Package org.apache.cxf.ws.security.wss4j

Class CryptoCoverageUtil

java.lang.Object
org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil
public final class CryptoCoverageUtil extends Object
Utility to enable the checking of WS-Security signature / WS-Security encryption coverage based on the results of the WSS4J signature/encryption processor.

  • Method Details

    • reconcileEncryptedSignedRefs

      public static void reconcileEncryptedSignedRefs(Collection<org.apache.wss4j.dom.WSDataRef> signedRefs, Collection<org.apache.wss4j.dom.WSDataRef> encryptedRefs)
      Inspects the signed and encrypted content in the message and accurately resolves encrypted and then signed elements in signedRefs. Entries in signedRefs that correspond to an encrypted element are resolved to the decrypted element and added to signedRefs. The original reference to the encrypted content remains unaltered in the list to allow for matching against a requirement that xenc:EncryptedData and xenc:EncryptedKey elements be signed.
      Parameters:
      signedRefs - references to the signed content in the message
      encryptedRefs - references to the encrypted content in the message

    • checkBodyCoverage

      public static void checkBodyCoverage(Element soapBody, Collection<org.apache.wss4j.dom.WSDataRef> refs, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope) throws org.apache.wss4j.common.ext.WSSecurityException
      Checks that the references provided refer to the signed/encrypted SOAP body element.
      Parameters:
      soapBody - the SOAP body element
      refs - the refs to the data extracted from the signature/encryption
      type - the type of cryptographic coverage to check for
      scope - the scope of the cryptographic coverage to check for, defaults to element
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException - if there is an error evaluating the coverage or the body is not covered by the signature/encryption.

    • checkAttachmentsCoverage

      public static void checkAttachmentsCoverage(Collection<org.apache.cxf.message.Attachment> attachments, Collection<org.apache.wss4j.dom.WSDataRef> refs, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope) throws org.apache.wss4j.common.ext.WSSecurityException
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException

    • checkHeaderCoverage

      public static void checkHeaderCoverage(Element soapHeader, Collection<org.apache.wss4j.dom.WSDataRef> refs, String namespace, String name, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope) throws org.apache.wss4j.common.ext.WSSecurityException
      Checks that the references provided refer to the required signed/encrypted SOAP header element(s) matching the provided name and namespace. If name is null, all headers from namespace are inspected for coverage.
      Parameters:
      soapHeader - the SOAP header element
      refs - the refs to the data extracted from the signature/encryption
      namespace - the namespace of the header(s) to check for coverage
      name - the local part of the header name to check for coverage, may be null
      type - the type of cryptographic coverage to check for
      scope - the scope of the cryptographic coverage to check for, defaults to element
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException - if there is an error evaluating the coverage or a header is not covered by the signature/encryption.

    • checkCoverage

      public static void checkCoverage(Element soapEnvelope, Collection<org.apache.wss4j.dom.WSDataRef> refs, Map<String,String> namespaces, String xPath, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope) throws org.apache.wss4j.common.ext.WSSecurityException
      Checks that the references provided refer to the required signed/encrypted elements as defined by the XPath expression in xPath.
      Parameters:
      soapEnvelope - the SOAP Envelope element
      refs - the refs to the data extracted from the signature/encryption
      namespaces - the prefix to namespace mapping, may be null
      xPath - the XPath expression
      type - the type of cryptographic coverage to check for
      scope - the scope of the cryptographic coverage to check for, defaults to element
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException - if there is an error evaluating an XPath or an element is not covered by the signature/encryption.

    • checkCoverage

      public static void checkCoverage(Element soapEnvelope, Collection<org.apache.wss4j.dom.WSDataRef> refs, Map<String,String> namespaces, Collection<String> xPaths, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope) throws org.apache.wss4j.common.ext.WSSecurityException
      Checks that the references provided refer to the required signed/encrypted elements as defined by the XPath expressions in xPaths.
      Parameters:
      soapEnvelope - the SOAP Envelope element
      refs - the refs to the data extracted from the signature/encryption
      namespaces - the prefix to namespace mapping, may be null
      xPaths - the collection of XPath expressions
      type - the type of cryptographic coverage to check for
      scope - the scope of the cryptographic coverage to check for, defaults to element
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException - if there is an error evaluating an XPath or an element is not covered by the signature/encryption.

    • checkCoverage

      public static void checkCoverage(Element soapEnvelope, Collection<org.apache.wss4j.dom.WSDataRef> refs, XPath xpath, Collection<String> xPaths, CryptoCoverageUtil.CoverageType type, CryptoCoverageUtil.CoverageScope scope) throws org.apache.wss4j.common.ext.WSSecurityException
      Checks that the references provided refer to the required signed/encrypted elements as defined by the XPath expressions in xPaths.
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException