You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2012/03/26 21:36:10 UTC
svn commit: r1305513 - in
/webservices/wss4j/branches/swssf/streaming-ws-policy/src:
main/java/org/swssf/policy/assertionStates/ test/java/org/swssf/policy/test/
Author: giger
Date: Mon Mar 26 19:36:09 2012
New Revision: 1305513
URL: http://svn.apache.org/viewvc?rev=1305513&view=rev
Log:
DerivedKeys assertion tests and fixes. WSS-376
Added:
webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java (with props)
Modified:
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/HttpsTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -55,33 +55,32 @@ public class HttpsTokenAssertionState ex
HttpsTokenSecurityEvent httpsTokenSecurityEvent = (HttpsTokenSecurityEvent) tokenSecurityEvent;
HttpsToken httpsToken = (HttpsToken) abstractToken;
- setAsserted(true);
if (httpsToken.getIssuerName() != null && !httpsToken.getIssuerName().equals(httpsTokenSecurityEvent.getIssuerName())) {
- setAsserted(false);
setErrorMessage("IssuerName in Policy (" + httpsToken.getIssuerName() + ") didn't match with the one in the HttpsToken (" + httpsTokenSecurityEvent.getIssuerName() + ")");
+ return false;
}
if (httpsToken.getAuthenticationType() != null) {
switch (httpsToken.getAuthenticationType()) {
case HttpBasicAuthentication:
if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication) {
- setAsserted(false);
setErrorMessage("Policy enforces HttpBasicAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
+ return false;
}
break;
case HttpDigestAuthentication:
if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpDigestAuthentication) {
- setAsserted(false);
setErrorMessage("Policy enforces HttpDigestAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
+ return false;
}
break;
case RequireClientCertificate:
if (httpsTokenSecurityEvent.getAuthenticationType() != HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication) {
- setAsserted(false);
setErrorMessage("Policy enforces HttClientCertificateAuthentication but we got " + httpsTokenSecurityEvent.getAuthenticationType());
+ return false;
}
break;
}
}
- return isAsserted();
+ return true;
}
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/IssuedTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -63,8 +63,6 @@ public class IssuedTokenAssertionState e
}
}
//todo internal/external reference?
-
- setAsserted(true);
//always return true to prevent false alarm in case additional tokens with the same usage
//appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
return true;
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KerberosTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -77,8 +77,6 @@ public class KerberosTokenAssertionState
}
}
//todo
-
- setAsserted(true);
//always return true to prevent false alarm in case additional tokens with the same usage
//appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
return true;
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/KeyValueTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -58,8 +58,6 @@ public class KeyValueTokenAssertionState
setErrorMessage("Policy enforces that a RsaKeyValue must be present in the KeyValueToken but we got a " + keyValueTokenSecurityEvent.getKeyValueTokenType() + "KeyValue");
return false;
}
-
- setAsserted(true);
//always return true to prevent false alarm in case additional tokens with the same usage
//appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
return true;
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/RelTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -62,8 +62,6 @@ public class RelTokenAssertionState exte
//todo RequireKeyIdentifierReference
//todo WssRelV*
-
- setAsserted(true);
//always return true to prevent false alarm in case additional tokens with the same usage
//appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
return true;
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SamlTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -92,7 +92,6 @@ public class SamlTokenAssertionState ext
return false;
}
}
- setAsserted(true);
//always return true to prevent false alarm in case additional tokens with the same usage
//appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
return true;
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecureConversationTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -64,7 +64,6 @@ public class SecureConversationTokenAsse
}
//todo sp:SC13SecurityContextToken:
//todo MustNotSendCancel etc...
- setAsserted(true);
//always return true to prevent false alarm in case additional tokens with the same usage
//appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
return true;
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SecurityContextTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -63,8 +63,6 @@ public class SecurityContextTokenAsserti
return false;
}
//todo sp:SC13SecurityContextToken:
-
- setAsserted(true);
//always return true to prevent false alarm in case additional tokens with the same usage
//appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
return true;
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SpnegoContextTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -61,8 +61,6 @@ public class SpnegoContextTokenAssertion
}
}
//todo MustNotSend*
-
- setAsserted(true);
//always return true to prevent false alarm in case additional tokens with the same usage
//appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
return true;
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/TokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -117,15 +117,17 @@ public abstract class TokenAssertionStat
return true;
}
+ boolean asserted = true;
+
//WSP1.3, 5.1 Token Inclusion
//todo do we need a global token cache to fullfill ".../IncludeToken/Once" ?
