You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2011/12/04 22:40:58 UTC
svn commit: r1210233 [4/6] - in /webservices/wss4j/branches/swssf: ./
rampart-policy/ streaming-ws-policy/
streaming-ws-policy/src/main/java/org/swssf/policy/
streaming-ws-policy/src/main/java/org/swssf/policy/assertionStates/
streaming-ws-policy/src/m...
Copied: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AlgorithmSuiteTest.java (from r1205951, webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/PolicyTest.java)
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AlgorithmSuiteTest.java?p2=webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AlgorithmSuiteTest.java&p1=webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/PolicyTest.java&r1=1205951&r2=1210233&rev=1210233&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/PolicyTest.java (original)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AlgorithmSuiteTest.java Sun Dec 4 21:40:55 2011
@@ -19,442 +19,118 @@
package org.swssf.policy.test;
import org.swssf.policy.PolicyEnforcer;
-import org.swssf.policy.PolicyEnforcerFactory;
-import org.swssf.policy.PolicyInputProcessor;
import org.swssf.policy.PolicyViolationException;
import org.swssf.wss.ext.WSSConstants;
-import org.swssf.wss.ext.WSSSecurityProperties;
-import org.swssf.wss.impl.securityToken.HttpsSecurityToken;
-import org.swssf.wss.securityEvent.HttpsTokenSecurityEvent;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.securityEvent.AlgorithmSuiteSecurityEvent;
import org.swssf.wss.securityEvent.SecurityEvent;
-import org.swssf.wss.test.AbstractTestBase;
-import org.swssf.wss.test.CallbackHandlerImpl;
-import org.swssf.xmlsec.ext.SecurePart;
import org.testng.Assert;
import org.testng.annotations.Test;
-import org.w3c.dom.Document;
-
-import javax.xml.stream.XMLStreamException;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-import java.io.*;
/**
* @author $Author$
* @version $Revision$ $Date$
*/
-public class PolicyTest extends AbstractTestBase {
+public class AlgorithmSuiteTest extends AbstractPolicyTestBase {
@Test
- public void testAsymmetricBindingIncludeTimestampPolicy() throws Exception {
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created.getLocalPart(), WSSConstants.TAG_wsu_Created.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires.getLocalPart(), WSSConstants.TAG_wsu_Expires.getNamespaceURI(), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/testAsymmetricBindingIncludeTimestampPolicy.wsdl"));
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer(null);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
+ public void testAlgorithmSuitePolicy() throws Exception {
+ String policyString =
+ "<sp:AlgorithmSuite xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:TripleDesRsa15/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:AlgorithmSuite>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent(SecurityEvent.Event.AlgorithmSuite);
+ algorithmSuiteSecurityEvent.setAlgorithmURI("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
+ algorithmSuiteSecurityEvent.setKeyUsage(WSSConstants.Enc);
+ policyEnforcer.registerSecurityEvent(algorithmSuiteSecurityEvent);
+ policyEnforcer.doFinal();
}
@Test
- public void testAsymmetricBindingIncludeTimestampPolicyNegativeTest() throws Exception {
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created.getLocalPart(), WSSConstants.TAG_wsu_Created.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires.getLocalPart(), WSSConstants.TAG_wsu_Expires.getNamespaceURI(), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/testAsymmetricBindingIncludeTimestampPolicyNegativeTest.wsdl"));
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer(null);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
+ public void testAlgorithmSuitePolicyMultipleAssertionEventsNegative() throws Exception {
+ String policyString =
+ "<sp:AlgorithmSuite xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:TripleDesRsa15/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:AlgorithmSuite>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent(SecurityEvent.Event.AlgorithmSuite);
+ algorithmSuiteSecurityEvent.setAlgorithmURI("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
+ algorithmSuiteSecurityEvent.setKeyUsage(WSSConstants.Enc);
+ policyEnforcer.registerSecurityEvent(algorithmSuiteSecurityEvent);
+ algorithmSuiteSecurityEvent.setAlgorithmURI("http://www.w3.org/2001/04/xmlenc#sha256");
+ algorithmSuiteSecurityEvent.setKeyUsage(WSSConstants.Dig);
try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- } catch (XMLStreamException e) {
+ policyEnforcer.registerSecurityEvent(algorithmSuiteSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "No policy alternative could be satisfied");
}
}
@Test
