in ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/InboundWSSecurityContextImpl.java [142:256]
private void identifySecurityTokenDependenciesAndUsage(
Deque<SecurityEvent> securityEventDeque) throws XMLSecurityException {
MessageTokens messageTokens = new MessageTokens();
HttpsTokenSecurityEvent httpsTokenSecurityEvent = null;
List<TokenSecurityEvent<? extends InboundSecurityToken>> tokenSecurityEvents = new ArrayList<>();
Iterator<SecurityEvent> securityEventIterator = securityEventDeque.iterator();
while (securityEventIterator.hasNext()) {
SecurityEvent securityEvent = securityEventIterator.next();
if (securityEvent instanceof TokenSecurityEvent) {
@SuppressWarnings("unchecked")
TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent =
(TokenSecurityEvent<? extends InboundSecurityToken>)securityEvent;
if (WSSecurityEventConstants.HTTPS_TOKEN.equals(securityEvent.getSecurityEventType())) {
HttpsTokenSecurityEvent actHttpsTokenSecurityEvent = (HttpsTokenSecurityEvent) tokenSecurityEvent;
actHttpsTokenSecurityEvent.getSecurityToken().getTokenUsages().clear();
actHttpsTokenSecurityEvent.getSecurityToken().addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE);
messageTokens.messageSignatureTokens =
addTokenSecurityEvent(actHttpsTokenSecurityEvent, messageTokens.messageSignatureTokens);
HttpsTokenSecurityEvent clonedHttpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
clonedHttpsTokenSecurityEvent.setAuthenticationType(actHttpsTokenSecurityEvent.getAuthenticationType());
clonedHttpsTokenSecurityEvent.setIssuerName(actHttpsTokenSecurityEvent.getIssuerName());
clonedHttpsTokenSecurityEvent.setSecurityToken(actHttpsTokenSecurityEvent.getSecurityToken());
clonedHttpsTokenSecurityEvent.getSecurityToken().addTokenUsage(WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION);
messageTokens.messageEncryptionTokens =
addTokenSecurityEvent(actHttpsTokenSecurityEvent, messageTokens.messageEncryptionTokens);
httpsTokenSecurityEvent = clonedHttpsTokenSecurityEvent;
continue;
}
tokenSecurityEvents.add(tokenSecurityEvent);
}
}
//search the root tokens and create new TokenSecurityEvents if not already there...
for (int i = 0; i < tokenSecurityEvents.size(); i++) {
TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent = tokenSecurityEvents.get(i);
InboundSecurityToken securityToken = WSSUtils.getRootToken(tokenSecurityEvent.getSecurityToken());
if (!containsSecurityToken(messageTokens.supportingTokens, securityToken)) {
TokenSecurityEvent<? extends InboundSecurityToken> newTokenSecurityEvent =
WSSUtils.createTokenSecurityEvent(securityToken, tokenSecurityEvent.getCorrelationID());
messageTokens.supportingTokens = addTokenSecurityEvent(newTokenSecurityEvent, messageTokens.supportingTokens);
securityEventDeque.offer(newTokenSecurityEvent);
}
//remove old TokenSecurityEvent so that only root tokens are in the queue
securityEventDeque.remove(tokenSecurityEvent);
}
parseSupportingTokens(messageTokens, httpsTokenSecurityEvent, securityEventDeque);
if (messageTokens.messageSignatureTokens.isEmpty()) {
InboundSecurityToken messageSignatureToken = getSupportingTokenSigningToken(messageTokens, securityEventDeque);
TokenSecurityEvent<? extends InboundSecurityToken> tokenSecurityEvent =
getTokenSecurityEvent(messageSignatureToken, tokenSecurityEvents);
if (tokenSecurityEvent != null) {
removeTokenSecurityEvent(tokenSecurityEvent, messageTokens.supportingTokens);
removeTokenSecurityEvent(tokenSecurityEvent, messageTokens.signedSupportingTokens);
removeTokenSecurityEvent(tokenSecurityEvent, messageTokens.endorsingSupportingTokens);
removeTokenSecurityEvent(tokenSecurityEvent, messageTokens.signedEndorsingSupportingTokens);
removeTokenSecurityEvent(tokenSecurityEvent, messageTokens.signedEncryptedSupportingTokens);
removeTokenSecurityEvent(tokenSecurityEvent, messageTokens.encryptedSupportingTokens);
removeTokenSecurityEvent(tokenSecurityEvent, messageTokens.endorsingEncryptedSupportingTokens);
removeTokenSecurityEvent(tokenSecurityEvent, messageTokens.signedEndorsingEncryptedSupportingTokens);
messageTokens.messageSignatureTokens = addTokenSecurityEvent(tokenSecurityEvent, messageTokens.messageSignatureTokens);
}
}
if (messageTokens.messageSignatureTokens.isEmpty()) {
for (Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> iterator =
messageTokens.supportingTokens.iterator(); iterator.hasNext();) {
TokenSecurityEvent<? extends InboundSecurityToken> supportingToken = iterator.next();
if (supportingToken.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Signature)) {
iterator.remove();
messageTokens.messageSignatureTokens = addTokenSecurityEvent(supportingToken, messageTokens.messageSignatureTokens);
break;
}
}
}
if (messageTokens.messageEncryptionTokens.isEmpty()) {
for (Iterator<TokenSecurityEvent<? extends InboundSecurityToken>> iterator =
messageTokens.supportingTokens.iterator(); iterator.hasNext();) {
TokenSecurityEvent<? extends InboundSecurityToken> supportingToken = iterator.next();
if (supportingToken.getSecurityToken().getTokenUsages().contains(WSSecurityTokenConstants.TokenUsage_Encryption)) {
iterator.remove();
messageTokens.messageEncryptionTokens = addTokenSecurityEvent(supportingToken, messageTokens.messageEncryptionTokens);
break;
}
}
}
if (!messageTokens.messageEncryptionTokens.isEmpty()) {
this.messageEncryptionTokenOccured = true;
}
setTokenUsage(messageTokens.messageSignatureTokens, WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE);
setTokenUsage(messageTokens.messageEncryptionTokens, WSSecurityTokenConstants.TOKENUSAGE_MAIN_ENCRYPTION);
setTokenUsage(messageTokens.supportingTokens, WSSecurityTokenConstants.TOKENUSAGE_SUPPORTING_TOKENS);
setTokenUsage(messageTokens.signedSupportingTokens, WSSecurityTokenConstants.TOKENUSAGE_SIGNED_SUPPORTING_TOKENS);
setTokenUsage(messageTokens.endorsingSupportingTokens,
WSSecurityTokenConstants.TOKENUSAGE_ENDORSING_SUPPORTING_TOKENS);
setTokenUsage(messageTokens.signedEndorsingSupportingTokens,
WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_SUPPORTING_TOKENS);
setTokenUsage(messageTokens.signedEncryptedSupportingTokens,
WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
setTokenUsage(messageTokens.encryptedSupportingTokens,
WSSecurityTokenConstants.TOKENUSAGE_ENCRYPTED_SUPPORTING_TOKENS);
setTokenUsage(messageTokens.endorsingEncryptedSupportingTokens,
WSSecurityTokenConstants.TOKENUSAGE_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
setTokenUsage(messageTokens.signedEndorsingEncryptedSupportingTokens,
WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
}