You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2011/12/05 20:48:38 UTC
svn commit: r1210595 - in /webservices/wss4j/branches/swssf:
streaming-ws-policy/src/main/java/org/swssf/policy/
streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/
streaming-ws-policy/src/test/java/org/swssf/policy/test/ streaming-ws-s...
Author: giger
Date: Mon Dec 5 19:48:38 2011
New Revision: 1210595
URL: http://svn.apache.org/viewvc?rev=1210595&view=rev
Log:
SymmetricBinding and TransportBinding tests and corrections
Added:
webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SymmetricBindingTest.java (with props)
webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingTest.java (with props)
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecureConversationSecurityToken.java (with props)
Modified:
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcer.java
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java
webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignatureProtectionAssertionState.java
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcer.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcer.java?rev=1210595&r1=1210594&r2=1210595&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcer.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/PolicyEnforcer.java Mon Dec 5 19:48:38 2011
@@ -189,12 +189,15 @@ public class PolicyEnforcer implements S
assertableList.add(new KeyValueTokenAssertionState(abstractSecurityAssertion, false));
} else if (abstractSecurityAssertion instanceof AlgorithmSuite) {
assertableList.add(new AlgorithmSuiteAssertionState(abstractSecurityAssertion, true));
- } else if (abstractSecurityAssertion instanceof AsymmetricBinding) {
+ } else if (abstractSecurityAssertion instanceof AsymmetricBinding
+ || abstractSecurityAssertion instanceof SymmetricBinding) {
assertableList.add(new IncludeTimeStampAssertionState(abstractSecurityAssertion, false));
assertableList.add(new ProtectionOrderAssertionState(abstractSecurityAssertion, false));
assertableList.add(new SignatureProtectionAssertionState(abstractSecurityAssertion, false));
//todo token protection
assertableList.add(new OnlySignEntireHeadersAndBodyAssertionState(abstractSecurityAssertion, false));
+ } else if (abstractSecurityAssertion instanceof TransportBinding) {
+ assertableList.add(new IncludeTimeStampAssertionState(abstractSecurityAssertion, false));
} else if (abstractSecurityAssertion instanceof Layout) {
assertableList.add(new LayoutAssertionState(abstractSecurityAssertion, true));
}
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java?rev=1210595&r1=1210594&r2=1210595&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/OnlySignEntireHeadersAndBodyAssertionState.java Mon Dec 5 19:48:38 2011
@@ -21,6 +21,7 @@ package org.swssf.policy.assertionStates
import org.apache.ws.secpolicy.AssertionState;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AbstractSymmetricAsymmetricBinding;
import org.apache.ws.secpolicy.model.AsymmetricBinding;
import org.swssf.policy.Assertable;
import org.swssf.policy.PolicyConstants;
@@ -47,7 +48,7 @@ public class OnlySignEntireHeadersAndBod
@Override
public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
SignedPartSecurityEvent signedPartSecurityEvent = (SignedPartSecurityEvent) securityEvent;
- AsymmetricBinding asymmetricBinding = (AsymmetricBinding) getAssertion();
+ AbstractSymmetricAsymmetricBinding asymmetricBinding = (AbstractSymmetricAsymmetricBinding) getAssertion();
if (!asymmetricBinding.isOnlySignEntireHeadersAndBody()) {
setAsserted(true);
return true;
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignatureProtectionAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignatureProtectionAssertionState.java?rev=1210595&r1=1210594&r2=1210595&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignatureProtectionAssertionState.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/SignatureProtectionAssertionState.java Mon Dec 5 19:48:38 2011
@@ -21,6 +21,7 @@ package org.swssf.policy.assertionStates
import org.apache.ws.secpolicy.AssertionState;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.secpolicy.model.AbstractSecurityAssertion;
+import org.apache.ws.secpolicy.model.AbstractSymmetricAsymmetricBinding;
import org.apache.ws.secpolicy.model.AsymmetricBinding;
import org.swssf.policy.Assertable;
import org.swssf.wss.ext.WSSConstants;
@@ -56,7 +57,7 @@ public class SignatureProtectionAssertio
@Override
public boolean assertEvent(SecurityEvent securityEvent) throws WSSPolicyException {
EncryptedElementSecurityEvent encryptedElementSecurityEvent = (EncryptedElementSecurityEvent) securityEvent;
- AsymmetricBinding asymmetricBinding = (AsymmetricBinding) getAssertion();
+ AbstractSymmetricAsymmetricBinding asymmetricBinding = (AbstractSymmetricAsymmetricBinding) getAssertion();
//todo better matching until we have a streaming xpath evaluation engine (work in progress)
for (int i = 0; i < elements.size(); i++) {
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SymmetricBindingTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SymmetricBindingTest.java?rev=1210595&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SymmetricBindingTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SymmetricBindingTest.java Mon Dec 5 19:48:38 2011
@@ -0,0 +1,187 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.impl.securityToken.SecureConversationSecurityToken;
+import org.swssf.wss.securityEvent.*;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class SymmetricBindingTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:IncludeTimestamp/>\n" +