- public void testAsymmetricBindingIncludeTimestampAndSignedUsernameSupportingTokenPolicy() throws Exception {
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse_UsernameToken.getLocalPart(), WSSConstants.TAG_wsse_UsernameToken.getNamespaceURI(), SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created.getLocalPart(), WSSConstants.TAG_wsu_Created.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires.getLocalPart(), WSSConstants.TAG_wsu_Expires.getNamespaceURI(), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/testAsymmetricBindingIncludeTimestampAndSignedUsernameSupportingTokenPolicy.wsdl"));
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer(null);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-
- @Test
- public void testAsymmetricBindingIncludeTimestampAndSignedUsernameSupportingTokenPolicyNegativeTest() throws Exception {
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Element));
- //outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse_UsernameToken.getLocalPart(), WSSConstants.TAG_wsse_UsernameToken.getNamespaceURI(), SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created.getLocalPart(), WSSConstants.TAG_wsu_Created.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires.getLocalPart(), WSSConstants.TAG_wsu_Expires.getNamespaceURI(), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/testAsymmetricBindingIncludeTimestampAndSignedUsernameSupportingTokenPolicy.wsdl"));
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer(null);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
+ public void testAlgorithmSuitePolicyNegative() throws Exception {
+ String policyString =
+ "<sp:AlgorithmSuite xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:TripleDesRsa15/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:AlgorithmSuite>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent(SecurityEvent.Event.AlgorithmSuite);
+ algorithmSuiteSecurityEvent.setAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ algorithmSuiteSecurityEvent.setKeyUsage(WSSConstants.Enc);
try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- } catch (XMLStreamException e) {
+ policyEnforcer.registerSecurityEvent(algorithmSuiteSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "No policy alternative could be satisfied");
}
}
@Test
- public void testAsymmetricBindingIncludeTimestampAndProtectionOrderSignBeforeEncryptAndSignedUsernameSupportingTokenPolicyNegativeTest() throws Exception {
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse_UsernameToken.getLocalPart(), WSSConstants.TAG_wsse_UsernameToken.getNamespaceURI(), SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created.getLocalPart(), WSSConstants.TAG_wsu_Created.getNamespaceURI(), SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires.getLocalPart(), WSSConstants.TAG_wsu_Expires.getNamespaceURI(), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.ENCRYPT, WSSConstants.SIGNATURE};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/testAsymmetricBindingIncludeTimestampAndProtectionOrderSignBeforeEncryptAndSignedUsernameSupportingTokenPolicyNegativeTest.wsdl"));
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer(null);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
+ public void testAlgorithmSuitePolicyAlternatives() throws Exception {
+ String policyString =
+ "<sp:AlgorithmSuite xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<wsp:ExactlyOne>\n" +
+ "<sp:Basic256/>\n" +
+ "<sp:TripleDesRsa15/>\n" +
+ "</wsp:ExactlyOne>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:AlgorithmSuite>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent(SecurityEvent.Event.AlgorithmSuite);
+ algorithmSuiteSecurityEvent.setAlgorithmURI("http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
+ algorithmSuiteSecurityEvent.setKeyUsage(WSSConstants.Enc);
+ policyEnforcer.registerSecurityEvent(algorithmSuiteSecurityEvent);
+ policyEnforcer.doFinal();
}
@Test
- public void testTransportBindingBasicAuthenticationIncludeTimestampAndSignedUsernameSupportingTokenPolicy() throws Exception {
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Element));
- //outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse_UsernameToken.getLocalPart(), WSSConstants.TAG_wsse_UsernameToken.getNamespaceURI(), SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created.getLocalPart(), WSSConstants.TAG_wsu_Created.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires.getLocalPart(), WSSConstants.TAG_wsu_Expires.getNamespaceURI(), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/testTransportBindingBasicAuthenticationIncludeTimestampAndSignedUsernameSupportingTokenPolicy.wsdl"));
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer(null);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.TransportToken);
