in modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java [502:605]
protected void validateEncryptedParts(ValidatorData data,
List<WSEncryptionPart> encryptedParts, List<WSSecurityEngineResult> results)
throws RampartException {
RampartMessageData rmd = data.getRampartMessageData();
ArrayList encrRefs = getEncryptedReferences(results);
RampartPolicyData rpd = rmd.getPolicyData();
// build the list of encrypted nodes based on the dataRefs xpath expressions
SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
Set namespaces = RampartUtil.findAllPrefixNamespaces(envelope,
rpd.getDeclaredNamespaces());
Map decryptedElements = new HashMap();
for (Object encrRef : encrRefs) {
WSDataRef dataRef = (WSDataRef) encrRef;
if (dataRef == null || dataRef.getXpath() == null) {
continue;
}
try {
XPath xp = new AXIOMXPath(dataRef.getXpath());
for (Object namespaceObject : namespaces) {
OMNamespace tmpNs = (OMNamespace) namespaceObject;
xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
}
for (Object o : xp.selectNodes(envelope)) {
decryptedElements.put(o, dataRef.isContent());
}
} catch (JaxenException e) {
// This has to be changed to propagate an instance of a RampartException up
throw new RampartException("An error occurred while searching for decrypted elements.", e);
}
}
//Check for encrypted body
if(rpd.isEncryptBody()&& !rpd.isEncryptBodyOptional()) {
if( !isRefIdPresent(encrRefs, data.getBodyEncrDataId())){
throw new RampartException("encryptedPartMissing",
new String[]{data.getBodyEncrDataId()});
}
}
for (WSEncryptionPart encryptedPart : encryptedParts) {
//This is the encrypted Body and we already checked encrypted body
if (encryptedPart.getName().equals(WSConstants.ELEM_BODY)) {
continue;
}
if ((WSConstants.SIG_LN.equals(encryptedPart.getName()) &&
WSConstants.SIG_NS.equals(encryptedPart.getNamespace()))
|| encryptedPart.getEncModifier().equals(WSConstants.ELEM_HEADER)) {
if (!isRefIdPresent(encrRefs, new QName(encryptedPart.getNamespace(), encryptedPart.getName()))) {
throw new RampartException("encryptedPartMissing",
new String[]{encryptedPart.getNamespace() + ":" + encryptedPart.getName()});
}
continue;
}
// it is not a header or body part... verify encrypted xpath elements
String xpath = encryptedPart.getXpath();
boolean found = false;
try {
XPath xp = new AXIOMXPath(xpath);
for (Object namespaceObject : namespaces) {
OMNamespace tmpNs = (OMNamespace) namespaceObject;
xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
}
for (Object o : xp.selectNodes(envelope)) {
Object result = decryptedElements.get(o);
if (result != null &&
("Element".equals(encryptedPart.getEncModifier())
^ (Boolean) result)) {
found = true;
break;
}
}
if (!found) {
throw new RampartException("encryptedPartMissing",
new String[]{xpath});
}
} catch (JaxenException e) {
// This has to be changed to propagate an instance of a RampartException up
throw new RampartException("An error occurred while searching for decrypted elements.", e);
}
}
}