+ "<sp:EncryptBeforeSigning/>\n" +
+ "<sp:EncryptSignature/>\n" +
+ "<sp:ProtectTokens/>\n" +
+ "<sp:OnlySignEntireHeadersAndBody/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:SymmetricBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ SecureConversationTokenSecurityEvent secureConversationTokenSecurityEvent = new SecureConversationTokenSecurityEvent(SecurityEvent.Event.SecureConversationToken);
+ secureConversationTokenSecurityEvent.setSecurityToken(new SecureConversationSecurityToken(null, null, null, "1", null));
+ secureConversationTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Signature);
+ policyEnforcer.registerSecurityEvent(secureConversationTokenSecurityEvent);
+ secureConversationTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ policyEnforcer.registerSecurityEvent(secureConversationTokenSecurityEvent);
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_dsig_Signature);
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_wsse11_SignatureConfirmation);
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, true);
+ signedPartSecurityEvent.setElement(WSSConstants.TAG_soap12_Body);
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyNotIncludeTimestamp() throws Exception {
+ String policyString =
+ "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:EncryptBeforeSigning/>\n" +
+ "<sp:EncryptSignature/>\n" +
+ "<sp:ProtectTokens/>\n" +
+ "<sp:OnlySignEntireHeadersAndBody/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:SymmetricBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SecureConversationTokenSecurityEvent secureConversationTokenSecurityEvent = new SecureConversationTokenSecurityEvent(SecurityEvent.Event.X509Token);
+ secureConversationTokenSecurityEvent.setSecurityToken(new SecureConversationSecurityToken(null, null, null, "1", null));
+ secureConversationTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Signature);
+ policyEnforcer.registerSecurityEvent(secureConversationTokenSecurityEvent);
+ secureConversationTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ policyEnforcer.registerSecurityEvent(secureConversationTokenSecurityEvent);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ try {
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+
+ @Test
+ public void testPolicyWrongProtectionOrder() throws Exception {
+ String policyString =
+ "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:IncludeTimestamp/>\n" +
+ "<sp:EncryptBeforeSigning/>\n" +
+ "<sp:EncryptSignature/>\n" +
+ "<sp:ProtectTokens/>\n" +
+ "<sp:OnlySignEntireHeadersAndBody/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:SymmetricBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SecureConversationTokenSecurityEvent secureConversationTokenSecurityEvent = new SecureConversationTokenSecurityEvent(SecurityEvent.Event.X509Token);
+ secureConversationTokenSecurityEvent.setSecurityToken(new SecureConversationSecurityToken(null, null, null, "1", null));
+ secureConversationTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ try {
+ policyEnforcer.registerSecurityEvent(secureConversationTokenSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+
+ @Test
+ public void testPolicySignatureNotEncrypted() throws Exception {
+ String policyString =
+ "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:IncludeTimestamp/>\n" +
+ "<sp:EncryptBeforeSigning/>\n" +
+ "<sp:EncryptSignature/>\n" +
+ "<sp:ProtectTokens/>\n" +
+ "<sp:OnlySignEntireHeadersAndBody/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:SymmetricBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ SecureConversationTokenSecurityEvent secureConversationTokenSecurityEvent = new SecureConversationTokenSecurityEvent(SecurityEvent.Event.X509Token);
+ secureConversationTokenSecurityEvent.setSecurityToken(new SecureConversationSecurityToken(null, null, null, "1", null));
+ secureConversationTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Signature);
+ policyEnforcer.registerSecurityEvent(secureConversationTokenSecurityEvent);
+ secureConversationTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ policyEnforcer.registerSecurityEvent(secureConversationTokenSecurityEvent);
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, false);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_dsig_Signature);
+ try {
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+
+ @Test
+ public void testPolicyNotWholeBodySigned() throws Exception {
+ String policyString =
+ "<sp:SymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:IncludeTimestamp/>\n" +
+ "<sp:EncryptBeforeSigning/>\n" +
+ "<sp:EncryptSignature/>\n" +
+ "<sp:ProtectTokens/>\n" +
+ "<sp:OnlySignEntireHeadersAndBody/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:SymmetricBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ SecureConversationTokenSecurityEvent secureConversationTokenSecurityEvent = new SecureConversationTokenSecurityEvent(SecurityEvent.Event.X509Token);
+ secureConversationTokenSecurityEvent.setSecurityToken(new SecureConversationSecurityToken(null, null, null, "1", null));
+ secureConversationTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Signature);
+ policyEnforcer.registerSecurityEvent(secureConversationTokenSecurityEvent);
+ secureConversationTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ policyEnforcer.registerSecurityEvent(secureConversationTokenSecurityEvent);
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_dsig_Signature);
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_wsse11_SignatureConfirmation);
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, false);
+ signedPartSecurityEvent.setElement(WSSConstants.TAG_soap12_Body);
+ try {
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SymmetricBindingTest.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingTest.java?rev=1210595&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingTest.java Mon Dec 5 19:48:38 2011
@@ -0,0 +1,139 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.impl.securityToken.HttpsSecurityToken;
+import org.swssf.wss.securityEvent.*;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class TransportBindingTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:IncludeTimestamp/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:TransportBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.HttpsToken);
+ httpsTokenSecurityEvent.setSecurityToken(new HttpsSecurityToken(true, "username"));
+ httpsTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Signature);
+ policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
+ httpsTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_dsig_Signature);
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_wsse11_SignatureConfirmation);
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, true);
+ signedPartSecurityEvent.setElement(WSSConstants.TAG_soap12_Body);
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyNotIncludeTimestamp() throws Exception {
+ String policyString =
+ "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "</wsp:Policy>\n" +
+ "</sp:TransportBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.HttpsToken);
+ httpsTokenSecurityEvent.setSecurityToken(new HttpsSecurityToken(true, "username"));
+ httpsTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Signature);
+ policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
+ httpsTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ try {
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+
+ @Test
+ public void testPolicySignatureNotEncrypted() throws Exception {
+ String policyString =
+ "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:IncludeTimestamp/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:TransportBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.HttpsToken);
+ httpsTokenSecurityEvent.setSecurityToken(new HttpsSecurityToken(true, "username"));
+ httpsTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Signature);
+ policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
+ httpsTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, false);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_dsig_Signature);
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyNotWholeBodySigned() throws Exception {
+ String policyString =
+ "<sp:TransportBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:IncludeTimestamp/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:TransportBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.HttpsToken);
+ httpsTokenSecurityEvent.setSecurityToken(new HttpsSecurityToken(true, "username"));
+ httpsTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Signature);
+ policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
+ httpsTokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_dsig_Signature);
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_wsse11_SignatureConfirmation);
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, false);
+ signedPartSecurityEvent.setElement(WSSConstants.TAG_soap12_Body);
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/TransportBindingTest.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecureConversationSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecureConversationSecurityToken.java?rev=1210595&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecureConversationSecurityToken.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecureConversationSecurityToken.java Mon Dec 5 19:48:38 2011
@@ -0,0 +1,76 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.wss.impl.securityToken;
+
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.xmlsec.crypto.Crypto;
+import org.swssf.xmlsec.ext.SecurityContext;
+import org.swssf.xmlsec.ext.SecurityToken;
+import org.swssf.xmlsec.ext.XMLSecurityConstants;
+import org.swssf.xmlsec.ext.XMLSecurityException;
+
+import javax.security.auth.callback.CallbackHandler;
+import java.security.Key;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class SecureConversationSecurityToken extends AbstractAlgorithmSuiteSecurityEventFiringSecurityToken {
+
+ //todo implement
+
+ public SecureConversationSecurityToken(SecurityContext securityContext, Crypto crypto, CallbackHandler callbackHandler, String id, Object processor) {
+ super(securityContext, crypto, callbackHandler, id, processor);
+ }
+
+ public boolean isAsymmetric() {
+ return false;
+ }
+
+ public Key getSecretKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ super.getSecretKey(algorithmURI, keyUsage);
+ return null;
+ }
+
+ public PublicKey getPublicKey(XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ return null;
+ }
+
+ public X509Certificate[] getX509Certificates() throws XMLSecurityException {
+ return null;
+ }
+
+ public void verify() throws XMLSecurityException {
+ }
+
+ public SecurityToken getKeyWrappingToken() {
+ return null;
+ }
+
+ public String getKeyWrappingTokenAlgorithm() {
+ return null;
+ }
+
+ public XMLSecurityConstants.TokenType getTokenType() {
+ return WSSConstants.SecureConversationToken;
+ }
+}
Propchange: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/SecureConversationSecurityToken.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision