public void checkProofOfPossession()

in modules/rampart-integration/src/main/java/org/apache/sandesha2/security/rampart/RampartBasedSecurityManager.java [90:172]

• 65 lines of code
• 17 McCabe index (conditional complexity)

	public void checkProofOfPossession(SecurityToken token,
			OMElement messagePart, MessageContext message)
			throws SandeshaException {

		List<WSHandlerResult> results = null;
		if ((results = (List<WSHandlerResult>) message
				.getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
			String msg = SandeshaMessageHelper
					.getMessage(SandeshaMessageKeys.noSecurityResults);
			throw new SandeshaException(msg);
		} else {
			boolean verified = false;
			for (int i = 0; i < results.size() && !verified; i++) {
				WSHandlerResult rResult = results.get(i);
				List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();

				for (int j = 0; j < wsSecEngineResults.size() && !verified; j++) {
					WSSecurityEngineResult wser = wsSecEngineResults
							.get(j);
					if ((Integer)wser.get(WSSecurityEngineResult.TAG_ACTION) == WSConstants.SIGN
							&& wser.get(WSSecurityEngineResult.TAG_PRINCIPAL) != null) {

						// first verify the base token
						Principal principal = (Principal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
						if (principal instanceof WSDerivedKeyTokenPrincipal) {
							//Get the id of the SCT that was used to create the DKT 
							String baseTokenId = ((WSDerivedKeyTokenPrincipal) principal)
									.getBasetokenId();
							//Get the token that matches the id
							SecurityToken recoveredToken = this
									.recoverSecurityToken(baseTokenId);
							if (recoveredToken != null) {
								Token rahasToken = ((RampartSecurityToken) recoveredToken)
										.getToken();
								//check whether the SCT used in the message is 
								//similar to the one given into the method
								String recoverdTokenId = rahasToken.getId();
								String attRefId = null;
								String unattrefId = null;
								if (rahasToken.getAttachedReference() != null) {
									attRefId = this.getUriFromSTR(rahasToken
											.getAttachedReference());
								}
								if (rahasToken.getUnattachedReference() != null) {
									unattrefId = this.getUriFromSTR(rahasToken
											.getUnattachedReference());
								}

								String id = ((RampartSecurityToken) token)
										.getToken().getId();
								if (recoverdTokenId.equals(id)
										|| attRefId.equals(id)
										|| unattrefId.equals(id)) {
									//Token matched with a token that signed the message part
									//Now check signature parts
									OMAttribute idattr = messagePart
											.getAttribute(new QName(
													WSConstants.WSU_NS, "Id"));
                                    String processedId = (String)wser.get(WSSecurityEngineResult.TAG_ID);

                                    // Please review following code
                                    verified = processedId.equals(idattr.getAttributeValue());
									/*verified = wser.getSignedElements()
											.contains(
													idattr.getAttributeValue());*/
									if (verified) {
										break;
									}
								}
							}
						}
					}
				}
			}

			if (!verified) {
				String msg = SandeshaMessageHelper
						.getMessage(SandeshaMessageKeys.proofOfPossessionNotVerified);
				throw new SandeshaException(msg);
			}
		}

	}