Package org.apache.cxf.ws.security.wss4j.policyvalidators

Class AbstractBindingPolicyValidator

java.lang.Object

org.apache.cxf.ws.security.wss4j.policyvalidators.AbstractBindingPolicyValidator

All Implemented Interfaces:

SecurityPolicyValidator

Direct Known Subclasses:

AsymmetricBindingPolicyValidator, SymmetricBindingPolicyValidator, TransportBindingPolicyValidator

public abstract class AbstractBindingPolicyValidator
extends Object
implements SecurityPolicyValidator

Some abstract functionality for validating a security binding.

Constructor Summary

Constructors

Constructor	Description
AbstractBindingPolicyValidator()

Method Summary

Modifier and Type	Method	Description
protected void	assertDerivedKeys(org.apache.wss4j.policy.model.AbstractToken token, AssertionInfoMap aim)
protected boolean	checkDerivedKeys(org.apache.wss4j.policy.model.AbstractTokenWrapper tokenWrapper, boolean hasDerivedKeys, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> encryptedResults)	Check the derived key requirement.
protected boolean	checkProperties(org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding binding, AssertionInfo ai, AssertionInfoMap aim, org.apache.wss4j.dom.handler.WSHandlerResult results, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults, Message message)	Check various properties set in the policy of the binding
protected boolean	checkProtectionOrder(org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding binding, AssertionInfoMap aim, AssertionInfo ai, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> results)	Check the Protection Order of the binding
protected boolean	isSignatureEncrypted(List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> results)	Check whether the primary Signature (and all SignatureConfirmation) elements were encrypted
protected boolean	isTokenProtected(List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> results, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults)	Check whether the token protection policy is followed.
protected boolean	validateEntireHeaderAndBodySignatures(List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults)	Validate the entire header and body signature property.
protected boolean	validateTimestamp(boolean includeTimestamp, boolean transportBinding, org.apache.wss4j.dom.handler.WSHandlerResult results, List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults, Message message)	Validate a Timestamp

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.cxf.ws.security.wss4j.policyvalidators.SecurityPolicyValidator

canValidatePolicy, validatePolicies

Constructor Detail

AbstractBindingPolicyValidator

public AbstractBindingPolicyValidator()

Method Detail

validateTimestamp

protected boolean validateTimestamp(boolean includeTimestamp,
                                    boolean transportBinding,
                                    org.apache.wss4j.dom.handler.WSHandlerResult results,
                                    List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults,
                                    Message message)

Validate a Timestamp

Parameters:

includeTimestamp - whether a Timestamp must be included or not

transportBinding - whether the Transport binding is in use or not

signedResults - the signed results list

message - the Message object

Returns:

whether the Timestamp policy is valid or not

validateEntireHeaderAndBodySignatures

protected boolean validateEntireHeaderAndBodySignatures(List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults)

Validate the entire header and body signature property.

checkProperties

protected boolean checkProperties(org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding binding,
                                  AssertionInfo ai,
                                  AssertionInfoMap aim,
                                  org.apache.wss4j.dom.handler.WSHandlerResult results,
                                  List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults,
                                  Message message)

Check various properties set in the policy of the binding

checkProtectionOrder

protected boolean checkProtectionOrder(org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding binding,
                                       AssertionInfoMap aim,
                                       AssertionInfo ai,
                                       List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> results)

Check the Protection Order of the binding

checkDerivedKeys

protected boolean checkDerivedKeys(org.apache.wss4j.policy.model.AbstractTokenWrapper tokenWrapper,
                                   boolean hasDerivedKeys,
                                   List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults,
                                   List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> encryptedResults)

Check the derived key requirement.

isTokenProtected

protected boolean isTokenProtected(List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> results,
                                   List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> signedResults)

Check whether the token protection policy is followed. In other words, check that the signature token was itself signed.

isSignatureEncrypted

protected boolean isSignatureEncrypted(List<org.apache.wss4j.dom.engine.WSSecurityEngineResult> results)

Check whether the primary Signature (and all SignatureConfirmation) elements were encrypted

assertDerivedKeys

protected void assertDerivedKeys(org.apache.wss4j.policy.model.AbstractToken token,
                                 AssertionInfoMap aim)