You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2011/12/04 22:40:58 UTC
svn commit: r1210233 [5/6] - in /webservices/wss4j/branches/swssf: ./
rampart-policy/ streaming-ws-policy/
streaming-ws-policy/src/main/java/org/swssf/policy/
streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/
streaming-ws-policy/src/m...
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/LayoutTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/LayoutTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/LayoutTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/LayoutTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,105 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.TimestampSecurityEvent;
+import org.swssf.wss.securityEvent.X509TokenSecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class LayoutTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicyLaxTsFirst() throws Exception {
+ String policyString =
+ "<sp:Layout xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:LaxTsFirst/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:Layout>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent(SecurityEvent.Event.X509Token);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyLaxTsFirstNegative() throws Exception {
+ String policyString =
+ "<sp:Layout xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:LaxTsFirst/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:Layout>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent(SecurityEvent.Event.X509Token);
+ try {
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+
+ @Test
+ public void testPolicyLaxTsLast() throws Exception {
+ String policyString =
+ "<sp:Layout xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:LaxTsLast/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:Layout>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent(SecurityEvent.Event.X509Token);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyLaxTsLastNegative() throws Exception {
+ String policyString =
+ "<sp:Layout xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:LaxTsLast/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:Layout>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent(SecurityEvent.Event.X509Token);
+ try {
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/PolicyTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/PolicyTest.java?rev=1210233&r1=1210232&r2=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/PolicyTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/PolicyTest.java Sun Dec 4 21:40:55 2011
@@ -323,7 +323,7 @@ public class PolicyTest extends Abstract
PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer(null);
inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.TransportToken);
+ HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.HttpsToken);
httpsTokenSecurityEvent.setIssuerName("transmitter");
httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
httpsTokenSecurityEvent.setSecurityToken(new HttpsSecurityToken(true, "transmitter"));
@@ -438,7 +438,7 @@ public class PolicyTest extends Abstract
PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer(null);
inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.TransportToken);
+ HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.HttpsToken);
httpsTokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication);
httpsTokenSecurityEvent.setSecurityToken(new HttpsSecurityToken(true, "CN=transmitter,OU=swssf,C=CH"));
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RelTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RelTokenTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RelTokenTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RelTokenTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.wss.securityEvent.RelTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class RelTokenTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:RelToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:WssRelV20Token11/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:RelToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ RelTokenSecurityEvent relTokenSecurityEvent = new RelTokenSecurityEvent(SecurityEvent.Event.RelToken);
+ policyEnforcer.registerSecurityEvent(relTokenSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ //todo more tests
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredElementsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredElementsTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredElementsTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredElementsTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.wss.securityEvent.RequiredElementSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import javax.xml.namespace.QName;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class RequiredElementsTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:RequiredElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
+ "</sp:RequiredElements>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent(SecurityEvent.Event.RequiredElement);
+ requiredElementSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
+ requiredElementSecurityEvent.setElement(new QName("http://example.org", "a"));
+ policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
+ //additional RequiredElements are also allowed!
+ requiredElementSecurityEvent.setElement(new QName("http://example.com", "b"));
+ policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyMultipleAssertionEventsNegative() throws Exception {
+ String policyString =
+ "<sp:RequiredElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
+ "</sp:RequiredElements>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ RequiredElementSecurityEvent requiredElementSecurityEvent = new RequiredElementSecurityEvent(SecurityEvent.Event.RequiredElement);
+ requiredElementSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(requiredElementSecurityEvent);
+ try {
+ policyEnforcer.doFinal();
+ Assert.fail("Exception expected");
+ } catch (WSSPolicyException e) {
+ Assert.assertEquals(e.getMessage(), "No policy alternative could be satisfied");
+ }
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredPartsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredPartsTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredPartsTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/RequiredPartsTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,73 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.wss.securityEvent.RequiredPartSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import javax.xml.namespace.QName;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class RequiredPartsTest extends AbstractPolicyTestBase {
+
+ //todo in RequiredPartsBuilder Name attribute is manadory!
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:RequiredParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:Header Name=\"a\" Namespace=\"http://example.org\"/>\n" +
+ "</sp:RequiredParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ RequiredPartSecurityEvent RequiredPartSecurityEvent = new RequiredPartSecurityEvent(SecurityEvent.Event.RequiredPart);
+ RequiredPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(RequiredPartSecurityEvent);
+ RequiredPartSecurityEvent.setElement(new QName("http://example.org", "a"));
+ policyEnforcer.registerSecurityEvent(RequiredPartSecurityEvent);
+ //additional encryptedParts are also allowed!
+ RequiredPartSecurityEvent.setElement(new QName("http://example.com", "b"));
+ policyEnforcer.registerSecurityEvent(RequiredPartSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyMultipleAssertionEventsNegative() throws Exception {
+ String policyString =
+ "<sp:RequiredParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:Header Name=\"a\" Namespace=\"http://example.org\"/>\n" +
+ "</sp:RequiredParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ RequiredPartSecurityEvent RequiredPartSecurityEvent = new RequiredPartSecurityEvent(SecurityEvent.Event.RequiredPart);
+ RequiredPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(RequiredPartSecurityEvent);
+ try {
+ policyEnforcer.doFinal();
+ Assert.fail("Exception expected");
+ } catch (WSSPolicyException e) {
+ Assert.assertEquals(e.getMessage(), "No policy alternative could be satisfied");
+ }
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SamlTokenTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SamlTokenTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SamlTokenTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.opensaml.common.SAMLVersion;
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.securityEvent.SamlTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class SamlTokenTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:SamlToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:WssSamlV20Token11/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:SamlToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SamlTokenSecurityEvent samlTokenSecurityEvent = new SamlTokenSecurityEvent(SecurityEvent.Event.SamlToken);
+ samlTokenSecurityEvent.setIssuerName("xs:anyURI");
+ samlTokenSecurityEvent.setSamlVersion(SAMLVersion.VERSION_20);
+ policyEnforcer.registerSecurityEvent(samlTokenSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyNegative() throws Exception {
+ String policyString =
+ "<sp:SamlToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:WssSamlV20Token11/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:SamlToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SamlTokenSecurityEvent samlTokenSecurityEvent = new SamlTokenSecurityEvent(SecurityEvent.Event.SamlToken);
+ samlTokenSecurityEvent.setIssuerName("sss");
+ samlTokenSecurityEvent.setSamlVersion(SAMLVersion.VERSION_11);
+ try {
+ policyEnforcer.registerSecurityEvent(samlTokenSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecureConversationTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecureConversationTokenTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecureConversationTokenTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecureConversationTokenTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.securityEvent.SecureConversationTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class SecureConversationTokenTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:SecureConversationToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:RequireExternalUriReference/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:SecureConversationToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SecureConversationTokenSecurityEvent secureConversationTokenSecurityEvent = new SecureConversationTokenSecurityEvent(SecurityEvent.Event.SecureConversationToken);
+ secureConversationTokenSecurityEvent.setIssuerName("xs:anyURI");
+ secureConversationTokenSecurityEvent.setExternalUriRef(true);
+ policyEnforcer.registerSecurityEvent(secureConversationTokenSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyNegative() throws Exception {
+ String policyString =
+ "<sp:SecureConversationToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:RequireExternalUriReference/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:SecureConversationToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SecureConversationTokenSecurityEvent secureConversationTokenSecurityEvent = new SecureConversationTokenSecurityEvent(SecurityEvent.Event.SecureConversationToken);
+ secureConversationTokenSecurityEvent.setIssuerName("sss");
+ secureConversationTokenSecurityEvent.setExternalUriRef(true);
+ try {
+ policyEnforcer.registerSecurityEvent(secureConversationTokenSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecurityContextTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecurityContextTokenTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecurityContextTokenTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SecurityContextTokenTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.securityEvent.SecurityContextTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class SecurityContextTokenTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:SecurityContextToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:RequireExternalUriReference/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:SecurityContextToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent(SecurityEvent.Event.SecurityContextToken);
+ securityContextTokenSecurityEvent.setIssuerName("xs:anyURI");
+ securityContextTokenSecurityEvent.setExternalUriRef(true);
+ policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyNegative() throws Exception {
+ String policyString =
+ "<sp:SecurityContextToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:RequireExternalUriReference/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:SecurityContextToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SecurityContextTokenSecurityEvent securityContextTokenSecurityEvent = new SecurityContextTokenSecurityEvent(SecurityEvent.Event.SecurityContextToken);
+ securityContextTokenSecurityEvent.setIssuerName("sss");
+ securityContextTokenSecurityEvent.setExternalUriRef(true);
+ try {
+ policyEnforcer.registerSecurityEvent(securityContextTokenSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedElementsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedElementsTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedElementsTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedElementsTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.SignedElementSecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import javax.xml.namespace.QName;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class SignedElementsTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:SignedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
+ "</sp:SignedElements>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(SecurityEvent.Event.SignedElement, true);
+ signedElementSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
+ signedElementSecurityEvent.setElement(new QName("http://example.org", "a"));
+ policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
+ //additional SignedElements are also allowed!