- httpsTokenSecurityEvent.setIssuerName("transmitter");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- httpsTokenSecurityEvent.setSecurityToken(new HttpsSecurityToken(true, "transmitter"));
- policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
-
- @Test
- public void testTransportBindingBasicAuthenticationIncludeTimestampAndSignedUsernameSupportingTokenPolicyNegativeTest() throws Exception {
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Element));
- //outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse_UsernameToken.getLocalPart(), WSSConstants.TAG_wsse_UsernameToken.getNamespaceURI(), SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created.getLocalPart(), WSSConstants.TAG_wsu_Created.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires.getLocalPart(), WSSConstants.TAG_wsu_Expires.getNamespaceURI(), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/testTransportBindingBasicAuthenticationIncludeTimestampAndSignedUsernameSupportingTokenPolicy.wsdl"));
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer(null);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
-/*
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.TransportToken);
- httpsTokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
- httpsTokenSecurityEvent.setSecurityToken(new HttpsSecurityToken((X509Certificate)outSecurityProperties.getSignatureKeyStore().getCertificate("transmitter")));
- policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
-*/
-
+ public void testAlgorithmSuitePolicyAlternativesNegative() throws Exception {
+ String policyString =
+ "<sp:AlgorithmSuite xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<wsp:ExactlyOne>\n" +
+ "<sp:Basic256/>\n" +
+ "<sp:TripleDesRsa15/>\n" +
+ "</wsp:ExactlyOne>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:AlgorithmSuite>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent(SecurityEvent.Event.AlgorithmSuite);
+ algorithmSuiteSecurityEvent.setAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
+ algorithmSuiteSecurityEvent.setKeyUsage(WSSConstants.Enc);
try {
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- } catch (XMLStreamException e) {
+ policyEnforcer.registerSecurityEvent(algorithmSuiteSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
- Assert.assertEquals(e.getCause().getMessage(), "No policy alternative could be satisfied");
}
}
-
- @Test
- public void testTransportBindingHttpsClientAuthenticationIncludeTimestampAndSignedUsernameSupportingTokenPolicy() throws Exception {
-
- WSSSecurityProperties outSecurityProperties = new WSSSecurityProperties();
- outSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- outSecurityProperties.setEncryptionUser("receiver");
- outSecurityProperties.loadEncryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
- outSecurityProperties.setSignatureUser("transmitter");
- outSecurityProperties.setTokenUser("transmitter");
- outSecurityProperties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_NONE);
- outSecurityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
-
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Element));
- //outSecurityProperties.addSignaturePart(new SecurePart(WSSConstants.TAG_wsse_UsernameToken.getLocalPart(), WSSConstants.TAG_wsse_UsernameToken.getNamespaceURI(), SecurePart.Modifier.Element));
- //outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Timestamp.getLocalPart(), WSSConstants.TAG_wsu_Timestamp.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Created.getLocalPart(), WSSConstants.TAG_wsu_Created.getNamespaceURI(), SecurePart.Modifier.Element));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_wsu_Expires.getLocalPart(), WSSConstants.TAG_wsu_Expires.getNamespaceURI(), SecurePart.Modifier.Content));
- outSecurityProperties.addEncryptionPart(new SecurePart(WSSConstants.TAG_soap_Body_LocalName, WSSConstants.NS_SOAP11, SecurePart.Modifier.Content));
- WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.TIMESTAMP, WSSConstants.SIGNATURE, WSSConstants.ENCRYPT};
- outSecurityProperties.setOutAction(actions);
-
- InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
- ByteArrayOutputStream baos = doOutboundSecurity(outSecurityProperties, sourceDocument);
-
- WSSSecurityProperties inSecurityProperties = new WSSSecurityProperties();
- inSecurityProperties.setCallbackHandler(new CallbackHandlerImpl());
- inSecurityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
- inSecurityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
-
- PolicyEnforcerFactory policyEnforcerFactory = PolicyEnforcerFactory.newInstance(this.getClass().getClassLoader().getResource("testdata/wsdl/testTransportBindingHttpsClientAuthenticationIncludeTimestampAndSignedUsernameSupportingTokenPolicy.wsdl"));
- PolicyEnforcer policyEnforcer = policyEnforcerFactory.newPolicyEnforcer(null);
