org.apache.rampart
Class PolicyBasedResultsValidator

java.lang.Object
  extended by org.apache.rampart.PolicyBasedResultsValidator
All Implemented Interfaces:
ExtendedPolicyValidatorCallbackHandler, PolicyValidatorCallbackHandler

public class PolicyBasedResultsValidator
extends java.lang.Object
implements ExtendedPolicyValidatorCallbackHandler


Constructor Summary
PolicyBasedResultsValidator()
           
 
Method Summary
static org.apache.ws.security.WSSecurityEngineResult[] fetchActionResults(java.util.List<org.apache.ws.security.WSSecurityEngineResult> wsSecurityEngineResults, int action)
           
protected  java.util.ArrayList getEncryptedReferences(java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
           
protected  java.util.List<org.apache.ws.security.WSSecurityEngineResult> getResults(java.util.List<org.apache.ws.security.WSSecurityEngineResult> results, int action)
           
protected  java.util.List<java.lang.Integer> getSigEncrActions(java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
           
protected  void handleSupportingTokens(java.util.List<org.apache.ws.security.WSSecurityEngineResult> results, org.apache.ws.secpolicy.model.SupportingToken suppTok)
           
protected  boolean isCertificateInKeyStore(org.apache.ws.security.components.crypto.Crypto crypto, java.security.cert.X509Certificate cert)
          Check to see if the certificate argument is in the keystore TODO Directly copied from WSS4J (SignatureTrustValidator) - Optimize later
protected  boolean isCertificateTrusted(java.security.cert.X509Certificate cert, org.apache.ws.security.components.crypto.Crypto crypto)
          TODO - This is directly copied from WSS4J (SignatureTrustValidator).
protected  boolean isSignatureRequired(RampartMessageData rmd)
           
protected  boolean isUsernameTokenPresent(org.apache.ws.secpolicy.model.SupportingToken suppTok)
           
protected  boolean isUsernameTokenPresent(ValidatorData data)
           
 void validate(ValidatorData data, java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
          Validate policy based results.
 void validate(ValidatorData data, java.util.Vector results)
          Validate policy based results.
protected  void validateEncrSig(ValidatorData data, java.util.List<org.apache.ws.security.WSEncryptionPart> encryptedParts, java.util.List<org.apache.ws.security.WSEncryptionPart> signatureParts, java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
           
protected  void validateEncryptedParts(ValidatorData data, java.util.List<org.apache.ws.security.WSEncryptionPart> encryptedParts, java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
           
protected  void validateProtectionOrder(ValidatorData data, java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
           
 void validateRequiredElements(ValidatorData data)
           
protected  void validateSignedPartsHeaders(ValidatorData data, java.util.List<org.apache.ws.security.WSEncryptionPart> signatureParts, java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
           
protected  void validateSupportingTokens(ValidatorData data, java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
           
protected  boolean verifyTimestamp(org.apache.ws.security.message.token.Timestamp timestamp, RampartMessageData rmd)
           
protected  boolean verifyTrust(java.security.cert.X509Certificate cert, RampartMessageData rmd)
          Evaluate whether a given certificate should be trusted.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PolicyBasedResultsValidator

public PolicyBasedResultsValidator()
Method Detail

validate

public void validate(ValidatorData data,
                     java.util.Vector results)
              throws RampartException
Description copied from interface: PolicyValidatorCallbackHandler
Validate policy based results.

Specified by:
validate in interface PolicyValidatorCallbackHandler
Parameters:
data - validator data
results - policy based ws-security results
Throws:
RampartException - Rampart exception

validate

public void validate(ValidatorData data,
                     java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
              throws RampartException
Validate policy based results.

Specified by:
validate in interface ExtendedPolicyValidatorCallbackHandler
Parameters:
data - validator data
results - policy based ws-security results
Throws:
RampartException - Rampart exception

validateEncrSig

protected void validateEncrSig(ValidatorData data,
                               java.util.List<org.apache.ws.security.WSEncryptionPart> encryptedParts,
                               java.util.List<org.apache.ws.security.WSEncryptionPart> signatureParts,
                               java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
                        throws RampartException
Parameters:
encryptedParts -
signatureParts -
Throws:
RampartException

validateSupportingTokens

protected void validateSupportingTokens(ValidatorData data,
                                        java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
                                 throws RampartException
Parameters:
data -
results -
Throws:
RampartException

handleSupportingTokens

protected void handleSupportingTokens(java.util.List<org.apache.ws.security.WSSecurityEngineResult> results,
                                      org.apache.ws.secpolicy.model.SupportingToken suppTok)
                               throws RampartException
Parameters:
results -
suppTok -
Throws:
RampartException

validateProtectionOrder

protected void validateProtectionOrder(ValidatorData data,
                                       java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
                                throws RampartException
Parameters:
data -
results -
Throws:
RampartException

getSigEncrActions

protected java.util.List<java.lang.Integer> getSigEncrActions(java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)

validateEncryptedParts

protected void validateEncryptedParts(ValidatorData data,
                                      java.util.List<org.apache.ws.security.WSEncryptionPart> encryptedParts,
                                      java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
                               throws RampartException
Throws:
RampartException

validateRequiredElements

public void validateRequiredElements(ValidatorData data)
                              throws RampartException
Throws:
RampartException

validateSignedPartsHeaders

protected void validateSignedPartsHeaders(ValidatorData data,
                                          java.util.List<org.apache.ws.security.WSEncryptionPart> signatureParts,
                                          java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)
                                   throws RampartException
Throws:
RampartException

isSignatureRequired

protected boolean isSignatureRequired(RampartMessageData rmd)

verifyTimestamp

protected boolean verifyTimestamp(org.apache.ws.security.message.token.Timestamp timestamp,
                                  RampartMessageData rmd)
                           throws RampartException
Throws:
RampartException

verifyTrust

protected boolean verifyTrust(java.security.cert.X509Certificate cert,
                              RampartMessageData rmd)
                       throws RampartException
Evaluate whether a given certificate should be trusted. Hook to allow subclasses to implement custom validation methods however they see fit.

Policy used in this implementation: 1. Search the keystore for the transmitted certificate 2. Search the keystore for a connection to the transmitted certificate (that is, search for certificate(s) of the issuer of the transmitted certificate 3. Verify the trust path for those certificates found because the search for the issuer might be fooled by a phony DN (String!)

Parameters:
cert - the certificate that should be validated against the keystore
rmd - To get signature keystore information.
Returns:
true if the certificate is trusted, false if not (AxisFault is thrown for exceptions during CertPathValidation)
Throws:
RampartException - If an error occurred during validation.

isCertificateTrusted

protected boolean isCertificateTrusted(java.security.cert.X509Certificate cert,
                                       org.apache.ws.security.components.crypto.Crypto crypto)
                                throws RampartException
TODO - This is directly copied from WSS4J (SignatureTrustValidator). We need to use to Validators instead of following code. REFACTOR later. Evaluate whether a given certificate should be trusted. Policy used in this implementation: 1. Search the keystore for the transmitted certificate 2. Search the keystore for a connection to the transmitted certificate (that is, search for certificate(s) of the issuer of the transmitted certificate 3. Verify the trust path for those certificates found because the search for the issuer might be fooled by a phony DN (String!)

Parameters:
cert - the certificate that should be validated against the keystore
crypto - A crypto instance to use for trust validation
Returns:
true if the certificate is trusted, false if not
Throws:
RampartException - If an error occurred during validation.

isCertificateInKeyStore

protected boolean isCertificateInKeyStore(org.apache.ws.security.components.crypto.Crypto crypto,
                                          java.security.cert.X509Certificate cert)
                                   throws RampartException
Check to see if the certificate argument is in the keystore TODO Directly copied from WSS4J (SignatureTrustValidator) - Optimize later

Parameters:
crypto - A Crypto instance to use for trust validation
cert - The certificate to check
Returns:
true if cert is in the keystore
Throws:
RampartException - If certificates are not found for given issuer and serial number.

getEncryptedReferences

protected java.util.ArrayList getEncryptedReferences(java.util.List<org.apache.ws.security.WSSecurityEngineResult> results)

getResults

protected java.util.List<org.apache.ws.security.WSSecurityEngineResult> getResults(java.util.List<org.apache.ws.security.WSSecurityEngineResult> results,
                                                                                   int action)

isUsernameTokenPresent

protected boolean isUsernameTokenPresent(ValidatorData data)

isUsernameTokenPresent

protected boolean isUsernameTokenPresent(org.apache.ws.secpolicy.model.SupportingToken suppTok)

fetchActionResults

public static org.apache.ws.security.WSSecurityEngineResult[] fetchActionResults(java.util.List<org.apache.ws.security.WSSecurityEngineResult> wsSecurityEngineResults,
                                                                                 int action)