+ signedElementSecurityEvent.setElement(new QName("http://example.com", "b"));
+ policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyMultipleAssertionEventsNegative() throws Exception {
+ String policyString =
+ "<sp:SignedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
+ "</sp:SignedElements>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SignedElementSecurityEvent signedElementSecurityEvent = new SignedElementSecurityEvent(SecurityEvent.Event.SignedElement, true);
+ signedElementSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
+ signedElementSecurityEvent = new SignedElementSecurityEvent(SecurityEvent.Event.SignedElement, false);
+ signedElementSecurityEvent.setElement(new QName("http://example.org", "a"));
+ try {
+ policyEnforcer.registerSecurityEvent(signedElementSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedPartsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedPartsTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedPartsTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SignedPartsTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,171 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.SignedPartSecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import javax.xml.namespace.QName;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class SignedPartsTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:SignedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:Body/>\n" +
+ "<sp:Header Name=\"a\" Namespace=\"http://example.org\"/>\n" +
+ "<sp:Attachments>\n" +
+ "<sp3:ContentSignatureTransform/>\n" +
+ "<sp3:AttachmentCompleteSignatureTransform/>\n" +
+ "</sp:Attachments>\n" +
+ "</sp:SignedParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, true);
+ signedPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ signedPartSecurityEvent.setElement(new QName("http://example.org", "a"));
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ //additional signedParts are also allowed!
+ signedPartSecurityEvent.setElement(new QName("http://example.com", "b"));
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyMultipleAssertionEventsNegative() throws Exception {
+ String policyString =
+ "<sp:SignedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:Body/>\n" +
+ "<sp:Header Name=\"a\" Namespace=\"http://example.org\"/>\n" +
+ "<sp:Attachments>\n" +
+ "<sp3:ContentSignatureTransform/>\n" +
+ "<sp3:AttachmentCompleteSignatureTransform/>\n" +
+ "</sp:Attachments>\n" +
+ "</sp:SignedParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, true);
+ signedPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, false);
+ signedPartSecurityEvent.setElement(new QName("http://example.org", "a"));
+ try {
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+
+ @Test
+ public void testPolicyAllHeaders() throws Exception {
+ String policyString =
+ "<sp:SignedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "</sp:SignedParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, true);
+ signedPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ signedPartSecurityEvent.setElement(new QName("http://example.org", "a"));
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ signedPartSecurityEvent.setElement(new QName("http://example.com", "b"));
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyAllHeadersNegative() throws Exception {
+ String policyString =
+ "<sp:SignedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "</sp:SignedParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, false);
+ signedPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ try {
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, false);
+ signedPartSecurityEvent.setElement(new QName("http://example.org", "a"));
+ try {
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+
+ @Test
+ public void testPolicyWildcardHeader() throws Exception {
+ String policyString =
+ "<sp:SignedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:Body/>\n" +
+ "<sp:Header Namespace=\"http://example.org\"/>\n" +
+ "<sp:Attachments>\n" +
+ "<sp3:ContentSignatureTransform/>\n" +
+ "<sp3:AttachmentCompleteSignatureTransform/>\n" +
+ "</sp:Attachments>\n" +
+ "</sp:SignedParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, true);
+ signedPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ signedPartSecurityEvent.setElement(new QName("http://example.org", "a"));
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ //additional signedParts are also allowed!
+ signedPartSecurityEvent.setElement(new QName("http://example.com", "b"));
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyWildcardHeaderNegative() throws Exception {
+ String policyString =
+ "<sp:SignedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:Body/>\n" +
+ "<sp:Header Namespace=\"http://example.org\"/>\n" +
+ "<sp:Attachments>\n" +
+ "<sp3:ContentSignatureTransform/>\n" +
+ "<sp3:AttachmentCompleteSignatureTransform/>\n" +
+ "</sp:Attachments>\n" +
+ "</sp:SignedParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, true);
+ signedPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, false);
+ signedPartSecurityEvent.setElement(new QName("http://example.org", "a"));
+ try {
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SpnegoContextTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SpnegoContextTokenTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SpnegoContextTokenTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/SpnegoContextTokenTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.SpnegoContextTokenSecurityEvent;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class SpnegoContextTokenTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:SpnegoContextToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:MustNotSendCancel/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:SpnegoContextToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ SpnegoContextTokenSecurityEvent spnegoContextTokenSecurityEvent = new SpnegoContextTokenSecurityEvent(SecurityEvent.Event.SpnegoContextToken);
+ spnegoContextTokenSecurityEvent.setIssuerName("xs:anyURI");
+ policyEnforcer.registerSecurityEvent(spnegoContextTokenSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ //todo more tests
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/UsernameTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/UsernameTokenTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/UsernameTokenTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/UsernameTokenTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.UsernameTokenSecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class UsernameTokenTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:UsernameToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:HashPassword/>\n" +
+ "<sp:WssUsernameToken11/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:UsernameToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent(SecurityEvent.Event.UsernameToken);
+ usernameTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_DIGEST);
+ usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
+ policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyNegative() throws Exception {
+ String policyString =
+ "<sp:UsernameToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:HashPassword/>\n" +
+ "<sp:WssUsernameToken11/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:UsernameToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent(SecurityEvent.Event.UsernameToken);
+ usernameTokenSecurityEvent.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT);
+ usernameTokenSecurityEvent.setUsernameTokenProfile(WSSConstants.NS_USERNAMETOKEN_PROFILE11);
+ try {
+ policyEnforcer.registerSecurityEvent(usernameTokenSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/VulnerabliltyVectorsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/VulnerabliltyVectorsTest.java?rev=1210233&r1=1210232&r2=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/VulnerabliltyVectorsTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/VulnerabliltyVectorsTest.java Sun Dec 4 21:40:55 2011
@@ -22,7 +22,6 @@ import org.apache.ws.security.handler.WS
import org.swssf.policy.PolicyEnforcer;
import org.swssf.policy.PolicyEnforcerFactory;
import org.swssf.policy.PolicyInputProcessor;
-import org.swssf.policy.secpolicy.WSSPolicyException;
import org.swssf.wss.ext.WSSConstants;
import org.swssf.wss.ext.WSSSecurityProperties;
import org.swssf.wss.ext.WSSecurityException;
@@ -89,7 +88,8 @@ public class VulnerabliltyVectorsTest ex
Throwable throwable = e.getCause();
Assert.assertNotNull(throwable);
Assert.assertTrue(throwable instanceof WSSecurityException);
- Assert.assertEquals(throwable.getMessage(), "SOAPAction (emptyPolicyOperation) does not match with the current Operation: {http://schemas.xmlsoap.org/wsdl/}definitions");
+ Assert.assertEquals(throwable.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
+ "\torg.apache.ws.secpolicy.WSSPolicyException: SOAPAction (emptyPolicyOperation) does not match with the current Operation: {http://schemas.xmlsoap.org/wsdl/}definitions");
}
}
@@ -135,8 +135,9 @@ public class VulnerabliltyVectorsTest ex
} catch (XMLStreamException e) {
Throwable throwable = e.getCause();
Assert.assertNotNull(throwable);
- Assert.assertTrue(throwable instanceof WSSPolicyException);
- Assert.assertEquals(throwable.getMessage(), "No policy alternative could be satisfied");
+ Assert.assertTrue(throwable instanceof WSSecurityException);
+ Assert.assertEquals(throwable.getMessage(), "An error was discovered processing the <wsse:Security> header; nested exception is: \n" +
+ "\torg.swssf.policy.PolicyViolationException: No policy alternative could be satisfied");
}
}
}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/X509TokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/X509TokenTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/X509TokenTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/X509TokenTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,137 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.impl.securityToken.DelegatingSecurityToken;
+import org.swssf.wss.impl.securityToken.X509SecurityToken;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.swssf.wss.securityEvent.X509TokenSecurityEvent;
+import org.swssf.xmlsec.ext.XMLSecurityConstants;
+import org.swssf.xmlsec.ext.XMLSecurityException;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.PublicKey;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class X509TokenTest extends AbstractPolicyTestBase {
+
+ public X509SecurityToken getX509Token(WSSConstants.TokenType tokenType) throws Exception {
+
+ final KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(this.getClass().getClassLoader().getResourceAsStream("transmitter.jks"), "default".toCharArray());
+
+ return new X509SecurityToken(tokenType, null, null, null, "", null) {
+ @Override
+ protected String getAlias() throws XMLSecurityException {
+ return "transmitter";
+ }
+
+ @Override
+ public Key getSecretKey(String algorithmURI, XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ try {
+ return keyStore.getKey("transmitter", "default".toCharArray());
+ } catch (Exception e) {
+ throw new XMLSecurityException(e.getMessage(), e);
+ }
+ }
+
+ @Override
+ public PublicKey getPublicKey(XMLSecurityConstants.KeyUsage keyUsage) throws XMLSecurityException {
+ try {
+ return keyStore.getCertificate("transmitter").getPublicKey();
+ } catch (Exception e) {
+ throw new XMLSecurityException(e.getMessage(), e);
+ }
+ }
+
+ @Override
+ public X509Certificate[] getX509Certificates() throws XMLSecurityException {
+ Certificate[] certificates;
+ try {
+ certificates = keyStore.getCertificateChain("transmitter");
+ } catch (Exception e) {
+ throw new XMLSecurityException(e.getMessage(), e);
+ }
+
+ X509Certificate[] x509Certificates = new X509Certificate[certificates.length];
+ for (int i = 0; i < certificates.length; i++) {
+ Certificate certificate = certificates[i];
+ x509Certificates[i] = (X509Certificate) certificate;
+ }
+ return x509Certificates;
+ }
+ };
+ }
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:X509Token xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:RequireThumbprintReference/>\n" +
+ "<sp:WssX509V3Token11/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:X509Token>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent(SecurityEvent.Event.X509Token);
+ x509TokenSecurityEvent.setSecurityToken(
+ new DelegatingSecurityToken(WSSConstants.KeyIdentifierType.THUMBPRINT_IDENTIFIER,
+ getX509Token(WSSConstants.X509V3Token)));
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyNegative() throws Exception {
+ String policyString =
+ "<sp:X509Token xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>CN=transmitter,OU=swssf,C=CH</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:RequireThumbprintReference/>\n" +
+ "<sp:WssX509V3Token11/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:X509Token>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent(SecurityEvent.Event.X509Token);
+ x509TokenSecurityEvent.setSecurityToken(
+ new DelegatingSecurityToken(WSSConstants.KeyIdentifierType.THUMBPRINT_IDENTIFIER,
+ getX509Token(WSSConstants.X509V1Token)));
+ try {
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/actionSpoofing.wsdl
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/actionSpoofing.wsdl?rev=1210233&r1=1210232&r2=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/actionSpoofing.wsdl (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/actionSpoofing.wsdl Sun Dec 4 21:40:55 2011
@@ -4,7 +4,7 @@
targetNamespace="http://www.example.net/WSDLService"
xmlns:tns="http://www.example.net/WSDLService"
xmlns:wsp12="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/testAsymmetricBindingIncludeTimestampAndProtectionOrderSignBeforeEncryptAndSignedUsernameSupportingTokenPolicyNegativeTest.wsdl
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/testAsymmetricBindingIncludeTimestampAndProtectionOrderSignBeforeEncryptAndSignedUsernameSupportingTokenPolicyNegativeTest.wsdl?rev=1210233&r1=1210232&r2=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/testAsymmetricBindingIncludeTimestampAndProtectionOrderSignBeforeEncryptAndSignedUsernameSupportingTokenPolicyNegativeTest.wsdl (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/testAsymmetricBindingIncludeTimestampAndProtectionOrderSignBeforeEncryptAndSignedUsernameSupportingTokenPolicyNegativeTest.wsdl Sun Dec 4 21:40:55 2011
@@ -75,10 +75,10 @@
</wsp12:Policy>
</sp1:Layout>
<sp1:IncludeTimestamp/>
- <!--<sp1:EncryptBeforeSigning/>-->
- <sp1:EncryptSignature/>
+ <sp1:EncryptBeforeSigning/>
+ <!--<sp1:EncryptSignature/>
<sp1:ProtectTokens/>
- <sp1:OnlySignEntireHeadersAndBody/>
+ <sp1:OnlySignEntireHeadersAndBody/>-->
</wsp12:Policy>
</sp1:AsymmetricBinding>
<sp1:SignedParts>
Modified: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/testAsymmetricBindingIncludeTimestampAndSignedUsernameSupportingTokenPolicy.wsdl
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/testAsymmetricBindingIncludeTimestampAndSignedUsernameSupportingTokenPolicy.wsdl?rev=1210233&r1=1210232&r2=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/testAsymmetricBindingIncludeTimestampAndSignedUsernameSupportingTokenPolicy.wsdl (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/testAsymmetricBindingIncludeTimestampAndSignedUsernameSupportingTokenPolicy.wsdl Sun Dec 4 21:40:55 2011
@@ -75,10 +75,10 @@
</wsp12:Policy>
</sp1:Layout>
<sp1:IncludeTimestamp/>
- <!--<sp1:EncryptBeforeSigning/>-->
+ <!--<sp1:EncryptBeforeSigning/>
<sp1:EncryptSignature/>
<sp1:ProtectTokens/>
- <sp1:OnlySignEntireHeadersAndBody/>
+ <sp1:OnlySignEntireHeadersAndBody/>-->
</wsp12:Policy>
</sp1:AsymmetricBinding>
<sp1:SignedParts>
Copied: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/wsdl-template.wsdl (from r1205951, webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/testAsymmetricBindingIncludeTimestampPolicy.wsdl)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/wsdl-template.wsdl?p2=webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/wsdl-template.wsdl&p1=webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/testAsymmetricBindingIncludeTimestampPolicy.wsdl&r1=1205951&r2=1210233&rev=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/testAsymmetricBindingIncludeTimestampPolicy.wsdl (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/resources/testdata/wsdl/wsdl-template.wsdl Sun Dec 4 21:40:55 2011
@@ -3,9 +3,7 @@
name="PlainService"
targetNamespace="http://www.example.net/WSDLService"
xmlns:tns="http://www.example.net/WSDLService"
- xmlns:wsp12="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802"
- xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
@@ -14,213 +12,52 @@
<wsdl:types>
<xs:schema>
- <xs:import namespace="http://schemas.xmlsoap.org/wsdl/"
- schemaLocation="wsdl.xsd"/>
</xs:schema>
</wsdl:types>
- <wsp12:Policy wsu:Id="MessagePolicy3">
- <wsp12:ExactlyOne>
- <wsp12:All>
- <sp1:AsymmetricBinding>
- <wsp12:Policy>
- <sp1:InitiatorToken>
- <wsp12:Policy>
- <sp1:X509Token IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
- <!--<sp1:Issuer>wsa:EndpointReferenceType</sp1:Issuer>-->
- <sp1:IssuerName>CN=transmitter,OU=swssf,C=CH</sp1:IssuerName>
- <wsp12:Policy>
- <!-- 9 WSS: SOAP Message Security Options
- Optional and not implemented:-->
- <!--<sp1:RequireKeyIdentifierReference/> -->
- <!--<sp1:RequireIssuerSerialReference/>-->
- <!--
- <sp1:RequireEmbeddedTokenReference/>
- <sp1:RequireThumbprintReference/>
- -->
- <sp1:WssX509V3Token11/>
- <!--
- <sp1:WssX509Pkcs7Token10/>
- <sp1:WssX509PkiPathV1Token10/>
- <sp1:WssX509V1Token11/>
- <sp1:WssX509V3Token11/>
- <sp1:WssX509Pkcs7Token11/>
- <sp1:WssX509PkiPathV1Token11/>
- -->
- </wsp12:Policy>
- </sp1:X509Token>
- </wsp12:Policy>
- </sp1:InitiatorToken>
- <sp1:RecipientToken>
- <wsp12:Policy>
- <sp1:X509Token IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
- <sp1:IssuerName>CN=receiver,OU=swssf,C=CH</sp1:IssuerName>
- <wsp12:Policy>
- <!--
- <sp1:RequireIssuerSerialReference/>
- -->
- <sp1:WssX509V3Token11/>
- </wsp12:Policy>
- </sp1:X509Token>
- </wsp12:Policy>
- </sp1:RecipientToken>
- <sp1:AlgorithmSuite>
- <wsp12:Policy>
- <sp1:Basic256/>
- </wsp12:Policy>
- </sp1:AlgorithmSuite>
- <sp1:Layout>
- <wsp12:Policy>
- <sp1:Lax/>
- </wsp12:Policy>
- </sp1:Layout>
- <sp1:IncludeTimestamp/>
- <sp1:EncryptSignature/>
- <sp1:ProtectTokens/>
- <sp1:OnlySignEntireHeadersAndBody/>
- </wsp12:Policy>
- </sp1:AsymmetricBinding>
- <sp1:SignedParts>
- <sp1:Body/>
- <sp1:Header Name="Header1" Namespace="..."/>
- <sp1:Header Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/>
- </sp1:SignedParts>
- <sp1:SignedElements>
- <sp1:XPath xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">wsu:Created</sp1:XPath>
- </sp1:SignedElements>
- <sp1:EncryptedParts>
- <sp1:Body/>
- <sp1:Header Name="Header2" Namespace="..."/>
- <sp1:Header Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/>
- </sp1:EncryptedParts>
- <sp1:EncryptedElements>
- <sp1:XPath xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">wsu:Created</sp1:XPath>
- </sp1:EncryptedElements>
- <sp1:ContentEncryptedElements>
- <sp1:XPath xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">wsu:Expires</sp1:XPath>
- </sp1:ContentEncryptedElements>
- </wsp12:All>
- <wsp12:All>
- <sp1:AsymmetricBinding>
- <wsp12:Policy>
- <sp1:AlgorithmSuite>
- <wsp12:Policy>
- <sp1:Basic256Rsa15/>
- </wsp12:Policy>
- </sp1:AlgorithmSuite>
- <sp1:IncludeTimestamp/>
- </wsp12:Policy>
- </sp1:AsymmetricBinding>
- <sp1:SignedParts>
- <sp1:Header Name="Header1" Namespace="..."/>
- <sp1:Header Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds"/>
- </sp1:SignedParts>
- <sp1:SignedElements>
- <sp1:XPath xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">wsu:Created</sp1:XPath>
- </sp1:SignedElements>
- <sp1:EncryptedParts>
- <sp1:Body/>
- <sp1:Header Name="Header2" Namespace="..."/>
- <sp1:Header Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds"/>
- </sp1:EncryptedParts>
- <sp1:EncryptedElements>
- <sp1:XPath xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">wsu:Created</sp1:XPath>
- </sp1:EncryptedElements>
- <sp1:ContentEncryptedElements>
- <sp1:XPath xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">wsu:Expires</sp1:XPath>
- </sp1:ContentEncryptedElements>
- <sp1:RequiredParts>
- <sp1:Header Name="Header1" Namespace="www.example.org"/>
- </sp1:RequiredParts>
- </wsp12:All>
- </wsp12:ExactlyOne>
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="MessagePolicy2">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="MessagePolicy1">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="PortTypePolicy">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="OperationPolicy2">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="InputPolicy2">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="OutputPolicy2">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="FaultPolicy2">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="BindingPolicy">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="OperationPolicy1">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="InputPolicy1">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="OutputPolicy1">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="FaultPolicy1">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="ServicePolicy">
- </wsp12:Policy>
- <wsp12:Policy wsu:Id="PortPolicy">
- </wsp12:Policy>
+ <wsp:Policy wsu:Id="Policy1">
+ </wsp:Policy>
<wsdl:message name="WsdlRequest">
- <wsp12:PolicyReference URI="#MessagePolicy3"/>
+ <wsp:PolicyReference URI="#Policy1"/>
<wsdl:part name="parameters" element="wsdl:definitions"/>
</wsdl:message>
<wsdl:message name="WsdlResponse">
- <wsp12:PolicyReference URI="#MessagePolicy2"/>
<wsdl:part name="parameters" element="wsdl:definitions"/>
</wsdl:message>
<wsdl:message name="WsdlFault">
- <wsp12:PolicyReference URI="#MessagePolicy1"/>
<wsdl:part name="parameters" element="wsdl:definitions"/>
</wsdl:message>
<wsdl:portType name="WsdlPort">
- <wsp12:PolicyReference URI="#PortTypePolicy"/>
<wsdl:operation name="definitions">
- <wsp12:PolicyReference URI="#OperationPolicy2"/>
<wsdl:input message="tns:WsdlRequest">
- <!-- attaching policies is per wsdl.xsd not allowed here. But the spec
- http://www.w3.org/TR/2007/REC-ws-policy-attach-20070904/#MessagePolicySubject
- states it's possible... hmmm -->
- <wsp12:PolicyReference URI="#InputPolicy2"/>
</wsdl:input>
<wsdl:output message="tns:WsdlResponse">
- <wsp12:PolicyReference URI="#OutputPolicy2"/>
</wsdl:output>
<wsdl:fault name="WsdlFault" message="tns:WsdlFault">
- <wsp12:PolicyReference URI="#FaultPolicy2"/>
</wsdl:fault>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="WsdlSOAPBinding" type="tns:WsdlPort">
- <wsp12:PolicyReference URI="#BindingPolicy"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
<wsdl:operation name="definitions">
- <wsp12:PolicyReference URI="#OperationPolicy1"/>
<soap:operation soapAction="" style="document"/>
<wsdl:input>
- <wsp12:PolicyReference URI="#InputPolicy1"/>
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output>
- <wsp12:PolicyReference URI="#OutputPolicy1"/>
<soap:body use="literal"/>
</wsdl:output>
<wsdl:fault name="WsdlFault">
- <wsp12:PolicyReference URI="#FaultPolicy1"/>
<soap:fault name="WsdlFault" use="literal"/>
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="WsdlService">
- <wsp12:PolicyReference URI="#ServicePolicy"/>
<wsdl:port name="Wsdl" binding="tns:WsdlSOAPBinding">
- <wsp12:PolicyReference URI="#PortPolicy"/>
<soap:address
location="http://localhost:8080/WsdlService"/>
</wsdl:port>
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSConstants.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSConstants.java?rev=1210233&r1=1210232&r2=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSConstants.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSConstants.java Sun Dec 4 21:40:55 2011
@@ -245,6 +245,10 @@ public class WSSConstants extends XMLSec
public static final TokenType IssuedToken = new TokenType("IssuedToken");
public static final TokenType SecureConversationToken = new TokenType("SecureConversationToken");
public static final TokenType HttpsToken = new TokenType("HttpsToken");
+ public static final TokenType KerberosToken = new TokenType("KerberosToken");
+ public static final TokenType SpnegoContextToken = new TokenType("SpnegoContextToken");
+ public static final TokenType RelToken = new TokenType("RelToken");
+ public static final TokenType KeyValueToken = new TokenType("KeyValueToken");
public static class TokenType extends XMLSecurityConstants.TokenType {
protected TokenType(String name) {
Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java?rev=1210233&r1=1210232&r2=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/ext/WSSUtils.java Sun Dec 4 21:40:55 2011
@@ -19,6 +19,7 @@
package org.swssf.wss.ext;
import org.apache.commons.codec.binary.Base64;
+import org.swssf.wss.securityEvent.*;
import org.swssf.xmlsec.crypto.Merlin;
import org.swssf.xmlsec.ext.*;
@@ -335,4 +336,46 @@ public class WSSUtils extends XMLSecurit
abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, attributes);
abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
}
+
+ public static TokenSecurityEvent createTokenSecurityEvent(SecurityToken securityToken) throws WSSecurityException {
+ while (securityToken.getKeyWrappingToken() != null) {
+ securityToken = securityToken.getKeyWrappingToken();
+ }
+ WSSConstants.TokenType tokenType = (WSSConstants.TokenType) securityToken.getTokenType();
+
+ TokenSecurityEvent tokenSecurityEvent;
+ if (tokenType == WSSConstants.X509V1Token
+ || tokenType == WSSConstants.X509V3Token
+ || tokenType == WSSConstants.X509Pkcs7Token
+ || tokenType == WSSConstants.X509PkiPathV1Token) {
+ //todo parameter to *TokenSecurityEvent can most probably be eliminated
+ tokenSecurityEvent = new X509TokenSecurityEvent(SecurityEvent.Event.X509Token);
+ } else if (tokenType == WSSConstants.UsernameToken) {
+ tokenSecurityEvent = new UsernameTokenSecurityEvent(SecurityEvent.Event.UsernameToken);
+ } else if (tokenType == WSSConstants.IssuedToken) {
+ tokenSecurityEvent = new IssuedTokenSecurityEvent(SecurityEvent.Event.IssuedToken);
+ } else if (tokenType == WSSConstants.KerberosToken) {
+ tokenSecurityEvent = new KerberosTokenSecurityEvent(SecurityEvent.Event.KerberosToken);
+ } else if (tokenType == WSSConstants.SpnegoContextToken) {
+ tokenSecurityEvent = new SpnegoContextTokenSecurityEvent(SecurityEvent.Event.SpnegoContextToken);
+ } else if (tokenType == WSSConstants.SecurityContextToken) {
+ tokenSecurityEvent = new SecurityContextTokenSecurityEvent(SecurityEvent.Event.SecurityContextToken);
+ } else if (tokenType == WSSConstants.SecureConversationToken) {
+ tokenSecurityEvent = new SecureConversationTokenSecurityEvent(SecurityEvent.Event.SecureConversationToken);
+ } else if (tokenType == WSSConstants.Saml10Token
+ || tokenType == WSSConstants.Saml11Token
+ || tokenType == WSSConstants.Saml20Token) {
+ tokenSecurityEvent = new SamlTokenSecurityEvent(SecurityEvent.Event.SamlToken);
+ } else if (tokenType == WSSConstants.RelToken) {
+ tokenSecurityEvent = new RelTokenSecurityEvent(SecurityEvent.Event.RelToken);
+ } else if (tokenType == WSSConstants.HttpsToken) {
+ tokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.HttpsToken);
+ } else if (tokenType == WSSConstants.KeyValueToken) {
+ tokenSecurityEvent = new KeyValueTokenSecurityEvent(SecurityEvent.Event.KeyValueToken);
+ } else {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN);
+ }
+ tokenSecurityEvent.setSecurityToken(securityToken);
+ return tokenSecurityEvent;
+ }
}