- inSecurityProperties.addInputProcessor(new PolicyInputProcessor(policyEnforcer, null));
-
- HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.TransportToken);
- httpsTokenSecurityEvent.setIssuerName("CN=transmitter,OU=swssf,C=CH");
- httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication);
- httpsTokenSecurityEvent.setSecurityToken(new HttpsSecurityToken(true, "CN=transmitter,OU=swssf,C=CH"));
- policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
-
- Document document = doInboundSecurity(inSecurityProperties, new ByteArrayInputStream(baos.toByteArray()), policyEnforcer);
-
- //read the whole stream:
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.transform(new DOMSource(document), new StreamResult(
- new OutputStream() {
- @Override
- public void write(int b) throws IOException {
- // > /dev/null
- }
- }
- ));
- }
}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/AsymmetricBindingTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,213 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSConstants;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.impl.securityToken.X509SecurityToken;
+import org.swssf.wss.securityEvent.*;
+import org.swssf.xmlsec.ext.XMLSecurityException;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class AsymmetricBindingTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:IncludeTimestamp/>\n" +
+ "<sp:EncryptBeforeSigning/>\n" +
+ "<sp:EncryptSignature/>\n" +
+ "<sp:ProtectTokens/>\n" +
+ "<sp:OnlySignEntireHeadersAndBody/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:AsymmetricBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent(SecurityEvent.Event.X509Token);
+ x509TokenSecurityEvent.setSecurityToken(new X509SecurityToken(WSSConstants.X509V3Token, null, null, null, "1", null) {
+ @Override
+ protected String getAlias() throws XMLSecurityException {
+ return null;
+ }
+ });
+ x509TokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Signature);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ x509TokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_dsig_Signature);
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_wsse11_SignatureConfirmation);
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, true);
+ signedPartSecurityEvent.setElement(WSSConstants.TAG_soap12_Body);
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyNotIncludeTimestamp() throws Exception {
+ String policyString =
+ "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:EncryptBeforeSigning/>\n" +
+ "<sp:EncryptSignature/>\n" +
+ "<sp:ProtectTokens/>\n" +
+ "<sp:OnlySignEntireHeadersAndBody/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:AsymmetricBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent(SecurityEvent.Event.X509Token);
+ x509TokenSecurityEvent.setSecurityToken(new X509SecurityToken(WSSConstants.X509V3Token, null, null, null, "1", null) {
+ @Override
+ protected String getAlias() throws XMLSecurityException {
+ return null;
+ }
+ });
+ x509TokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Signature);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ x509TokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ try {
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+
+ @Test
+ public void testPolicyWrongProtectionOrder() throws Exception {
+ String policyString =
+ "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:IncludeTimestamp/>\n" +
+ "<sp:EncryptBeforeSigning/>\n" +
+ "<sp:EncryptSignature/>\n" +
+ "<sp:ProtectTokens/>\n" +
+ "<sp:OnlySignEntireHeadersAndBody/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:AsymmetricBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent(SecurityEvent.Event.X509Token);
+ x509TokenSecurityEvent.setSecurityToken(new X509SecurityToken(WSSConstants.X509V3Token, null, null, null, "1", null) {
+ @Override
+ protected String getAlias() throws XMLSecurityException {
+ return null;
+ }
+ });
+ x509TokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ try {
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+
+ @Test
+ public void testPolicySignatureNotEncrypted() throws Exception {
+ String policyString =
+ "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:IncludeTimestamp/>\n" +
+ "<sp:EncryptBeforeSigning/>\n" +
+ "<sp:EncryptSignature/>\n" +
+ "<sp:ProtectTokens/>\n" +
+ "<sp:OnlySignEntireHeadersAndBody/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:AsymmetricBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent(SecurityEvent.Event.X509Token);
+ x509TokenSecurityEvent.setSecurityToken(new X509SecurityToken(WSSConstants.X509V3Token, null, null, null, "1", null) {
+ @Override
+ protected String getAlias() throws XMLSecurityException {
+ return null;
+ }
+ });
+ x509TokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Signature);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ x509TokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, false);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_dsig_Signature);
+ try {
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+
+ @Test
+ public void testPolicyNotWholeBodySigned() throws Exception {
+ String policyString =
+ "<sp:AsymmetricBinding xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:IncludeTimestamp/>\n" +
+ "<sp:EncryptBeforeSigning/>\n" +
+ "<sp:EncryptSignature/>\n" +
+ "<sp:ProtectTokens/>\n" +
+ "<sp:OnlySignEntireHeadersAndBody/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:AsymmetricBinding>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ TimestampSecurityEvent timestampSecurityEvent = new TimestampSecurityEvent(SecurityEvent.Event.Timestamp);
+ policyEnforcer.registerSecurityEvent(timestampSecurityEvent);
+ X509TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent(SecurityEvent.Event.X509Token);
+ x509TokenSecurityEvent.setSecurityToken(new X509SecurityToken(WSSConstants.X509V3Token, null, null, null, "1", null) {
+ @Override
+ protected String getAlias() throws XMLSecurityException {
+ return null;
+ }
+ });
+ x509TokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Signature);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ x509TokenSecurityEvent.setTokenUsage(TokenSecurityEvent.TokenUsage.Encryption);
+ policyEnforcer.registerSecurityEvent(x509TokenSecurityEvent);
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_dsig_Signature);
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(WSSConstants.TAG_wsse11_SignatureConfirmation);
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ SignedPartSecurityEvent signedPartSecurityEvent = new SignedPartSecurityEvent(SecurityEvent.Event.SignedPart, false);
+ signedPartSecurityEvent.setElement(WSSConstants.TAG_soap12_Body);
+ try {
+ policyEnforcer.registerSecurityEvent(signedPartSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/ContentEncryptedElementsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/ContentEncryptedElementsTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/ContentEncryptedElementsTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/ContentEncryptedElementsTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.securityEvent.ContentEncryptedElementSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import javax.xml.namespace.QName;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class ContentEncryptedElementsTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:ContentEncryptedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
+ "</sp:ContentEncryptedElements>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(SecurityEvent.Event.ContentEncrypted, true);
+ contentEncryptedElementSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+ contentEncryptedElementSecurityEvent.setElement(new QName("http://example.org", "a"));
+ policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+ //additional ContentEncryptedElements are also allowed!
+ contentEncryptedElementSecurityEvent.setElement(new QName("http://example.com", "b"));
+ policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyMultipleAssertionEventsNegative() throws Exception {
+ String policyString =
+ "<sp:ContentEncryptedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
+ "</sp:ContentEncryptedElements>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ ContentEncryptedElementSecurityEvent contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(SecurityEvent.Event.ContentEncrypted, true);
+ contentEncryptedElementSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+ contentEncryptedElementSecurityEvent = new ContentEncryptedElementSecurityEvent(SecurityEvent.Event.ContentEncrypted, false);
+ contentEncryptedElementSecurityEvent.setElement(new QName("http://example.org", "a"));
+ try {
+ policyEnforcer.registerSecurityEvent(contentEncryptedElementSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedElementsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedElementsTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedElementsTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedElementsTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.securityEvent.EncryptedElementSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import javax.xml.namespace.QName;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class EncryptedElementsTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:EncryptedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
+ "</sp:EncryptedElements>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ encryptedElementSecurityEvent.setElement(new QName("http://example.org", "a"));
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ //additional EncryptedElements are also allowed!
+ encryptedElementSecurityEvent.setElement(new QName("http://example.com", "b"));
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyMultipleAssertionEventsNegative() throws Exception {
+ String policyString =
+ "<sp:EncryptedElements xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:XPath xmlns:b=\"http://example.org\">/b:a</sp:XPath>\n" +
+ "</sp:EncryptedElements>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ EncryptedElementSecurityEvent encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, true);
+ encryptedElementSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ encryptedElementSecurityEvent = new EncryptedElementSecurityEvent(SecurityEvent.Event.EncryptedElement, false);
+ encryptedElementSecurityEvent.setElement(new QName("http://example.org", "a"));
+ try {
+ policyEnforcer.registerSecurityEvent(encryptedElementSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedPartsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedPartsTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedPartsTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/EncryptedPartsTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,151 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.securityEvent.EncryptedPartSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import javax.xml.namespace.QName;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class EncryptedPartsTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:EncryptedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:Body/>\n" +
+ "<sp:Header Name=\"a\" Namespace=\"http://example.org\"/>\n" +
+ "<sp:Attachments/>\n" +
+ "</sp:EncryptedParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(SecurityEvent.Event.EncryptedPart, true);
+ encryptedPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ encryptedPartSecurityEvent.setElement(new QName("http://example.org", "a"));
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ //additional encryptedParts are also allowed!
+ encryptedPartSecurityEvent.setElement(new QName("http://example.com", "b"));
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyMultipleAssertionEventsNegative() throws Exception {
+ String policyString =
+ "<sp:EncryptedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:Body/>\n" +
+ "<sp:Header Name=\"a\" Namespace=\"http://example.org\"/>\n" +
+ "<sp:Attachments/>\n" +
+ "</sp:EncryptedParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(SecurityEvent.Event.EncryptedPart, true);
+ encryptedPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(SecurityEvent.Event.EncryptedPart, false);
+ encryptedPartSecurityEvent.setElement(new QName("http://example.org", "a"));
+ try {
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+
+ @Test
+ public void testPolicyWholeBody() throws Exception {
+ String policyString =
+ "<sp:EncryptedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "</sp:EncryptedParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(SecurityEvent.Event.EncryptedPart, true);
+ encryptedPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ encryptedPartSecurityEvent.setElement(new QName("http://example.org", "a"));
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ encryptedPartSecurityEvent.setElement(new QName("http://example.com", "b"));
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyWholeBodyNegative() throws Exception {
+ String policyString =
+ "<sp:EncryptedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "</sp:EncryptedParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(SecurityEvent.Event.EncryptedPart, false);
+ encryptedPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ try {
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+
+ @Test
+ public void testPolicyWildcardHeader() throws Exception {
+ String policyString =
+ "<sp:EncryptedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:Body/>\n" +
+ "<sp:Header Namespace=\"http://example.org\"/>\n" +
+ "<sp:Attachments/>\n" +
+ "</sp:EncryptedParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(SecurityEvent.Event.EncryptedPart, true);
+ encryptedPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ encryptedPartSecurityEvent.setElement(new QName("http://example.org", "a"));
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ //additional encryptedParts are also allowed!