SPConstants.IncludeTokenType includeTokenType = abstractToken.getIncludeTokenType();
if (includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER) {
- setAsserted(false);
setErrorMessage("Token must not be included");
- return false;
+ asserted = false;
}
+ //WSP1.3, 5.3 Token Properties
boolean hasDerivedKeys = false;
hasDerivedKeys = hasDerivedKeys(tokenSecurityEvent.getSecurityToken());
if (abstractToken.getDerivedKeys() != null) {
@@ -135,18 +137,21 @@ public abstract class TokenAssertionStat
case RequireExplicitDerivedKeys:
case RequireImpliedDerivedKeys:
if (!hasDerivedKeys) {
- setAsserted(false);
setErrorMessage("Derived key must be used");
+ asserted = false;
}
}
} else {
if (hasDerivedKeys) {
- setAsserted(false);
setErrorMessage("Derived key must not be used");
+ asserted = false;
}
}
- boolean asserted = assertToken(tokenSecurityEvent, abstractToken);
+ asserted &= assertToken(tokenSecurityEvent, abstractToken);
+ if (asserted) {
+ setAsserted(true);
+ }
if (!asserted && (tokenUsages.contains(SecurityToken.TokenUsage.MainSignature)
|| tokenUsages.contains(SecurityToken.TokenUsage.MainEncryption))) {
//return false if not asserted for the main signature and encryption tokens
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/UsernameTokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -98,7 +98,6 @@ public class UsernameTokenAssertionState
break;
}
}
- setAsserted(true);
//always return true to prevent false alarm in case additional tokens with the same usage
//appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
return true;
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java?rev=1305513&r1=1305512&r2=1305513&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/X509TokenAssertionState.java Mon Mar 26 19:36:09 2012
@@ -127,8 +127,6 @@ public class X509TokenAssertionState ext
setErrorMessage(e.getMessage());
return false;
}
-
- setAsserted(true);
//always return true to prevent false alarm in case additional tokens with the same usage
//appears in the message but do not fulfill the policy and are also not needed to fulfil the policy.
return true;
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java?rev=1305513&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java Mon Mar 26 19:36:09 2012
@@ -0,0 +1,478 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.impl.securityToken.X509SecurityToken;
+import org.swssf.wss.securityEvent.*;
+import org.swssf.xmlsec.ext.SecurityToken;
+import org.swssf.xmlsec.ext.XMLSecurityConstants;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import javax.xml.namespace.QName;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class DerivedKeyTests extends AbstractPolicyTestBase {
+
+ @Test
+ public void testDerivedKeyInitiatorTokenPolicy() throws Exception {
+ String policyString =
+ "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:InitiatorToken>\n" +
+ " <wsp:Policy>\n" +
+ " <sp:X509Token>\n" +
+ " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:RequireDerivedKeys/>\n" +
+ " </wsp:Policy>\n" +
+ " </sp:X509Token>\n" +
+ " </wsp:Policy>\n" +
+ "</sp:InitiatorToken>\n" +
+ "<sp:RecipientToken>\n" +
+ " <wsp:Policy>\n" +
+ " <sp:X509Token>\n" +
+ " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:RequireDerivedKeys/>\n" +
+ " </wsp:Policy>\n" +
+ " </sp:X509Token>\n" +
+ " </wsp:Policy>\n" +
+ "</sp:RecipientToken>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:AsymmetricBinding>";
+
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ X509TokenSecurityEvent initiatorX509TokenSecurityEvent = new X509TokenSecurityEvent();
+ SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
+ initiatorX509TokenSecurityEvent.setSecurityToken(securityToken);
+
+ DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+ derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+ securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+ policyEnforcer.registerSecurityEvent(initiatorX509TokenSecurityEvent);
+
+ X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
+ securityToken = getX509Token(WSSConstants.X509V3Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
+ recipientX509TokenSecurityEvent.setSecurityToken(securityToken);
+
+ derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+ derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+ securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+ policyEnforcer.registerSecurityEvent(recipientX509TokenSecurityEvent);
+
+ List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
+ protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
+ protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
+ signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+
+ ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
+ contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+ policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+
+ OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+ operationSecurityEvent.setOperation(new QName("definitions"));
+
+ policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testDerivedKeyInitiatorTokenPolicyNegative() throws Exception {
+ String policyString =
+ "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:InitiatorToken>\n" +
+ " <wsp:Policy>\n" +
+ " <sp:X509Token>\n" +
+ " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:RequireDerivedKeys/>\n" +
+ " </wsp:Policy>\n" +
+ " </sp:X509Token>\n" +
+ " </wsp:Policy>\n" +
+ "</sp:InitiatorToken>\n" +
+ "<sp:RecipientToken>\n" +
+ " <wsp:Policy>\n" +
+ " <sp:X509Token>\n" +
+ " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:RequireDerivedKeys/>\n" +
+ " </wsp:Policy>\n" +
+ " </sp:X509Token>\n" +
+ " </wsp:Policy>\n" +
+ "</sp:RecipientToken>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:AsymmetricBinding>";
+
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ X509TokenSecurityEvent initiatorX509TokenSecurityEvent = new X509TokenSecurityEvent();
+ SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
+ initiatorX509TokenSecurityEvent.setSecurityToken(securityToken);
+ policyEnforcer.registerSecurityEvent(initiatorX509TokenSecurityEvent);
+
+ X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
+ securityToken = getX509Token(WSSConstants.X509V3Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
+ recipientX509TokenSecurityEvent.setSecurityToken(securityToken);
+
+ DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+ derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+ securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+ policyEnforcer.registerSecurityEvent(recipientX509TokenSecurityEvent);
+
+ List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
+ protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
+ protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
+ signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+
+ ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
+ contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+ policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+
+ OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+ operationSecurityEvent.setOperation(new QName("definitions"));
+ try {
+ policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertEquals(e.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
+ "\torg.swssf.policy.PolicyViolationException: \n" +
+ "Derived key must be used");
+ }
+ }
+
+ @Test
+ public void testDerivedKeyRecipientTokenPolicyNegative() throws Exception {
+ String policyString =
+ "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:InitiatorToken>\n" +
+ " <wsp:Policy>\n" +
+ " <sp:X509Token>\n" +
+ " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:RequireDerivedKeys/>\n" +
+ " </wsp:Policy>\n" +
+ " </sp:X509Token>\n" +
+ " </wsp:Policy>\n" +
+ "</sp:InitiatorToken>\n" +
+ "<sp:RecipientToken>\n" +
+ " <wsp:Policy>\n" +
+ " <sp:X509Token>\n" +
+ " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:RequireDerivedKeys/>\n" +
+ " </wsp:Policy>\n" +
+ " </sp:X509Token>\n" +
+ " </wsp:Policy>\n" +
+ "</sp:RecipientToken>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:AsymmetricBinding>";
+
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ X509TokenSecurityEvent initiatorX509TokenSecurityEvent = new X509TokenSecurityEvent();
+ SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.MainSignature);
+ initiatorX509TokenSecurityEvent.setSecurityToken(securityToken);
+
+ DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+ derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+ securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+ policyEnforcer.registerSecurityEvent(initiatorX509TokenSecurityEvent);
+
+ X509TokenSecurityEvent recipientX509TokenSecurityEvent = new X509TokenSecurityEvent();
+ securityToken = getX509Token(WSSConstants.X509V3Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.MainEncryption);
+ recipientX509TokenSecurityEvent.setSecurityToken(securityToken);
+ policyEnforcer.registerSecurityEvent(recipientX509TokenSecurityEvent);
+
+ List<XMLSecurityConstants.ContentType> protectionOrder = new LinkedList<XMLSecurityConstants.ContentType>();
+ protectionOrder.add(XMLSecurityConstants.ContentType.SIGNATURE);
+ protectionOrder.add(XMLSecurityConstants.ContentType.ENCRYPTION);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
+ signedPartSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+
+ ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(recipientX509TokenSecurityEvent.getSecurityToken(), true, protectionOrder);
+ contentEncryptedElementSecurityEvent.setElementPath(WSSConstants.SOAP_11_BODY_PATH);
+ policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+
+ OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+ operationSecurityEvent.setOperation(new QName("definitions"));
+ try {
+ policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertEquals(e.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
+ "\torg.swssf.policy.PolicyViolationException: \n" +
+ "Derived key must be used");
+ }
+ }
+
+ @Test
+ public void testDerivedKeySupportingTokenPolicy() throws Exception {
+ String policyString =
+ "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:X509Token>\n" +
+ " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:RequireDerivedKeys/>\n" +
+ " </wsp:Policy>\n" +
+ " </sp:X509Token>\n" +
+ " </wsp:Policy>\n" +
+ "</sp:SupportingTokens>";
+
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
+ SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+ x509TokenSecurityEvent.setSecurityToken(securityToken);
+
+ DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+ derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+ securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+ OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+ operationSecurityEvent.setOperation(new QName("definitions"));
+ policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testDerivedKeySupportingTokenPolicyNegative() throws Exception {
+ String policyString =
+ "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:X509Token>\n" +
+ " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:RequireDerivedKeys/>\n" +
+ " </wsp:Policy>\n" +
+ " </sp:X509Token>\n" +
+ " </wsp:Policy>\n" +
+ "</sp:SupportingTokens>";
+
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
+ SecurityToken securityToken = getX509Token(WSSConstants.X509V1Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+ x509TokenSecurityEvent.setSecurityToken(securityToken);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+ OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+ operationSecurityEvent.setOperation(new QName("definitions"));
