1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
package org.mule.extras.wssecurity.handlers; |
12 | |
|
13 | |
import org.mule.umo.security.SecurityException; |
14 | |
|
15 | |
import java.security.cert.X509Certificate; |
16 | |
import java.util.Properties; |
17 | |
import java.util.Vector; |
18 | |
|
19 | |
import javax.security.auth.callback.CallbackHandler; |
20 | |
|
21 | |
import org.apache.commons.logging.Log; |
22 | |
import org.apache.commons.logging.LogFactory; |
23 | |
import org.apache.ws.security.WSConstants; |
24 | |
import org.apache.ws.security.WSSecurityEngineResult; |
25 | |
import org.apache.ws.security.WSSecurityException; |
26 | |
import org.apache.ws.security.handler.RequestData; |
27 | |
import org.apache.ws.security.handler.WSHandlerConstants; |
28 | |
import org.apache.ws.security.handler.WSHandlerResult; |
29 | |
import org.apache.ws.security.util.WSSecurityUtil; |
30 | |
import org.codehaus.xfire.MessageContext; |
31 | |
import org.codehaus.xfire.XFireRuntimeException; |
32 | |
import org.codehaus.xfire.exchange.AbstractMessage; |
33 | |
import org.codehaus.xfire.fault.XFireFault; |
34 | |
import org.codehaus.xfire.handler.Handler; |
35 | |
import org.codehaus.xfire.handler.Phase; |
36 | |
import org.codehaus.xfire.security.wss4j.AbstractWSS4JHandler; |
37 | |
import org.codehaus.xfire.soap.handler.ReadHeadersHandler; |
38 | |
import org.codehaus.xfire.util.dom.DOMInHandler; |
39 | |
import org.w3c.dom.Document; |
40 | |
|
41 | |
public class MuleWSSInHandler extends AbstractWSS4JHandler implements Handler |
42 | |
{ |
43 | |
|
44 | |
|
45 | |
|
46 | 0 | protected static final Log log = LogFactory.getLog(MuleWSSInHandler.class); |
47 | |
|
48 | |
public MuleWSSInHandler() |
49 | |
{ |
50 | 0 | super(); |
51 | 0 | setPhase(Phase.PARSE); |
52 | 0 | getBefore().add(ReadHeadersHandler.class.getName()); |
53 | 0 | getAfter().add(DOMInHandler.class.getName()); |
54 | 0 | } |
55 | |
|
56 | |
public MuleWSSInHandler(Properties properties) |
57 | |
{ |
58 | 0 | this(); |
59 | 0 | setProperties(properties); |
60 | 0 | } |
61 | |
|
62 | |
|
63 | |
|
64 | |
|
65 | |
|
66 | |
public void invoke(MessageContext msgContext) |
67 | |
throws SecurityException, XFireFault, WSSecurityException |
68 | |
{ |
69 | 0 | boolean doDebug = log.isDebugEnabled(); |
70 | |
|
71 | 0 | if (doDebug) |
72 | |
{ |
73 | 0 | log.debug("MuleWSSInSecurityHandler: enter invoke()"); |
74 | |
} |
75 | |
|
76 | 0 | RequestData reqData = new RequestData(); |
77 | |
|
78 | |
try |
79 | |
{ |
80 | 0 | reqData.setMsgContext(msgContext); |
81 | |
|
82 | 0 | Vector actions = new Vector(); |
83 | |
String action; |
84 | |
|
85 | |
|
86 | |
|
87 | 0 | if ((action = (String)getOption(WSHandlerConstants.ACTION)) == null) |
88 | |
{ |
89 | 0 | action = getString(WSHandlerConstants.ACTION, msgContext); |
90 | |
} |
91 | 0 | if (action == null) |
92 | |
{ |
93 | 0 | throw new XFireRuntimeException("MuleWSSInHandler: No action defined"); |
94 | |
} |
95 | |
|
96 | 0 | int doAction = WSSecurityUtil.decodeAction(action, actions); |
97 | |
|
98 | 0 | String actor = (String)getOption(WSHandlerConstants.ACTOR); |
99 | |
|
100 | 0 | AbstractMessage sm = msgContext.getCurrentMessage(); |
101 | 0 | Document doc = (Document)sm.getProperty(DOMInHandler.DOM_MESSAGE); |
102 | |
|
103 | 0 | if (doc == null) |
104 | 0 | throw new XFireRuntimeException("DOMInHandler must be enabled for WS-Security!"); |
105 | |
|
106 | |
|
107 | 0 | if (sm.getBody() instanceof XFireFault) return; |
108 | |
|
109 | |
|
110 | 0 | CallbackHandler cbHandler = null; |
111 | 0 | if ((doAction & (WSConstants.ENCR | WSConstants.UT)) != 0) |
112 | |
{ |
113 | 0 | cbHandler = getPasswordCB(reqData); |
114 | |
} |
115 | |
|
116 | |
|
117 | |
|
118 | 0 | doReceiverAction(doAction, reqData); |
119 | |
|
120 | |
|
121 | |
|
122 | 0 | if (action.equals(WSHandlerConstants.SAML_TOKEN_SIGNED)) |
123 | |
{ |
124 | 0 | reqData.setSigCrypto(loadSignatureCrypto(reqData)); |
125 | |
} |
126 | |
|
127 | |
Vector wsResult; |
128 | |
|
129 | |
|
130 | |
try |
131 | |
{ |
132 | 0 | wsResult = secEngine.processSecurityHeader(doc, actor, cbHandler, reqData |
133 | |
.getSigCrypto(), reqData.getDecCrypto()); |
134 | |
} |
135 | 0 | catch (WSSecurityException ex) |
136 | |
{ |
137 | 0 | throw new XFireFault("MuleWSSInHandler: security processing failed: " + ex.toString(), ex, |
138 | |
XFireFault.SENDER); |
139 | 0 | } |
140 | |
|
141 | |
|
142 | |
|
143 | 0 | if (wsResult == null) |
144 | |
{ |
145 | 0 | if (doAction == WSConstants.NO_SECURITY) |
146 | |
{ |
147 | |
return; |
148 | |
} |
149 | |
else |
150 | |
{ |
151 | 0 | throw new XFireFault( |
152 | |
"MuleWSSInHandler: Request does not contain required Security header", |
153 | |
XFireFault.SENDER); |
154 | |
} |
155 | |
} |
156 | |
|
157 | |
|
158 | 0 | if (reqData.getWssConfig().isEnableSignatureConfirmation()) |
159 | |
{ |
160 | 0 | checkSignatureConfirmation(reqData, wsResult); |
161 | |
} |
162 | |
|
163 | |
|
164 | 0 | WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(wsResult, |
165 | |
WSConstants.SIGN); |
166 | |
|
167 | 0 | if (actionResult != null) |
168 | |
{ |
169 | 0 | X509Certificate returnCert = actionResult.getCertificate(); |
170 | |
|
171 | 0 | if (returnCert != null) |
172 | |
{ |
173 | 0 | if (!verifyTrust(returnCert, reqData)) |
174 | |
{ |
175 | 0 | throw new XFireFault( |
176 | |
"MuleWSSInHandler: The certificate used for the signature is not trusted", |
177 | |
XFireFault.SENDER); |
178 | |
} |
179 | |
} |
180 | |
} |
181 | |
|
182 | 0 | if (actions.elementAt(0).equals(new Integer(16))) |
183 | |
{ |
184 | 0 | actions.clear(); |
185 | 0 | actions.add(new Integer(2)); |
186 | 0 | actions.add(new Integer(8)); |
187 | |
} |
188 | |
|
189 | |
|
190 | 0 | if (!checkReceiverResults(wsResult, actions)) |
191 | |
{ |
192 | 0 | throw new XFireFault( |
193 | |
"MuleWSSInHandler: security processing failed (actions mismatch)", |
194 | |
XFireFault.SENDER); |
195 | |
|
196 | |
} |
197 | |
|
198 | |
|
199 | |
|
200 | |
|
201 | |
Vector results; |
202 | 0 | if ((results = (Vector)msgContext.getProperty(WSHandlerConstants.RECV_RESULTS)) == null) |
203 | |
{ |
204 | 0 | results = new Vector(); |
205 | 0 | msgContext.setProperty(WSHandlerConstants.RECV_RESULTS, results); |
206 | |
} |
207 | 0 | WSHandlerResult rResult = new WSHandlerResult(actor, wsResult); |
208 | 0 | results.add(0, rResult); |
209 | |
|
210 | 0 | if (doDebug) |
211 | |
{ |
212 | 0 | log.debug("MuleWSSInHandler: exit invoke()"); |
213 | |
} |
214 | |
} |
215 | 0 | catch (WSSecurityException e) |
216 | |
{ |
217 | 0 | throw new WSSecurityException(e.getErrorCode()); |
218 | |
} |
219 | |
finally |
220 | |
{ |
221 | 0 | reqData.clear(); |
222 | 0 | reqData = null; |
223 | 0 | } |
224 | 0 | } |
225 | |
} |