+ encryptedPartSecurityEvent.setElement(new QName("http://example.com", "b"));
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyWildcardHeaderNegative() throws Exception {
+ String policyString =
+ "<sp:EncryptedParts xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:Body/>\n" +
+ "<sp:Header Namespace=\"http://example.org\"/>\n" +
+ "<sp:Attachments/>\n" +
+ "</sp:EncryptedParts>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ EncryptedPartSecurityEvent encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(SecurityEvent.Event.EncryptedPart, true);
+ encryptedPartSecurityEvent.setElement(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ encryptedPartSecurityEvent = new EncryptedPartSecurityEvent(SecurityEvent.Event.EncryptedPart, false);
+ encryptedPartSecurityEvent.setElement(new QName("http://example.org", "a"));
+ try {
+ policyEnforcer.registerSecurityEvent(encryptedPartSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/HttpsTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/HttpsTokenTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/HttpsTokenTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/HttpsTokenTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.policy.PolicyViolationException;
+import org.swssf.wss.ext.WSSecurityException;
+import org.swssf.wss.securityEvent.HttpsTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class HttpsTokenTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:HttpsToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:RequireClientCertificate/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:HttpsToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.HttpsToken);
+ httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication);
+ httpsTokenSecurityEvent.setIssuerName("xs:anyURI");
+ policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ @Test
+ public void testPolicyNegative() throws Exception {
+ String policyString =
+ "<sp:HttpsToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:RequireClientCertificate/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:HttpsToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent(SecurityEvent.Event.HttpsToken);
+ httpsTokenSecurityEvent.setAuthenticationType(HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication);
+ httpsTokenSecurityEvent.setIssuerName("xs:anyURI");
+ try {
+ policyEnforcer.registerSecurityEvent(httpsTokenSecurityEvent);
+ Assert.fail("Exception expected");
+ } catch (WSSecurityException e) {
+ Assert.assertTrue(e.getCause() instanceof PolicyViolationException);
+ }
+ }
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/IssuedTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/IssuedTokenTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/IssuedTokenTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/IssuedTokenTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.wss.securityEvent.IssuedTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class IssuedTokenTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:IssuedToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:RequireExternalReference/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:IssuedToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ IssuedTokenSecurityEvent IssuedTokenSecurityEvent = new IssuedTokenSecurityEvent(SecurityEvent.Event.IssuedToken);
+ policyEnforcer.registerSecurityEvent(IssuedTokenSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ //todo more tests
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KerberosTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KerberosTokenTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KerberosTokenTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KerberosTokenTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.wss.securityEvent.KerberosTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class KerberosTokenTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:KerberosToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<sp:IssuerName>xs:anyURI</sp:IssuerName>\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:WssKerberosV5ApReqToken11/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:KerberosToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ KerberosTokenSecurityEvent kerberosTokenSecurityEvent = new KerberosTokenSecurityEvent(SecurityEvent.Event.KerberosToken);
+ kerberosTokenSecurityEvent.setIssuerName("xs:anyURI");
+ policyEnforcer.registerSecurityEvent(kerberosTokenSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ //todo more tests
+}
Added: webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KeyValueTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KeyValueTokenTest.java?rev=1210233&view=auto
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KeyValueTokenTest.java (added)
+++ webservices/wss4j/branches/swssf/streaming-ws-policy/src/test/java/org/swssf/policy/test/KeyValueTokenTest.java Sun Dec 4 21:40:55 2011
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.swssf.policy.test;
+
+import org.swssf.policy.PolicyEnforcer;
+import org.swssf.wss.securityEvent.KeyValueTokenSecurityEvent;
+import org.swssf.wss.securityEvent.SecurityEvent;
+import org.testng.annotations.Test;
+
+/**
+ * @author $Author: giger $
+ * @version $Revision: 1181995 $ $Date: 2011-10-11 20:03:00 +0200 (Tue, 11 Oct 2011) $
+ */
+public class KeyValueTokenTest extends AbstractPolicyTestBase {
+
+ @Test
+ public void testPolicy() throws Exception {
+ String policyString =
+ "<sp:KeyValueToken xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\" " +
+ "xmlns:sp3=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802\">\n" +
+ "<wsp:Policy xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">\n" +
+ "<sp:RsaKeyValue/>\n" +
+ "</wsp:Policy>\n" +
+ "</sp:KeyValueToken>";
+ PolicyEnforcer policyEnforcer = buildAndStartPolicyEngine(policyString);
+ KeyValueTokenSecurityEvent keyValueTokenSecurityEvent = new KeyValueTokenSecurityEvent(SecurityEvent.Event.KeyValueToken);
+ policyEnforcer.registerSecurityEvent(keyValueTokenSecurityEvent);
+ policyEnforcer.doFinal();
+ }
+
+ //todo more tests
+}