in modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java [237:294]
protected void validateEncrSig(ValidatorData data,List<WSEncryptionPart> encryptedParts,
List<WSEncryptionPart> signatureParts, List<WSSecurityEngineResult> results)
throws RampartException {
List<Integer> actions = getSigEncrActions(results);
boolean sig = false;
boolean encr = false;
for (Object action : actions) {
Integer act = (Integer) action;
if (act == WSConstants.SIGN) {
sig = true;
} else if (act == WSConstants.ENCR) {
encr = true;
}
}
RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
SupportingToken sgndSupTokens = rpd.getSignedSupportingTokens();
SupportingToken sgndEndorSupTokens = rpd.getSignedEndorsingSupportingTokens();
if(sig && signatureParts.size() == 0
&& (sgndSupTokens == null || sgndSupTokens.getTokens().size() == 0)
&& (sgndEndorSupTokens == null || sgndEndorSupTokens.getTokens().size() == 0)) {
//Unexpected signature
throw new RampartException("unexprectedSignature");
} else if(!sig && signatureParts.size() > 0) {
//required signature missing
throw new RampartException("signatureMissing");
}
if(encr && encryptedParts.size() == 0) {
//Check whether its just an encrypted key
List<WSSecurityEngineResult> list = this.getResults(results, WSConstants.ENCR);
boolean encrDataFound = false;
for (WSSecurityEngineResult result : list) {
Object resultElement = result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
if (resultElement instanceof ArrayList) {
ArrayList dataRefURIs = (ArrayList) resultElement;
if (dataRefURIs != null && dataRefURIs.size() != 0) {
encrDataFound = true;
}
}
}
//TODO check whether the encrptedDataFound is an UsernameToken
if(encrDataFound && !isUsernameTokenPresent(data)) {
//Unexpected encryption
throw new RampartException("unexprectedEncryptedPart");
}
} else if(!encr && encryptedParts.size() > 0) {
//required signature missing
throw new RampartException("encryptionMissing");
}
}