WSSUtilities.java

/*
 * GovWay - A customizable API Gateway 
 * https://govway.org
 * 
 * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 3, as published by
 * the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

package org.openspcoop2.security.message.engine;

import java.util.List;
import java.util.Map;

import org.openspcoop2.message.OpenSPCoop2SoapMessage;
import org.openspcoop2.message.constants.Costanti;
import org.openspcoop2.message.soap.reference.Reference;
import org.openspcoop2.protocol.sdk.constants.CodiceErroreCooperazione;
import org.openspcoop2.security.SecurityException;
import org.openspcoop2.security.message.MessageSecurityContext;
import org.openspcoop2.security.message.constants.SecurityConstants;
import org.openspcoop2.utils.Utilities;

/**
 * WSSUtilities
 *
 * @author Andrea Poli (apoli@link.it)
 * @author $Author$
 * @version $Rev$, $Date$
 */
public class WSSUtilities {

    public static List<Reference> getDirtyElements(MessageSecurityContext messageSecurityContext,OpenSPCoop2SoapMessage message) throws SecurityException{
        
        try{
            
            boolean mustUnderstandValue = false;
            Object mustUnderstand = messageSecurityContext.getIncomingProperties().get(SecurityConstants.MUST_UNDERSTAND);
            if(mustUnderstand!=null){
                if(mustUnderstand instanceof String) {
                    mustUnderstandValue = Boolean.parseBoolean((String)mustUnderstand);
                }
                else if(mustUnderstand instanceof Boolean) {
                    mustUnderstandValue = (Boolean) mustUnderstand;
                }
                else {
                    throw new SecurityException("Unexected type '"+mustUnderstand.getClass().getName()+"' for property '"+SecurityConstants.MUST_UNDERSTAND+"'");
                }
            }
            String actor = messageSecurityContext.getActor();
            if("".equals(messageSecurityContext.getActor()))
                actor = null;
            
            List<Reference> references = message.getWSSDirtyElements(actor, mustUnderstandValue);
            messageSecurityContext.setReferences(references);
            return references;
            
        }catch(Exception e){
            SecurityException sec = new SecurityException(e.getMessage(),e);
            if(Utilities.existsInnerMessageException(e, Costanti.FIND_ERROR_SIGNATURE_REFERENCES, true)){
                sec.setCodiceErrore(CodiceErroreCooperazione.SICUREZZA_FIRMA_NON_VALIDA);
            }
            else if(Utilities.existsInnerMessageException(e, Costanti.FIND_ERROR_ENCRYPTED_REFERENCES, true)){
                sec.setCodiceErrore(CodiceErroreCooperazione.SICUREZZA_CIFRATURA_NON_VALIDA);
            }
            throw sec;
        }
    }
    
    public static void cleanDirtyElements(MessageSecurityContext messageSecurityContext,OpenSPCoop2SoapMessage message, List<Reference> elementsToClean,
            boolean detachHeaderWSSecurity, boolean removeAllIdRef) throws SecurityException{
        try{
            
            boolean mustUnderstandValue = false;
            Object mustUnderstand = messageSecurityContext.getIncomingProperties().get(SecurityConstants.MUST_UNDERSTAND);
            if(mustUnderstand!=null){
                if(mustUnderstand instanceof String) {
                    mustUnderstandValue = Boolean.parseBoolean((String)mustUnderstand);
                }
                else if(mustUnderstand instanceof Boolean) {
                    mustUnderstandValue = (Boolean) mustUnderstand;
                }
                else {
                    throw new SecurityException("Unexected type '"+mustUnderstand.getClass().getName()+"' for property '"+SecurityConstants.MUST_UNDERSTAND+"'");
                }
            }
            String actor = messageSecurityContext.getActor();
            if("".equals(messageSecurityContext.getActor()))
                actor = null;
            
            message.cleanWSSDirtyElements(actor, mustUnderstandValue, elementsToClean, detachHeaderWSSecurity, removeAllIdRef);
            
        }catch(Exception e){
            throw new SecurityException(e.getMessage(),e);
        }
    }
    
    public static boolean isNormalizeToSaajImpl(MessageSecurityContext wssContext){
        
        if(wssContext==null) {
            return false;
        }
        
        Map<String,Object> wssProperties = null;
        if(wssContext.isFunctionAsClient())
            wssProperties = wssContext.getOutgoingProperties();
        else
            wssProperties = wssContext.getIncomingProperties();
        if(wssProperties!=null && wssProperties.containsKey(SecurityConstants.NORMALIZE_TO_SAAJ_IMPL)){
            return Boolean.parseBoolean((String)wssProperties.get(SecurityConstants.NORMALIZE_TO_SAAJ_IMPL));
        }
        
        // default viene applicata la normalizzazione solo se siamo client e effettuamo operazioni di signature.
        if(wssProperties!=null && wssProperties.containsKey(SecurityConstants.ACTION)){
            String action = (String) wssProperties.get(SecurityConstants.ACTION);

            // A volte i problemi di signature verification avvengono anche in ricezione. Per questo motivo si è deciso di normalizzare sia lato client che lato server
            if ( action.contains(SecurityConstants.SIGNATURE_ACTION) || 
                    action.contains(SecurityConstants.ACTION_SAML_TOKEN_UNSIGNED) || // la decisione di firmare o meno saml è nel file di proprietà
                    action.contains(SecurityConstants.ACTION_SAML_TOKEN_SIGNED) ||
                    action.contains(SecurityConstants.ACTION_USERNAME_TOKEN_SIGNATURE) ||
                    action.contains(SecurityConstants.ACTION_SIGNATURE_DERIVED) ||
                    action.contains(SecurityConstants.ACTION_SIGNATURE_WITH_KERBEROS_TOKEN)){
                return true;
            }
            
            if(wssContext.isFunctionAsClient() == false){
                
                if ( (SecurityConstants.containsActionEncryption(action) || SecurityConstants.containsActionDecryption(action)) 
                        && 
                        wssProperties.containsKey(SecurityConstants.ENCRYPTION_PARTS) 
                    ){
                    
                    String attach = "{"+SecurityConstants.NAMESPACE_ATTACH+"}";
                    String attachAll = attach+"{"+SecurityConstants.ATTACHMENT_INDEX_ALL+"}";
                    String encryptParts = (String) wssProperties.get(SecurityConstants.ENCRYPTION_PARTS);
                    
                    if ( encryptParts!=null &&
                            encryptParts.contains(attach) &&
                            (!encryptParts.contains(attachAll)) ){
                        return true;
                    }
                }
            }
            
            return false;
        }
        else{
            return false;
        }
    }
}