WSSUtils.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.security.message.soapbox;

  23. import java.security.cert.X509Certificate;
  24. import java.util.Iterator;

  26. import javax.xml.namespace.QName;
  27. import javax.xml.soap.SOAPException;
  28. import javax.xml.soap.SOAPHeaderElement;

  30. import org.adroitlogic.soapbox.CryptoUtil;
  31. import org.adroitlogic.soapbox.MessageSecurityContext;
  32. import org.adroitlogic.soapbox.SBConstants;
  33. import org.adroitlogic.soapbox.SecurityConfig;
  34. import org.adroitlogic.soapbox.SecurityRequest;
  35. import org.apache.wss4j.common.token.DOMX509Data;
  36. import org.apache.wss4j.common.token.DOMX509IssuerSerial;
  37. import org.openspcoop2.message.OpenSPCoop2SoapMessage;
  38. import org.openspcoop2.message.exception.MessageException;
  39. import org.openspcoop2.message.exception.MessageNotSupportedException;
  40. import org.openspcoop2.message.soap.SoapUtils;
  41. import org.openspcoop2.security.SecurityException;
  42. import org.w3c.dom.Document;
  43. import org.w3c.dom.Element;
  44. import org.w3c.dom.NamedNodeMap;
  45. import org.w3c.dom.Node;
  46. import org.w3c.dom.NodeList;

  48. /**
  49.  * WSSContext_soapbox
  50.  *
  51.  * @author Andrea Poli (apoli@link.it)
  52.  * @author $Author$
  53.  * @version $Rev$, $Date$
  54.  */
  55. public class WSSUtils {

  57.     public static void initWSSecurityHeader(OpenSPCoop2SoapMessage message,String actor,boolean mustUnderstand) throws SOAPException, MessageException, MessageNotSupportedException {

  59.         if(message.getSOAPHeader()==null){
  60.             message.getSOAPPart().getEnvelope().addHeader();
  61.         }

  63.         Iterator<?> it = message.getSOAPHeader().getChildElements(new QName(SBConstants.WSSE, "Security"));
  64.         if(it.hasNext()){
  65.             return;
  66.         }

  68.         QName name = new QName(SBConstants.WSSE, "Security");
  69.         SOAPHeaderElement headerwss = message.newSOAPHeaderElement(message.getSOAPHeader(), name);
  70.         headerwss.setActor(actor);
  71.         headerwss.setMustUnderstand(mustUnderstand);
  72.         headerwss.setParentElement(message.getSOAPHeader());
  73.         message.addHeaderElement(message.getSOAPHeader(), headerwss);
  74.         
  75.         return;
  76.     }

  78.     public static SOAPHeaderElement getWSSecurityHeader(OpenSPCoop2SoapMessage message,String actor,boolean mustUnderstand) throws SOAPException, MessageException, MessageNotSupportedException {

  80.         if(message.getSOAPHeader()==null){
  81.             message.getSOAPPart().getEnvelope().addHeader();
  82.         }

  84.         Iterator<?> it = message.getSOAPHeader().getChildElements(new QName(SBConstants.WSSE, "Security"));
  85.         while(it.hasNext()){
  86.             SOAPHeaderElement hdr = (SOAPHeaderElement) it.next();
  87.             String actorCheck = SoapUtils.getSoapActor(hdr, message.getMessageType());
  88.             boolean mustUnderstandFound = hdr.getMustUnderstand();
  89.             if(mustUnderstand!=mustUnderstandFound)
  90.                 continue;
  91.             if(actor==null){
  92.                 if(actorCheck!=null){
  93.                     continue;
  94.                 }
  95.             }else{
  96.                 if(!actor.equals(actorCheck)){
  97.                     continue;
  98.                 }
  99.             }
  100.             return hdr;
  101.         }


  104.         throw new SOAPException("NotFound");

  106.     }

  108.     public static Element getWSSecurityHeader(Document doc,String actor,boolean mustUnderstand) throws SecurityException {

  110.         String ns = SBConstants.WSSE;
  111.         String localName = "Security";

  113.         NodeList nl = doc.getDocumentElement().getElementsByTagNameNS(ns, localName);
  114.         if(nl==null || nl.getLength()<=0){
  115.             throw new SecurityException("Header WSS not found");
  116.         }
  117.         for (int i = 0; i < nl.getLength(); i++) {

  119.             Node n = nl.item(i);
  120.             if((n instanceof Element) && localName.equals(n.getLocalName()) && ns.equals(n.getNamespaceURI())){

  122.                 String actorFound = null;
  123.                 boolean mustUnderstandFound = false;

  125.                 NamedNodeMap attributes = n.getAttributes();
  126.                 for (int j = 0; j < attributes.getLength(); j++) {

  128.                     Node a = attributes.item(j);
  129.                     String localNameAttribute = a.getLocalName();
  130.                     //String prefixAttribute = a.getPrefix();
  131.                     String namespaceAttribute = a.getNamespaceURI();
  132.                     String valueAttribute = a.getNodeValue();
  133.                     //System.out.println("LOCAL["+localNameAttribute+"] PREFIX["+prefixAttribute+"] NAMESPACe["+namespaceAttribute+"] VALUE["+valueAttribute+"]");

  135.                     if("actor".equals(localNameAttribute) && "http://schemas.xmlsoap.org/soap/envelope/".equals(namespaceAttribute)){
  136.                         actorFound =  valueAttribute;
  137.                     }
  138.                     else if("mustUnderstand".equals(localNameAttribute) && "http://schemas.xmlsoap.org/soap/envelope/".equals(namespaceAttribute)){
  139.                         mustUnderstandFound = "1".equals(valueAttribute);
  140.                     }

  142.                 }

  144.                 if(mustUnderstand!=mustUnderstandFound)
  145.                     continue;
  146.                 if(actor==null){
  147.                     if(actorFound!=null){
  148.                         continue;
  149.                     }
  150.                 }else{
  151.                     if(!actor.equals(actorFound)){
  152.                         continue;
  153.                     }
  154.                 }

  156.                 return (Element) n;

  158.             }

  160.         }
  161.         throw new SecurityException("Header WSS not found");
  162.     }

  164.     @SuppressWarnings("incomplete-switch")
  165.     public static Element createKeyInfoElement(
  166.             Document doc, SecurityRequest secReq, MessageSecurityContext msgSecCtx, SecurityConfig secConfig) {

  168.         Element keyInfoElem = CryptoUtil.createKeyInfoElement(doc, secReq, msgSecCtx, secConfig);

  170.         // Gestisco casi non coperti da createKeyInfoElement

  172.         switch (secReq.getKeyIdentifierType()) {
  173.         case ISSUER_SERIAL : 
  174.             String alias = secReq.getCertAlias();
  175.             X509Certificate[] certs = secConfig.getCertificatesByAlias(alias);
  176.             String issuer = certs[0].getIssuerX500Principal().getName();
  177.             java.math.BigInteger serialNumber = certs[0].getSerialNumber();
  178.             DOMX509IssuerSerial domIssuerSerial = 
  179.                     new DOMX509IssuerSerial(doc, issuer, serialNumber);
  180.             DOMX509Data domX509Data = new DOMX509Data(doc, domIssuerSerial);
  181.             keyInfoElem.getElementsByTagNameNS(SBConstants.WSSE, "SecurityTokenReference").item(0).appendChild(domX509Data.getElement());
  182.             break;
  183.         }

  185.         return keyInfoElem;
  186.         
  187.     }

  189. }  
Created with JaCoCo 0.8.8.202204050719