protected void handleSupportingTokens()

in modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java [346:407]

• 49 lines of code
• 20 McCabe index (conditional complexity)

    protected void handleSupportingTokens(RampartMessageData rmd, List<WSSecurityEngineResult> results, SupportingToken suppTok) throws RampartException {
        
        if(suppTok == null) {
            return;
        }
        
        WSHandlerResult wsResults = null;
        try {
            WSSecurityEngine secEngine = new WSSecurityEngine();
            wsResults =
                secEngine.processSecurityHeader(rmd.getDocument(), null, null, null);
        } catch (WSSecurityException e) {
            // This has to be changed to propagate an instance of a RampartException up
            throw new RampartException("An error occurred while searching for signed elements.", e);
        }
 
        ArrayList tokens = suppTok.getTokens();
        for (Object objectToken : tokens) {
            Token token = (Token) objectToken;
            if (token instanceof UsernameToken) {
                UsernameToken ut = (UsernameToken) token;
                //Check presence of a UsernameToken
                WSSecurityEngineResult utResult = wsResults.getActionResults().get(WSConstants.UT).get(0);
                
                if (utResult == null && !ut.isOptional()) {
                    throw new RampartException("usernameTokenMissing");
                }
                
                org.apache.wss4j.dom.message.token.UsernameToken wssUt = (org.apache.wss4j.dom.message.token.UsernameToken) utResult.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
                
                if(ut.isNoPassword() && wssUt.getPassword() != null) {
                	throw new RampartException("invalidUsernameTokenType");
                }
                
            	if(ut.isHashPassword() && !wssUt.isHashed()) {
                	throw new RampartException("invalidUsernameTokenType");
                } else if (!ut.isHashPassword() && (wssUt.getPassword() == null ||
                        !wssUt.getPasswordType().equals(WSConstants.PASSWORD_TEXT))) {
                	throw new RampartException("invalidUsernameTokenType");
                }
                
                

            } else if (token instanceof IssuedToken) {
                WSSecurityEngineResult samlResult = wsResults.getActionResults().get(WSConstants.ST_SIGNED).get(0);
                // Then check for unsigned saml tokens
                if (samlResult == null) {
                    log.debug("No signed SAMLToken found. Looking for unsigned SAMLTokens");
                    samlResult = wsResults.getActionResults().get(WSConstants.ST_UNSIGNED).get(0);
                }
                if (samlResult == null) {
                    throw new RampartException("samlTokenMissing");
                }
            } else if (token instanceof X509Token) {
                X509Token x509Token = (X509Token) token;
                WSSecurityEngineResult x509Result = wsResults.getActionResults().get(WSConstants.BST).get(0);
                if (x509Result == null && !x509Token.isOptional()) {
                    throw new RampartException("binaryTokenMissing");
                }
            }
        }
    }