Package org.apache.rampart.util

Class RampartUtil

java.lang.Object
org.apache.rampart.util.RampartUtil
public class RampartUtil extends Object

  • Constructor Details

    • RampartUtil

      public RampartUtil()

  • Method Details

    • getPasswordCB

      public static CallbackHandler getPasswordCB(RampartMessageData rmd) throws RampartException
      Throws:
      RampartException

    • getPasswordCB

      public static CallbackHandler getPasswordCB(org.apache.axis2.context.MessageContext msgContext, RampartPolicyData rpd) throws RampartException
      Parameters:
      msgContext - Axis2 MessageContext
      rpd - RampartPolicyData
      Returns:
      The CallbackHandler instance
      Throws:
      RampartException - If an error occurred getting the CallbackHandler Object

    • getKerberosTokenDecoder

      public static org.apache.wss4j.common.kerberos.KerberosTokenDecoder getKerberosTokenDecoder(org.apache.axis2.context.MessageContext msgContext, KerberosConfig kerberosConfig) throws RampartException
      Instantiates any Kerberos token decoder implementation configured via KerberosConfig.setKerberosTokenDecoderClass(String) using the class loader of the specified message context's service.
      Parameters:
      msgContext - The current message context. Must not be null and must contain a valid service instance.
      kerberosConfig - Rampart's Kerberos configuration.
      Returns:
      A new instance of KerberosTokenDecoder implementation configured via KerberosConfig.setKerberosTokenDecoderClass(String) or null if no Kerberos token decoder is configured.
      Throws:
      RampartException - If the class cannot be loaded or instantiated.

    • getPolicyValidatorCB

      public static PolicyValidatorCallbackHandler getPolicyValidatorCB(org.apache.axis2.context.MessageContext msgContext, RampartPolicyData rpd) throws RampartException
      Returns an instance of PolicyValidatorCallbackHandler to be used to validate ws-security results.
      Parameters:
      msgContext - MessageContext
      rpd - RampartPolicyData
      Returns:
      PolicyValidatorCallbackHandler
      Throws:
      RampartException - RampartException

    • getRampartConfigCallbackHandler

      public static RampartConfigCallbackHandler getRampartConfigCallbackHandler(org.apache.axis2.context.MessageContext msgContext, RampartPolicyData rpd) throws RampartException
      Throws:
      RampartException

    • performCallback

      public static org.apache.wss4j.common.ext.WSPasswordCallback performCallback(CallbackHandler cbHandler, String username, int doAction) throws RampartException
      Perform a callback to get a password.

      The called back function gets an indication why to provide a password: to produce a UsernameToken, Signature, or a password (key) for a given name.

      Parameters:
      cbHandler - CallbackHandler
      username - user
      doAction - action
      Returns:
      WSPasswordCallback value of Callback
      Throws:
      RampartException - If an error occurred getting the CallbackHandler Object

    • getEncryptionCrypto

      public static org.apache.wss4j.common.crypto.Crypto getEncryptionCrypto(RampartConfig config, ClassLoader loader) throws RampartException
      Create the Crypto instance for encryption using information from the rampart configuration assertion
      Parameters:
      config - Rampart Configuration
      loader - ClassLoader to perform operations
      Returns:
      The Crypto instance to be used for encryption
      Throws:
      RampartException - If the arguments are malformed.

    • getSignatureCrypto

      public static org.apache.wss4j.common.crypto.Crypto getSignatureCrypto(RampartConfig config, ClassLoader loader) throws RampartException
      Create the Crypto instance for signature using information from the rampart configuration assertion
      Parameters:
      config - Rampart Configuration
      loader - ClassLoader to perform operations
      Returns:
      The Crypto instance to be used for signature
      Throws:
      RampartException - If an error occurred getting the Crypto Object

    • getKeyIdentifier

      public static int getKeyIdentifier(X509Token token) throws RampartException
      figure out the key identifier of a give X509Token
      Parameters:
      token - X509 token
      Returns:
      The key identifier of a give X509Token
      Throws:
      RampartException - If an error occurred getting the key identifier

    • processIssuerAddress

      public static String processIssuerAddress(org.apache.axiom.om.OMElement issuerAddress) throws RampartException
      Process a give issuer address element and return the address.
      Parameters:
      issuerAddress - address
      Returns:
      The address of an issuer address element
      Throws:
      RampartException - If the issuer address element is malformed.

    • getPolicyFromMetadataRef

      public static org.apache.neethi.Policy getPolicyFromMetadataRef(org.apache.axiom.om.OMElement mex) throws RampartException
      Retrieve policy using metadata reference 
       <wsa:Metadata xmlns:wsa="http://www.w3.org/2005/08/addressing">
  <mex:Metadata
       xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
           <mex:MetadataSection>
                  <mex:MetadataReference>
                      <wsa:Address>http://address/of/mex/service</wsa:Address>
                  </mex:MetadataReference>
           </mex:MetadataSection>
  </mex:Metadata>
 </wsa:Metadata>
      Parameters:
      mex - Metadata element
      Returns:
      Policy from the mex service
      Throws:
      RampartException - If the element is malformed.

    • addRampartConfig

      public static org.apache.neethi.Policy addRampartConfig(RampartMessageData rmd, org.apache.neethi.Policy policy)

    • createRSTTempalteForSCT

      public static org.apache.axiom.om.OMElement createRSTTempalteForSCT(int conversationVersion, int wstVersion) throws RampartException
      Throws:
      RampartException

    • getTimeToLive

      public static int getTimeToLive(RampartMessageData messageData)

    • getTimestampMaxSkew

      public static int getTimestampMaxSkew(RampartMessageData messageData)

    • getSecConvToken

      public static String getSecConvToken(RampartMessageData rmd, SecureConversationToken secConvTok) throws TrustException, RampartException
      Obtain a security context token.
      Parameters:
      rmd - RampartMessageData
      secConvTok - context token
      Returns:
      Return the SecurityContextidentifier of the token
      Throws:
      TrustException - If TrustUtil fails
      RampartException - If the arguments are malformed.

    • getIssuedToken

      public static String getIssuedToken(RampartMessageData rmd, IssuedToken issuedToken) throws RampartException
      Obtain an issued token.
      Parameters:
      rmd - RampartMessageData
      issuedToken - issued token
      Returns:
      String The identifier of the issued token
      Throws:
      RampartException - If the arguments are malformed.

    • getToken

      public static String getToken(RampartMessageData rmd, org.apache.axiom.om.OMElement rstTemplate, String issuerEpr, String action, org.apache.neethi.Policy issuerPolicy) throws RampartException
      Request a token.
      Parameters:
      rmd - RampartMessageData
      rstTemplate - template
      issuerEpr - expiration
      action - what to find
      issuerPolicy - policy
      Returns:
      Return the identifier of the obtained token
      Throws:
      RampartException - If the arguments are malformed.

    • getSoapBodyId

      public static String getSoapBodyId(org.apache.axiom.soap.SOAPEnvelope env)

    • addWsuIdToElement

      public static String addWsuIdToElement(org.apache.axiom.om.OMElement elem)

    • adoptNode

      public static Node adoptNode(Document targetDocument, Node node)
      Change the owner document of the given node. The method first attempts to move the node using Document.adoptNode(Node). If that fails, it will import the node into the target document using Document.importNode(Node, boolean).
      Parameters:
      targetDocument - the target document
      node - the node to adopt or import
      Returns:
      the adopted or imported node

    • appendChildToSecHeader

      public static Element appendChildToSecHeader(RampartMessageData rmd, org.apache.axiom.om.OMElement elem)

    • appendChildToSecHeader

      public static Element appendChildToSecHeader(RampartMessageData rmd, Element elem)

    • insertSiblingAfter

      public static Element insertSiblingAfter(RampartMessageData rmd, Element child, Element sibling)

    • insertSiblingBefore

      public static Element insertSiblingBefore(RampartMessageData rmd, Element child, Element sibling)

    • getEncryptedParts

      public static List<org.apache.wss4j.common.WSEncryptionPart> getEncryptedParts(RampartMessageData rmd)

    • getSignedParts

      public static List<org.apache.wss4j.common.WSEncryptionPart> getSignedParts(RampartMessageData rmd)

    • getSupportingEncryptedParts

      public static List<org.apache.wss4j.common.WSEncryptionPart> getSupportingEncryptedParts(RampartMessageData rmd, SupportingPolicyData rpd)

    • getSupportingSignedParts

      public static List<org.apache.wss4j.common.WSEncryptionPart> getSupportingSignedParts(RampartMessageData rmd, SupportingPolicyData rpd)

    • findAllPrefixNamespaces

      public static Set findAllPrefixNamespaces(org.apache.axiom.om.OMElement currentElement, HashMap decNamespacess)

    • getContentEncryptedElements

      public static List<org.apache.wss4j.common.WSEncryptionPart> getContentEncryptedElements(List<org.apache.wss4j.common.WSEncryptionPart> encryptedPartsElements, org.apache.axiom.soap.SOAPEnvelope envelope, List<String> elements, HashMap decNamespaces)

    • createEncryptionPart

      public static org.apache.wss4j.common.WSEncryptionPart createEncryptionPart(String name, String id)
      Creates an Encryption or Signature paert with given name and id. Name must not be null.
      Parameters:
      name - The name of the part
      id - The id of the part.
      Returns:
      WSEncryptionPart.

    • createEncryptionPart

      public static org.apache.wss4j.common.WSEncryptionPart createEncryptionPart(String name, String id, String namespace, String modifier)
      Creates an encryption part. Could be a part or could be an element pointed through xpath expression.
      Parameters:
      name - Name of the element.
      id - The id of the element
      namespace - Namespace of the element.
      modifier - Modifier "Content" or "Element"
      Returns:
      A WSEncryptionPart

    • createEncryptionPart

      public static org.apache.wss4j.common.WSEncryptionPart createEncryptionPart(String name, String id, String namespace, String modifier, String xPath)
      Creates an encryption part. Could be a part or could be an element pointed through xpath expression.
      Parameters:
      name - Name of the element.
      id - The id of the element
      namespace - Namespace of the element.
      modifier - Modifier "Content" or "Element"
      xPath - The xPath expression
      Returns:
      A WSEncryptionPart

    • getPartsAndElements

      public static List<org.apache.wss4j.common.WSEncryptionPart> getPartsAndElements(boolean sign, org.apache.axiom.soap.SOAPEnvelope envelope, boolean includeBody, List<org.apache.wss4j.common.WSEncryptionPart> parts, List<String> elements, HashMap decNamespaces)

    • checkRequiredElements

      public static boolean checkRequiredElements(org.apache.axiom.soap.SOAPEnvelope envelope, HashMap decNamespaces, String expression)
      Get a element for SOAP
      Parameters:
      envelope - SOAP Envelope of which we should check required elements
      decNamespaces - Declared namespaces in RequiredElements assertion
      expression - XPATH expression of required elements
      Returns:
      boolean State of required elements

    • getEncryptionKeyGenerator

      public static KeyGenerator getEncryptionKeyGenerator(String symEncrAlgo) throws org.apache.wss4j.common.ext.WSSecurityException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException

    • getContextIdentifierKey

      public static String getContextIdentifierKey(org.apache.axis2.context.MessageContext msgContext)
      Creates the unique (reproducible) id for to hold the context identifier of the message exchange.
      Parameters:
      msgContext - Axis2 message state
      Returns:
      Id to hold the context identifier in the message context

    • getContextMap

      public static Hashtable getContextMap(org.apache.axis2.context.MessageContext msgContext)
      Returns the map of security context token identifiers
      Parameters:
      msgContext - The message context.
      Returns:
      Hashtable the map of security context token identifiers

    • isTokenValid

      public static boolean isTokenValid(RampartMessageData rmd, String id) throws RampartException
      Throws:
      RampartException

    • setEncryptionUser

      public static void setEncryptionUser(RampartMessageData rmd, org.apache.wss4j.dom.message.WSSecEncryptedKey encrKeyBuilder) throws RampartException
      Throws:
      RampartException

    • setEncryptionUser

      public static void setEncryptionUser(RampartMessageData rmd, org.apache.wss4j.dom.message.WSSecEncryptedKey encrKeyBuilder, String encrUser) throws RampartException
      Throws:
      RampartException

    • setKeyIdentifierType

      public static void setKeyIdentifierType(RampartMessageData rmd, org.apache.wss4j.dom.message.WSSecBase secBase, Token token)
      Sets the keyIdentifierType of WSSecSignature or WSSecEncryptedKey according to the given Token and RampartPolicyData First check the requirements specified under Token Assertion and if not found check the WSS11 and WSS10 assertions
      Parameters:
      rmd - RampartMessageData
      secBase - ws-wss4j Object
      token - Rampart token

    • getUsername

      public static String getUsername(List<org.apache.wss4j.dom.handler.WSHandlerResult> results)
      Scan through WSHandlerResult list for a Username token and return the username if a Username Token found
      Parameters:
      results - ws-wss4j Object
      Returns:
      String username

    • getRequestEncryptedKeyId

      public static String getRequestEncryptedKeyId(List<org.apache.wss4j.dom.handler.WSHandlerResult> results)

    • getRequestEncryptedKeyValue

      public static byte[] getRequestEncryptedKeyValue(List<org.apache.wss4j.dom.handler.WSHandlerResult> results)

    • insertSiblingAfterOrPrepend

      public static Element insertSiblingAfterOrPrepend(RampartMessageData rmd, Element child, Element elem)
      If the child is present insert the element as a sibling after him. If the child is null, then prepend the element.
      Parameters:
      rmd - RampartMessageData
      child - Element
      elem - - element mentioned above
      Returns:
      Element new Element

    • insertSiblingBeforeOrPrepend

      public static Element insertSiblingBeforeOrPrepend(RampartMessageData rmd, Element child, Element elem)

    • isSecHeaderRequired

      public static boolean isSecHeaderRequired(RampartPolicyData rpd, boolean initiator, boolean inflow)
      Method to check whether security header is required in incoming message
      Parameters:
      rpd - RampartPolicyData
      initiator - defines precendence
      inflow - defines precendence
      Returns:
      boolean true if a security header is required in the incoming message

    • handleEncryptedSignedHeaders

      public static void handleEncryptedSignedHeaders(List<org.apache.wss4j.common.WSEncryptionPart> encryptedParts, List<org.apache.wss4j.common.WSEncryptionPart> signedParts, Document doc)

    • getSigElementId

      public static String getSigElementId(RampartMessageData rmd)

    • validateTransport

      public static void validateTransport(RampartMessageData messageData) throws RampartException
      Validate transport binding policy assertions. In case an HttpsToken is required by the security policy the method will verify that the HTTPS transport was used indeed. Furthermore if the assertion requires a client certificate being used, the method will try to obtain the client certificate chain first from the message context properties directly under the key RampartConstants.HTTPS_CLIENT_CERT_KEY and, if the property is not available, will try to get the HttpsServletRequest from the message context properties (populated there by the AxisServlet if axis2 is running inside a servlet engine) and retrieve the https client certificate chain from its attributes. The client certificate chain is expected to be available under the javax.servlet.request.X509Certificate attribute of the servlet request. No further trust verification is done for the client certificate - the transport listener should have already verified this.
      Parameters:
      messageData -
      Throws:
      RampartException

    • getSAML10AssertionNamespace

      public static String getSAML10AssertionNamespace()
      Returns SAML10 Assertion namespace. As follows, http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
      Returns:
      SAML10 assertion namespace.

    • setEncryptionCrypto

      public static void setEncryptionCrypto(org.apache.axis2.context.MessageContext msgContext)
      Sets encryption crypto file or crypto reference key to signature crypto file or signature crypto reference.
      Parameters:
      msgContext - The message context to get signature crypto properties and encryption properties will be set to same message context.

    • setDecryptionCrypto

      public static void setDecryptionCrypto(org.apache.axis2.context.MessageContext msgContext)
      Sets decryption crypto file or crypto reference key to signature crypto file or signature crypto reference.
      Parameters:
      msgContext - The message context to get signature crypto properties and decryption properties will be set to same message context.

    • encryptFirst

      public static boolean encryptFirst(RampartPolicyData rpd)
      Returns true if needed to encrypt first.
      Parameters:
      rpd - Rampart policy data
      Returns:
      true if policy says we need to encrypt first else false.

    • isSecurityFault

      public static boolean isSecurityFault(org.apache.axiom.soap.SOAPFault fault)
      Check if the given SOAP fault reports a security fault.
      Parameters:
      fault - the SOAP fault; must not be null
      Returns:
      true if the fault is a security fault; false otherwise

    • getUsernameTokens

      public static Collection<UsernameToken> getUsernameTokens(RampartPolicyData rpd)
      Parameters:
      rpd - Rampart policy data instance. Must not be null.
      Returns:
      A collection of all UsernameToken supporting token assertions in the specified Rampart policy instance. The method will check the following lists:

    • getUsernameTokens

      public static Collection<UsernameToken> getUsernameTokens(SupportingToken suppTok)
      Parameters:
      suppTok - The SupportingToken assertion to check for username tokens.
      Returns:
      A collection of all tokens in the specified suppTok SupportingToken assertion which are instances of UsernameToken. If the specified suppTok SupportingToken assertion is null, an empty collection will be returned.