElement()
                    && content == dataRef.isContent()
                    && checkSignatureOrEncryptionResult(result, tokenResults)) {
                    return true;
                }
            }
        }
    }
    return false;
}
 
Example #15
Source File: AbstractBindingPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Validate the entire header and body signature property.
 */
protected boolean validateEntireHeaderAndBodySignatures(
    List<WSSecurityEngineResult> signedResults
) {
    for (WSSecurityEngineResult signedResult : signedResults) {
        List<WSDataRef> dataRefs = 
                CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        for (WSDataRef dataRef : dataRefs) {
            String xpath = dataRef.getXpath();
            if (xpath != null) {
                String[] nodes = StringUtils.split(xpath, "/");
                // envelope/Body || envelope/Header/header || envelope/Header/wsse:Security/header
                if (nodes.length == 5 && nodes[3].contains("Security")) {
                    continue;
                } else if (nodes.length < 3 || nodes.length > 4) {
                    return false;
                }
            }
        }
    }
    return true;
}
 
Example #16
Source File: AbstractBindingPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Return true if the given id was encrypted
 */
private boolean isIdEncrypted(String sigId, List<WSSecurityEngineResult> results) {
    for (WSSecurityEngineResult wser : results) {
        Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
        if (actInt.intValue() == WSConstants.ENCR) {
            List<WSDataRef> el = 
                CastUtils.cast((List<?>)wser.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
            if (el != null) {
                for (WSDataRef r : el) {
                    Element protectedElement = r.getProtectedElement();
                    if (protectedElement != null) {
                        String id = protectedElement.getAttribute("Id");
                        String wsuId = protectedElement.getAttributeNS(WSConstants.WSU_NS, "Id");
                        if (sigId.equals(id) || sigId.equals(wsuId)) {
                            return true;
                        }
                    }
                }
            }
        }
    }
    return false;
}
 
Example #17
Source File: AbstractBindingPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Validate the entire header and body signature property.
 */
protected boolean validateEntireHeaderAndBodySignatures(
    List<WSSecurityEngineResult> signedResults
) {
    for (WSSecurityEngineResult signedResult : signedResults) {
        List<WSDataRef> dataRefs = 
                CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        for (WSDataRef dataRef : dataRefs) {
            String xpath = dataRef.getXpath();
            if (xpath != null) {
                String[] nodes = StringUtils.split(xpath, "/");
                // envelope/Body || envelope/Header/header || envelope/Header/wsse:Security/header
                if (nodes.length == 5 && nodes[3].contains("Security")) {
                    continue;
                } else if (nodes.length < 3 || nodes.length > 4) {
                    return false;
                }
            }
        }
    }
    return true;
}
 
Example #18
Source File: KerberosTokenInterceptorProvider.java    From steady with Apache License 2.0 6 votes vote down vote up
public void handleMessage(Message message) throws Fault {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim != null) {
        Collection<AssertionInfo> ais = aim.get(SP12Constants.KERBEROS_TOKEN);
        if (ais == null) {
            return;
        }
        if (!isRequestor(message)) {
            List<WSHandlerResult> results = 
                CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
            if (results != null && results.size() > 0) {
                parseHandlerResults(results.get(0), message, aim);
            }
        } else {
            //client side should be checked on the way out
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }                    
        }
    }
}
 
Example #19
Source File: KerberosTokenInterceptorProvider.java    From steady with Apache License 2.0 6 votes vote down vote up
public void handleMessage(Message message) throws Fault {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim != null) {
        Collection<AssertionInfo> ais = aim.get(SP12Constants.KERBEROS_TOKEN);
        if (ais == null) {
            return;
        }
        if (!isRequestor(message)) {
            List<WSHandlerResult> results = 
                CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
            if (results != null && results.size() > 0) {
                parseHandlerResults(results.get(0), message, aim);
            }
        } else {
            //client side should be checked on the way out
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }                    
        }
    }
}
 
Example #20
Source File: IssuedTokenInterceptorProvider.java    From steady with Apache License 2.0 6 votes vote down vote up
public void handleMessage(Message message) throws Fault {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim != null) {
        Collection<AssertionInfo> ais = aim.get(SP12Constants.ISSUED_TOKEN);
        if (ais == null) {
            return;
        }
        if (!isRequestor(message)) {
            List<WSHandlerResult> results = 
                CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
            if (results != null && results.size() > 0) {
                parseHandlerResults(results.get(0), message, aim);
            }
        } else {
            //client side should be checked on the way out
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }                    
        }
    }
}
 
Example #21
Source File: AbstractSupportingTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Return true if the Signature is itself signed by one of the token results
 * @param tokenResults A list of WSSecurityEngineResults corresponding to tokens
 * @return true if the Signature is itself signed
 */
private boolean checkSignatureIsSigned(List<WSSecurityEngineResult> tokenResults) {
    for (WSSecurityEngineResult signedResult : signedResults) {
        List<WSDataRef> sl =
            CastUtils.cast((List<?>)signedResult.get(
                WSSecurityEngineResult.TAG_DATA_REF_URIS
            ));
        if (sl != null && sl.size() == 1) {
            for (WSDataRef dataRef : sl) {
                QName signedQName = dataRef.getName();
                if (WSSecurityEngine.SIGNATURE.equals(signedQName)
                    && checkSignatureOrEncryptionResult(signedResult, tokenResults)) {
                    return true;
                }
            }
        }
    }
    return false;
}
 
Example #22
Source File: AbstractSupportingTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Return true if the Signature is itself signed by one of the token results
 * @param tokenResults A list of WSSecurityEngineResults corresponding to tokens
 * @return true if the Signature is itself signed
 */
private boolean checkSignatureIsSigned(List<WSSecurityEngineResult> tokenResults) {
    for (WSSecurityEngineResult signedResult : signedResults) {
        List<WSDataRef> sl =
            CastUtils.cast((List<?>)signedResult.get(
                WSSecurityEngineResult.TAG_DATA_REF_URIS
            ));
        if (sl != null && sl.size() == 1) {
            for (WSDataRef dataRef : sl) {
                QName signedQName = dataRef.getName();
                if (WSSecurityEngine.SIGNATURE.equals(signedQName)
                    && checkSignatureOrEncryptionResult(signedResult, tokenResults)) {
                    return true;
                }
            }
        }
    }
    return false;
}
 
Example #23
Source File: AbstractBindingPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Return true if the given id was encrypted
 */
private boolean isIdEncrypted(String sigId, List<WSSecurityEngineResult> results) {
    for (WSSecurityEngineResult wser : results) {
        Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
        if (actInt.intValue() == WSConstants.ENCR) {
            List<WSDataRef> el = 
                CastUtils.cast((List<?>)wser.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
            if (el != null) {
                for (WSDataRef r : el) {
                    Element protectedElement = r.getProtectedElement();
                    if (protectedElement != null) {
                        String id = protectedElement.getAttribute("Id");
                        String wsuId = protectedElement.getAttributeNS(WSConstants.WSU_NS, "Id");
                        if (sigId.equals(id) || sigId.equals(wsuId)) {
                            return true;
                        }
                    }
                }
            }
        }
    }
    return false;
}
 
Example #24
Source File: AbstractSupportingTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Return true if the Timestamp is signed by one of the token results
 * @param tokenResults A list of WSSecurityEngineResults corresponding to tokens
 * @return true if the Timestamp is signed
 */
private boolean checkTimestampIsSigned(List<WSSecurityEngineResult> tokenResults) {
    for (WSSecurityEngineResult signedResult : signedResults) {
        List<WSDataRef> sl =
            CastUtils.cast((List<?>)signedResult.get(
                WSSecurityEngineResult.TAG_DATA_REF_URIS
            ));
        if (sl != null) {
            for (WSDataRef dataRef : sl) {
                if (timestamp == dataRef.getProtectedElement()
                    && checkSignatureOrEncryptionResult(signedResult, tokenResults)) {
                    return true;
                }
            }
        }
    }
    return false;
}
 
Example #25
Source File: AbstractSupportingTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Check that an Element is signed or encrypted by one of the token results
 */
private boolean checkProtectionResult(
    Element elementToProtect,
    boolean content,
    List<WSSecurityEngineResult> protResults,
    List<WSSecurityEngineResult> tokenResults
) {
    for (WSSecurityEngineResult result : protResults) {
        List<WSDataRef> dataRefs = 
            CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        if (dataRefs != null) {
            for (WSDataRef dataRef : dataRefs) {
                if (elementToProtect == dataRef.getProtectedElement()
                    && content == dataRef.isContent()
                    && checkSignatureOrEncryptionResult(result, tokenResults)) {
                    return true;
                }
            }
        }
    }
    return false;
}
 
Example #26
Source File: AbstractSupportingTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Return true if a token was encrypted, false otherwise.
 */
private boolean isTokenEncrypted(Element token) {
    for (WSSecurityEngineResult signedResult : encryptedResults) {
        List<WSDataRef> dataRefs = 
            CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        if (dataRefs == null) {
            return false;
        }
        for (WSDataRef dataRef : dataRefs) {
            if (token == dataRef.getProtectedElement()) {
                return true;
            }
        }
    }
    return false;
}
 
Example #27
Source File: WSS4JInInterceptor.java    From steady with Apache License 2.0 6 votes vote down vote up
public WSS4JInInterceptor(Map<String, Object> properties) {
    this();
    setProperties(properties);
    final Map<QName, Object> processorMap = CastUtils.cast(
        (Map<?, ?>)properties.get(PROCESSOR_MAP));
    final Map<QName, Object> validatorMap = CastUtils.cast(
        (Map<?, ?>)properties.get(VALIDATOR_MAP));
    
    if (processorMap != null) {
        if (validatorMap != null) {
            processorMap.putAll(validatorMap);
        }
        secEngineOverride = createSecurityEngine(processorMap);
    } else if (validatorMap != null) {
        secEngineOverride = createSecurityEngine(validatorMap);
    }
}
 
Example #28
Source File: AbstractPolicySecurityTest.java    From steady with Apache License 2.0 6 votes vote down vote up
protected void verifyWss4jEncResults(SoapMessage inmsg) {
    //
    // There should be exactly 1 (WSS4J) HandlerResult
    //
    final List<WSHandlerResult> handlerResults = 
        CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS));
    assertNotNull(handlerResults);
    assertSame(handlerResults.size(), 1);

    List<WSSecurityEngineResult> protectionResults = new Vector<WSSecurityEngineResult>();
    WSSecurityUtil.fetchAllActionResults(handlerResults.get(0).getResults(),
            WSConstants.ENCR, protectionResults);
    assertNotNull(protectionResults);
    
    //
    // This result should contain a reference to the decrypted element
    //
    final Map<String, Object> result = protectionResults
            .get(0);
    final List<WSDataRef> protectedElements = 
        CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
    assertNotNull(protectedElements);
}
 
Example #29
Source File: AbstractSupportingTokenPolicyValidator.java    From steady with Apache License 2.0 6 votes vote down vote up
/**
 * Check that an Element is signed or encrypted by one of the token results
 */
private boolean checkProtectionResult(
    Element elementToProtect,
    boolean content,
    List<WSSecurityEngineResult> protResults,
    List<WSSecurityEngineResult> tokenResults
) {
    for (WSSecurityEngineResult result : protResults) {
        List<WSDataRef> dataRefs = 
            CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
        if (dataRefs != null) {
            for (WSDataRef dataRef : dataRefs) {
                if (elementToProtect == dataRef.getProtectedElement()
                    && content == dataRef.isContent()
                    && checkSignatureOrEncryptionResult(result, tokenResults)) {
                    return true;
                }
            }
        }
    }
    return false;
}
 
Example #30
Source File: KerberosTokenInterceptorProvider.java    From steady with Apache License 2.0 6 votes vote down vote up
public void handleMessage(Message message) throws Fault {
    AssertionInfoMap aim = message.get(AssertionInfoMap.class);
    // extract Assertion information
    if (aim != null) {
        Collection<AssertionInfo> ais = aim.get(SP12Constants.KERBEROS_TOKEN);
        if (ais == null) {
            return;
        }
        if (!isRequestor(message)) {
            List<WSHandlerResult> results = 
                CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
            if (results != null && results.size() > 0) {
                parseHandlerResults(results.get(0), message, aim);
            }
        } else {
            //client side should be checked on the way out
            for (AssertionInfo ai : ais) {
                ai.setAsserted(true);
            }                    
        }
    }
}