+ try {
+ policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertEquals(e.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
+ "\torg.apache.ws.secpolicy.WSSPolicyException: \n" +
+ "Derived key must be used");
+ }
+ }
+
+ @Test
+ public void testDerivedKeySupportingTokenPolicyAdditionalToken() throws Exception {
+ String policyString =
+ "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:X509Token>\n" +
+ " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:RequireDerivedKeys/>\n" +
+ " </wsp:Policy>\n" +
+ " </sp:X509Token>\n" +
+ " </wsp:Policy>\n" +
+ "</sp:SupportingTokens>";
+
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
+ SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+ x509TokenSecurityEvent.setSecurityToken(securityToken);
+
+ DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+ derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+ securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+ x509TokenSecurityEvent = new X509TokenSecurityEvent();
+ securityToken = getX509Token(WSSConstants.X509V3Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+ x509TokenSecurityEvent.setSecurityToken(securityToken);
+
+ derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+ derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+ securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+ OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+ operationSecurityEvent.setOperation(new QName("definitions"));
+ policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testDerivedKeySupportingTokenPolicyAdditionalTokenNegative() throws Exception {
+ String policyString =
+ "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:X509Token>\n" +
+ " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:RequireDerivedKeys/>\n" +
+ " </wsp:Policy>\n" +
+ " </sp:X509Token>\n" +
+ " </wsp:Policy>\n" +
+ "</sp:SupportingTokens>";
+
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
+ SecurityToken securityToken = getX509Token(WSSConstants.X509V1Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+ x509TokenSecurityEvent.setSecurityToken(securityToken);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+ x509TokenSecurityEvent = new X509TokenSecurityEvent();
+ securityToken = getX509Token(WSSConstants.X509V1Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+ x509TokenSecurityEvent.setSecurityToken(securityToken);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+ OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+ operationSecurityEvent.setOperation(new QName("definitions"));
+
+ try {
+ policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof WSSPolicyException);
+ }
+ }
+
+ @Test
+ public void testDerivedKeySupportingTokenPolicyAdditionalTokenLastIgnore() throws Exception {
+ String policyString =
+ "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:X509Token>\n" +
+ " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:RequireDerivedKeys/>\n" +
+ " </wsp:Policy>\n" +
+ " </sp:X509Token>\n" +
+ " </wsp:Policy>\n" +
+ "</sp:SupportingTokens>";
+
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
+ X509SecurityToken securityToken = getX509Token(WSSConstants.X509V3Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+ x509TokenSecurityEvent.setSecurityToken(securityToken);
+
+ DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+ derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+ securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+ x509TokenSecurityEvent = new X509TokenSecurityEvent();
+ securityToken = getX509Token(WSSConstants.X509V1Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+ x509TokenSecurityEvent.setSecurityToken(securityToken);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+ OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+ operationSecurityEvent.setOperation(new QName("definitions"));
+ policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testDerivedKeySupportingTokenPolicyAdditionalTokenFirstIgnore() throws Exception {
+ String policyString =
+ "<sp:SupportingTokens xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:X509Token>\n" +
+ " <sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ " <wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ " <sp:RequireDerivedKeys/>\n" +
+ " </wsp:Policy>\n" +
+ " </sp:X509Token>\n" +
+ " </wsp:Policy>\n" +
+ "</sp:SupportingTokens>";
+
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
+ X509SecurityToken securityToken = getX509Token(WSSConstants.X509V1Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+ x509TokenSecurityEvent.setSecurityToken(securityToken);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+ x509TokenSecurityEvent = new X509TokenSecurityEvent();
+ securityToken = getX509Token(WSSConstants.X509V3Token);
+ securityToken.addTokenUsage(SecurityToken.TokenUsage.SupportingTokens);
+ x509TokenSecurityEvent.setSecurityToken(securityToken);
+
+ DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
+ derivedKeyTokenSecurityEvent.setSecurityToken(getX509Token(WSSConstants.DerivedKeyToken));
+ securityToken.addWrappedToken(derivedKeyTokenSecurityEvent.getSecurityToken());
+
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+
+ OperationSecurityEvent operationSecurityEvent = new OperationSecurityEvent();
+ operationSecurityEvent.setOperation(new QName("definitions"));
+ policyEnforcer.registerSecurityEvent(operationSecurityEvent);
+
+ policyEnforcer.doFinal();
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/DerivedKeyTests.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision